Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Search Engine Redirect -- even in safe mode


  • This topic is locked This topic is locked
37 replies to this topic

#1 ProblemGuy

ProblemGuy

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:01:43 PM

Posted 23 May 2012 - 06:44 AM

Thank you for reading this. About three weeks ago I started getting redirected on google and bing searches. I've used Chrome, IE, and Opera and it happens in all browsers. It even happens when I start in safe mode! I've run Symantic Anti-virus, Malware Bytes, Windows Defender, TDSKiller, and others and nothing seems to spot the issue! I don't have a system restore point that goes back that far so I can't do that...my only option after this is to format and reinstall Windows 7 (64 bit). I've posted the DDS log below which I ran in safe mode -- I thought this would be ok since the issue happens in safe mode as well. Additionaly, randomly hiddien iexplore.exe processes get started with the 'SYSTEM' as the user. I don't notice them until they start to TALK. They play audio ads...it is very annoying. So I kill the proccesses (7-8 by this time) and then randomly 10 min or 2 hours later there they are again! It seems as though I get redirected through some ad website and then land on 'monstermarketplace dot com' or 'topdaofinder dot com'. Any help would be greatly appreciated!

.
DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK
Internet Explorer: 9.0.8112.16421
Run by ddine at 8:28:05 on 2012-05-23
Microsoft Windows 7 Professional 6.1.7601.1.1252.2.1033.18.8075.6400 [GMT -3:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin64\Smc.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Windows\SysWoW64\svchost.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\SysWOW64\DllHost.exe
c:\Program Files (x86)\Microsoft Visual Studio 9.0\Microsoft Visual C# 2008 Express Edition with SP1 - ENU\setup.exe
C:\Users\ddine\AppData\Local\Temp\SIT12339.tmp\setup.exe
C:\Windows\system32\msiexec.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe
C:\Windows\system32\DllHost.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.ca/
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\bin\IPS\IPSBHO.DLL
EB: Developer Tools: {1a6fe369-f28c-4ad9-a3e6-2bcb50807cf1} - C:\Program Files (x86)\Internet Explorer\iedvtool.dll
uRun: [Bomgar_Cleanup_ZD14947349611982] cmd.exe /C rd /S /Q "C:\ProgramData\bomgar-scc-000000004FBBA303" & reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v Bomgar_Cleanup_ZD14947349611982 /f
mRun: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [IMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"
mRun: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
mRun: [Lenovo Registration] C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot
mRun: [NcpBudgetGui] "C:\Program Files (x86)\WatchGuard\Mobile VPN\NcpBudgetGui.exe" -start
mRun: [NcpPopup] "C:\Program Files (x86)\WatchGuard\Mobile VPN\ncppopup.exe" noerrmsg
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\ThinkPad\Bluetooth Software\BTTray.exe
uPolicies-explorer: ForceStartMenuLogOff = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: DisableCAD = 1 (0x1)
IE: Copy to &Lightning Note - C:\Program Files (x86)\Corel\WordPerfect Lightning\Programs\WPLightningCopyToNote.hta
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Open with WordPerfect - c:\Program Files (x86)\Corel\WordPerfect Office X5\Programs\WPLauncher.hta
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3}
DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77} - hxxp://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect2.cab
TCP: DhcpNameServer = 10.82.2.2
TCP: Interfaces\{867C754B-6D30-4FD8-836C-2DDCA4630293} : DhcpNameServer = 10.82.2.2
TCP: Interfaces\{A2E2DF19-B05E-4283-9948-1D4BC24F9800} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{A2E2DF19-B05E-4283-9948-1D4BC24F9800}\444696E656331303 : DhcpNameServer = 192.168.2.1 192.168.2.1
TCP: Interfaces\{A2E2DF19-B05E-4283-9948-1D4BC24F9800}\C4F66756C697 : DhcpNameServer = 192.168.2.1 192.168.2.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
SEH: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - No File
LSA: Notification Packages = scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\bin\IPS\IPSBHO.DLL
BHO-X64: Symantec Intrusion Prevention - No File
EB-X64: {1A6FE369-F28C-4AD9-A3E6-2BCB50807CF1} - No File
mRun-x64: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun-x64: [IMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"
mRun-x64: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
mRun-x64: [Lenovo Registration] C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot
mRun-x64: [NcpBudgetGui] "C:\Program Files (x86)\WatchGuard\Mobile VPN\NcpBudgetGui.exe" -start
mRun-x64: [NcpPopup] "C:\Program Files (x86)\WatchGuard\Mobile VPN\ncppopup.exe" noerrmsg
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
SEH-X64: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - No File
.
============= SERVICES / DRIVERS ===============
.
R0 DzHDD64;DzHDD64;C:\Windows\system32\DRIVERS\DzHDD64.sys --> C:\Windows\system32\DRIVERS\DzHDD64.sys [?]
R0 nvpciflt;nvpciflt;C:\Windows\system32\DRIVERS\nvpciflt.sys --> C:\Windows\system32\DRIVERS\nvpciflt.sys [?]
R0 SymDS;Symantec Data Store;C:\Windows\system32\Drivers\SEP\0C01029F\136B.105\x64\SYMDS64.SYS --> C:\Windows\system32\Drivers\SEP\0C01029F\136B.105\x64\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\Drivers\SEP\0C01029F\136B.105\x64\SYMEFA64.SYS --> C:\Windows\system32\Drivers\SEP\0C01029F\136B.105\x64\SYMEFA64.SYS [?]
R0 TPDIGIMN;TPDIGIMN;C:\Windows\system32\DRIVERS\ApsHM64.sys --> C:\Windows\system32\DRIVERS\ApsHM64.sys [?]
R1 PHCORE;PHCORE;C:\Program Files\Lenovo\RapidBoot\PHCORE64.sys [2011-7-8 32104]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 risdxc;risdxc;C:\Windows\system32\DRIVERS\risdxc64.sys --> C:\Windows\system32\DRIVERS\risdxc64.sys [?]
R2 SepMasterService;Symantec Endpoint Protection;C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe [2011-9-12 137224]
R3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;C:\Windows\system32\DRIVERS\e1c62x64.sys --> C:\Windows\system32\DRIVERS\e1c62x64.sys [?]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\system32\DRIVERS\LEqdUsb.Sys --> C:\Windows\system32\DRIVERS\LEqdUsb.Sys [?]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\system32\DRIVERS\LHidEqd.Sys --> C:\Windows\system32\DRIVERS\LHidEqd.Sys [?]
R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 ncplelhp;WatchGuard Secure Client NDIS6 Driver;C:\Windows\system32\DRIVERS\ncplelhp.sys --> C:\Windows\system32\DRIVERS\ncplelhp.sys [?]
R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
S1 BHDrvx64;BHDrvx64;C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\BASHDefs\20120508.011\BHDrvx64.sys [2012-5-10 1160824]
S1 IDSVia64;IDSVia64;C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\IPSDefs\20120522.001\IDSviA64.sys [2012-5-23 488568]
S1 lenovo.smi;Lenovo System Interface Driver;C:\Windows\system32\DRIVERS\smiifx64.sys --> C:\Windows\system32\DRIVERS\smiifx64.sys [?]
S1 SymIRON;Symantec Iron Driver;C:\Windows\system32\Drivers\SEP\0C01029F\136B.105\x64\Ironx64.SYS --> C:\Windows\system32\Drivers\SEP\0C01029F\136B.105\x64\Ironx64.SYS [?]
S1 SYMNETS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\SEP\0C01029F\136B.105\x64\SYMNETS.SYS --> C:\Windows\system32\Drivers\SEP\0C01029F\136B.105\x64\SYMNETS.SYS [?]
S2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-10-19 661504]
S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-10-20 135440]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 CxAudMsg;Conexant Audio Message Service;C:\Windows\system32\CxAudMsg64.exe --> C:\Windows\system32\CxAudMsg64.exe [?]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-12-24 136176]
S2 HsfXAudioService;HsfXAudioService;C:\Windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992]
S2 HyperW7Svc;HyperW7 Service;C:\Program Files\Lenovo\RapidBoot\HyperW7Svc64.exe [2011-11-18 144448]
S2 jhi_service;Intel® Identity Protection Technology Host Interface Service;C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2011-2-24 212944]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;C:\Program Files\Lenovo\Communications Utility\CamMute.exe [2012-4-20 43584]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;C:\Program Files\Lenovo\HOTKEY\micmute.exe [2012-4-20 101736]
S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe [2012-4-20 62016]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe [2012-4-20 133992]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-4-20 654408]
S2 ncprwsnt;ncprwsnt;C:\Program Files (x86)\WatchGuard\Mobile VPN\ncprwsnt.exe [2012-1-10 1389576]
S2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-8-8 2214504]
S2 SAService;Conexant SmartAudio service;C:\Windows\System32\SASrv.exe [2011-8-8 446592]
S2 Sentinel64;Sentinel64;C:\Windows\system32\Drivers\Sentinel64.sys --> C:\Windows\system32\Drivers\Sentinel64.sys [?]
S2 SentinelKeysServer;Sentinel Keys Server;C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [2009-9-17 369952]
S2 SentinelSecurityRuntime;Sentinel Security Runtime;C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe [2009-9-17 292128]
S2 smihlp;SMI Helper Driver (smihlp);C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [2009-3-13 13840]
S2 SROSVC;Screen Reading Optimizer Service Program;C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe [2012-4-20 446800]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-8-12 379496]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;C:\Program Files\Lenovo\HOTKEY\tphkload.exe [2012-4-20 145256]
S2 TPHKSVC;On Screen Display;C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe [2012-4-20 142696]
S2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-8-8 2656280]
S2 VIPAppService;VIPAppService;C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [2011-4-13 84088]
S3 5U877;USB Video Device;C:\Windows\system32\DRIVERS\5U877.sys --> C:\Windows\system32\DRIVERS\5U877.sys [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-5-14 257696]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;C:\Windows\system32\DRIVERS\AMPPAL.sys --> C:\Windows\system32\DRIVERS\AMPPAL.sys [?]
S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;C:\Windows\system32\DRIVERS\amppal.sys --> C:\Windows\system32\DRIVERS\amppal.sys [?]
S3 BTWAMPFL;BTWAMPFL;C:\Windows\system32\DRIVERS\btwampfl.sys --> C:\Windows\system32\DRIVERS\btwampfl.sys [?]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
S3 CAXHWAZL;CAXHWAZL;C:\Windows\system32\DRIVERS\CAXHWAZL.sys --> C:\Windows\system32\DRIVERS\CAXHWAZL.sys [?]
S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]
S3 DozeSvc;Lenovo Doze Mode Service;C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2011-8-8 320576]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-2-8 138360]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-12-24 136176]
S3 HP8207_8307;HP-HP8207_8307;C:\Windows\system32\DRIVERS\HP8207_8307.sys --> C:\Windows\system32\DRIVERS\HP8207_8307.sys [?]
S3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 ncpfilt;WatchGuard Filter;C:\Windows\system32\DRIVERS\ncplelhp.sys --> C:\Windows\system32\DRIVERS\ncplelhp.sys [?]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 PCDSRVC{127174DC-C366ED8B-06020200}_0;PCDSRVC{127174DC-C366ED8B-06020200}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\PC-Doctor\pcdsrvc_x64.pkms [2011-3-31 25584]
S3 pmxdrv;pmxdrv;\??\C:\Windows\system32\drivers\pmxdrv.sys --> C:\Windows\system32\drivers\pmxdrv.sys [?]
S3 Power Manager DBC Service;Power Manager DBC Service;C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe [2011-8-8 1662528]
S3 PwmEWSvc;Cisco EnergyWise Enabler;C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.exe [2012-4-20 165440]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 SyDvCtrl;SyDvCtrl;C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin64\SyDvCtrl64.sys [2011-6-17 29664]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 TVTI2C;Lenovo SM bus driver;C:\Windows\system32\DRIVERS\Tvti2c.sys --> C:\Windows\system32\DRIVERS\Tvti2c.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 61976]
S4 RsFx0105;RsFx0105 Driver;C:\Windows\system32\DRIVERS\RsFx0105.sys --> C:\Windows\system32\DRIVERS\RsFx0105.sys [?]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-9-22 431464]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-05-23 11:21:50 -------- d-----w- C:\getservice
2012-05-23 10:26:28 -------- d-sh--w- C:\$RECYCLE.BIN
2012-05-23 02:15:52 98816 ----a-w- C:\Windows\sed.exe
2012-05-23 02:15:52 518144 ----a-w- C:\Windows\SWREG.exe
2012-05-23 02:15:52 256000 ----a-w- C:\Windows\PEV.exe
2012-05-23 02:15:52 208896 ----a-w- C:\Windows\MBR.exe
2012-05-22 14:30:27 -------- d-----w- C:\ProgramData\bomgar-scc-000000004FBBA303
2012-05-20 23:24:18 -------- d-----w- C:\Users\ddine\AppData\Local\Opera
2012-05-20 21:10:35 -------- d-----w- C:\ProgramData\Conexant
2012-05-20 21:10:33 -------- d-----w- C:\Users\ddine\AppData\Local\Conexant
2012-05-20 17:08:27 -------- d-----w- C:\Users\ddine\AppData\Local\{5E68196D-2261-4871-8A90-CC001E21980E}
2012-05-20 17:08:17 -------- d-----w- C:\Users\ddine\AppData\Local\{F2ECBB66-FA85-476F-9A77-61594D7BDEC0}
2012-05-16 16:53:56 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9CF211C9-1FD3-49F1-9CC0-B7CB4337496C}\offreg.dll
2012-05-15 21:34:03 -------- d-----w- C:\ProgramData\Blizzard Entertainment
2012-05-15 21:34:03 -------- d-----w- C:\Program Files (x86)\Diablo III
2012-05-15 21:33:03 -------- d-----w- C:\ProgramData\Battle.net
2012-05-14 19:14:36 -------- d-----w- C:\ProgramData\Applications
2012-05-14 18:46:40 -------- d-----w- C:\Users\ddine\AppData\Local\Lenovo
2012-05-14 18:45:52 -------- d-----w- C:\Users\ddine\AppData\Local\VirtualStore
2012-05-14 18:27:11 48704 ----a-w- C:\Windows\System32\ibmpmsvc.exe
2012-05-14 18:27:11 42312 ----a-w- C:\Windows\System32\drivers\ibmpmdrv.sys
2012-05-14 18:27:11 41024 ----a-w- C:\Windows\System32\tpinspm.dll
2012-05-14 18:26:40 8917360 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9CF211C9-1FD3-49F1-9CC0-B7CB4337496C}\mpengine.dll
2012-05-14 13:19:08 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-14 13:19:08 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-13 00:31:34 -------- d-----w- C:\Program Files\Ventrilo
2012-05-10 17:09:51 -------- d-----w- C:\Users\ddine\AppData\Roaming\QuickScan
2012-05-09 20:32:54 -------- d-----w- C:\Program Files (x86)\ESET
2012-05-09 13:21:12 -------- d-----w- C:\Program Files\CCleaner
2012-05-09 12:57:57 -------- d-----w- C:\Program Files (x86)\PC Tools
2012-05-09 12:55:47 251528 ----a-w- C:\Windows\System32\drivers\PCTSD64.sys
2012-05-09 12:55:47 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools
2012-05-09 12:55:37 -------- d-----w- C:\Users\ddine\AppData\Roaming\TestApp
2012-05-07 23:21:18 691 ----a-w- C:\Users\ddine\AppData\Roaming\GetValue.vbs
2012-05-07 23:21:18 35 ----a-w- C:\Users\ddine\AppData\Roaming\SetValue.bat
2012-05-07 13:45:12 -------- d-----w- C:\sh4ldr
2012-05-07 13:45:12 -------- d-----w- C:\Program Files\Enigma Software Group
2012-05-07 13:44:48 -------- d-----w- C:\Windows\5B210B8AB66E4702B44D0D6F388D29EB.TMP
2012-05-07 13:44:45 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2012-05-07 13:35:56 -------- d-----w- C:\Users\ddine\AppData\Roaming\DriverCure
2012-05-07 13:35:55 -------- d-----w- C:\Users\ddine\AppData\Roaming\SpeedyPC Software
2012-05-02 23:42:58 -------- d-----w- C:\Users\ddine\AppData\Local\{A09222F9-D10C-49C9-8244-E756FF1B44B6}
2012-05-02 23:42:36 -------- d-----w- C:\Users\ddine\AppData\Local\{E7F75BBA-504B-4B33-A801-C7FE5BD83385}
2012-05-02 23:16:40 -------- d-----w- C:\Users\ddine\AppData\Local\{8A421BD9-9EA1-46BF-B112-14F694ABC757}
2012-05-01 19:54:41 -------- d-----w- C:\ProgramData\VS
2012-04-30 12:01:07 -------- d-----w- C:\Users\ddine\AppData\Roaming\Iconico
2012-04-25 13:45:49 -------- d-----w- C:\TDSSKiller_Quarantine
.
==================== Find3M ====================
.
2012-05-07 11:56:35 8769696 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-04-19 17:33:34 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-04-05 14:55:19 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys
2012-04-04 18:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-03-31 06:05:57 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-31 04:39:37 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-31 04:39:37 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-03-31 03:10:03 3146240 ----a-w- C:\Windows\System32\win32k.sys
2012-03-30 11:35:47 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-03-17 07:58:57 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2012-03-15 09:07:00 29512 ----a-w- C:\Windows\System32\drivers\DZHDD64.SYS
2012-03-15 09:07:00 2806336 ----a-w- C:\Windows\System32\PWMCP64V.cpl
2012-03-15 09:07:00 2693696 ------w- C:\Windows\PWMBTHLV.EXE
2012-03-15 09:07:00 19784 ----a-w- C:\Windows\System32\drivers\TPPWR64V.SYS
2012-03-03 06:35:38 1544704 ----a-w- C:\Windows\System32\DWrite.dll
2012-03-03 05:31:19 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-03-01 06:46:16 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-03-01 06:38:27 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-03-01 06:33:50 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-03-01 06:28:47 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-03-01 05:37:41 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-03-01 05:33:23 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-03-01 05:29:16 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll
2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll
2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-02-23 13:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe
.
============= FINISH: 8:28:31.87 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:43 PM

Posted 23 May 2012 - 09:06 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 ProblemGuy

ProblemGuy
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:01:43 PM

Posted 23 May 2012 - 01:26 PM

Thanks for looking into this for me.

Security check log:

Results of screen317's Security Check version 0.99.34
Windows 7 x64 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
ESET Online Scanner v3
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes Anti-Malware version 1.61.0.1400
Adobe Reader X (10.1.3)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Norton ccSvcHst.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
``````````End of Log````````````

Combo Fix Log:

ComboFix 12-05-23.05 - ddine 23/05/2012 13:32:32.8.8 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.2.1033.18.8075.5232 [GMT -3:00]
Running from: c:\users\ddine\Desktop\ComboFix.exe
AV: Symantec Endpoint Protection *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\PCDr\5849\AddOnDownloaded\09ce0ed7-58db-4be9-b311-80b4fd9fd9bc.dll
c:\programdata\PCDr\5849\AddOnDownloaded\0b2769c8-99f3-4a8f-b749-eca9816d1c9d.dll
c:\programdata\PCDr\5849\AddOnDownloaded\0e53a45b-5a41-43e5-96ab-776b00e48a6e.dll
c:\programdata\PCDr\5849\AddOnDownloaded\434b795d-fe06-4495-801e-fa92d93babbc.dll
c:\programdata\PCDr\5849\AddOnDownloaded\562ad818-216b-4d77-8b40-834630104d2c.dll
c:\programdata\PCDr\5849\AddOnDownloaded\746b3523-df66-4ed9-beaa-88464b84933f.dll
c:\programdata\PCDr\5849\AddOnDownloaded\7e36c7b4-f4c8-4324-9887-9cab89169ef6.dll
c:\programdata\PCDr\5849\AddOnDownloaded\83db0f34-4452-4946-92c2-31dcd99767dd.dll
c:\programdata\PCDr\5849\AddOnDownloaded\90110d4d-0aa3-42f8-b48a-92aebd9d59f3.dll
c:\programdata\PCDr\5849\AddOnDownloaded\96963609-8feb-4f10-b100-425cef18a0db.dll
c:\programdata\PCDr\5849\AddOnDownloaded\97d3cc32-549b-4646-bc59-82ebb82b5d11.dll
c:\programdata\PCDr\5849\AddOnDownloaded\9ad80016-92d9-41a4-9436-c44907366397.dll
c:\programdata\PCDr\5849\AddOnDownloaded\b34a10f6-a592-424f-af97-b051783f9dd2.dll
c:\programdata\PCDr\5849\AddOnDownloaded\b96355f5-a46b-48d0-a3f2-b41eed57de73.dll
c:\programdata\PCDr\5849\AddOnDownloaded\bead45d2-b2dc-44e3-94f8-c7de6979be60.dll
c:\programdata\PCDr\5849\AddOnDownloaded\d754c4cc-ae68-4d17-afb7-55002296e1e2.dll
c:\programdata\PCDr\5849\AddOnDownloaded\ec6735a3-9204-4734-bb0f-5859e58b13b2.dll
c:\programdata\PCDr\5849\AddOnDownloaded\f1d18230-9731-47f0-b9f4-b537abcbb39c.dll
c:\programdata\PCDr\5849\AddOnDownloaded\f64109b2-74cc-4638-ae17-228b7886774b.dll
c:\programdata\PCDr\5849\AddOnDownloaded\fd85aea7-408e-4ff8-bdca-73b1320e8b27.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-04-23 to 2012-05-23 )))))))))))))))))))))))))))))))
.
.
2012-05-23 16:53 . 2012-05-23 16:53 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-05-23 16:53 . 2012-05-23 16:53 -------- d-----w- c:\users\setup\AppData\Local\temp
2012-05-23 16:53 . 2012-05-23 16:53 -------- d-----w- c:\users\it\AppData\Local\temp
2012-05-23 16:53 . 2012-05-23 16:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-23 16:53 . 2012-05-23 16:53 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-05-23 14:00 . 2012-05-23 14:00 -------- d-----w- c:\programdata\PCDr
2012-05-23 11:21 . 2012-05-23 11:21 -------- d-----w- C:\getservice
2012-05-20 23:24 . 2012-05-23 11:13 -------- d-----w- c:\users\ddine\AppData\Local\Opera
2012-05-20 23:24 . 2012-05-23 11:13 -------- d-----w- c:\program files (x86)\Opera
2012-05-20 21:10 . 2012-05-20 21:10 -------- d-----w- c:\programdata\Conexant
2012-05-20 21:10 . 2012-05-20 21:10 -------- d-----w- c:\users\ddine\AppData\Local\Conexant
2012-05-15 21:34 . 2012-05-15 22:08 -------- d-----w- c:\program files (x86)\Diablo III
2012-05-15 21:34 . 2012-05-15 21:58 -------- d-----w- c:\programdata\Blizzard Entertainment
2012-05-15 21:33 . 2012-05-15 21:33 -------- d-----w- c:\programdata\Battle.net
2012-05-14 19:14 . 2012-05-14 19:14 -------- d-----w- c:\programdata\Applications
2012-05-14 18:46 . 2012-05-14 18:46 -------- d-----w- c:\users\ddine\AppData\Local\Lenovo
2012-05-14 18:45 . 2012-05-14 23:03 -------- d-----w- c:\users\ddine\AppData\Local\VirtualStore
2012-05-14 18:27 . 2012-05-14 18:27 -------- d-----w- c:\program files\Microsoft Silverlight
2012-05-14 18:27 . 2012-05-14 18:27 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2012-05-14 18:27 . 2012-02-29 18:15 41024 ----a-w- c:\windows\system32\tpinspm.dll
2012-05-14 18:27 . 2012-02-29 18:15 48704 ----a-w- c:\windows\system32\ibmpmsvc.exe
2012-05-14 18:27 . 2012-02-29 18:14 42312 ----a-w- c:\windows\system32\drivers\ibmpmdrv.sys
2012-05-14 18:26 . 2012-04-18 06:03 8917360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9CF211C9-1FD3-49F1-9CC0-B7CB4337496C}\mpengine.dll
2012-05-14 13:19 . 2012-05-14 13:19 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-14 13:19 . 2012-05-14 13:19 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-13 00:32 . 2012-05-14 18:31 -------- d-----w- c:\users\ddine\AppData\Roaming\Ventrilo
2012-05-13 00:31 . 2012-05-13 00:31 -------- d-----w- c:\program files\Ventrilo
2012-05-12 13:13 . 2012-05-12 13:13 -------- d-----w- c:\users\Administrator\AppData\Roaming\Malwarebytes
2012-05-10 17:09 . 2012-05-10 17:09 -------- d-----w- c:\users\ddine\AppData\Roaming\QuickScan
2012-05-09 20:32 . 2012-05-09 20:32 -------- d-----w- c:\program files (x86)\ESET
2012-05-09 13:21 . 2012-05-14 18:29 -------- d-----w- c:\program files\CCleaner
2012-05-09 12:57 . 2012-05-09 13:41 -------- d-----w- c:\program files (x86)\PC Tools
2012-05-09 12:55 . 2012-05-09 13:41 -------- d-----w- c:\program files (x86)\Common Files\PC Tools
2012-05-09 12:55 . 2012-04-23 17:18 251528 ----a-w- c:\windows\system32\drivers\PCTSD64.sys
2012-05-09 12:55 . 2012-05-09 12:55 -------- d-----w- c:\users\ddine\AppData\Roaming\TestApp
2012-05-07 23:21 . 2012-05-07 23:28 691 ----a-w- c:\users\ddine\AppData\Roaming\GetValue.vbs
2012-05-07 23:21 . 2012-05-07 23:28 35 ----a-w- c:\users\ddine\AppData\Roaming\SetValue.bat
2012-05-07 13:45 . 2012-05-07 23:32 -------- d-----w- C:\sh4ldr
2012-05-07 13:45 . 2012-05-07 13:45 -------- d-----w- c:\program files\Enigma Software Group
2012-05-07 13:44 . 2012-05-07 23:32 -------- d-----w- c:\windows\5B210B8AB66E4702B44D0D6F388D29EB.TMP
2012-05-07 13:44 . 2012-05-13 00:31 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2012-05-07 13:35 . 2012-05-07 13:35 -------- d-----w- c:\users\ddine\AppData\Roaming\DriverCure
2012-05-07 13:35 . 2012-05-07 13:35 -------- d-----w- c:\users\ddine\AppData\Roaming\SpeedyPC Software
2012-05-03 17:43 . 2012-05-03 17:43 -------- d-----w- c:\users\hhadmin
2012-05-01 19:54 . 2012-05-01 19:54 -------- d-----w- c:\programdata\VS
2012-04-30 12:01 . 2012-04-30 12:01 -------- d-----w- c:\users\ddine\AppData\Roaming\Iconico
2012-04-25 13:45 . 2012-05-13 20:38 -------- d-----w- C:\TDSSKiller_Quarantine
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-23 11:21 . 2012-05-23 11:21 130337 ----a-w- C:\getservices.zip
2012-05-12 22:51 . 2012-02-24 15:53 3636064 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2012-05-09 13:20 . 2011-11-15 19:51 304608 ----a-w- c:\programdata\Microsoft\VCSExpress\10.0\1033\ResourceCache.dll
2012-05-09 13:19 . 2011-11-01 17:36 171488 ----a-w- c:\programdata\Microsoft\VCExpress\10.0\1033\ResourceCache.dll
2012-05-07 11:56 . 2012-04-15 19:32 8769696 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-19 17:33 . 2012-02-08 13:03 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-04-05 14:55 . 2012-03-18 18:23 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2012-04-04 18:56 . 2012-04-20 16:49 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-18 18:24 . 2012-03-18 18:24 53248 ----a-r- c:\users\ddine\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2012-03-15 09:07 . 2011-08-09 00:14 2693696 ------w- c:\windows\PWMBTHLV.EXE
2012-03-15 09:07 . 2011-08-09 00:14 29512 ----a-w- c:\windows\system32\drivers\DZHDD64.SYS
2012-03-15 09:07 . 2011-08-09 00:14 2806336 ----a-w- c:\windows\system32\PWMCP64V.cpl
2012-03-15 09:07 . 2011-08-09 00:14 19784 ----a-w- c:\windows\system32\drivers\TPPWR64V.SYS
2012-03-01 06:46 . 2012-04-11 19:09 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-03-01 06:38 . 2012-04-11 19:09 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-03-01 06:33 . 2012-04-11 19:09 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-03-01 06:28 . 2012-04-11 19:09 5120 ----a-w- c:\windows\system32\wmi.dll
2012-03-01 05:37 . 2012-04-11 19:09 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-03-01 05:33 . 2012-04-11 19:09 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-03-01 05:29 . 2012-04-11 19:09 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-02-28 06:56 . 2012-04-11 19:43 2311168 ----a-w- c:\windows\system32\jscript9.dll
2012-02-28 06:49 . 2012-04-11 19:43 1390080 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 06:48 . 2012-04-11 19:43 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-28 06:42 . 2012-04-11 19:43 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-28 01:18 . 2012-04-11 19:43 1799168 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-02-28 01:11 . 2012-04-11 19:43 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-02-28 01:11 . 2012-04-11 19:43 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
2012-02-28 01:03 . 2012-04-11 19:43 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2010-11-21 . 9C15490C717BD8F7839DD52BD434A8CF . 858112 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll
[7] 2010-11-21 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
.
((((((((((((((((((((((((((((( SnapShot@2012-05-23_02.35.11 )))))))))))))))))))))))))))))))))))))))))
.
- 2012-04-17 21:43 . 2012-05-23 02:15 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2012-04-17 21:43 . 2012-05-23 14:44 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2012-04-17 21:44 . 2012-05-23 14:44 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IEDownloadHistory\index.dat
- 2012-04-17 21:44 . 2012-05-23 02:14 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IEDownloadHistory\index.dat
- 2012-04-18 11:34 . 2012-05-22 18:30 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\Low\index.dat
+ 2012-04-18 11:34 . 2012-05-23 03:10 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\Low\index.dat
+ 2012-04-18 11:34 . 2012-05-23 03:10 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat
- 2012-04-18 11:34 . 2012-05-22 18:30 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat
+ 2012-04-18 11:34 . 2012-05-23 03:10 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat
- 2012-04-18 11:34 . 2012-05-22 18:30 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat
+ 2012-05-23 14:44 . 2012-05-23 14:44 10240 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\{D684BC2A-A4E5-11E1-BF5E-02004E435049}.dat
- 2012-04-17 21:44 . 2012-05-23 00:04 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2012-04-17 21:44 . 2012-05-23 14:44 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2010-11-21 03:09 . 2012-05-23 16:28 76130 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-05-23 16:28 44296 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2012-05-20 21:10 44296 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-09-13 01:28 . 2012-05-23 16:26 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-09-13 01:28 . 2012-05-23 02:08 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-09-13 01:28 . 2012-05-23 16:26 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-09-13 01:28 . 2012-05-23 02:08 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-05-23 02:08 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-05-23 16:26 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-05-22 19:45 . 2012-05-23 14:44 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\RecoveryStore.{A876D8E7-A446-11E1-84B9-02004E435049}.dat
+ 2012-05-23 12:22 . 2012-05-23 12:23 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{FE588001-A4D1-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 13:12 . 2012-05-23 13:13 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{FDDB9C1E-A4D8-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:29 . 2012-05-23 12:30 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{FBE1AAAA-A4D2-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 13:12 . 2012-05-23 13:13 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{FADF82BD-A4D8-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:29 . 2012-05-23 12:30 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{F8BD19E9-A4D2-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 13:19 . 2012-05-23 13:20 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{F83FF39E-A4D9-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:36 . 2012-05-23 12:37 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{F62A1D8A-A4D3-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 13:19 . 2012-05-23 13:20 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{F5463B9D-A4D9-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 11:53 . 2012-05-23 11:54 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{F402706C-A4CD-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:36 . 2012-05-23 12:37 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{F32E0429-A4D3-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 13:26 . 2012-05-23 13:27 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{F2A45ABE-A4DA-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 11:53 . 2012-05-23 11:54 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{F1069FE0-A4CD-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:43 . 2012-05-23 12:44 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{F087FCCA-A4D4-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 13:26 . 2012-05-23 13:27 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{EFAAA2BD-A4DA-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:00 . 2012-05-23 12:01 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{EE61CB90-A4CE-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:43 . 2012-05-23 12:44 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{ED898209-A4D4-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:00 . 2012-05-23 12:01 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{EB649883-A4CE-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:50 . 2012-05-23 12:51 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{EAE8DF9A-A4D5-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:07 . 2012-05-23 12:08 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{E8C5AACD-A4CF-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:50 . 2012-05-23 12:51 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{E7ECD041-A4D5-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:07 . 2012-05-23 12:08 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{E5C8E80C-A4CF-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:57 . 2012-05-23 12:58 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{E54A43C5-A4D6-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:14 . 2012-05-23 12:15 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{E33C2E82-A4D0-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:57 . 2012-05-23 12:58 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{E2508D04-A4D6-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:14 . 2012-05-23 12:15 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{E0427681-A4D0-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 13:04 . 2012-05-23 13:05 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{DFB0169E-A4D7-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:21 . 2012-05-23 12:22 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{DD90B722-A4D1-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 13:04 . 2012-05-23 13:05 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{DCB8BFFD-A4D7-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:21 . 2012-05-23 12:22 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{DA923C61-A4D1-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 13:11 . 2012-05-23 13:12 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{DA26FC1E-A4D8-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:28 . 2012-05-23 12:29 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{D80231EA-A4D2-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 13:11 . 2012-05-23 13:12 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{D72AE2BD-A4D8-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:28 . 2012-05-23 12:29 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{D50879E9-A4D2-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 13:18 . 2012-05-23 13:19 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{D47D0B5E-A4D9-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:35 . 2012-05-23 12:36 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{D25B4E6A-A4D3-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 13:18 . 2012-05-23 13:19 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{D180F1FD-A4D9-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 11:52 . 2012-05-23 11:53 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{D0558627-A4CD-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:35 . 2012-05-23 12:36 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{CF5F3509-A4D3-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 13:25 . 2012-05-23 13:26 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{CEEFBABE-A4DA-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 11:52 . 2012-05-23 11:53 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{CD572D5C-A4CD-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:42 . 2012-05-23 12:42 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{CCD0FB6A-A4D4-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 13:25 . 2012-05-23 13:26 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{CBF13FFD-A4DA-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 11:59 . 2012-05-23 12:00 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{CB61C54A-A4CE-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:42 . 2012-05-23 12:43 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{C9D74369-A4D4-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 11:59 . 2012-05-23 12:00 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{C79F7043-A4CE-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:49 . 2012-05-23 12:50 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{C7240E32-A4D5-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:06 . 2012-05-23 12:07 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{C4FD9499-A4CF-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:49 . 2012-05-23 12:50 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{C427FED9-A4D5-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:06 . 2012-05-23 12:07 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{C202B240-A4CF-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:56 . 2012-05-23 12:57 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{C1935166-A4D6-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:13 . 2012-05-23 12:14 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{BF65ED22-A4D0-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:56 . 2012-05-23 12:57 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{BE94D7E7-A4D6-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:13 . 2012-05-23 12:14 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{BC69D3C1-A4D0-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 13:03 . 2012-05-23 13:04 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{BBEACCFE-A4D7-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:20 . 2012-05-23 12:21 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{B9DC1722-A4D1-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 13:03 . 2012-05-23 13:04 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{B8F114FD-A4D7-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:20 . 2012-05-23 12:21 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{B6DFFDC1-A4D1-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 13:10 . 2012-05-23 13:11 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{B65108DE-A4D8-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:27 . 2012-05-23 12:28 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{B4363D42-A4D2-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 13:10 . 2012-05-23 13:11 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{B354EF7D-A4D8-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:27 . 2012-05-23 12:28 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{B130B1E9-A4D2-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 13:17 . 2012-05-23 13:18 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{B0C86B5E-A4D9-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:34 . 2012-05-23 12:35 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{AE9604CA-A4D3-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 13:17 . 2012-05-23 13:18 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{ADCC51FD-A4D9-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 11:51 . 2012-05-23 11:52 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{AC7DE3D7-A4CD-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:34 . 2012-05-23 12:35 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{AB978A09-A4D3-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 13:24 . 2012-05-23 13:25 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{AB19C77E-A4DA-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 11:51 . 2012-05-23 11:52 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{A9822881-A4CD-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:41 . 2012-05-23 12:42 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{A8F8A6CA-A4D4-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 13:24 . 2012-05-23 13:25 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{A8200F7D-A4DA-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 11:58 . 2012-05-23 11:59 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{A6D75B59-A4CE-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:41 . 2012-05-23 12:42 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{A5FC8D69-A4D4-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 11:58 . 2012-05-23 11:59 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{A3DC08A9-A4CE-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:48 . 2012-05-23 12:49 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{A36D84DA-A4D5-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:05 . 2012-05-23 12:06 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{A14BA62D-A4CF-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:05 . 2012-05-23 12:06 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{9E506A0C-A4CF-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:55 . 2012-05-23 12:56 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{9DC22FF2-A4D6-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:12 . 2012-05-23 12:13 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{9BA0A382-A4D0-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:55 . 2012-05-23 12:56 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{9AC617D2-A4D6-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:12 . 2012-05-23 12:13 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{98A48A21-A4D0-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 13:02 . 2012-05-23 13:03 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{983AEFBE-A4D7-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:19 . 2012-05-23 12:20 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{960623E2-A4D1-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 13:02 . 2012-05-23 13:03 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{953C74FD-A4D7-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:19 . 2012-05-23 12:20 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{930C6BE1-A4D1-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 13:09 . 2012-05-23 13:10 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{92895DDE-A4D8-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:26 . 2012-05-23 12:27 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{906D03D2-A4D2-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 13:09 . 2012-05-23 13:10 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{8F8D447D-A4D8-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:26 . 2012-05-23 12:27 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{8D6E8911-A4D2-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 13:16 . 2012-05-23 13:17 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{8CF016BE-A4D9-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:33 . 2012-05-23 12:34 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{8ADA40AA-A4D3-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 13:16 . 2012-05-23 13:17 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{89F65EBD-A4D9-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:33 . 2012-05-23 12:34 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{87DE2749-A4D3-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 13:23 . 2012-05-23 13:24 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{8756DF3E-A4DA-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:40 . 2012-05-23 12:41 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{8535BE8A-A4D4-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 13:23 . 2012-05-23 13:24 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{845AC5DD-A4DA-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 11:57 . 2012-05-23 11:58 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{8359A724-A4CE-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:40 . 2012-05-23 12:41 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{823743C9-A4D4-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 11:57 . 2012-05-23 11:58 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{80164847-A4CE-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:47 . 2012-05-23 12:48 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{7F9CCCBA-A4D5-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:04 . 2012-05-23 12:05 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{7D750149-A4CF-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:47 . 2012-05-23 12:48 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{7C9E5C09-A4D5-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:04 . 2012-05-23 12:05 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{7B27B3E2-A4CF-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:54 . 2012-05-23 12:55 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{79FD05B9-A4D6-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:11 . 2012-05-23 12:12 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{77EC0382-A4D0-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:54 . 2012-05-23 12:55 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{76FE8EBE-A4D6-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:11 . 2012-05-23 12:12 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{74EFEA21-A4D0-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 13:01 . 2012-05-23 13:02 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{74629B1E-A4D7-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:18 . 2012-05-23 12:19 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{723EE642-A4D1-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 13:01 . 2012-05-23 13:02 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{7164205D-A4D7-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:18 . 2012-05-23 12:19 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{6F42CCE1-A4D1-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 13:08 . 2012-05-23 13:09 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{6ED71F3E-A4D8-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:25 . 2012-05-23 12:26 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{6CA3ED8A-A4D2-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 13:08 . 2012-05-23 13:09 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{6BE94E1D-A4D8-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:25 . 2012-05-23 12:26 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{69A7D429-A4D2-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 13:15 . 2012-05-23 13:16 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{692BC71E-A4D9-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:32 . 2012-05-23 12:33 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{6709102A-A4D3-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 13:15 . 2012-05-23 13:16 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{662FADBD-A4D9-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:32 . 2012-05-23 12:33 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{640F5829-A4D3-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 13:22 . 2012-05-23 13:23 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{639D7C7E-A4DA-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:39 . 2012-05-23 12:40 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{61811E8A-A4D4-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 13:22 . 2012-05-23 13:23 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{60A3C47D-A4DA-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 11:56 . 2012-05-23 11:57 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{5F4C649E-A4CE-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:39 . 2012-05-23 12:40 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{5E850529-A4D4-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 11:56 . 2012-05-23 11:57 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{5C5389C5-A4CE-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:46 . 2012-05-23 12:47 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{5BD7D9AA-A4D5-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 13:29 . 2012-05-23 13:30 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{5B38635D-A4DB-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:03 . 2012-05-23 12:04 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{59B04291-A4CF-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:46 . 2012-05-23 12:47 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{58D95EE9-A4D5-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:03 . 2012-05-23 12:04 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{56B2FEDA-A4CF-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:53 . 2012-05-23 12:54 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{563FFF6E-A4D6-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:10 . 2012-05-23 12:11 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{5412F362-A4D0-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:53 . 2012-05-23 12:54 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{533A875A-A4D6-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:10 . 2012-05-23 12:11 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{51193391-A4D0-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 13:00 . 2012-05-23 13:01 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{509AF01E-A4D7-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:17 . 2012-05-23 12:18 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{4E8A4642-A4D1-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 13:00 . 2012-05-23 13:01 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{4DA1381D-A4D7-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:17 . 2012-05-23 12:18 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{4B8E2CE1-A4D1-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 13:07 . 2012-05-23 13:07 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{4B012BFE-A4D8-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:24 . 2012-05-23 12:25 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{48DE2EBA-A4D2-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 13:07 . 2012-05-23 13:08 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{4802B13D-A4D8-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:24 . 2012-05-23 12:25 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{45E476B9-A4D2-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 13:14 . 2012-05-23 13:15 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{4577271E-A4D9-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:31 . 2012-05-23 12:32 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{434627EA-A4D3-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 13:14 . 2012-05-23 13:15 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{427B0DBD-A4D9-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:31 . 2012-05-23 12:32 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{404A0E89-A4D3-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:38 . 2012-05-23 12:39 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{3DA8C9EA-A4D4-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 13:21 . 2012-05-23 13:22 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{3D48509D-A4DA-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 11:55 . 2012-05-23 11:56 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{3B96D0F9-A4CE-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:38 . 2012-05-23 12:39 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{3AAF11E9-A4D4-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 13:28 . 2012-05-23 13:29 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{3A3D363E-A4DB-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 11:55 . 2012-05-23 11:56 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{389BB428-A4CE-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:45 . 2012-05-23 12:46 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{3819B42A-A4D5-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 13:28 . 2012-05-23 13:29 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{37411CDD-A4DB-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:02 . 2012-05-23 12:03 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{35FB90ED-A4CF-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:45 . 2012-05-23 12:46 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{351D9AC9-A4D5-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:02 . 2012-05-23 12:03 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{3300318E-A4CF-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:52 . 2012-05-23 12:53 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{3272B893-A4D6-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:09 . 2012-05-23 12:10 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{304E9BF2-A4D0-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:52 . 2012-05-23 12:53 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{2F76A2F5-A4D6-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:09 . 2012-05-23 12:10 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{2D515D99-A4D0-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:59 . 2012-05-23 13:00 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{2CE30131-A4D7-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:16 . 2012-05-23 12:17 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{2AB45302-A4D1-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:59 . 2012-05-23 13:00 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{29E6E911-A4D7-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:16 . 2012-05-23 12:17 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{27B9FEC1-A4D1-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 13:06 . 2012-05-23 13:07 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{273BE25E-A4D8-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:23 . 2012-05-23 12:24 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{252A8CA2-A4D2-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 13:06 . 2012-05-23 13:07 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{24422A5D-A4D8-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:23 . 2012-05-23 12:24 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{222E7341-A4D2-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 13:13 . 2012-05-23 13:14 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{21A133DE-A4D9-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 13:20 . 2012-05-23 13:21 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{20190FFE-A4DA-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:30 . 2012-05-23 12:31 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{1F7E7CEA-A4D3-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 13:20 . 2012-05-23 13:21 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{1F0F8F3D-A4DA-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 13:13 . 2012-05-23 13:14 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{1EA2B91D-A4D9-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:30 . 2012-05-23 12:31 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{1C826389-A4D3-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:37 . 2012-05-23 12:38 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{19E5E1AA-A4D4-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 11:54 . 2012-05-23 11:55 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{17C5B384-A4CE-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:37 . 2012-05-23 12:38 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{16E9C849-A4D4-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 13:27 . 2012-05-23 13:28 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{1669A45E-A4DB-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 11:54 . 2012-05-23 11:55 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{14CBEA79-A4CE-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:44 . 2012-05-23 12:45 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{144AE50A-A4D5-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 13:27 . 2012-05-23 13:28 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{136D8AFD-A4DB-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:01 . 2012-05-23 12:02 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{122667CC-A4CF-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:44 . 2012-05-23 12:45 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{11CCF489-A4D5-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:01 . 2012-05-23 12:02 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{0F27F077-A4CF-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:08 . 2012-05-23 12:09 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{0C9A3FFF-A4D0-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:51 . 2012-05-23 12:52 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{0BC24B11-A4D6-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:08 . 2012-05-23 12:09 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{099E2140-A4D0-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:58 . 2012-05-23 12:59 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{0911DFBD-A4D7-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:15 . 2012-05-23 12:16 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{06F0CE82-A4D1-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:58 . 2012-05-23 12:59 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{0613663E-A4D7-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:15 . 2012-05-23 12:16 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{04375BA1-A4D1-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 13:05 . 2012-05-23 13:06 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{038703DE-A4D8-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:22 . 2012-05-23 12:23 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{01549962-A4D2-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 13:05 . 2012-05-23 13:06 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{008AEA7D-A4D8-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:22 . 2012-05-23 12:23 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{FE588002-A4D1-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 13:12 . 2012-05-23 13:13 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{FDDB9C1F-A4D8-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:29 . 2012-05-23 12:30 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{FBE1AAAB-A4D2-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 13:12 . 2012-05-23 13:13 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{FADF82BE-A4D8-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:29 . 2012-05-23 12:30 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F8BD19EA-A4D2-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:36 . 2012-05-23 12:37 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F62A1D8B-A4D3-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 13:19 . 2012-05-23 13:20 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F5463B9E-A4D9-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 11:53 . 2012-05-23 11:54 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F402706D-A4CD-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:36 . 2012-05-23 12:37 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F32E042A-A4D3-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 13:26 . 2012-05-23 13:27 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F2A45ABF-A4DA-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 11:53 . 2012-05-23 11:54 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F1069FE1-A4CD-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:43 . 2012-05-23 12:44 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F087FCCB-A4D4-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 13:26 . 2012-05-23 13:27 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{EFAAA2BE-A4DA-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:00 . 2012-05-23 12:01 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{EE61CB91-A4CE-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:43 . 2012-05-23 12:44 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{ED89820A-A4D4-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:00 . 2012-05-23 12:01 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{EB649884-A4CE-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:50 . 2012-05-23 12:51 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{EAE8DF9B-A4D5-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:07 . 2012-05-23 12:08 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E8C5AACE-A4CF-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:50 . 2012-05-23 12:51 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E7ECD042-A4D5-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:07 . 2012-05-23 12:08 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E5C8E80D-A4CF-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:57 . 2012-05-23 12:58 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E54A43C6-A4D6-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:14 . 2012-05-23 12:15 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E33C2E83-A4D0-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:57 . 2012-05-23 12:58 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E2508D05-A4D6-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:14 . 2012-05-23 12:15 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E0427682-A4D0-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 13:04 . 2012-05-23 13:05 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{DFB0169F-A4D7-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:21 . 2012-05-23 12:22 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{DD90B723-A4D1-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 13:04 . 2012-05-23 13:05 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{DCB8BFFE-A4D7-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:21 . 2012-05-23 12:22 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{DA923C62-A4D1-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 13:11 . 2012-05-23 13:12 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{DA26FC1F-A4D8-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:28 . 2012-05-23 12:29 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D80231EB-A4D2-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 13:11 . 2012-05-23 13:12 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D72AE2BE-A4D8-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:28 . 2012-05-23 12:29 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D50879EA-A4D2-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 13:18 . 2012-05-23 13:19 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D47D0B5F-A4D9-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:35 . 2012-05-23 12:36 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D25B4E6B-A4D3-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 13:18 . 2012-05-23 13:19 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D180F1FE-A4D9-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 11:52 . 2012-05-23 11:53 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D0558628-A4CD-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:35 . 2012-05-23 12:36 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{CF5F350A-A4D3-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 13:25 . 2012-05-23 13:26 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{CEEFBABF-A4DA-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 11:52 . 2012-05-23 11:53 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{CD572D5D-A4CD-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:42 . 2012-05-23 12:43 4096 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{CCD0FB6B-A4D4-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 13:25 . 2012-05-23 13:26 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{CBF13FFE-A4DA-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 11:59 . 2012-05-23 12:00 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{CB61C54B-A4CE-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:42 . 2012-05-23 12:43 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C9D7436A-A4D4-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 11:59 . 2012-05-23 12:00 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C79F7044-A4CE-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:49 . 2012-05-23 12:50 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C7240E33-A4D5-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:06 . 2012-05-23 12:07 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C4FD949A-A4CF-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:49 . 2012-05-23 12:50 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C427FEDA-A4D5-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:06 . 2012-05-23 12:07 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C202B241-A4CF-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:56 . 2012-05-23 12:57 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C1935167-A4D6-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:13 . 2012-05-23 12:14 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{BF65ED23-A4D0-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:56 . 2012-05-23 12:57 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{BE94D7E8-A4D6-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:13 . 2012-05-23 12:14 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{BC69D3C2-A4D0-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 13:03 . 2012-05-23 13:04 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{BBEACCFF-A4D7-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:20 . 2012-05-23 12:21 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B9DC1723-A4D1-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 13:03 . 2012-05-23 13:04 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B8F114FE-A4D7-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:20 . 2012-05-23 12:21 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B6DFFDC2-A4D1-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 13:10 . 2012-05-23 13:11 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B65108DF-A4D8-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:27 . 2012-05-23 12:28 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B4363D43-A4D2-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 13:10 . 2012-05-23 13:11 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B354EF7E-A4D8-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:27 . 2012-05-23 12:28 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B130B1EA-A4D2-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 13:17 . 2012-05-23 13:18 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B0C86B5F-A4D9-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:34 . 2012-05-23 12:35 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{AE9604CB-A4D3-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 13:17 . 2012-05-23 13:18 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{ADCC51FE-A4D9-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 11:51 . 2012-05-23 11:52 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{AC7DE3D8-A4CD-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:34 . 2012-05-23 12:35 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{AB978A0A-A4D3-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 13:24 . 2012-05-23 13:25 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{AB19C77F-A4DA-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 11:51 . 2012-05-23 11:52 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{A9822882-A4CD-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:41 . 2012-05-23 12:42 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{A8F8A6CB-A4D4-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 13:24 . 2012-05-23 13:25 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{A8200F7E-A4DA-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 11:58 . 2012-05-23 11:59 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{A6D75B5A-A4CE-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:41 . 2012-05-23 12:42 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{A5FC8D6A-A4D4-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 11:58 . 2012-05-23 11:59 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{A3DC08AA-A4CE-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:48 . 2012-05-23 12:49 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{A36D84DB-A4D5-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:05 . 2012-05-23 12:06 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{A14BA62E-A4CF-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:05 . 2012-05-23 12:06 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{9E506A0D-A4CF-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:55 . 2012-05-23 12:56 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{9DC22FF3-A4D6-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:12 . 2012-05-23 12:13 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{9BA0A383-A4D0-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:55 . 2012-05-23 12:56 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{9AC617D3-A4D6-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:12 . 2012-05-23 12:13 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{98A48A22-A4D0-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 13:02 . 2012-05-23 13:03 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{983AEFBF-A4D7-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:19 . 2012-05-23 12:20 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{960623E3-A4D1-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 13:02 . 2012-05-23 13:03 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{953C74FE-A4D7-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:19 . 2012-05-23 12:20 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{930C6BE2-A4D1-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 13:09 . 2012-05-23 13:10 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{92895DDF-A4D8-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:26 . 2012-05-23 12:27 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{906D03D3-A4D2-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 13:09 . 2012-05-23 13:10 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{8F8D447E-A4D8-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:26 . 2012-05-23 12:27 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{8D6E8912-A4D2-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 13:16 . 2012-05-23 13:17 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{8CF016BF-A4D9-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:33 . 2012-05-23 12:34 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{8ADA40AB-A4D3-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 13:16 . 2012-05-23 13:17 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{89F65EBE-A4D9-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:33 . 2012-05-23 12:34 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{87DE274A-A4D3-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 13:23 . 2012-05-23 13:24 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{8756DF3F-A4DA-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:40 . 2012-05-23 12:41 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{8535BE8B-A4D4-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 13:23 . 2012-05-23 13:24 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{845AC5DE-A4DA-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 11:57 . 2012-05-23 11:58 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{8359A725-A4CE-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:40 . 2012-05-23 12:41 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{823743CA-A4D4-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 11:57 . 2012-05-23 11:58 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{80164848-A4CE-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:47 . 2012-05-23 12:48 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{7F9CCCBB-A4D5-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:04 . 2012-05-23 12:05 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{7D75014A-A4CF-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:47 . 2012-05-23 12:48 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{7C9E5C0A-A4D5-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:04 . 2012-05-23 12:05 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{7B27B3E3-A4CF-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:54 . 2012-05-23 12:55 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{79FD05BA-A4D6-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:11 . 2012-05-23 12:12 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{77EC0383-A4D0-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:54 . 2012-05-23 12:55 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{76FE8EBF-A4D6-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:11 . 2012-05-23 12:12 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{74EFEA22-A4D0-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 13:01 . 2012-05-23 13:02 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{74629B1F-A4D7-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:18 . 2012-05-23 12:19 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{723EE643-A4D1-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 13:01 . 2012-05-23 13:02 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{7164205E-A4D7-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:18 . 2012-05-23 12:19 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{6F42CCE2-A4D1-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 13:08 . 2012-05-23 13:09 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{6ED71F3F-A4D8-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:25 . 2012-05-23 12:26 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{6CA3ED8B-A4D2-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 13:08 . 2012-05-23 13:09 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{6BE94E1E-A4D8-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:25 . 2012-05-23 12:26 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{69A7D42A-A4D2-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 13:15 . 2012-05-23 13:16 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{692BC71F-A4D9-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:32 . 2012-05-23 12:33 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{6709102B-A4D3-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 13:15 . 2012-05-23 13:16 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{662FADBE-A4D9-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:32 . 2012-05-23 12:33 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{640F582A-A4D3-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 13:22 . 2012-05-23 13:23 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{639D7C7F-A4DA-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:39 . 2012-05-23 12:40 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{61811E8B-A4D4-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 13:22 . 2012-05-23 13:23 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{60A3C47E-A4DA-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 11:56 . 2012-05-23 11:57 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{5F4C649F-A4CE-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:39 . 2012-05-23 12:40 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{5E85052A-A4D4-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 11:56 . 2012-05-23 11:57 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{5C5389C6-A4CE-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:46 . 2012-05-23 12:47 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{5BD7D9AB-A4D5-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 13:29 . 2012-05-23 13:30 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{5B38635E-A4DB-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:03 . 2012-05-23 12:04 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{59B04292-A4CF-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:46 . 2012-05-23 12:47 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{58D95EEA-A4D5-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:03 . 2012-05-23 12:04 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{56B2FEDB-A4CF-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:53 . 2012-05-23 12:54 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{563FFF6F-A4D6-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:10 . 2012-05-23 12:11 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{5412F363-A4D0-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:53 . 2012-05-23 12:54 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{533A875B-A4D6-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:10 . 2012-05-23 12:11 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{51193392-A4D0-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 13:00 . 2012-05-23 13:01 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{509AF01F-A4D7-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:17 . 2012-05-23 12:18 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{4E8A4643-A4D1-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 13:00 . 2012-05-23 13:01 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{4DA1381E-A4D7-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:17 . 2012-05-23 12:18 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{4B8E2CE2-A4D1-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 13:07 . 2012-05-23 13:07 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{4B012BFF-A4D8-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:24 . 2012-05-23 12:25 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{48DE2EBB-A4D2-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 13:07 . 2012-05-23 13:08 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{4802B13E-A4D8-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:24 . 2012-05-23 12:25 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{45E476BA-A4D2-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 13:14 . 2012-05-23 13:15 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{4577271F-A4D9-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:31 . 2012-05-23 12:32 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{434627EB-A4D3-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 13:14 . 2012-05-23 13:15 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{427B0DBE-A4D9-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:31 . 2012-05-23 12:32 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{404A0E8A-A4D3-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:38 . 2012-05-23 12:39 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{3DA8C9EB-A4D4-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 13:21 . 2012-05-23 13:22 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{3D48509E-A4DA-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 11:55 . 2012-05-23 11:56 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{3B96D0FA-A4CE-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:38 . 2012-05-23 12:39 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{3AAF11EA-A4D4-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 13:28 . 2012-05-23 13:29 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{3A3D363F-A4DB-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 11:55 . 2012-05-23 11:56 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{389BB429-A4CE-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:45 . 2012-05-23 12:46 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{3819B42B-A4D5-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 13:28 . 2012-05-23 13:29 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{37411CDE-A4DB-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:02 . 2012-05-23 12:03 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{35FB90EE-A4CF-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:45 . 2012-05-23 12:46 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{351D9ACA-A4D5-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:02 . 2012-05-23 12:03 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{3300318F-A4CF-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:52 . 2012-05-23 12:53 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{3272B894-A4D6-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:09 . 2012-05-23 12:10 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{304E9BF3-A4D0-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:52 . 2012-05-23 12:53 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{2F76A2F6-A4D6-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:09 . 2012-05-23 12:10 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{2D515D9A-A4D0-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:59 . 2012-05-23 13:00 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{2CE30132-A4D7-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:16 . 2012-05-23 12:17 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{2AB45303-A4D1-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:59 . 2012-05-23 13:00 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{29E6E912-A4D7-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:16 . 2012-05-23 12:17 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{27B9FEC2-A4D1-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 13:06 . 2012-05-23 13:07 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{273BE25F-A4D8-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:23 . 2012-05-23 12:24 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{252A8CA3-A4D2-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 13:06 . 2012-05-23 13:07 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{24422A5E-A4D8-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:23 . 2012-05-23 12:24 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{222E7342-A4D2-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 13:13 . 2012-05-23 13:14 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{21A133DF-A4D9-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 13:20 . 2012-05-23 13:21 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{20190FFF-A4DA-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:30 . 2012-05-23 12:31 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{1F7E7CEB-A4D3-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 13:20 . 2012-05-23 13:21 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{1F0F8F3E-A4DA-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 13:13 . 2012-05-23 13:14 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{1EA2B91E-A4D9-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:30 . 2012-05-23 12:31 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{1C82638A-A4D3-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:37 . 2012-05-23 12:38 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{19E5E1AB-A4D4-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 11:54 . 2012-05-23 11:55 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{17C5B385-A4CE-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:37 . 2012-05-23 12:38 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{16E9C84A-A4D4-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 13:27 . 2012-05-23 13:28 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{1669A45F-A4DB-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 13:20 . 2012-05-23 13:20 4096 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{155A835A-A4DA-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 11:54 . 2012-05-23 11:55 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{14CBEA7A-A4CE-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:44 . 2012-05-23 12:45 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{144AE50B-A4D5-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 13:27 . 2012-05-23 13:28 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{136D8AFE-A4DB-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:01 . 2012-05-23 12:02 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{122667CD-A4CF-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:44 . 2012-05-23 12:45 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{11CCF48A-A4D5-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:01 . 2012-05-23 12:02 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{0F27F078-A4CF-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:08 . 2012-05-23 12:09 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{0C9A4000-A4D0-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:51 . 2012-05-23 12:52 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{0BC24B12-A4D6-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:08 . 2012-05-23 12:09 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{099E2141-A4D0-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:58 . 2012-05-23 12:59 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{0911DFBE-A4D7-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:15 . 2012-05-23 12:16 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{06F0CE83-A4D1-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:58 . 2012-05-23 12:59 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{0613663F-A4D7-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:15 . 2012-05-23 12:16 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{04375BA2-A4D1-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 13:05 . 2012-05-23 13:06 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{038703DF-A4D8-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 12:22 . 2012-05-23 12:23 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{01549963-A4D2-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 13:05 . 2012-05-23 13:06 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{008AEA7E-A4D8-11E1-BF5E-02004E435049}.dat
+ 2012-05-23 16:26 . 2012-05-23 16:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-05-23 02:07 . 2012-05-23 02:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-05-23 16:26 . 2012-05-23 16:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-05-23 02:07 . 2012-05-23 02:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 04:54 . 2012-05-23 02:15 278528 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-05-23 14:44 278528 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-05-23 11:50 . 2012-05-23 14:44 147456 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012052320120524\index.dat
+ 2009-07-14 02:36 . 2012-05-23 16:33 734068 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-05-23 16:33 151802 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:12 . 2012-05-23 12:52 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 05:12 . 2012-05-07 11:56 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 05:01 . 2012-05-23 01:59 412680 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-05-23 16:16 412680 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-05-14 22:58 . 2012-05-23 16:16 773300 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1061089090-2116172776-1088748055-10440-8192.dat
- 2012-05-14 22:58 . 2012-05-23 01:59 773300 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1061089090-2116172776-1088748055-10440-8192.dat
+ 2012-04-17 21:43 . 2012-05-23 14:44 5046272 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\PrivacIE\index.dat
- 2009-07-14 04:54 . 2012-05-23 02:15 2015232 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-05-23 14:44 2015232 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-08-09 00:23 . 2012-05-23 16:16 3996080 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2011-08-09 00:23 . 2012-05-23 01:59 3996080 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2012-04-17 22:10 . 2012-05-23 01:59 6570440 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
+ 2012-04-17 22:10 . 2012-05-23 16:16 6570440 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
+ 2009-07-14 04:54 . 2012-05-23 14:44 10698752 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-05-23 02:15 10698752 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-05-14 22:58 . 2012-05-23 16:16 10946236 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1061089090-2116172776-1088748055-10440-4096.dat
+ 2011-09-16 18:07 . 2012-05-23 16:16 33293260 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1061089090-2116172776-1088748055-10440-12288.dat
- 2011-09-16 18:07 . 2012-05-15 19:00 33293260 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1061089090-2116172776-1088748055-10440-12288.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"RotateImage"="c:\program files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe" [2008-10-30 55808]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"IMSS"="c:\program files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" [2011-01-17 112152]
"PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2012-03-15 5935680]
"Lenovo Registration"="c:\program files (x86)\Lenovo Registration\LenovoReg.exe" [2011-02-09 4309184]
"NcpBudgetGui"="c:\program files (x86)\WatchGuard\Mobile VPN\NcpBudgetGui.exe" [2010-01-29 1032192]
"NcpPopup"="c:\program files (x86)\WatchGuard\Mobile VPN\ncppopup.exe" [2010-01-13 579072]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2011-10-17 1213216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceStartMenuLogOff"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1061089090-2116172776-1088748055-10440\Scripts\Logon\0\0]
"Script"=\\work.ca\SysVol\work.ca\scripts\XActFact\HH-xactfact.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1061089090-2116172776-1088748055-10440\Scripts\Logon\1\0]
"Script"=\\work\sysvol\work.ca\scripts\GPM_MapDrives\GPM_MapHHDrives.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1061089090-2116172776-1088748055-10440\Scripts\Logon\2\0]
"Script"=FPS.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1061089090-2116172776-1088748055-10440\Scripts\Logon\2\1]
"Script"=GP_Hidden.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1061089090-2116172776-1088748055-15361\Scripts\Logon\0\0]
"Script"=\\work\sysvol\work.ca\scripts\GPM_MapDrives\GPM_MapITDrives.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1061089090-2116172776-1088748055-15361\Scripts\Logon\1\0]
"Script"=FPS.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1061089090-2116172776-1088748055-26681\Scripts\Logon\0\0]
"Script"=\\work\sysvol\work.ca\scripts\GPM_MapDrives\GPM_MapHHDrives.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1061089090-2116172776-1088748055-26681\Scripts\Logon\1\0]
"Script"=FPS.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1061089090-2116172776-1088748055-26681\Scripts\Logon\1\1]
"Script"=GP_Hidden.bat
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-25 136176]
R2 HyperW7Svc;HyperW7 Service;c:\program files\Lenovo\RapidBoot\HyperW7Svc64.exe [2011-11-18 144448]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-14 257696]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [x]
R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 DozeSvc;Lenovo Doze Mode Service;c:\program files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2012-03-15 320576]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-25 136176]
R3 HP8207_8307;HP-HP8207_8307;c:\windows\system32\DRIVERS\HP8207_8307.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 ncpfilt;WatchGuard Filter;c:\windows\system32\DRIVERS\ncplelhp.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 pmxdrv;pmxdrv;c:\windows\system32\drivers\pmxdrv.sys [x]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2012-03-15 1662528]
R3 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE [2012-03-15 165440]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 SyDvCtrl;SyDvCtrl;c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin64\SyDvCtrl64.sys [2011-06-17 29664]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]
R4 RsFx0105;RsFx0105 Driver;c:\windows\system32\DRIVERS\RsFx0105.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-09-23 431464]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 DzHDD64;DzHDD64;c:\windows\System32\DRIVERS\DzHDD64.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\Drivers\SEP\0C01029F\136B.105\x64\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\Drivers\SEP\0C01029F\136B.105\x64\SYMEFA64.SYS [x]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\BASHDefs\20120508.011\BHDrvx64.sys [2012-04-10 1160824]
S1 IDSVia64;IDSVia64;c:\programdata\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\IPSDefs\20120522.001\IDSvia64.sys [2012-03-16 488568]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys [x]
S1 PHCORE;PHCORE;c:\program files\Lenovo\RapidBoot\PHCORE64.SYS [2011-07-08 32104]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\Drivers\SEP\0C01029F\136B.105\x64\Ironx64.SYS [x]
S1 SYMNETS;Symantec Network Security WFP Driver;c:\windows\system32\Drivers\SEP\0C01029F\136B.105\x64\SYMNETS.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-10-19 661504]
S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-10-20 135440]
S2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg64.exe [x]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 jhi_service;Intel® Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2011-02-24 212944]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [2012-01-16 43584]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2011-07-12 101736]
S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [2012-01-16 62016]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2011-07-12 133992]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 ncprwsnt;ncprwsnt;c:\program files (x86)\WatchGuard\Mobile VPN\ncprwsnt.exe [2010-02-25 1389576]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-13 2214504]
S2 risdxc;risdxc;c:\windows\system32\DRIVERS\risdxc64.sys [x]
S2 Sentinel64;Sentinel64;c:\windows\System32\Drivers\Sentinel64.sys [x]
S2 SentinelKeysServer;Sentinel Keys Server;c:\program files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [2009-09-17 369952]
S2 SentinelSecurityRuntime;Sentinel Security Runtime;c:\program files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe [2009-09-17 292128]
S2 SepMasterService;Symantec Endpoint Protection;c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe [2011-06-17 137224]
S2 smihlp;SMI Helper Driver (smihlp);c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [2009-03-13 13840]
S2 SROSVC;Screen Reading Optimizer Service Program;c:\program files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe [2011-09-01 446800]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-08-12 379496]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [2011-07-12 145256]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2011-07-12 142696]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-01-17 2656280]
S2 VIPAppService;VIPAppService;c:\program files (x86)\Symantec\VIP Access Client\VIPAppService.exe [2011-04-13 84088]
S3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys [x]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [x]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [x]
S3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-02-04 138360]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [x]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 ncplelhp;WatchGuard Secure Client NDIS6 Driver;c:\windows\system32\DRIVERS\ncplelhp.sys [x]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys [x]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-23 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 15:06]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"TpShocks"="TpShocks.exe" [2011-03-29 380776]
"ForteConfig"="c:\program files\Conexant\ForteConfig\fmapp.exe" [2010-10-26 49056]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2011-03-15 316032]
"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2012-01-16 44096]
"ALCKRESI.EXE"="c:\program files\Lenovo\AutoLock\ALCKRESI.EXE" [2011-09-27 386408]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2011-01-05 5989688]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-10-14 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-10-14 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-10-14 416024]
"AcWin7Hlpr"="c:\program files (x86)\Lenovo\Access Connections\AcTBenabler.exe" [2011-10-20 33344]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.ca/
mLocal Page = c:\windows\SYSTEM32\blank.htm
IE: Copy to &Lightning Note - c:\program files (x86)\Corel\WordPerfect Lightning\Programs\WPLightningCopyToNote.hta
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Open with WordPerfect - c:\program files (x86)\Corel\WordPerfect Office X5\Programs\WPLauncher.hta
IE: Se&nd to OneNote - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 10.82.2.2
DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77} - hxxp://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect2.cab
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SepMasterService]
"ImagePath"="\"c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe\" /s \"Symantec Endpoint Protection\" /m \"c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\sms.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SmcService]
"ImagePath"="\"c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin64\Smc.exe\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{6D53EC84-6AAE-4787-AEEE-F4628F01010C}"=hex:51,66,7a,6c,4c,1d,38,12,ea,ef,40,
69,9c,24,e9,02,d1,f8,b7,22,8a,5f,45,18
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{C63CD127-A1CB-4D49-A4F7-D6F88A917BE6}"=hex:51,66,7a,6c,4c,1d,38,12,49,d2,2f,
c2,f9,ef,27,08,db,e1,95,b8,8f,cf,3f,f2
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:e9,1e,09,1f,ea,2d,cd,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,6f,4e,cf,08,fd,6a,15,48,8e,1d,0c,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,6f,4e,cf,08,fd,6a,15,48,8e,1d,0c,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\CurrentVersion]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Symantec\Symantec Endpoint Protection\CurrentVersion]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-05-23 14:53:12
ComboFix-quarantined-files.txt 2012-05-23 17:52
ComboFix2.txt 2012-05-23 02:37
.
Pre-Run: 150,183,092,224 bytes free
Post-Run: 150,219,988,992 bytes free
.
- - End Of File - - B8D10B6763773228E500152A956C644B



I haven't yet had a hidden iexplore.exe process open up yet! Although it was pretty random and it has only been an hour or so.

I am still getting redirected in google though. I opened up internet explorer and went to google.ca and typed 'test' and selected the first search result and it took me here: http: / / offshore6gigharborfolkfestival dot com /result/?q=test

Edited by ProblemGuy, 23 May 2012 - 01:26 PM.


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:43 PM

Posted 23 May 2012 - 01:35 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 ProblemGuy

ProblemGuy
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:01:43 PM

Posted 23 May 2012 - 02:06 PM

15:43:35.0732 22204 TDSS rootkit removing tool 2.7.37.0 May 23 2012 08:15:30
15:43:35.0997 22204 ============================================================
15:43:35.0997 22204 Current date / time: 2012/05/23 15:43:35.0997
15:43:35.0997 22204 SystemInfo:
15:43:35.0997 22204
15:43:35.0997 22204 OS Version: 6.1.7601 ServicePack: 1.0
15:43:35.0997 22204 Product type: Workstation
15:43:35.0997 22204 ComputerName: HH1803
15:43:35.0997 22204 UserName: ddine
15:43:35.0997 22204 Windows directory: C:\Windows
15:43:35.0997 22204 System windows directory: C:\Windows
15:43:35.0997 22204 Running under WOW64
15:43:35.0997 22204 Processor architecture: Intel x64
15:43:35.0997 22204 Number of processors: 8
15:43:35.0997 22204 Page size: 0x1000
15:43:35.0997 22204 Boot type: Normal boot
15:43:35.0997 22204 ============================================================
15:43:36.0324 22204 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:43:36.0340 22204 ============================================================
15:43:36.0340 22204 \Device\Harddisk0\DR0:
15:43:36.0340 22204 MBR partitions:
15:43:36.0340 22204 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A10D
15:43:36.0340 22204 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x12A14C, BlocksNum 0x1D09B024
15:43:36.0340 22204 ============================================================
15:43:36.0387 22204 C: <-> \Device\Harddisk0\DR0\Partition1
15:43:36.0387 22204 ============================================================
15:43:36.0387 22204 Initialize success
15:43:36.0387 22204 ============================================================
15:43:54.0982 28428 ============================================================
15:43:54.0982 28428 Scan started
15:43:54.0982 28428 Mode: Manual;
15:43:54.0982 28428 ============================================================
15:43:55.0731 28428 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\DRIVERS\1394ohci.sys
15:43:55.0731 28428 1394ohci - ok
15:43:55.0793 28428 5U877 (f4af97702bad85bfef64b9a557f11b6f) C:\Windows\system32\DRIVERS\5U877.sys
15:43:55.0809 28428 5U877 - ok
15:43:55.0871 28428 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
15:43:55.0871 28428 ACPI - ok
15:43:55.0918 28428 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
15:43:55.0918 28428 AcpiPmi - ok
15:43:56.0074 28428 AcPrfMgrSvc (1933db4808793f3bd7ab34a39a809425) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
15:43:56.0074 28428 AcPrfMgrSvc - ok
15:43:56.0105 28428 AcSvc (e7af543334b21d84124709061a9ae4d7) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
15:43:56.0105 28428 AcSvc - ok
15:43:56.0183 28428 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
15:43:56.0199 28428 AdobeARMservice - ok
15:43:56.0324 28428 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
15:43:56.0324 28428 AdobeFlashPlayerUpdateSvc - ok
15:43:56.0480 28428 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
15:43:56.0480 28428 adp94xx - ok
15:43:56.0526 28428 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
15:43:56.0526 28428 adpahci - ok
15:43:56.0573 28428 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
15:43:56.0573 28428 adpu320 - ok
15:43:56.0604 28428 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
15:43:56.0604 28428 AeLookupSvc - ok
15:43:56.0667 28428 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
15:43:56.0667 28428 AFD - ok
15:43:56.0698 28428 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
15:43:56.0698 28428 agp440 - ok
15:43:56.0714 28428 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
15:43:56.0714 28428 ALG - ok
15:43:56.0729 28428 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
15:43:56.0729 28428 aliide - ok
15:43:56.0745 28428 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
15:43:56.0745 28428 amdide - ok
15:43:56.0760 28428 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
15:43:56.0760 28428 AmdK8 - ok
15:43:56.0776 28428 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
15:43:56.0776 28428 AmdPPM - ok
15:43:56.0807 28428 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
15:43:56.0807 28428 amdsata - ok
15:43:56.0838 28428 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
15:43:56.0838 28428 amdsbs - ok
15:43:56.0854 28428 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
15:43:56.0854 28428 amdxata - ok
15:43:56.0901 28428 AMPPAL (12e7a43a3c6840a063a82b04f7ef47c0) C:\Windows\system32\DRIVERS\AMPPAL.sys
15:43:56.0901 28428 AMPPAL - ok
15:43:56.0916 28428 AMPPALP (12e7a43a3c6840a063a82b04f7ef47c0) C:\Windows\system32\DRIVERS\amppal.sys
15:43:56.0916 28428 AMPPALP - ok
15:43:56.0994 28428 AMPPALR3 (2cc0cbf2707be4d5b6ce6b87d9da2f97) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
15:43:57.0010 28428 AMPPALR3 - ok
15:43:57.0041 28428 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
15:43:57.0041 28428 AppID - ok
15:43:57.0057 28428 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
15:43:57.0057 28428 AppIDSvc - ok
15:43:57.0072 28428 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
15:43:57.0072 28428 Appinfo - ok
15:43:57.0104 28428 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
15:43:57.0104 28428 AppMgmt - ok
15:43:57.0135 28428 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
15:43:57.0135 28428 arc - ok
15:43:57.0182 28428 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
15:43:57.0182 28428 arcsas - ok
15:43:57.0260 28428 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
15:43:57.0260 28428 aspnet_state - ok
15:43:57.0291 28428 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
15:43:57.0291 28428 AsyncMac - ok
15:43:57.0322 28428 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
15:43:57.0322 28428 atapi - ok
15:43:57.0400 28428 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
15:43:57.0400 28428 AudioEndpointBuilder - ok
15:43:57.0400 28428 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
15:43:57.0400 28428 AudioSrv - ok
15:43:57.0431 28428 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
15:43:57.0431 28428 AxInstSV - ok
15:43:57.0494 28428 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
15:43:57.0494 28428 b06bdrv - ok
15:43:57.0540 28428 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
15:43:57.0540 28428 b57nd60a - ok
15:43:57.0572 28428 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
15:43:57.0572 28428 BDESVC - ok
15:43:57.0587 28428 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
15:43:57.0587 28428 Beep - ok
15:43:57.0650 28428 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
15:43:57.0665 28428 BFE - ok
15:43:57.0899 28428 BHDrvx64 (5b1fe9d351c284701c8051da2aa81df6) C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\BASHDefs\20120508.011\BHDrvx64.sys
15:43:57.0899 28428 BHDrvx64 - ok
15:43:58.0055 28428 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
15:43:58.0071 28428 BITS - ok
15:43:58.0118 28428 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
15:43:58.0133 28428 blbdrive - ok
15:43:58.0196 28428 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
15:43:58.0196 28428 bowser - ok
15:43:58.0227 28428 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
15:43:58.0227 28428 BrFiltLo - ok
15:43:58.0227 28428 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
15:43:58.0227 28428 BrFiltUp - ok
15:43:58.0258 28428 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
15:43:58.0258 28428 BridgeMP - ok
15:43:58.0289 28428 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
15:43:58.0289 28428 Browser - ok
15:43:58.0336 28428 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
15:43:58.0336 28428 Brserid - ok
15:43:58.0352 28428 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
15:43:58.0352 28428 BrSerWdm - ok
15:43:58.0367 28428 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
15:43:58.0367 28428 BrUsbMdm - ok
15:43:58.0383 28428 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
15:43:58.0383 28428 BrUsbSer - ok
15:43:58.0414 28428 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
15:43:58.0414 28428 BthEnum - ok
15:43:58.0430 28428 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
15:43:58.0430 28428 BTHMODEM - ok
15:43:58.0445 28428 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
15:43:58.0445 28428 BthPan - ok
15:43:58.0508 28428 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
15:43:58.0508 28428 BTHPORT - ok
15:43:58.0554 28428 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
15:43:58.0554 28428 bthserv - ok
15:43:58.0664 28428 BTHSSecurityMgr (d6ceec2f878149e4db9fe93fa5d8fe60) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
15:43:58.0664 28428 BTHSSecurityMgr - ok
15:43:58.0679 28428 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
15:43:58.0679 28428 BTHUSB - ok
15:43:58.0757 28428 BTWAMPFL (f8cfafbd5bf8b3ddb0d3c2943a5af8ce) C:\Windows\system32\DRIVERS\btwampfl.sys
15:43:58.0757 28428 BTWAMPFL - ok
15:43:58.0773 28428 btwaudio (24bff9d75310f3059ee44f38bf0de0b2) C:\Windows\system32\drivers\btwaudio.sys
15:43:58.0773 28428 btwaudio - ok
15:43:58.0804 28428 btwavdt (858b305ade425732cff9ded182f94fb8) C:\Windows\system32\drivers\btwavdt.sys
15:43:58.0804 28428 btwavdt - ok
15:43:58.0960 28428 btwdins (6ef8cc2f2fda2098089a33f43f4e019d) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
15:43:58.0976 28428 btwdins - ok
15:43:59.0116 28428 btwl2cap (b9354f9f111c64f2495b60f1e24cb453) C:\Windows\system32\DRIVERS\btwl2cap.sys
15:43:59.0116 28428 btwl2cap - ok
15:43:59.0163 28428 btwrchid (3bd876387d6c538690300f9ec198856b) C:\Windows\system32\DRIVERS\btwrchid.sys
15:43:59.0163 28428 btwrchid - ok
15:43:59.0194 28428 catchme - ok
15:43:59.0272 28428 CAXHWAZL (48360b88c4bf45850653bb7c86888ed4) C:\Windows\system32\DRIVERS\CAXHWAZL.sys
15:43:59.0272 28428 CAXHWAZL - ok
15:43:59.0303 28428 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
15:43:59.0303 28428 cdfs - ok
15:43:59.0334 28428 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
15:43:59.0334 28428 cdrom - ok
15:43:59.0366 28428 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
15:43:59.0366 28428 CertPropSvc - ok
15:43:59.0397 28428 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
15:43:59.0397 28428 circlass - ok
15:43:59.0444 28428 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
15:43:59.0444 28428 CLFS - ok
15:43:59.0506 28428 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:43:59.0506 28428 clr_optimization_v2.0.50727_32 - ok
15:43:59.0537 28428 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:43:59.0537 28428 clr_optimization_v2.0.50727_64 - ok
15:43:59.0600 28428 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:43:59.0600 28428 clr_optimization_v4.0.30319_32 - ok
15:43:59.0646 28428 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:43:59.0646 28428 clr_optimization_v4.0.30319_64 - ok
15:43:59.0693 28428 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
15:43:59.0693 28428 CmBatt - ok
15:43:59.0709 28428 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
15:43:59.0709 28428 cmdide - ok
15:43:59.0787 28428 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
15:43:59.0787 28428 CNG - ok
15:44:00.0021 28428 CnxtHdAudService (8de541b4cfa281a204baa3ea2109809e) C:\Windows\system32\drivers\CHDRT64.sys
15:44:00.0021 28428 CnxtHdAudService - ok
15:44:00.0192 28428 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
15:44:00.0192 28428 Compbatt - ok
15:44:00.0224 28428 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
15:44:00.0224 28428 CompositeBus - ok
15:44:00.0224 28428 COMSysApp - ok
15:44:00.0239 28428 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
15:44:00.0239 28428 crcdisk - ok
15:44:00.0286 28428 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
15:44:00.0286 28428 CryptSvc - ok
15:44:00.0333 28428 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
15:44:00.0333 28428 CSC - ok
15:44:00.0395 28428 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
15:44:00.0395 28428 CscService - ok
15:44:00.0442 28428 CxAudMsg (9d0d050170d47e778b624a28c90f23de) C:\Windows\system32\CxAudMsg64.exe
15:44:00.0442 28428 CxAudMsg - ok
15:44:00.0520 28428 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
15:44:00.0520 28428 DcomLaunch - ok
15:44:00.0567 28428 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
15:44:00.0567 28428 defragsvc - ok
15:44:00.0614 28428 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
15:44:00.0614 28428 DfsC - ok
15:44:00.0645 28428 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
15:44:00.0645 28428 Dhcp - ok
15:44:00.0660 28428 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
15:44:00.0660 28428 discache - ok
15:44:00.0692 28428 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
15:44:00.0692 28428 Disk - ok
15:44:00.0723 28428 dmvsc (5db085a8a6600be6401f2b24eecb5415) C:\Windows\system32\drivers\dmvsc.sys
15:44:00.0723 28428 dmvsc - ok
15:44:00.0754 28428 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
15:44:00.0754 28428 Dnscache - ok
15:44:00.0785 28428 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
15:44:00.0785 28428 dot3svc - ok
15:44:00.0879 28428 DozeSvc (9597bcb69286ff017db1a0fb8144408d) C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE
15:44:00.0879 28428 DozeSvc - ok
15:44:00.0894 28428 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
15:44:00.0894 28428 DPS - ok
15:44:00.0910 28428 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
15:44:00.0910 28428 drmkaud - ok
15:44:01.0004 28428 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
15:44:01.0004 28428 DXGKrnl - ok
15:44:01.0035 28428 DzHDD64 (3ce83d7ee95d9c9f03323810a2e747df) C:\Windows\system32\DRIVERS\DzHDD64.sys
15:44:01.0035 28428 DzHDD64 - ok
15:44:01.0097 28428 e1cexpress (03f4c5c12fc1c69f838da723475ef650) C:\Windows\system32\DRIVERS\e1c62x64.sys
15:44:01.0097 28428 e1cexpress - ok
15:44:01.0113 28428 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
15:44:01.0113 28428 EapHost - ok
15:44:01.0347 28428 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
15:44:01.0347 28428 ebdrv - ok
15:44:01.0440 28428 eeCtrl (0c3f9eff8ddd9f9eb56d754b4620155f) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
15:44:01.0440 28428 eeCtrl - ok
15:44:01.0565 28428 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
15:44:01.0565 28428 EFS - ok
15:44:01.0643 28428 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
15:44:01.0643 28428 ehRecvr - ok
15:44:01.0659 28428 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
15:44:01.0659 28428 ehSched - ok
15:44:01.0784 28428 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
15:44:01.0799 28428 elxstor - ok
15:44:01.0924 28428 EraserUtilRebootDrv (8c0f9b877bc0b7ffd327ef55f9efb642) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
15:44:01.0924 28428 EraserUtilRebootDrv - ok
15:44:01.0940 28428 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
15:44:01.0940 28428 ErrDev - ok
15:44:02.0002 28428 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
15:44:02.0002 28428 EventSystem - ok
15:44:02.0174 28428 EvtEng (532b8ff8e07f3772b086620377654f95) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
15:44:02.0174 28428 EvtEng - ok
15:44:02.0330 28428 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
15:44:02.0345 28428 exfat - ok
15:44:02.0361 28428 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
15:44:02.0376 28428 fastfat - ok
15:44:02.0454 28428 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
15:44:02.0454 28428 Fax - ok
15:44:02.0470 28428 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
15:44:02.0470 28428 fdc - ok
15:44:02.0486 28428 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
15:44:02.0486 28428 fdPHost - ok
15:44:02.0517 28428 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
15:44:02.0517 28428 FDResPub - ok
15:44:02.0532 28428 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
15:44:02.0532 28428 FileInfo - ok
15:44:02.0548 28428 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
15:44:02.0548 28428 Filetrace - ok
15:44:02.0564 28428 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
15:44:02.0564 28428 flpydisk - ok
15:44:02.0595 28428 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
15:44:02.0595 28428 FltMgr - ok
15:44:02.0657 28428 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
15:44:02.0673 28428 FontCache - ok
15:44:02.0735 28428 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:44:02.0735 28428 FontCache3.0.0.0 - ok
15:44:02.0782 28428 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
15:44:02.0782 28428 FsDepends - ok
15:44:02.0813 28428 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
15:44:02.0813 28428 Fs_Rec - ok
15:44:02.0860 28428 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
15:44:02.0860 28428 fvevol - ok
15:44:02.0907 28428 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
15:44:02.0907 28428 gagp30kx - ok
15:44:02.0985 28428 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
15:44:02.0985 28428 gpsvc - ok
15:44:03.0094 28428 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:44:03.0110 28428 gupdate - ok
15:44:03.0110 28428 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:44:03.0110 28428 gupdatem - ok
15:44:03.0172 28428 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
15:44:03.0172 28428 hcw85cir - ok
15:44:03.0219 28428 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
15:44:03.0219 28428 HdAudAddService - ok
15:44:03.0250 28428 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
15:44:03.0250 28428 HDAudBus - ok
15:44:03.0250 28428 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
15:44:03.0250 28428 HidBatt - ok
15:44:03.0281 28428 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
15:44:03.0281 28428 HidBth - ok
15:44:03.0297 28428 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
15:44:03.0297 28428 HidIr - ok
15:44:03.0312 28428 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
15:44:03.0312 28428 hidserv - ok
15:44:03.0344 28428 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
15:44:03.0344 28428 HidUsb - ok
15:44:03.0375 28428 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
15:44:03.0375 28428 hkmsvc - ok
15:44:03.0422 28428 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
15:44:03.0422 28428 HomeGroupListener - ok
15:44:03.0453 28428 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
15:44:03.0453 28428 HomeGroupProvider - ok
15:44:03.0468 28428 HP8207_8307 (3015b37029ad15c67ebca5053c422f90) C:\Windows\system32\DRIVERS\HP8207_8307.sys
15:44:03.0468 28428 HP8207_8307 - ok
15:44:03.0500 28428 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
15:44:03.0500 28428 HpSAMD - ok
15:44:03.0640 28428 HsfXAudioService (447256d1c026654c5cd3cc17e7b20631) C:\Windows\SysWOW64\XAudio64.dll
15:44:03.0640 28428 HsfXAudioService - ok
15:44:03.0905 28428 HSF_DPV (f6ac1087a131fbb385400667bea64fbe) C:\Windows\system32\DRIVERS\CAX_DPV.sys
15:44:03.0921 28428 HSF_DPV - ok
15:44:04.0108 28428 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
15:44:04.0108 28428 HTTP - ok
15:44:04.0124 28428 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
15:44:04.0124 28428 hwpolicy - ok
15:44:04.0248 28428 HyperW7Svc (aeff0de7ba1f175657efc427f4f13857) C:\Program Files\Lenovo\RapidBoot\HyperW7Svc64.exe
15:44:04.0248 28428 HyperW7Svc - ok
15:44:04.0295 28428 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
15:44:04.0295 28428 i8042prt - ok
15:44:04.0358 28428 iaStor (2fdaec4b02729c48c0fd1b0b4695995b) C:\Windows\system32\drivers\iaStor.sys
15:44:04.0373 28428 iaStor - ok
15:44:04.0420 28428 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
15:44:04.0420 28428 iaStorV - ok
15:44:04.0451 28428 IBMPMDRV (72b253cdbcaa10e88aad0ba39cc83bcd) C:\Windows\system32\DRIVERS\ibmpmdrv.sys
15:44:04.0451 28428 IBMPMDRV - ok
15:44:04.0467 28428 IBMPMSVC (4925ffb084c9ad02e8eef01fb18bf5ac) C:\Windows\system32\ibmpmsvc.exe
15:44:04.0467 28428 IBMPMSVC - ok
15:44:04.0576 28428 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:44:04.0576 28428 idsvc - ok
15:44:04.0732 28428 IDSVia64 (4e9e0e5a3b0efeb27491c26be1d97fda) C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\IPSDefs\20120522.001\IDSvia64.sys
15:44:04.0732 28428 IDSVia64 - ok
15:44:05.0715 28428 igfx (978d876a581d57e0de6437674eb0014d) C:\Windows\system32\DRIVERS\igdkmd64.sys
15:44:05.0762 28428 igfx - ok
15:44:05.0933 28428 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
15:44:05.0933 28428 iirsp - ok
15:44:06.0027 28428 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
15:44:06.0027 28428 IKEEXT - ok
15:44:06.0042 28428 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
15:44:06.0042 28428 intelide - ok
15:44:06.0058 28428 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
15:44:06.0058 28428 intelppm - ok
15:44:06.0089 28428 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
15:44:06.0089 28428 IPBusEnum - ok
15:44:06.0105 28428 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:44:06.0105 28428 IpFilterDriver - ok
15:44:06.0198 28428 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
15:44:06.0198 28428 iphlpsvc - ok
15:44:06.0214 28428 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
15:44:06.0214 28428 IPMIDRV - ok
15:44:06.0245 28428 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
15:44:06.0245 28428 IPNAT - ok
15:44:06.0261 28428 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
15:44:06.0261 28428 IRENUM - ok
15:44:06.0276 28428 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
15:44:06.0276 28428 isapnp - ok
15:44:06.0308 28428 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
15:44:06.0308 28428 iScsiPrt - ok
15:44:06.0417 28428 jhi_service (6c85719a21b3f62c2c76280f4bd36c7b) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
15:44:06.0432 28428 jhi_service - ok
15:44:06.0448 28428 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
15:44:06.0448 28428 kbdclass - ok
15:44:06.0479 28428 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
15:44:06.0479 28428 kbdhid - ok
15:44:06.0495 28428 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:44:06.0495 28428 KeyIso - ok
15:44:06.0526 28428 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
15:44:06.0526 28428 KSecDD - ok
15:44:06.0557 28428 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
15:44:06.0557 28428 KSecPkg - ok
15:44:06.0573 28428 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
15:44:06.0573 28428 ksthunk - ok
15:44:06.0620 28428 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
15:44:06.0620 28428 KtmRm - ok
15:44:06.0682 28428 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
15:44:06.0682 28428 LanmanServer - ok
15:44:06.0713 28428 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
15:44:06.0713 28428 LanmanWorkstation - ok
15:44:06.0854 28428 LBTServ (7772dfab22611050b79504e671b06e6e) C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
15:44:06.0854 28428 LBTServ - ok
15:44:06.0900 28428 LENOVO.CAMMUTE (a4973df3264791952d6d7ab56565dd55) C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
15:44:06.0900 28428 LENOVO.CAMMUTE - ok
15:44:06.0963 28428 LENOVO.MICMUTE (340288b3b2edc8afd5ff127df85142a7) C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
15:44:06.0963 28428 LENOVO.MICMUTE - ok
15:44:07.0010 28428 lenovo.smi (2b9d8555dc004e240082d18e7725ce20) C:\Windows\system32\DRIVERS\smiifx64.sys
15:44:07.0010 28428 lenovo.smi - ok
15:44:07.0025 28428 LENOVO.TPKNRSVC (05d72de005be625ce60ce3be4fab9714) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
15:44:07.0025 28428 LENOVO.TPKNRSVC - ok
15:44:07.0056 28428 Lenovo.VIRTSCRLSVC (f7de50781dc4d162c1005eb30d98f931) C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
15:44:07.0056 28428 Lenovo.VIRTSCRLSVC - ok
15:44:07.0088 28428 LEqdUsb (ed7ec050cd6c20e1a93a4dafb7efd14d) C:\Windows\system32\DRIVERS\LEqdUsb.Sys
15:44:07.0088 28428 LEqdUsb - ok
15:44:07.0119 28428 LHidEqd (3267bc698e29474a8381e68904eb0390) C:\Windows\system32\DRIVERS\LHidEqd.Sys
15:44:07.0134 28428 LHidEqd - ok
15:44:07.0166 28428 LHidFilt (241f2648adf090e2a10095bd6d6f5dcb) C:\Windows\system32\DRIVERS\LHidFilt.Sys
15:44:07.0166 28428 LHidFilt - ok
15:44:07.0212 28428 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
15:44:07.0212 28428 lltdio - ok
15:44:07.0259 28428 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
15:44:07.0259 28428 lltdsvc - ok
15:44:07.0275 28428 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
15:44:07.0275 28428 lmhosts - ok
15:44:07.0322 28428 LMouFilt (342ed5a4b3326014438f36d22d803737) C:\Windows\system32\DRIVERS\LMouFilt.Sys
15:44:07.0322 28428 LMouFilt - ok
15:44:07.0415 28428 LMS (97f9eaac985a663394cd8f54dcd3e73a) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
15:44:07.0415 28428 LMS - ok
15:44:07.0446 28428 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
15:44:07.0446 28428 LSI_FC - ok
15:44:07.0462 28428 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
15:44:07.0462 28428 LSI_SAS - ok
15:44:07.0478 28428 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
15:44:07.0478 28428 LSI_SAS2 - ok
15:44:07.0493 28428 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
15:44:07.0493 28428 LSI_SCSI - ok
15:44:07.0524 28428 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
15:44:07.0524 28428 luafv - ok
15:44:07.0540 28428 LUsbFilt (29c733e1de824670dc9315cfc9bdbcd3) C:\Windows\system32\Drivers\LUsbFilt.Sys
15:44:07.0540 28428 LUsbFilt - ok
15:44:07.0571 28428 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
15:44:07.0571 28428 MBAMProtector - ok
15:44:07.0868 28428 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
15:44:07.0868 28428 MBAMService - ok
15:44:07.0899 28428 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
15:44:07.0899 28428 Mcx2Svc - ok
15:44:07.0961 28428 mdmxsdk (e4f44ec214b3e381e1fc844a02926666) C:\Windows\system32\DRIVERS\mdmxsdk.sys
15:44:07.0961 28428 mdmxsdk - ok
15:44:08.0024 28428 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
15:44:08.0024 28428 megasas - ok
15:44:08.0117 28428 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
15:44:08.0117 28428 MegaSR - ok
15:44:08.0180 28428 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
15:44:08.0180 28428 MEIx64 - ok
15:44:08.0273 28428 Microsoft SharePoint Workspace Audit Service - ok
15:44:08.0320 28428 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
15:44:08.0320 28428 MMCSS - ok
15:44:08.0336 28428 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
15:44:08.0336 28428 Modem - ok
15:44:08.0367 28428 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
15:44:08.0367 28428 monitor - ok
15:44:08.0398 28428 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
15:44:08.0398 28428 mouclass - ok
15:44:08.0429 28428 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
15:44:08.0429 28428 mouhid - ok
15:44:08.0460 28428 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
15:44:08.0460 28428 mountmgr - ok
15:44:08.0507 28428 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
15:44:08.0507 28428 mpio - ok
15:44:08.0523 28428 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
15:44:08.0523 28428 mpsdrv - ok
15:44:09.0006 28428 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
15:44:09.0006 28428 MpsSvc - ok
15:44:09.0022 28428 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
15:44:09.0022 28428 MRxDAV - ok
15:44:09.0069 28428 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:44:09.0069 28428 mrxsmb - ok
15:44:09.0100 28428 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:44:09.0100 28428 mrxsmb10 - ok
15:44:09.0131 28428 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:44:09.0131 28428 mrxsmb20 - ok
15:44:09.0178 28428 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
15:44:09.0178 28428 msahci - ok
15:44:09.0474 28428 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
15:44:09.0474 28428 msdsm - ok
15:44:09.0506 28428 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
15:44:09.0506 28428 MSDTC - ok
15:44:09.0537 28428 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
15:44:09.0537 28428 Msfs - ok
15:44:09.0584 28428 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
15:44:09.0584 28428 mshidkmdf - ok
15:44:09.0599 28428 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
15:44:09.0599 28428 msisadrv - ok
15:44:09.0693 28428 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
15:44:09.0693 28428 MSiSCSI - ok
15:44:09.0693 28428 msiserver - ok
15:44:09.0802 28428 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
15:44:09.0802 28428 MSKSSRV - ok
15:44:09.0864 28428 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
15:44:09.0864 28428 MSPCLOCK - ok
15:44:10.0270 28428 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
15:44:10.0270 28428 MSPQM - ok
15:44:10.0488 28428 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
15:44:10.0488 28428 MsRPC - ok
15:44:11.0081 28428 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
15:44:11.0081 28428 mssmbios - ok
15:44:11.0721 28428 MSSQL$SQLEXPRESS - ok
15:44:12.0860 28428 MSSQLServerADHelper100 (7a2a8c975356858eb38466a6b1592e8d) c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
15:44:12.0860 28428 MSSQLServerADHelper100 - ok
15:44:12.0953 28428 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
15:44:12.0953 28428 MSTEE - ok
15:44:18.0366 28428 msvsmon90 (cb4a082af58d1a0969f931816d5cfb05) C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe
15:44:18.0491 28428 msvsmon90 - ok
15:44:19.0365 28428 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
15:44:19.0365 28428 MTConfig - ok
15:44:19.0396 28428 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
15:44:19.0396 28428 Mup - ok
15:44:19.0427 28428 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
15:44:19.0443 28428 napagent - ok
15:44:19.0474 28428 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
15:44:19.0474 28428 NativeWifiP - ok
15:44:19.0583 28428 NAVENG (8043d41f881d6ace40b854ad6e32217f) C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\VirusDefs\20120522.020\ENG64.SYS
15:44:19.0583 28428 NAVENG - ok
15:44:19.0692 28428 NAVEX15 (9a9ab2fc45d701daed465d14980f1305) C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\VirusDefs\20120522.020\EX64.SYS
15:44:19.0692 28428 NAVEX15 - ok
15:44:20.0457 28428 ncpfilt (a7f5e21610b21c8ea8f4c718e9dcca59) C:\Windows\system32\DRIVERS\ncplelhp.sys
15:44:20.0472 28428 ncpfilt - ok
15:44:20.0519 28428 ncplelhp (a7f5e21610b21c8ea8f4c718e9dcca59) C:\Windows\system32\DRIVERS\ncplelhp.sys
15:44:20.0519 28428 ncplelhp - ok
15:44:20.0753 28428 ncprwsnt (ef8bcedf23e4917f70d9237a2347d453) C:\Program Files (x86)\WatchGuard\Mobile VPN\ncprwsnt.exe
15:44:20.0753 28428 ncprwsnt - ok
15:44:20.0956 28428 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys
15:44:20.0972 28428 NDIS - ok
15:44:21.0018 28428 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
15:44:21.0018 28428 NdisCap - ok
15:44:21.0050 28428 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
15:44:21.0050 28428 NdisTapi - ok
15:44:21.0065 28428 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
15:44:21.0065 28428 Ndisuio - ok
15:44:21.0096 28428 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
15:44:21.0096 28428 NdisWan - ok
15:44:21.0112 28428 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
15:44:21.0112 28428 NDProxy - ok
15:44:21.0112 28428 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
15:44:21.0128 28428 NetBIOS - ok
15:44:21.0174 28428 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
15:44:21.0174 28428 NetBT - ok
15:44:21.0206 28428 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:44:21.0206 28428 Netlogon - ok
15:44:21.0252 28428 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
15:44:21.0252 28428 Netman - ok
15:44:21.0346 28428 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:44:21.0346 28428 NetMsmqActivator - ok
15:44:21.0346 28428 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:44:21.0346 28428 NetPipeActivator - ok
15:44:21.0377 28428 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
15:44:21.0393 28428 netprofm - ok
15:44:21.0393 28428 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:44:21.0393 28428 NetTcpActivator - ok
15:44:21.0393 28428 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:44:21.0393 28428 NetTcpPortSharing - ok
15:44:21.0861 28428 NETwNs64 (774c9eccef83ab8a3d1466f19809c95f) C:\Windows\system32\DRIVERS\NETwNs64.sys
15:44:21.0939 28428 NETwNs64 - ok
15:44:22.0828 28428 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
15:44:22.0828 28428 nfrd960 - ok
15:44:23.0000 28428 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
15:44:23.0000 28428 NlaSvc - ok
15:44:23.0046 28428 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
15:44:23.0046 28428 Npfs - ok
15:44:23.0062 28428 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
15:44:23.0062 28428 nsi - ok
15:44:23.0078 28428 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
15:44:23.0078 28428 nsiproxy - ok
15:44:23.0202 28428 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
15:44:23.0202 28428 Ntfs - ok
15:44:23.0343 28428 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
15:44:23.0343 28428 Null - ok
15:44:23.0374 28428 nusb3hub (158ad24745bd85ba9be3c51c38f48c32) C:\Windows\system32\DRIVERS\nusb3hub.sys
15:44:23.0374 28428 nusb3hub - ok
15:44:23.0390 28428 nusb3xhc (d40a13b2c0891e218f9523b376955db6) C:\Windows\system32\DRIVERS\nusb3xhc.sys
15:44:23.0390 28428 nusb3xhc - ok
15:44:23.0436 28428 NVHDA (960e39a54e525df58cb29193147dffa1) C:\Windows\system32\drivers\nvhda64v.sys
15:44:23.0436 28428 NVHDA - ok
15:44:24.0950 28428 nvlddmkm (7c7e6935e986c5237a883d2b82c654e2) C:\Windows\system32\DRIVERS\nvlddmkm.sys
15:44:25.0199 28428 nvlddmkm - ok
15:44:26.0478 28428 nvpciflt (ee58a22403c31a23731dd2ad2cb707c8) C:\Windows\system32\DRIVERS\nvpciflt.sys
15:44:26.0478 28428 nvpciflt - ok
15:44:26.0946 28428 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
15:44:26.0946 28428 nvraid - ok
15:44:27.0102 28428 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
15:44:27.0149 28428 nvstor - ok
15:44:27.0430 28428 NVSvc (e62e113d487958cbc5137af65922de4c) C:\Windows\system32\nvvsvc.exe
15:44:27.0492 28428 NVSvc - ok
15:44:27.0695 28428 nvUpdatusService (31d61ec056fab73a911d9987099575e0) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
15:44:27.0711 28428 nvUpdatusService - ok
15:44:28.0335 28428 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
15:44:28.0350 28428 nv_agp - ok
15:44:28.0647 28428 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
15:44:28.0709 28428 ohci1394 - ok
15:44:29.0146 28428 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:44:29.0146 28428 ose - ok
15:44:30.0332 28428 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
15:44:30.0441 28428 osppsvc - ok
15:44:30.0644 28428 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
15:44:30.0644 28428 p2pimsvc - ok
15:44:30.0722 28428 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
15:44:30.0722 28428 p2psvc - ok
15:44:30.0800 28428 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
15:44:30.0800 28428 Parport - ok
15:44:30.0846 28428 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
15:44:30.0846 28428 partmgr - ok
15:44:30.0909 28428 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
15:44:30.0909 28428 PcaSvc - ok
15:44:30.0987 28428 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
15:44:31.0002 28428 pci - ok
15:44:31.0080 28428 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
15:44:31.0080 28428 pciide - ok
15:44:31.0221 28428 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
15:44:31.0236 28428 pcmcia - ok
15:44:31.0252 28428 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
15:44:31.0268 28428 pcw - ok
15:44:31.0658 28428 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
15:44:31.0689 28428 PEAUTH - ok
15:44:31.0876 28428 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
15:44:31.0892 28428 PeerDistSvc - ok
15:44:32.0796 28428 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
15:44:32.0812 28428 PerfHost - ok
15:44:33.0155 28428 PHCORE (52c9f4359af4a25969b882aecc6f3bda) C:\Program Files\Lenovo\RapidBoot\PHCORE64.SYS
15:44:33.0155 28428 PHCORE - ok
15:44:34.0107 28428 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
15:44:34.0169 28428 pla - ok
15:44:35.0464 28428 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
15:44:35.0495 28428 PlugPlay - ok
15:44:35.0558 28428 Pml Driver HPZ12 (f485770eec8959684cc4c4786b63c06c) C:\Windows\system32\HPZipm12.dll
15:44:35.0558 28428 Pml Driver HPZ12 - ok
15:44:35.0714 28428 pmxdrv (0bee791c7c7ace453c134e73633c497d) C:\Windows\system32\drivers\pmxdrv.sys
15:44:35.0714 28428 pmxdrv - ok
15:44:35.0932 28428 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
15:44:35.0932 28428 PNRPAutoReg - ok
15:44:36.0634 28428 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
15:44:36.0634 28428 PNRPsvc - ok
15:44:37.0040 28428 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
15:44:37.0055 28428 PolicyAgent - ok
15:44:37.0196 28428 Power (a2cca4fb273e6050f17a0a416cff2fcd) C:\Windows\system32\umpo.dll
15:44:37.0211 28428 Power - ok
15:44:38.0132 28428 Power Manager DBC Service (75fc38862db8b5897cd96753aca133ed) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
15:44:38.0241 28428 Power Manager DBC Service - ok
15:44:38.0646 28428 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
15:44:38.0646 28428 PptpMiniport - ok
15:44:38.0709 28428 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
15:44:38.0709 28428 Processor - ok
15:44:38.0802 28428 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
15:44:38.0818 28428 ProfSvc - ok
15:44:38.0834 28428 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:44:38.0834 28428 ProtectedStorage - ok
15:44:38.0880 28428 psadd (05a4779e4994b21473edbe85aabe8030) C:\Windows\system32\DRIVERS\psadd.sys
15:44:38.0896 28428 psadd - ok
15:44:38.0943 28428 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
15:44:38.0943 28428 Psched - ok
15:44:39.0005 28428 PSI_SVC_2 (f036cfb275d0c55f4e45fbbf5f98b3c8) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
15:44:39.0021 28428 PSI_SVC_2 - ok
15:44:39.0099 28428 PwmEWSvc (dd080f6bf9de8e8dfbe3a7a4d90d3755) C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE
15:44:39.0099 28428 PwmEWSvc - ok
15:44:39.0473 28428 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
15:44:39.0504 28428 ql2300 - ok
15:44:40.0160 28428 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
15:44:40.0175 28428 ql40xx - ok
15:44:40.0316 28428 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
15:44:40.0316 28428 QWAVE - ok
15:44:40.0362 28428 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
15:44:40.0378 28428 QWAVEdrv - ok
15:44:40.0394 28428 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
15:44:40.0394 28428 RasAcd - ok
15:44:40.0440 28428 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
15:44:40.0456 28428 RasAgileVpn - ok
15:44:40.0518 28428 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
15:44:40.0518 28428 RasAuto - ok
15:44:40.0581 28428 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:44:40.0581 28428 Rasl2tp - ok
15:44:40.0674 28428 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
15:44:40.0690 28428 RasMan - ok
15:44:40.0737 28428 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
15:44:40.0737 28428 RasPppoe - ok
15:44:40.0784 28428 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
15:44:40.0784 28428 RasSstp - ok
15:44:40.0846 28428 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
15:44:40.0846 28428 rdbss - ok
15:44:40.0877 28428 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
15:44:40.0877 28428 rdpbus - ok
15:44:40.0908 28428 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:44:40.0908 28428 RDPCDD - ok
15:44:40.0971 28428 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
15:44:40.0971 28428 RDPDR - ok
15:44:40.0971 28428 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
15:44:40.0971 28428 RDPENCDD - ok
15:44:41.0002 28428 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
15:44:41.0002 28428 RDPREFMP - ok
15:44:41.0096 28428 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
15:44:41.0111 28428 RDPWD - ok
15:44:41.0189 28428 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
15:44:41.0189 28428 rdyboost - ok
15:44:41.0486 28428 RegSrvc (7196be857e29007470ff9b689c7f29a7) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
15:44:41.0517 28428 RegSrvc - ok
15:44:41.0564 28428 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
15:44:41.0564 28428 RemoteAccess - ok
15:44:41.0610 28428 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
15:44:41.0610 28428 RemoteRegistry - ok
15:44:41.0938 28428 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
15:44:41.0938 28428 RFCOMM - ok
15:44:42.0063 28428 risdxc (819fe65ae1c0312b535b7aa54d30cfda) C:\Windows\system32\DRIVERS\risdxc64.sys
15:44:42.0063 28428 risdxc - ok
15:44:42.0156 28428 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
15:44:42.0172 28428 RpcEptMapper - ok
15:44:42.0203 28428 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
15:44:42.0203 28428 RpcLocator - ok
15:44:42.0453 28428 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\System32\rpcss.dll
15:44:42.0453 28428 RpcSs - ok
15:44:42.0687 28428 RsFx0105 (c9fe05a63c500abe3afa5786504c4d36) C:\Windows\system32\DRIVERS\RsFx0105.sys
15:44:42.0687 28428 RsFx0105 - ok
15:44:42.0749 28428 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
15:44:42.0765 28428 rspndr - ok
15:44:42.0796 28428 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
15:44:42.0796 28428 s3cap - ok
15:44:42.0812 28428 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:44:42.0812 28428 SamSs - ok
15:44:42.0812 28428 SAService - ok
15:44:42.0858 28428 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
15:44:42.0874 28428 sbp2port - ok
15:44:42.0936 28428 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
15:44:42.0936 28428 SCardSvr - ok
15:44:43.0014 28428 SCDEmu (b2f50286dc82b93c013e3fc57ba1a956) C:\Windows\system32\drivers\SCDEmu.sys
15:44:43.0030 28428 SCDEmu - ok
15:44:43.0077 28428 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
15:44:43.0092 28428 scfilter - ok
15:44:43.0514 28428 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
15:44:43.0514 28428 Schedule - ok
15:44:43.0560 28428 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
15:44:43.0560 28428 SCPolicySvc - ok
15:44:43.0638 28428 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
15:44:43.0654 28428 SDRSVC - ok
15:44:43.0904 28428 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
15:44:43.0904 28428 secdrv - ok
15:44:43.0935 28428 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
15:44:43.0935 28428 seclogon - ok
15:44:44.0013 28428 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
15:44:44.0028 28428 SENS - ok
15:44:44.0060 28428 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
15:44:44.0060 28428 SensrSvc - ok
15:44:44.0153 28428 Sentinel64 (255476b54c82a89416efdf09fd62f107) C:\Windows\System32\Drivers\Sentinel64.sys
15:44:44.0169 28428 Sentinel64 - ok
15:44:44.0340 28428 SentinelKeysServer (1ba2c677c6146a8b3adea7b69d2eed56) C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
15:44:44.0340 28428 SentinelKeysServer - ok
15:44:44.0699 28428 SentinelProtectionServer (d1a2ba8bf092ddf18f3d3db1d5ac7803) C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
15:44:44.0699 28428 SentinelProtectionServer - ok
15:44:44.0824 28428 SentinelSecurityRuntime (e80b91aec007711b1eec9c83487754e2) C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe
15:44:44.0824 28428 SentinelSecurityRuntime - ok
15:44:45.0058 28428 SepMasterService (7e2c360b6cc0d87b8ef38439b53dfc71) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe
15:44:45.0058 28428 SepMasterService - ok
15:44:45.0666 28428 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
15:44:45.0666 28428 Serenum - ok
15:44:45.0713 28428 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
15:44:45.0713 28428 Serial - ok
15:44:45.0791 28428 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
15:44:45.0791 28428 sermouse - ok
15:44:46.0025 28428 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
15:44:46.0041 28428 SessionEnv - ok
15:44:46.0119 28428 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
15:44:46.0119 28428 sffdisk - ok
15:44:46.0150 28428 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
15:44:46.0150 28428 sffp_mmc - ok
15:44:46.0181 28428 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
15:44:46.0181 28428 sffp_sd - ok
15:44:46.0197 28428 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
15:44:46.0197 28428 sfloppy - ok
15:44:46.0322 28428 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
15:44:46.0322 28428 SharedAccess - ok
15:44:46.0446 28428 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
15:44:46.0446 28428 ShellHWDetection - ok
15:44:46.0540 28428 Shockprf (c3f190562fe82efda7ccef305ebad3e3) C:\Windows\system32\DRIVERS\Apsx64.sys
15:44:46.0556 28428 Shockprf - ok
15:44:46.0587 28428 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
15:44:46.0587 28428 SiSRaid2 - ok
15:44:46.0665 28428 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
15:44:46.0665 28428 SiSRaid4 - ok
15:44:46.0712 28428 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
15:44:46.0712 28428 Smb - ok
15:44:47.0398 28428 SmcService (c9ee967406d9d5429c53718918164e8a) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin64\Smc.exe
15:44:47.0492 28428 SmcService - ok
15:44:47.0585 28428 smihlp (c5b1a19b14f19b08ae72fcb20a3075b6) C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys
15:44:47.0585 28428 smihlp - ok
15:44:47.0663 28428 SNAC (7d93da29d4eba331187bf5843c9b6497) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin64\snac64.exe
15:44:47.0679 28428 SNAC - ok
15:44:48.0084 28428 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
15:44:48.0084 28428 SNMPTRAP - ok
15:44:48.0194 28428 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
15:44:48.0194 28428 spldr - ok
15:44:48.0396 28428 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
15:44:48.0412 28428 Spooler - ok
15:44:49.0410 28428 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
15:44:49.0473 28428 sppsvc - ok
15:44:49.0800 28428 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
15:44:49.0800 28428 sppuinotify - ok
15:44:50.0175 28428 SQLAgent$SQLEXPRESS (45e65fb17a4cd5facbd3ca16c8334c82) c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE
15:44:50.0190 28428 SQLAgent$SQLEXPRESS - ok
15:44:50.0471 28428 SQLBrowser (10d936dced9eacd1a1b3fcdda6d7a4eb) c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
15:44:50.0487 28428 SQLBrowser - ok
15:44:50.0596 28428 SQLWriter (f92e5f93be572b512da3c016b675ede0) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
15:44:50.0596 28428 SQLWriter - ok
15:44:50.0799 28428 SROSVC (d2aeeb5c15b4b256dc4ec2ce8219b090) C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe
15:44:50.0814 28428 SROSVC - ok
15:44:51.0392 28428 SRTSP (02b1685a670e4d48c2d1ee3913c122a4) C:\Windows\system32\Drivers\SEP\0C01029F\136B.105\x64\SRTSP64.SYS
15:44:51.0423 28428 SRTSP - ok
15:44:51.0454 28428 SRTSPX (c27436186a99b647c38b9ea6ef36e2db) C:\Windows\system32\Drivers\SEP\0C01029F\136B.105\x64\SRTSPX64.SYS
15:44:51.0454 28428 SRTSPX - ok
15:44:51.0626 28428 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
15:44:51.0641 28428 srv - ok
15:44:51.0750 28428 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
15:44:51.0766 28428 srv2 - ok
15:44:51.0953 28428 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
15:44:51.0953 28428 SrvHsfHDA - ok
15:44:52.0608 28428 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
15:44:52.0640 28428 SrvHsfV92 - ok
15:44:53.0170 28428 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
15:44:53.0201 28428 SrvHsfWinac - ok
15:44:53.0264 28428 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
15:44:53.0279 28428 srvnet - ok
15:44:53.0342 28428 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
15:44:53.0357 28428 SSDPSRV - ok
15:44:53.0388 28428 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
15:44:53.0404 28428 SstpSvc - ok
15:44:53.0654 28428 Stereo Service (88c1bee3cbe1b46a58730fdd0484bd3a) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
15:44:53.0669 28428 Stereo Service - ok
15:44:53.0700 28428 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
15:44:53.0700 28428 stexstor - ok
15:44:54.0044 28428 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
15:44:54.0059 28428 stisvc - ok
15:44:54.0153 28428 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
15:44:54.0153 28428 storflt - ok
15:44:54.0215 28428 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
15:44:54.0215 28428 StorSvc - ok
15:44:54.0309 28428 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
15:44:54.0309 28428 storvsc - ok
15:44:54.0402 28428 SUService (59b5a060a31bd4bab030c4fcd1048292) C:\Program Files (x86)\Lenovo\System Update\SUService.exe
15:44:54.0402 28428 SUService - ok
15:44:54.0449 28428 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
15:44:54.0449 28428 swenum - ok
15:44:54.0574 28428 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
15:44:54.0590 28428 swprv - ok
15:44:54.0714 28428 SyDvCtrl (e2864e707bc59b2eab09c6b2db26a1aa) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin64\SyDvCtrl64.sys
15:44:54.0714 28428 SyDvCtrl - ok
15:44:54.0824 28428 SymDS (f017987b177f7bbc989318d59309d091) C:\Windows\system32\Drivers\SEP\0C01029F\136B.105\x64\SYMDS64.SYS
15:44:54.0839 28428 SymDS - ok
15:44:55.0292 28428 SymEFA (ba589e090506aae847f128aa6bbb376a) C:\Windows\system32\Drivers\SEP\0C01029F\136B.105\x64\SYMEFA64.SYS
15:44:55.0323 28428 SymEFA - ok
15:44:55.0416 28428 SymEvent (36b77f5c9e21f88a8c8ec67ad5415819) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
15:44:55.0416 28428 SymEvent - ok
15:44:55.0479 28428 SymIRON (66b80d43191ba671a9bb8254e8236eb7) C:\Windows\system32\Drivers\SEP\0C01029F\136B.105\x64\Ironx64.SYS
15:44:55.0479 28428 SymIRON - ok
15:44:55.0604 28428 SYMNETS (a6adb3d83023f8daa0f7b6fda785d83b) C:\Windows\system32\Drivers\SEP\0C01029F\136B.105\x64\SYMNETS.SYS
15:44:55.0604 28428 SYMNETS - ok
15:44:55.0806 28428 SynTP (c0b7405c899c485aa0b6f9866a4061cd) C:\Windows\system32\DRIVERS\SynTP.sys
15:44:55.0838 28428 SynTP - ok
15:44:56.0446 28428 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
15:44:56.0540 28428 SysMain - ok
15:44:56.0930 28428 SysPlant (29c2a08f4b6566dd8735cdb737bbaf03) C:\Windows\system32\Drivers\SysPlant.sys
15:44:56.0930 28428 SysPlant - ok
15:44:56.0976 28428 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
15:44:56.0992 28428 TabletInputService - ok
15:44:57.0086 28428 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
15:44:57.0086 28428 TapiSrv - ok
15:44:57.0148 28428 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
15:44:57.0164 28428 TBS - ok
15:44:57.0756 28428 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
15:44:57.0772 28428 Tcpip - ok
15:44:58.0630 28428 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
15:44:58.0646 28428 TCPIP6 - ok
15:44:59.0036 28428 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
15:44:59.0036 28428 tcpipreg - ok
15:44:59.0067 28428 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
15:44:59.0067 28428 TDPIPE - ok
15:44:59.0098 28428 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
15:44:59.0098 28428 TDTCP - ok
15:44:59.0145 28428 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
15:44:59.0145 28428 tdx - ok
15:44:59.0223 28428 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
15:44:59.0223 28428 TermDD - ok
15:44:59.0535 28428 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
15:44:59.0535 28428 TermService - ok
15:44:59.0582 28428 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
15:44:59.0582 28428 Themes - ok
15:44:59.0644 28428 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
15:44:59.0644 28428 THREADORDER - ok
15:44:59.0675 28428 TPDIGIMN (1bb77eccbfa3675b1ee8d6d6d37a1e1e) C:\Windows\system32\DRIVERS\ApsHM64.sys
15:44:59.0675 28428 TPDIGIMN - ok
15:44:59.0706 28428 TPHDEXLGSVC (88f81d810ff16ac65b02643daf308d4f) C:\Windows\system32\TPHDEXLG64.exe
15:44:59.0753 28428 TPHDEXLGSVC - ok
15:44:59.0987 28428 TPHKLOAD (83415782d47f8064fcafea308abb2246) C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
15:44:59.0987 28428 TPHKLOAD - ok
15:45:00.0050 28428 TPHKSVC (c04bb65441913ab621c58a8bd3169b23) C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
15:45:00.0081 28428 TPHKSVC - ok
15:45:00.0128 28428 TPM (dbcc20c02e8a3e43b03c304a4e40a84f) C:\Windows\system32\drivers\tpm.sys
15:45:00.0128 28428 TPM - ok
15:45:00.0159 28428 TPPWRIF (1df6e6c026ad1d428687fe3b427a87bc) C:\Windows\system32\drivers\Tppwr64v.sys
15:45:00.0159 28428 TPPWRIF - ok
15:45:00.0252 28428 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
15:45:00.0252 28428 TrkWks - ok
15:45:00.0393 28428 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
15:45:00.0393 28428 TrustedInstaller - ok
15:45:00.0408 28428 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:45:00.0424 28428 tssecsrv - ok
15:45:00.0455 28428 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
15:45:00.0455 28428 TsUsbFlt - ok
15:45:00.0502 28428 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
15:45:00.0502 28428 TsUsbGD - ok
15:45:00.0580 28428 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
15:45:00.0596 28428 tunnel - ok
15:45:00.0627 28428 TVTI2C (4daae0413cd4e816258838e2fafb3147) C:\Windows\system32\DRIVERS\Tvti2c.sys
15:45:00.0627 28428 TVTI2C - ok
15:45:00.0658 28428 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
15:45:00.0674 28428 uagp35 - ok
15:45:00.0705 28428 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
15:45:00.0705 28428 udfs - ok
15:45:00.0752 28428 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
15:45:00.0752 28428 UI0Detect - ok
15:45:00.0783 28428 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
15:45:00.0798 28428 uliagpkx - ok
15:45:00.0814 28428 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
15:45:00.0814 28428 umbus - ok
15:45:00.0830 28428 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
15:45:00.0830 28428 UmPass - ok
15:45:00.0923 28428 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
15:45:00.0939 28428 UmRdpService - ok
15:45:01.0859 28428 UNS (a69cd6bdb82872999d2e46f9324ada83) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
15:45:01.0906 28428 UNS - ok
15:45:02.0343 28428 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
15:45:02.0374 28428 upnphost - ok
15:45:02.0452 28428 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
15:45:02.0452 28428 usbaudio - ok
15:45:02.0514 28428 usbccgp (ebf228a52517042de4f38a40285bc8d9) C:\Windows\system32\DRIVERS\usbccgp.sys
15:45:02.0530 28428 usbccgp - ok
15:45:02.0577 28428 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
15:45:02.0592 28428 usbcir - ok
15:45:02.0624 28428 usbehci (6b3d5e6a9da786ec755b00bc180c700b) C:\Windows\system32\drivers\usbehci.sys
15:45:02.0624 28428 usbehci - ok
15:45:02.0702 28428 usbhub (94abe9da48e466bbe84c73e0c6652ed1) C:\Windows\system32\DRIVERS\usbhub.sys
15:45:02.0717 28428 usbhub - ok
15:45:02.0748 28428 usbohci (660b2c08ce7103e71eaa26f85b0b0a56) C:\Windows\system32\drivers\usbohci.sys
15:45:02.0748 28428 usbohci - ok
15:45:02.0795 28428 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
15:45:02.0795 28428 usbprint - ok
15:45:02.0842 28428 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:45:02.0858 28428 USBSTOR - ok
15:45:02.0904 28428 usbuhci (1529632fc96032d337b298f8a285d640) C:\Windows\system32\drivers\usbuhci.sys
15:45:02.0904 28428 usbuhci - ok
15:45:02.0982 28428 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
15:45:02.0982 28428 usbvideo - ok
15:45:03.0045 28428 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
15:45:03.0060 28428 UxSms - ok
15:45:03.0123 28428 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:45:03.0123 28428 VaultSvc - ok
15:45:03.0185 28428 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
15:45:03.0185 28428 vdrvroot - ok
15:45:03.0341 28428 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
15:45:03.0357 28428 vds - ok
15:45:03.0388 28428 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
15:45:03.0404 28428 vga - ok
15:45:03.0435 28428 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
15:45:03.0435 28428 VgaSave - ok
15:45:03.0560 28428 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
15:45:03.0560 28428 vhdmp - ok
15:45:03.0591 28428 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
15:45:03.0591 28428 viaide - ok
15:45:03.0716 28428 VIPAppService (6ad85f32ea4aa65bb2ea652f2b9d4005) C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
15:45:03.0731 28428 VIPAppService - ok
15:45:03.0825 28428 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
15:45:03.0840 28428 vmbus - ok
15:45:03.0918 28428 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
15:45:03.0918 28428 VMBusHID - ok
15:45:04.0012 28428 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
15:45:04.0012 28428 volmgr - ok
15:45:04.0137 28428 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
15:45:04.0152 28428 volmgrx - ok
15:45:04.0262 28428 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
15:45:04.0262 28428 volsnap - ok
15:45:04.0355 28428 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
15:45:04.0355 28428 vsmraid - ok
15:45:04.0808 28428 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
15:45:04.0839 28428 VSS - ok
15:45:05.0369 28428 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
15:45:05.0369 28428 vwifibus - ok
15:45:05.0463 28428 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
15:45:05.0463 28428 vwififlt - ok
15:45:05.0588 28428 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
15:45:05.0603 28428 W32Time - ok
15:45:05.0619 28428 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
15:45:05.0634 28428 WacomPen - ok
15:45:05.0666 28428 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:45:05.0666 28428 WANARP - ok
15:45:05.0666 28428 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:45:05.0681 28428 Wanarpv6 - ok
15:45:06.0134 28428 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
15:45:06.0196 28428 WatAdminSvc - ok
15:45:06.0929 28428 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
15:45:06.0960 28428 wbengine - ok
15:45:07.0319 28428 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
15:45:07.0335 28428 WbioSrvc - ok
15:45:07.0397 28428 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
15:45:07.0413 28428 wcncsvc - ok
15:45:07.0460 28428 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
15:45:07.0475 28428 WcsPlugInService - ok
15:45:07.0553 28428 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
15:45:07.0553 28428 Wd - ok
15:45:07.0678 28428 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
15:45:07.0709 28428 Wdf01000 - ok
15:45:07.0787 28428 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
15:45:07.0787 28428 WdiServiceHost - ok
15:45:07.0787 28428 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
15:45:07.0787 28428 WdiSystemHost - ok
15:45:07.0881 28428 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
15:45:07.0881 28428 WebClient - ok
15:45:08.0021 28428 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
15:45:08.0037 28428 Wecsvc - ok
15:45:08.0084 28428 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
15:45:08.0099 28428 wercplsupport - ok
15:45:08.0177 28428 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
15:45:08.0224 28428 WerSvc - ok
15:45:08.0318 28428 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
15:45:08.0318 28428 WfpLwf - ok
15:45:08.0349 28428 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
15:45:08.0349 28428 WIMMount - ok
15:45:08.0505 28428 winachsf (1edbbf412a382550af6eb35f5e46928e) C:\Windows\system32\DRIVERS\CAX_CNXT.sys
15:45:08.0520 28428 winachsf - ok
15:45:08.0567 28428 WinDefend - ok
15:45:08.0567 28428 WinHttpAutoProxySvc - ok
15:45:08.0692 28428 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
15:45:08.0692 28428 Winmgmt - ok
15:45:09.0394 28428 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
15:45:09.0425 28428 WinRM - ok
15:45:09.0706 28428 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUSB.sys
15:45:09.0722 28428 WinUsb - ok
15:45:10.0190 28428 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
15:45:10.0236 28428 Wlansvc - ok
15:45:10.0346 28428 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
15:45:10.0346 28428 wlcrasvc - ok
15:45:10.0860 28428 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:45:10.0907 28428 wlidsvc - ok
15:45:11.0032 28428 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
15:45:11.0032 28428 WmiAcpi - ok
15:45:11.0079 28428 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
15:45:11.0079 28428 wmiApSrv - ok
15:45:11.0094 28428 WMPNetworkSvc - ok
15:45:11.0126 28428 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
15:45:11.0126 28428 WPCSvc - ok
15:45:11.0172 28428 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
15:45:11.0172 28428 WPDBusEnum - ok
15:45:11.0188 28428 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
15:45:11.0188 28428 ws2ifsl - ok
15:45:11.0204 28428 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
15:45:11.0204 28428 wscsvc - ok
15:45:11.0219 28428 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys
15:45:11.0219 28428 WSDPrintDevice - ok
15:45:11.0219 28428 WSearch - ok
15:45:11.0328 28428 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
15:45:11.0344 28428 wuauserv - ok
15:45:11.0500 28428 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
15:45:11.0500 28428 WudfPf - ok
15:45:11.0516 28428 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:45:11.0516 28428 WUDFRd - ok
15:45:11.0531 28428 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
15:45:11.0547 28428 wudfsvc - ok
15:45:11.0562 28428 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
15:45:11.0562 28428 WwanSvc - ok
15:45:11.0578 28428 XAudio (e8f3fa126a06f8e7088f63757112a186) C:\Windows\system32\DRIVERS\XAudio64.sys
15:45:11.0594 28428 XAudio - ok
15:45:11.0609 28428 MBR (0x1B8) (8b5c33a3b5b99902f69c95ec74a648da) \Device\Harddisk0\DR0
15:45:11.0984 28428 \Device\Harddisk0\DR0 - ok
15:45:11.0999 28428 Boot (0x1200) (238efeb2e26b04c9353c47202b8dec97) \Device\Harddisk0\DR0\Partition0
15:45:11.0999 28428 \Device\Harddisk0\DR0\Partition0 - ok
15:45:12.0015 28428 Boot (0x1200) (567bbb89fffac165df85ef0fcaf0ff03) \Device\Harddisk0\DR0\Partition1
15:45:12.0015 28428 \Device\Harddisk0\DR0\Partition1 - ok
15:45:12.0015 28428 ============================================================
15:45:12.0015 28428 Scan finished
15:45:12.0015 28428 ============================================================
15:45:12.0015 27276 Detected object count: 0
15:45:12.0015 27276 Actual detected object count: 0


I am unable to run aswMBR. I've tried twice now and it keeps crashing during the scanning process. Just says 'avast antiroot has stopped working' :(

I am still getting redirected on google searches though although it is happening noticeably less frequently now. I still have not had a hidden iexplore.exe process open up yet so that's good!

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:43 PM

Posted 23 May 2012 - 02:14 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 ProblemGuy

ProblemGuy
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:01:43 PM

Posted 23 May 2012 - 02:35 PM

OTL logfile created on: 23/05/2012 4:30:19 PM - Run 1
OTL by OldTimer - Version 3.2.43.1 Folder = C:\Users\ddine\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

7.89 Gb Total Physical Memory | 4.38 Gb Available Physical Memory | 55.52% Memory free
15.77 Gb Paging File | 11.70 Gb Available in Paging File | 74.19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.30 Gb Total Space | 139.93 Gb Free Space | 60.24% Space Free | Partition Type: NTFS
Drive E: | 7.60 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: HH1803 | User Name: ddine | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\ddine\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Lenovo\System Update\SUService.exe (Lenovo Group Limited)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\Communications Utility\CamMute.exe (Lenovo Group Limited)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe (Lenovo Group Limited)
PRC - C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe (Lenovo)
PRC - C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe (Lenovo)
PRC - C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe (Lenovo)
PRC - C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe (Lenovo)
PRC - C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe (Lenovo Group Limited)
PRC - C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe (Lenovo Group Limited)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files\Lenovo\ZOOM\TpScrex.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)
PRC - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\SymCorpUI.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe (Symantec Corporation)
PRC - C:\Windows\SysWOW64\SASrv.exe (Conexant Systems, Inc.)
PRC - C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
PRC - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe (SafeNet, Inc)
PRC - C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe (SafeNet, Inc.)
PRC - C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe (SafeNet, Inc.)
PRC - C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe ()


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Lenovo\AutoLock\cv210.dll ()
MOD - C:\Program Files\Lenovo\AutoLock\cxcore210.dll ()
MOD - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
MOD - C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (IBMPMSVC) -- C:\Windows\SysNative\ibmpmsvc.exe (Lenovo.)
SRV:64bit: - (LENOVO.TPKNRSVC) -- C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe (Lenovo Group Limited)
SRV:64bit: - (LENOVO.CAMMUTE) -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe (Lenovo Group Limited)
SRV:64bit: - (HyperW7Svc) -- C:\Program Files\Lenovo\RapidBoot\HyperW7Svc64.exe (Lenovo Group Limited)
SRV:64bit: - (EvtEng) Intel® -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation)
SRV:64bit: - (RegSrvc) Intel® -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation)
SRV:64bit: - (BTHSSecurityMgr) Intel® Centrino® Wireless Bluetooth® -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Intel® Corporation)
SRV:64bit: - (AMPPALR3) -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel Corporation)
SRV:64bit: - (btwdins) -- C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV:64bit: - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV:64bit: - (Lenovo.VIRTSCRLSVC) -- C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe (Lenovo Group Limited)
SRV:64bit: - (TPHKLOAD) -- C:\Program Files\Lenovo\HOTKEY\tphkload.exe (Lenovo Group Limited)
SRV:64bit: - (LENOVO.MICMUTE) -- C:\Program Files\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited)
SRV:64bit: - (TPHKSVC) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)
SRV:64bit: - (TPHDEXLGSVC) -- C:\Windows\SysNative\TPHDEXLG64.exe (Lenovo.)
SRV:64bit: - (CxAudMsg) -- C:\Windows\SysNative\CxAudMsg64.exe (Conexant Systems Inc.)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (msvsmon90) -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (SUService) -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe (Lenovo Group Limited)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (Power Manager DBC Service) -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe (Lenovo)
SRV - (DozeSvc) -- C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE (Lenovo.)
SRV - (PwmEWSvc) -- C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.exe (Lenovo Group Limited)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (AcSvc) -- C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe (Lenovo)
SRV - (AcPrfMgrSvc) -- C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe (Lenovo)
SRV - (SROSVC) -- C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe (Lenovo Group Limited)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (SmcService) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin64\Smc.exe (Symantec Corporation)
SRV - (SNAC) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin64\snac64.exe (Symantec Corporation)
SRV - (SepMasterService) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe (Symantec Corporation)
SRV - (VIPAppService) -- C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe (Symantec Corporation)
SRV - (SAService) -- C:\Windows\SysWOW64\SASrv.exe (Conexant Systems, Inc.)
SRV - (jhi_service) Intel® -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe (Intel Corporation)
SRV - (UNS) Intel® -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) Intel® -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (PSI_SVC_2) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (ncprwsnt) -- C:\Program Files (x86)\WatchGuard\Mobile VPN\ncprwsnt.exe (NCP Engineering GmbH)
SRV - (SentinelProtectionServer) -- C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe (SafeNet, Inc)
SRV - (SentinelKeysServer) -- C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe (SafeNet, Inc.)
SRV - (SentinelSecurityRuntime) -- C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe (SafeNet, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (HsfXAudioService) -- C:\Windows\SysWOW64\XAudio64.dll (Conexant Systems, Inc.)


========== Driver Services (SafeList) ==========

DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (DzHDD64) -- C:\Windows\SysNative\drivers\DZHDD64.SYS (Lenovo.)
DRV:64bit: - (TPPWRIF) -- C:\Windows\SysNative\drivers\TPPWR64V.SYS (Lenovo Group Limited)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (IBMPMDRV) -- C:\Windows\SysNative\drivers\ibmpmdrv.sys (Lenovo.)
DRV:64bit: - (e1cexpress) Intel® -- C:\Windows\SysNative\drivers\e1c62x64.sys (Intel Corporation)
DRV:64bit: - (psadd) -- C:\Windows\SysNative\drivers\psadd.sys (Lenovo Information Product(ShenZhen China) Inc.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (NETwNs64) ___ Intel® -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation)
DRV:64bit: - (AMPPALP) -- C:\Windows\SysNative\drivers\AmpPal.sys (Windows ® Win 7 DDK provider)
DRV:64bit: - (AMPPAL) -- C:\Windows\SysNative\drivers\AmpPal.sys (Windows ® Win 7 DDK provider)
DRV:64bit: - (BTWAMPFL) -- C:\Windows\SysNative\drivers\btwampfl.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (RsFx0105) -- C:\Windows\SysNative\drivers\RsFx0105.sys (Microsoft Corporation)
DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (SysPlant) -- C:\Windows\SysNative\drivers\SysPlant.sys (Symantec Corporation)
DRV:64bit: - (LUsbFilt) -- C:\Windows\SysNative\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LEqdUsb) -- C:\Windows\SysNative\drivers\LEqdUsb.sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidEqd) -- C:\Windows\SysNative\drivers\LHidEqd.sys (Logitech, Inc.)
DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation)
DRV:64bit: - (pmxdrv) -- C:\Windows\SysNative\drivers\pmxdrv.sys ()
DRV:64bit: - (PHCORE) -- C:\Program Files\Lenovo\RapidBoot\PHCORE64.sys (Lenovo Group Limited)
DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\SEP\0C01029F\136B.105\x64\SymEFA64.sys (Symantec Corporation)
DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\SEP\0C01029F\136B.105\x64\SymDS64.sys (Symantec Corporation)
DRV:64bit: - (SYMNETS) -- C:\Windows\SysNative\drivers\SEP\0C01029F\136B.105\x64\symnets.sys (Symantec Corporation)
DRV:64bit: - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\SysNative\drivers\SEP\0C01029F\136B.105\x64\srtspx64.sys (Symantec Corporation)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\SEP\0C01029F\136B.105\x64\srtsp64.sys (Symantec Corporation)
DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\SEP\0C01029F\136B.105\x64\Ironx64.sys (Symantec Corporation)
DRV:64bit: - (SCDEmu) -- C:\Windows\SysNative\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (Shockprf) -- C:\Windows\SysNative\drivers\ApsX64.sys (Lenovo.)
DRV:64bit: - (TPDIGIMN) -- C:\Windows\SysNative\drivers\ApsHM64.sys (Lenovo.)
DRV:64bit: - (risdxc) -- C:\Windows\SysNative\drivers\risdxc64.sys (REDC)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (5U877) -- C:\Windows\SysNative\drivers\5U877.sys (Ricoh co.,Ltd.)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (MEIx64) Intel® -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (lenovo.smi) -- C:\Windows\SysNative\drivers\smiifx64.sys (Lenovo Group Limited)
DRV:64bit: - (ncplelhp) -- C:\Windows\SysNative\drivers\ncplelhp.sys (NCP Engineering GmbH)
DRV:64bit: - (ncpfilt) -- C:\Windows\SysNative\drivers\ncplelhp.sys (NCP Engineering GmbH)
DRV:64bit: - (HP8207_8307) -- C:\Windows\SysNative\drivers\HP8207_8307.sys (Windows ® Win 7 DDK provider)
DRV:64bit: - (TVTI2C) -- C:\Windows\SysNative\drivers\tvti2c.sys (Lenovo (United States) Inc.)
DRV:64bit: - (Sentinel64) -- C:\Windows\SysNative\drivers\sentinel64.sys (SafeNet, Inc.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (HSF_DPV) -- C:\Windows\SysNative\drivers\CAX_DPV.sys (Conexant Systems, Inc.)
DRV:64bit: - (CAXHWAZL) -- C:\Windows\SysNative\drivers\CAXHWAZL.sys (Conexant Systems, Inc.)
DRV:64bit: - (winachsf) -- C:\Windows\SysNative\drivers\CAX_CNXT.sys (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (XAudio) -- C:\Windows\SysNative\drivers\XAudio64.sys (Conexant Systems, Inc.)
DRV:64bit: - (smihlp) SMI Helper Driver (smihlp) -- C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys (UPEK Inc.)
DRV:64bit: - (mdmxsdk) -- C:\Windows\SysNative\drivers\mdmxsdk.sys (Conexant)
DRV - (NAVEX15) -- C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\VirusDefs\20120523.002\EX64.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\VirusDefs\20120523.002\ENG64.SYS (Symantec Corporation)
DRV - (BHDrvx64) -- C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\BASHDefs\20120508.011\BHDrvx64.sys (Symantec Corporation)
DRV - (IDSVia64) -- C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\IPSDefs\20120522.001\IDSviA64.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (SyDvCtrl) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin64\SyDvCtrl64.sys (Symantec Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {26A6A355-5412-4437-AB1F-4C2DEE0B32D8}
IE:64bit: - HKLM\..\SearchScopes\{26A6A355-5412-4437-AB1F-4C2DEE0B32D8}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\..\SearchScopes,DefaultScope = {26A6A355-5412-4437-AB1F-4C2DEE0B32D8}
IE - HKLM\..\SearchScopes\{26A6A355-5412-4437-AB1F-4C2DEE0B32D8}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = about:blank
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = about:blank
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1061089090-2116172776-1088748055-10440\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKU\S-1-5-21-1061089090-2116172776-1088748055-10440\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKU\S-1-5-21-1061089090-2116172776-1088748055-10440\..\SearchScopes,DefaultScope = {26A6A355-5412-4437-AB1F-4C2DEE0B32D8}
IE - HKU\S-1-5-21-1061089090-2116172776-1088748055-10440\..\SearchScopes\{9E7BFAF3-51FA-44A7-A4FE-CAB51ECFD0C6}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKU\S-1-5-21-1061089090-2116172776-1088748055-10440\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\VIP@verisign.com: C:\Program Files (x86)\Symantec\VIP Access Client\ [2012/05/12 21:30:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\IPSFFPlgn\ [2012/05/23 13:26:32 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2012/05/23 13:53:31 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Symantec VIP Access Add-On) - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\IPS\IPSBHO.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [AcWin7Hlpr] C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe (Lenovo)
O4:64bit: - HKLM..\Run: [ALCKRESI.EXE] C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe (Lenovo Group Limited)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [ForteConfig] C:\Program Files\CONEXANT\ForteConfig\fmapp.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe (Lenovo Group Limited)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe (Conexant systems, Inc.)
O4:64bit: - HKLM..\Run: [TpShocks] C:\Windows\SysNative\TpShocks.exe (Lenovo.)
O4 - HKLM..\Run: [IMSS] C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation)
O4 - HKLM..\Run: [Lenovo Registration] C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe (Lenovo, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NcpBudgetGui] C:\Program Files (x86)\WatchGuard\Mobile VPN\NcpBudgetGui.exe ()
O4 - HKLM..\Run: [NcpPopup] C:\Program Files (x86)\WatchGuard\Mobile VPN\ncppopup.exe ()
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [PWMTRV] C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe (Ricoh co.,Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\kerberos\parameters: supportedencryptiontypes = 2147483647
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1061089090-2116172776-1088748055-10440\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1061089090-2116172776-1088748055-10440\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1061089090-2116172776-1088748055-10440\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogOff = 1
O7 - HKU\S-1-5-21-1061089090-2116172776-1088748055-10440\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-2976122503-2912394094-2541480563-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8:64bit: - Extra context menu item: Copy to &Lightning Note - C:\Program Files (x86)\Corel\WordPerfect Lightning\Programs\WPLightningCopyToNote.hta File not found
O8:64bit: - Extra context menu item: Open with WordPerfect - c:\Program Files (x86)\Corel\WordPerfect Office X5\Programs\WPLauncher.hta File not found
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Copy to &Lightning Note - C:\Program Files (x86)\Corel\WordPerfect Lightning\Programs\WPLightningCopyToNote.hta File not found
O8 - Extra context menu item: Open with WordPerfect - c:\Program Files (x86)\Corel\WordPerfect Office X5\Programs\WPLauncher.hta File not found
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - Reg Error: Key error. File not found
O15:64bit: - ..Trusted Domains: work.ca ([finance] https in Trusted sites)
O16 - DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77} http://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect2.cab (IASRunner Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.82.2.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = work.ca
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{867C754B-6D30-4FD8-836C-2DDCA4630293}: DhcpNameServer = 10.82.2.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A2E2DF19-B05E-4283-9948-1D4BC24F9800}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O20:64bit: - AppInit_DLLs: (C:\Windows\System32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/02/02 18:42:35 | 000,000,058 | -H-- | M] () - E:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/23 16:29:35 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\ddine\Desktop\OTL.exe
[2012/05/23 15:47:45 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\ddine\Desktop\aswMBR.exe
[2012/05/23 15:43:19 | 002,126,936 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\ddine\Desktop\tdsskiller.exe
[2012/05/23 15:28:35 | 000,000,000 | ---D | C] -- C:\Users\ddine\Desktop\iFacilitate
[2012/05/23 11:00:02 | 000,000,000 | ---D | C] -- C:\ProgramData\PCDr
[2012/05/23 08:28:00 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012/05/23 08:27:22 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\ddine\Desktop\dds.scr
[2012/05/23 08:21:50 | 000,000,000 | ---D | C] -- C:\getservice
[2012/05/22 23:37:32 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/05/22 23:15:52 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/05/22 23:15:52 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/05/22 23:06:55 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/05/22 23:04:11 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/05/20 20:24:18 | 000,000,000 | ---D | C] -- C:\Users\ddine\AppData\Roaming\Opera
[2012/05/20 20:24:18 | 000,000,000 | ---D | C] -- C:\Users\ddine\AppData\Local\Opera
[2012/05/20 20:24:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Opera
[2012/05/20 18:10:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Conexant
[2012/05/20 18:10:33 | 000,000,000 | ---D | C] -- C:\Users\ddine\AppData\Local\Conexant
[2012/05/20 14:08:27 | 000,000,000 | ---D | C] -- C:\Users\ddine\AppData\Local\{5E68196D-2261-4871-8A90-CC001E21980E}
[2012/05/20 14:08:17 | 000,000,000 | ---D | C] -- C:\Users\ddine\AppData\Local\{F2ECBB66-FA85-476F-9A77-61594D7BDEC0}
[2012/05/20 14:07:47 | 000,000,000 | ---D | C] -- C:\Users\ddine\Desktop\Utilities
[2012/05/15 19:08:15 | 000,000,000 | ---D | C] -- C:\Users\ddine\Documents\Diablo III
[2012/05/15 18:34:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III
[2012/05/15 18:34:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Diablo III
[2012/05/15 18:34:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2012/05/15 18:33:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net
[2012/05/14 16:14:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Applications
[2012/05/14 15:46:40 | 000,000,000 | ---D | C] -- C:\Users\ddine\AppData\Local\Lenovo
[2012/05/14 15:45:52 | 000,000,000 | ---D | C] -- C:\Users\ddine\AppData\Local\VirtualStore
[2012/05/14 15:29:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/05/14 15:28:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012/05/14 15:27:12 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012/05/14 15:27:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2012/05/14 15:27:11 | 000,048,704 | ---- | C] (Lenovo.) -- C:\Windows\SysNative\ibmpmsvc.exe
[2012/05/14 15:27:11 | 000,042,312 | ---- | C] (Lenovo.) -- C:\Windows\SysNative\drivers\ibmpmdrv.sys
[2012/05/14 15:27:11 | 000,041,024 | ---- | C] (Lenovo.) -- C:\Windows\SysNative\tpinspm.dll
[2012/05/14 10:19:08 | 000,419,488 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/05/14 10:19:08 | 000,070,304 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/05/12 21:32:56 | 000,000,000 | ---D | C] -- C:\Users\ddine\AppData\Roaming\Ventrilo
[2012/05/12 21:31:34 | 000,000,000 | ---D | C] -- C:\Users\ddine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ventrilo
[2012/05/12 21:31:34 | 000,000,000 | ---D | C] -- C:\Program Files\Ventrilo
[2012/05/11 16:49:07 | 000,000,000 | ---D | C] -- C:\Users\ddine\Desktop\backups
[2012/05/10 14:22:18 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\ddine\Desktop\HijackThis.exe
[2012/05/10 14:09:51 | 000,000,000 | ---D | C] -- C:\Users\ddine\AppData\Roaming\QuickScan
[2012/05/10 14:00:17 | 001,932,256 | ---- | C] (Symantec Corporation) -- C:\Users\ddine\Desktop\FixTDSS.exe
[2012/05/09 17:32:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/05/09 10:21:12 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/05/09 09:57:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools
[2012/05/09 09:55:47 | 000,251,528 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTSD64.sys
[2012/05/09 09:55:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2012/05/09 09:55:37 | 000,000,000 | ---D | C] -- C:\Users\ddine\AppData\Roaming\TestApp
[2012/05/09 09:51:59 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/05/09 09:51:59 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/05/09 09:51:59 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/05/09 09:51:57 | 001,544,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012/05/08 11:46:56 | 000,000,000 | ---D | C] -- C:\Users\ddine\AppData\Roaming\Google
[2012/05/08 11:46:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2012/05/08 11:43:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google SketchUp 8
[2012/05/07 10:45:12 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2012/05/07 10:45:12 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2012/05/07 10:44:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2012/05/07 10:35:56 | 000,000,000 | ---D | C] -- C:\Users\ddine\AppData\Roaming\DriverCure
[2012/05/07 10:35:55 | 000,000,000 | ---D | C] -- C:\Users\ddine\AppData\Roaming\SpeedyPC Software
[2012/05/02 20:42:58 | 000,000,000 | ---D | C] -- C:\Users\ddine\AppData\Local\{A09222F9-D10C-49C9-8244-E756FF1B44B6}
[2012/05/02 20:42:36 | 000,000,000 | ---D | C] -- C:\Users\ddine\AppData\Local\{E7F75BBA-504B-4B33-A801-C7FE5BD83385}
[2012/05/02 20:16:40 | 000,000,000 | ---D | C] -- C:\Users\ddine\AppData\Local\{8A421BD9-9EA1-46BF-B112-14F694ABC757}
[2012/05/01 16:54:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WCF RIA Services V1.0 SP1
[2012/05/01 16:54:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 4 SDK
[2012/05/01 16:54:41 | 000,000,000 | ---D | C] -- C:\ProgramData\VS
[2012/05/01 16:35:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Innovasys HelpStudio 2011
[2012/05/01 09:06:14 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/05/01 09:04:20 | 004,525,103 | R--- | C] (Swearware) -- C:\Users\ddine\Desktop\ComboFix.exe
[2012/04/30 09:01:07 | 000,000,000 | ---D | C] -- C:\Users\ddine\AppData\Roaming\Iconico
[2012/04/25 10:45:49 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/05/23 16:29:36 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\ddine\Desktop\OTL.exe
[2012/05/23 16:19:02 | 001,895,014 | ---- | M] () -- C:\Users\ddine\Desktop\iFacilitate - with macro.zip
[2012/05/23 15:47:54 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\ddine\Desktop\aswMBR.exe
[2012/05/23 15:43:20 | 002,126,936 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\ddine\Desktop\tdsskiller.exe
[2012/05/23 15:29:06 | 000,000,128 | ---- | M] () -- C:\Users\ddine\Desktop\File Checker.laccdb
[2012/05/23 15:28:52 | 001,601,536 | ---- | M] () -- C:\Users\ddine\Desktop\File Checker.accdb
[2012/05/23 15:28:32 | 001,877,382 | ---- | M] () -- C:\Users\ddine\Desktop\iFacilitate.zip
[2012/05/23 15:27:40 | 000,160,190 | ---- | M] () -- C:\Users\ddine\Desktop\mail.htm
[2012/05/23 13:53:31 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/05/23 13:35:30 | 000,031,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/23 13:35:30 | 000,031,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/23 13:33:36 | 000,876,906 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/05/23 13:33:36 | 000,734,068 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/05/23 13:33:36 | 000,151,802 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/05/23 13:30:50 | 004,525,103 | R--- | M] (Swearware) -- C:\Users\ddine\Desktop\ComboFix.exe
[2012/05/23 13:26:17 | 000,000,466 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012/05/23 13:26:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/23 13:25:43 | 2055,655,423 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/23 11:33:08 | 000,851,898 | ---- | M] () -- C:\Users\ddine\Desktop\SecurityCheck.exe
[2012/05/23 11:14:07 | 000,000,131 | ---- | M] () -- C:\Users\ddine\Desktop\InstallOutlook AddIn.bat
[2012/05/23 10:43:45 | 002,588,672 | ---- | M] () -- C:\Users\ddine\Desktop\Utilities.accdb
[2012/05/23 08:27:22 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\ddine\Desktop\dds.scr
[2012/05/23 08:27:03 | 000,000,000 | ---- | M] () -- C:\Users\ddine\defogger_reenable
[2012/05/23 08:26:34 | 000,050,477 | ---- | M] () -- C:\Users\ddine\Desktop\Defogger.exe
[2012/05/23 08:21:42 | 000,130,337 | ---- | M] () -- C:\getservices.zip
[2012/05/23 08:13:00 | 000,001,265 | ---- | M] () -- C:\Users\ddine\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/05/22 13:20:15 | 000,344,064 | ---- | M] () -- C:\Users\ddine\Documents\Database5.accdb
[2012/05/22 13:19:12 | 000,462,848 | ---- | M] () -- C:\Users\ddine\Documents\Database4.accdb
[2012/05/22 13:04:33 | 001,658,320 | ---- | M] () -- C:\Users\ddine\Desktop\Utilities.zip
[2012/05/15 09:10:08 | 000,544,768 | ---- | M] () -- C:\Users\ddine\Desktop\New Microsoft Access Database.accdb
[2012/05/14 18:34:06 | 000,628,464 | ---- | M] () -- C:\Users\ddine\Desktop\Production Planner_2012-03-06.zip
[2012/05/14 16:37:34 | 000,002,966 | ---- | M] () -- C:\Users\ddine\Desktop\16e4599.jpg
[2012/05/14 16:15:14 | 000,000,901 | ---- | M] () -- C:\Windows\SysWow64\mapisvc.inf
[2012/05/14 15:53:26 | 000,001,908 | ---- | M] () -- C:\Windows\diagwrn.xml
[2012/05/14 15:53:26 | 000,001,908 | ---- | M] () -- C:\Windows\diagerr.xml
[2012/05/14 15:30:41 | 000,068,760 | ---- | M] () -- C:\Users\ddine\Desktop\cc_20120514_153034.reg
[2012/05/14 15:29:42 | 000,000,833 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/05/14 10:19:08 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/05/14 10:19:08 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/05/12 21:31:37 | 000,000,262 | ---- | M] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2012/05/11 12:27:38 | 000,016,344 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012/05/10 14:22:18 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\ddine\Desktop\HijackThis.exe
[2012/05/10 14:00:17 | 001,932,256 | ---- | M] (Symantec Corporation) -- C:\Users\ddine\Desktop\FixTDSS.exe
[2012/05/10 13:55:47 | 001,012,656 | ---- | M] () -- C:\Users\ddine\Desktop\rkill.com
[2012/05/10 08:12:41 | 000,005,854 | ---- | M] () -- C:\Users\ddine\Documents\Fixit50388.reg
[2012/05/09 10:42:21 | 000,456,112 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/05/09 10:17:58 | 001,612,765 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB
[2012/05/07 20:28:59 | 000,000,691 | ---- | M] () -- C:\Users\ddine\AppData\Roaming\GetValue.vbs
[2012/05/07 20:28:59 | 000,000,035 | ---- | M] () -- C:\Users\ddine\AppData\Roaming\SetValue.bat
[2012/05/07 20:28:56 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.old
[2012/05/07 08:56:35 | 008,769,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012/05/04 15:59:02 | 016,908,288 | ---- | M] () -- C:\Users\ddine\Documents\Database3.accdb
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/05/23 16:19:02 | 001,895,014 | ---- | C] () -- C:\Users\ddine\Desktop\iFacilitate - with macro.zip
[2012/05/23 15:28:47 | 000,000,128 | ---- | C] () -- C:\Users\ddine\Desktop\File Checker.laccdb
[2012/05/23 15:28:32 | 001,877,382 | ---- | C] () -- C:\Users\ddine\Desktop\iFacilitate.zip
[2012/05/23 15:27:40 | 000,160,190 | ---- | C] () -- C:\Users\ddine\Desktop\mail.htm
[2012/05/23 11:33:08 | 000,851,898 | ---- | C] () -- C:\Users\ddine\Desktop\SecurityCheck.exe
[2012/05/23 11:04:27 | 000,000,131 | ---- | C] () -- C:\Users\ddine\Desktop\InstallOutlook AddIn.bat
[2012/05/23 08:27:03 | 000,000,000 | ---- | C] () -- C:\Users\ddine\defogger_reenable
[2012/05/23 08:26:34 | 000,050,477 | ---- | C] () -- C:\Users\ddine\Desktop\Defogger.exe
[2012/05/23 08:21:42 | 000,130,337 | ---- | C] () -- C:\getservices.zip
[2012/05/22 23:15:52 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/05/22 23:15:52 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/05/22 23:15:52 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/05/22 23:15:52 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/05/22 23:15:52 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/05/22 16:34:10 | 001,601,536 | ---- | C] () -- C:\Users\ddine\Desktop\File Checker.accdb
[2012/05/22 13:19:54 | 000,344,064 | ---- | C] () -- C:\Users\ddine\Documents\Database5.accdb
[2012/05/22 13:18:35 | 000,462,848 | ---- | C] () -- C:\Users\ddine\Documents\Database4.accdb
[2012/05/22 09:16:37 | 001,658,320 | ---- | C] () -- C:\Users\ddine\Desktop\Utilities.zip
[2012/05/15 11:04:37 | 002,588,672 | ---- | C] () -- C:\Users\ddine\Desktop\Utilities.accdb
[2012/05/15 08:41:04 | 000,544,768 | ---- | C] () -- C:\Users\ddine\Desktop\New Microsoft Access Database.accdb
[2012/05/14 18:34:06 | 000,628,464 | ---- | C] () -- C:\Users\ddine\Desktop\Production Planner_2012-03-06.zip
[2012/05/14 16:37:42 | 000,002,966 | ---- | C] () -- C:\Users\ddine\Desktop\16e4599.jpg
[2012/05/14 15:52:03 | 000,001,908 | ---- | C] () -- C:\Windows\diagwrn.xml
[2012/05/14 15:52:03 | 000,001,908 | ---- | C] () -- C:\Windows\diagerr.xml
[2012/05/14 15:30:36 | 000,068,760 | ---- | C] () -- C:\Users\ddine\Desktop\cc_20120514_153034.reg
[2012/05/14 15:29:42 | 000,000,833 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/05/12 21:31:33 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2012/05/10 13:55:47 | 001,012,656 | ---- | C] () -- C:\Users\ddine\Desktop\rkill.com
[2012/05/10 08:12:40 | 000,005,854 | ---- | C] () -- C:\Users\ddine\Documents\Fixit50388.reg
[2012/05/09 10:52:59 | 000,001,424 | ---- | C] () -- C:\Users\ddine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2012/05/09 10:52:58 | 000,001,271 | ---- | C] () -- C:\Users\ddine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012/05/09 10:52:58 | 000,001,265 | ---- | C] () -- C:\Users\ddine\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/05/09 09:55:52 | 001,612,765 | ---- | C] () -- C:\Windows\SysNative\drivers\Cat.DB
[2012/05/07 20:21:18 | 000,000,691 | ---- | C] () -- C:\Users\ddine\AppData\Roaming\GetValue.vbs
[2012/05/07 20:21:18 | 000,000,035 | ---- | C] () -- C:\Users\ddine\AppData\Roaming\SetValue.bat
[2012/05/04 15:33:59 | 016,908,288 | ---- | C] () -- C:\Users\ddine\Documents\Database3.accdb
[2012/04/20 12:23:49 | 000,216,000 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012/04/20 12:23:48 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012/04/20 12:23:46 | 013,903,360 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2011/09/26 12:56:10 | 000,000,541 | ---- | C] () -- C:\Windows\hpntwksetup.ini
[2011/09/22 14:59:18 | 000,003,766 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2011/09/16 20:31:37 | 000,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011/09/16 15:11:16 | 000,862,754 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/09/12 21:09:12 | 000,016,344 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/08/12 05:20:56 | 000,305,256 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011/08/08 21:11:44 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011/08/08 21:11:43 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2010/11/21 00:24:20 | 000,833,024 | ---- | C] () -- C:\Windows\SysWow64\user.dat

< End of report >

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:43 PM

Posted 23 May 2012 - 08:45 PM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O8:64bit: - Extra context menu item: Copy to &Lightning Note - C:\Program Files (x86)\Corel\WordPerfect Lightning\Programs\WPLightningCopyToNote.hta File not found
    O8:64bit: - Extra context menu item: Open with WordPerfect - c:\Program Files (x86)\Corel\WordPerfect Office X5\Programs\WPLauncher.hta File not found
    O8 - Extra context menu item: Copy to &Lightning Note - C:\Program Files (x86)\Corel\WordPerfect Lightning\Programs\WPLightningCopyToNote.hta File not found
    O8 - Extra context menu item: Open with WordPerfect - c:\Program Files (x86)\Corel\WordPerfect Office X5\Programs\WPLauncher.hta File not found
    O9 - Extra 'Tools' menuitem : Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - No CLSID value found.
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 ProblemGuy

ProblemGuy
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:01:43 PM

Posted 24 May 2012 - 07:28 AM

========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Copy to &Lightning Note\ deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Open with WordPerfect\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Copy to &Lightning Note\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Open with WordPerfect\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
File Protocol\Handler\livecall - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
File Protocol\Handler\ms-help - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
File Protocol\Handler\msnim - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.
File Protocol\Handler\wlmailhtml - No CLSID value found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{B5A7F190-DDA6-4420-B3BA-52453494E6CD} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B5A7F190-DDA6-4420-B3BA-52453494E6CD}\ not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\ddine\Desktop\cmd.bat deleted successfully.
C:\Users\ddine\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: Administrator

User: All Users

User: ddine
->Java cache emptied: 39308 bytes

User: Default

User: Default User

User: hhadmin
->Java cache emptied: 0 bytes

User: it

User: Public

User: setup

User: UpdatusUser

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 1917 bytes

User: All Users

User: ddine
->Flash cache emptied: 492 bytes

User: Default

User: Default User

User: hhadmin
->Flash cache emptied: 56468 bytes

User: it
->Flash cache emptied: 762 bytes

User: Public

User: setup
->Flash cache emptied: 633 bytes

User: UpdatusUser

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.43.1 log created on 05242012_092159



Issue with hidden iexplore.exe processes has not re-occurred and seems to be fixed! :)

Issue with search engine re-directs is still occuring though. Just tried and I got redirected to 'monstermarketplace dot com'.

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:43 PM

Posted 24 May 2012 - 11:01 AM

Greetings


In which browsers does this happen in - please verify all that are installed



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 ProblemGuy

ProblemGuy
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:01:43 PM

Posted 24 May 2012 - 11:43 AM

The only browser I have installed currently is internet explorer 9. Previously, I had Chrome and Opera installed and the problem persisted in those browsers as well. I uninstalled them when I was trying to narrow down the problem.

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:43 PM

Posted 24 May 2012 - 11:55 AM

Greetings,

first I would like you to go here and click on the fixit button - http://support.microsoft.com/kb/923737


Then I want you to do the following

  • Start Internet Explorer.
  • click on safety
  • click on delete browsing history
  • make sure all boxes are checked
  • click on Tools,
  • click Internet Options.
  • On the Advanced tab, click Reset
  • put a check mark next to Delete Personal Settings
  • click Reset to confirm
  • when complete click the close button
  • restart IE


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 ProblemGuy

ProblemGuy
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:01:43 PM

Posted 24 May 2012 - 12:09 PM

I completed the instructions above. Now when I do a search the text on the tab is briefly changed to "88.214.201.204" and then I am redirected to another website. Does that help at all?

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:43 PM

Posted 24 May 2012 - 12:24 PM

Hello

I would like you to download an updated version of combofix.

update combofix

Delete the version of combofix you have now on your desktop and download a new one from here

Link 1
Link 2
Link 3
**Note: It is important that it is saved directly to your desktop**

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note:Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer
[/list]
"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 ProblemGuy

ProblemGuy
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:01:43 PM

Posted 25 May 2012 - 09:47 PM

ComboFix 12-05-25.03 - ddine 25/05/2012 23:32:52.13.8 - x64 NETWORK
Microsoft Windows 7 Professional 6.1.7601.1.1252.2.1033.18.8075.6545 [GMT -3:00]
Running from: c:\users\ddine\Desktop\ComboFix.exe
AV: Symantec Endpoint Protection *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\PCDr\5849\AddOnDownloaded\09ce0ed7-58db-4be9-b311-80b4fd9fd9bc.dll
c:\programdata\PCDr\5849\AddOnDownloaded\0b2769c8-99f3-4a8f-b749-eca9816d1c9d.dll
c:\programdata\PCDr\5849\AddOnDownloaded\0e53a45b-5a41-43e5-96ab-776b00e48a6e.dll
c:\programdata\PCDr\5849\AddOnDownloaded\434b795d-fe06-4495-801e-fa92d93babbc.dll
c:\programdata\PCDr\5849\AddOnDownloaded\562ad818-216b-4d77-8b40-834630104d2c.dll
c:\programdata\PCDr\5849\AddOnDownloaded\746b3523-df66-4ed9-beaa-88464b84933f.dll
c:\programdata\PCDr\5849\AddOnDownloaded\7e36c7b4-f4c8-4324-9887-9cab89169ef6.dll
c:\programdata\PCDr\5849\AddOnDownloaded\83db0f34-4452-4946-92c2-31dcd99767dd.dll
c:\programdata\PCDr\5849\AddOnDownloaded\90110d4d-0aa3-42f8-b48a-92aebd9d59f3.dll
c:\programdata\PCDr\5849\AddOnDownloaded\96963609-8feb-4f10-b100-425cef18a0db.dll
c:\programdata\PCDr\5849\AddOnDownloaded\97d3cc32-549b-4646-bc59-82ebb82b5d11.dll
c:\programdata\PCDr\5849\AddOnDownloaded\9ad80016-92d9-41a4-9436-c44907366397.dll
c:\programdata\PCDr\5849\AddOnDownloaded\b34a10f6-a592-424f-af97-b051783f9dd2.dll
c:\programdata\PCDr\5849\AddOnDownloaded\b96355f5-a46b-48d0-a3f2-b41eed57de73.dll
c:\programdata\PCDr\5849\AddOnDownloaded\bead45d2-b2dc-44e3-94f8-c7de6979be60.dll
c:\programdata\PCDr\5849\AddOnDownloaded\d754c4cc-ae68-4d17-afb7-55002296e1e2.dll
c:\programdata\PCDr\5849\AddOnDownloaded\ec6735a3-9204-4734-bb0f-5859e58b13b2.dll
c:\programdata\PCDr\5849\AddOnDownloaded\f1d18230-9731-47f0-b9f4-b537abcbb39c.dll
c:\programdata\PCDr\5849\AddOnDownloaded\f64109b2-74cc-4638-ae17-228b7886774b.dll
c:\programdata\PCDr\5849\AddOnDownloaded\fd85aea7-408e-4ff8-bdca-73b1320e8b27.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-04-26 to 2012-05-26 )))))))))))))))))))))))))))))))
.
.
2012-05-26 02:39 . 2012-05-26 02:39 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-05-26 02:39 . 2012-05-26 02:39 -------- d-----w- c:\users\setup\AppData\Local\temp
2012-05-26 02:39 . 2012-05-26 02:39 -------- d-----w- c:\users\it\AppData\Local\temp
2012-05-26 02:39 . 2012-05-26 02:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-26 02:39 . 2012-05-26 02:39 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-05-24 18:17 . 2012-05-24 18:17 49152 ----a-r- c:\users\ddine\AppData\Roaming\Microsoft\Installer\{65D32C2E-321B-4C62-962F-2BE7D18AE8FC}\ARPPRODUCTICON.exe
2012-05-24 12:21 . 2012-05-24 12:21 -------- d-----w- C:\_OTL
2012-05-24 03:33 . 2012-05-24 03:33 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9CF211C9-1FD3-49F1-9CC0-B7CB4337496C}\offreg.dll
2012-05-23 14:00 . 2012-05-23 14:00 -------- d-----w- c:\programdata\PCDr
2012-05-23 11:21 . 2012-05-23 11:21 -------- d-----w- C:\getservice
2012-05-20 23:24 . 2012-05-23 11:13 -------- d-----w- c:\users\ddine\AppData\Local\Opera
2012-05-20 23:24 . 2012-05-23 11:13 -------- d-----w- c:\program files (x86)\Opera
2012-05-20 21:10 . 2012-05-20 21:10 -------- d-----w- c:\programdata\Conexant
2012-05-20 21:10 . 2012-05-20 21:10 -------- d-----w- c:\users\ddine\AppData\Local\Conexant
2012-05-15 21:34 . 2012-05-15 22:08 -------- d-----w- c:\program files (x86)\Diablo III
2012-05-15 21:34 . 2012-05-15 21:58 -------- d-----w- c:\programdata\Blizzard Entertainment
2012-05-15 21:33 . 2012-05-15 21:33 -------- d-----w- c:\programdata\Battle.net
2012-05-14 19:14 . 2012-05-14 19:14 -------- d-----w- c:\programdata\Applications
2012-05-14 18:46 . 2012-05-14 18:46 -------- d-----w- c:\users\ddine\AppData\Local\Lenovo
2012-05-14 18:45 . 2012-05-14 23:03 -------- d-----w- c:\users\ddine\AppData\Local\VirtualStore
2012-05-14 18:27 . 2012-05-14 18:27 -------- d-----w- c:\program files\Microsoft Silverlight
2012-05-14 18:27 . 2012-05-14 18:27 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2012-05-14 18:27 . 2012-02-29 18:15 41024 ----a-w- c:\windows\system32\tpinspm.dll
2012-05-14 18:27 . 2012-02-29 18:15 48704 ----a-w- c:\windows\system32\ibmpmsvc.exe
2012-05-14 18:27 . 2012-02-29 18:14 42312 ----a-w- c:\windows\system32\drivers\ibmpmdrv.sys
2012-05-14 18:26 . 2012-04-18 06:03 8917360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9CF211C9-1FD3-49F1-9CC0-B7CB4337496C}\mpengine.dll
2012-05-14 13:19 . 2012-05-14 13:19 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-14 13:19 . 2012-05-14 13:19 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-13 00:32 . 2012-05-14 18:31 -------- d-----w- c:\users\ddine\AppData\Roaming\Ventrilo
2012-05-13 00:31 . 2012-05-13 00:31 -------- d-----w- c:\program files\Ventrilo
2012-05-12 13:13 . 2012-05-12 13:13 -------- d-----w- c:\users\Administrator\AppData\Roaming\Malwarebytes
2012-05-10 17:09 . 2012-05-10 17:09 -------- d-----w- c:\users\ddine\AppData\Roaming\QuickScan
2012-05-09 20:32 . 2012-05-09 20:32 -------- d-----w- c:\program files (x86)\ESET
2012-05-09 13:21 . 2012-05-14 18:29 -------- d-----w- c:\program files\CCleaner
2012-05-09 12:57 . 2012-05-09 13:41 -------- d-----w- c:\program files (x86)\PC Tools
2012-05-09 12:55 . 2012-05-09 13:41 -------- d-----w- c:\program files (x86)\Common Files\PC Tools
2012-05-09 12:55 . 2012-04-23 17:18 251528 ----a-w- c:\windows\system32\drivers\PCTSD64.sys
2012-05-09 12:55 . 2012-05-09 12:55 -------- d-----w- c:\users\ddine\AppData\Roaming\TestApp
2012-05-07 23:21 . 2012-05-07 23:28 691 ----a-w- c:\users\ddine\AppData\Roaming\GetValue.vbs
2012-05-07 23:21 . 2012-05-07 23:28 35 ----a-w- c:\users\ddine\AppData\Roaming\SetValue.bat
2012-05-07 13:45 . 2012-05-07 23:32 -------- d-----w- C:\sh4ldr
2012-05-07 13:45 . 2012-05-07 13:45 -------- d-----w- c:\program files\Enigma Software Group
2012-05-07 13:44 . 2012-05-07 23:32 -------- d-----w- c:\windows\5B210B8AB66E4702B44D0D6F388D29EB.TMP
2012-05-07 13:44 . 2012-05-13 00:31 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2012-05-07 13:35 . 2012-05-07 13:35 -------- d-----w- c:\users\ddine\AppData\Roaming\DriverCure
2012-05-07 13:35 . 2012-05-07 13:35 -------- d-----w- c:\users\ddine\AppData\Roaming\SpeedyPC Software
2012-05-03 17:43 . 2012-05-03 17:43 -------- d-----w- c:\users\hhadmin
2012-05-01 19:54 . 2012-05-01 19:54 -------- d-----w- c:\programdata\VS
2012-04-30 12:01 . 2012-04-30 12:01 -------- d-----w- c:\users\ddine\AppData\Roaming\Iconico
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-23 11:21 . 2012-05-23 11:21 130337 ----a-w- C:\getservices.zip
2012-05-12 22:51 . 2012-02-24 15:53 3636064 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2012-05-09 13:20 . 2011-11-15 19:51 304608 ----a-w- c:\programdata\Microsoft\VCSExpress\10.0\1033\ResourceCache.dll
2012-05-09 13:19 . 2011-11-01 17:36 171488 ----a-w- c:\programdata\Microsoft\VCExpress\10.0\1033\ResourceCache.dll
2012-05-07 11:56 . 2012-04-15 19:32 8769696 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-19 17:33 . 2012-02-08 13:03 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-04-05 14:55 . 2012-03-18 18:23 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2012-04-04 18:56 . 2012-04-20 16:49 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-18 18:24 . 2012-03-18 18:24 53248 ----a-r- c:\users\ddine\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2012-03-15 09:07 . 2011-08-09 00:14 2693696 ------w- c:\windows\PWMBTHLV.EXE
2012-03-15 09:07 . 2011-08-09 00:14 29512 ----a-w- c:\windows\system32\drivers\DZHDD64.SYS
2012-03-15 09:07 . 2011-08-09 00:14 2806336 ----a-w- c:\windows\system32\PWMCP64V.cpl
2012-03-15 09:07 . 2011-08-09 00:14 19784 ----a-w- c:\windows\system32\drivers\TPPWR64V.SYS
2012-03-01 06:46 . 2012-04-11 19:09 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-03-01 06:38 . 2012-04-11 19:09 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-03-01 06:33 . 2012-04-11 19:09 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-03-01 06:28 . 2012-04-11 19:09 5120 ----a-w- c:\windows\system32\wmi.dll
2012-03-01 05:37 . 2012-04-11 19:09 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-03-01 05:33 . 2012-04-11 19:09 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-03-01 05:29 . 2012-04-11 19:09 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-02-28 06:56 . 2012-04-11 19:43 2311168 ----a-w- c:\windows\system32\jscript9.dll
2012-02-28 06:49 . 2012-04-11 19:43 1390080 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 06:48 . 2012-04-11 19:43 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-28 06:42 . 2012-04-11 19:43 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-28 01:18 . 2012-04-11 19:43 1799168 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-02-28 01:11 . 2012-04-11 19:43 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-02-28 01:11 . 2012-04-11 19:43 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
2012-02-28 01:03 . 2012-04-11 19:43 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2010-11-21 . 9C15490C717BD8F7839DD52BD434A8CF . 858112 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll
[7] 2010-11-21 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
.
((((((((((((((((((((((((((((( SnapShot_2012-05-24_18.54.11 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-04-17 21:43 . 2012-05-26 01:59 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2012-04-17 21:43 . 2012-05-23 14:44 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2012-04-17 21:44 . 2012-05-26 01:59 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IEDownloadHistory\index.dat
- 2012-04-17 21:44 . 2012-05-24 18:23 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IEDownloadHistory\index.dat
+ 2012-04-18 11:34 . 2012-05-25 19:28 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\Low\index.dat
- 2012-04-18 11:34 . 2012-05-24 07:16 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\Low\index.dat
+ 2012-04-18 11:34 . 2012-05-25 19:28 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat
- 2012-04-18 11:34 . 2012-05-24 07:16 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat
+ 2012-04-18 11:34 . 2012-05-25 19:28 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat
- 2012-04-18 11:34 . 2012-05-24 07:16 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat
+ 2012-05-24 12:18 . 2012-05-25 01:44 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012052420120525\index.dat
- 2012-04-17 21:44 . 2012-05-23 14:44 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2012-04-17 21:44 . 2012-05-26 00:07 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2010-11-21 03:09 . 2012-05-25 13:26 76708 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2012-05-24 18:16 44296 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-05-25 13:26 44296 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-09-16 18:11 . 2012-05-25 13:26 13484 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1061089090-2116172776-1088748055-10440_UserData.bin
+ 2011-09-13 01:28 . 2012-05-26 02:30 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-09-13 01:28 . 2012-05-24 18:19 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-09-13 01:28 . 2012-05-24 18:19 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-09-13 01:28 . 2012-05-26 02:30 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-05-24 18:19 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-05-26 02:30 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-05-25 21:29 . 2012-05-26 01:59 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\RecoveryStore.{AD30B15C-A6B0-11E1-9966-02004E435049}.dat
+ 2012-05-26 01:59 . 2012-05-26 01:59 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\{6A50324E-A6D6-11E1-9966-02004E435049}.dat
+ 2012-05-25 07:18 . 2012-05-25 07:18 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{D21098DB-A639-11E1-B7B0-02004E435049}.dat
+ 2012-05-25 07:18 . 2012-05-25 07:18 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D21098DC-A639-11E1-B7B0-02004E435049}.dat
+ 2011-09-17 02:39 . 2012-05-25 11:53 4400 c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2012-05-24 18:14 . 2012-05-24 18:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-05-26 02:30 . 2012-05-26 02:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-05-26 02:30 . 2012-05-26 02:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-05-24 18:14 . 2012-05-24 18:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 04:54 . 2012-05-26 01:59 294912 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-05-25 03:01 . 2012-05-26 01:59 114688 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012052520120526\index.dat
+ 2011-09-19 10:23 . 2012-05-25 21:09 137022 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-07-14 02:36 . 2012-05-25 21:13 734068 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-05-24 18:21 734068 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-05-25 21:13 151802 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-05-24 18:21 151802 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:01 . 2012-05-26 02:28 412680 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-05-24 18:12 412680 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-05-14 22:58 . 2012-05-25 13:23 773300 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1061089090-2116172776-1088748055-10440-8192.dat
- 2012-05-14 22:58 . 2012-05-24 18:12 773300 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1061089090-2116172776-1088748055-10440-8192.dat
+ 2012-04-17 21:43 . 2012-05-26 01:59 5144576 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\PrivacIE\index.dat
- 2009-07-14 04:54 . 2012-05-24 18:25 2015232 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-05-26 01:59 2015232 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-08-09 00:23 . 2012-05-26 02:28 3996080 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2011-08-09 00:23 . 2012-05-24 18:12 3996080 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2012-04-17 22:10 . 2012-05-26 02:28 6642036 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
+ 2009-07-14 04:54 . 2012-05-26 01:59 10698752 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-05-24 18:25 10698752 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-05-14 22:58 . 2012-05-25 13:23 12695888 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1061089090-2116172776-1088748055-10440-4096.dat
+ 2011-09-16 18:07 . 2012-05-26 02:28 33644212 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1061089090-2116172776-1088748055-10440-12288.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"RotateImage"="c:\program files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe" [2008-10-30 55808]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"IMSS"="c:\program files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" [2011-01-17 112152]
"PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2012-03-15 5935680]
"Lenovo Registration"="c:\program files (x86)\Lenovo Registration\LenovoReg.exe" [2011-02-09 4309184]
"NcpBudgetGui"="c:\program files (x86)\WatchGuard\Mobile VPN\NcpBudgetGui.exe" [2010-01-29 1032192]
"NcpPopup"="c:\program files (x86)\WatchGuard\Mobile VPN\ncppopup.exe" [2010-01-13 579072]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2011-10-17 1213216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceStartMenuLogOff"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1061089090-2116172776-1088748055-10440\Scripts\Logon\0\0]
"Script"=\\work.ca\SysVol\work.ca\scripts\XActFact\HH-xactfact.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1061089090-2116172776-1088748055-10440\Scripts\Logon\1\0]
"Script"=\\work\sysvol\work.ca\scripts\GPM_MapDrives\GPM_MapHHDrives.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1061089090-2116172776-1088748055-10440\Scripts\Logon\2\0]
"Script"=FPS.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1061089090-2116172776-1088748055-10440\Scripts\Logon\2\1]
"Script"=GP_Hidden.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1061089090-2116172776-1088748055-15361\Scripts\Logon\0\0]
"Script"=\\work\sysvol\work.ca\scripts\GPM_MapDrives\GPM_MapITDrives.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1061089090-2116172776-1088748055-15361\Scripts\Logon\1\0]
"Script"=FPS.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1061089090-2116172776-1088748055-26681\Scripts\Logon\0\0]
"Script"=\\eckler\sysvol\work.ca\scripts\GPM_MapDrives\GPM_MapHHDrives.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1061089090-2116172776-1088748055-26681\Scripts\Logon\1\0]
"Script"=FPS.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1061089090-2116172776-1088748055-26681\Scripts\Logon\1\1]
"Script"=GP_Hidden.bat
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R1 BHDrvx64;BHDrvx64;c:\programdata\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\BASHDefs\20120517.011\BHDrvx64.sys [2012-04-10 1160824]
R1 IDSVia64;IDSVia64;c:\programdata\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\IPSDefs\20120524.001\IDSvia64.sys [2012-03-16 488568]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys [x]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\Drivers\SEP\0C01029F\136B.105\x64\Ironx64.SYS [x]
R1 SYMNETS;Symantec Network Security WFP Driver;c:\windows\system32\Drivers\SEP\0C01029F\136B.105\x64\SYMNETS.SYS [x]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-10-19 661504]
R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-10-20 135440]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg64.exe [x]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-25 136176]
R2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136]
R2 HyperW7Svc;HyperW7 Service;c:\program files\Lenovo\RapidBoot\HyperW7Svc64.exe [2011-11-18 144448]
R2 jhi_service;Intel® Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2011-02-24 212944]
R2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [2012-01-16 43584]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2011-07-12 101736]
R2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [2012-01-16 62016]
R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2011-07-12 133992]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
R2 ncprwsnt;ncprwsnt;c:\program files (x86)\WatchGuard\Mobile VPN\ncprwsnt.exe [2010-02-25 1389576]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-13 2214504]
R2 Sentinel64;Sentinel64;c:\windows\System32\Drivers\Sentinel64.sys [x]
R2 SentinelKeysServer;Sentinel Keys Server;c:\program files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [2009-09-17 369952]
R2 SentinelSecurityRuntime;Sentinel Security Runtime;c:\program files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe [2009-09-17 292128]
R2 smihlp;SMI Helper Driver (smihlp);c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [2009-03-13 13840]
R2 SROSVC;Screen Reading Optimizer Service Program;c:\program files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe [2011-09-01 446800]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-08-12 379496]
R2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [2011-07-12 145256]
R2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2011-07-12 142696]
R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-01-17 2656280]
R2 VIPAppService;VIPAppService;c:\program files (x86)\Symantec\VIP Access Client\VIPAppService.exe [2011-04-13 84088]
R3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-14 257696]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [x]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [x]
R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 DozeSvc;Lenovo Doze Mode Service;c:\program files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2012-03-15 320576]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-02-04 138360]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-25 136176]
R3 HP8207_8307;HP-HP8207_8307;c:\windows\system32\DRIVERS\HP8207_8307.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 ncpfilt;WatchGuard Filter;c:\windows\system32\DRIVERS\ncplelhp.sys [x]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 pmxdrv;pmxdrv;c:\windows\system32\drivers\pmxdrv.sys [x]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2012-03-15 1662528]
R3 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE [2012-03-15 165440]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 SyDvCtrl;SyDvCtrl;c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin64\SyDvCtrl64.sys [2011-06-17 29664]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]
R4 RsFx0105;RsFx0105 Driver;c:\windows\system32\DRIVERS\RsFx0105.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-09-23 431464]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 DzHDD64;DzHDD64;c:\windows\System32\DRIVERS\DzHDD64.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\Drivers\SEP\0C01029F\136B.105\x64\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\Drivers\SEP\0C01029F\136B.105\x64\SYMEFA64.SYS [x]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys [x]
S1 PHCORE;PHCORE;c:\program files\Lenovo\RapidBoot\PHCORE64.SYS [2011-07-08 32104]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 risdxc;risdxc;c:\windows\system32\DRIVERS\risdxc64.sys [x]
S2 SepMasterService;Symantec Endpoint Protection;c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe [2011-06-17 137224]
S3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [x]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [x]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [x]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 ncplelhp;WatchGuard Secure Client NDIS6 Driver;c:\windows\system32\DRIVERS\ncplelhp.sys [x]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-25 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 15:06]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"TpShocks"="TpShocks.exe" [2011-03-29 380776]
"ForteConfig"="c:\program files\Conexant\ForteConfig\fmapp.exe" [2010-10-26 49056]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2011-03-15 316032]
"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2012-01-16 44096]
"ALCKRESI.EXE"="c:\program files\Lenovo\AutoLock\ALCKRESI.EXE" [2011-09-27 386408]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2011-01-05 5989688]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-10-14 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-10-14 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-10-14 416024]
"AcWin7Hlpr"="c:\program files (x86)\Lenovo\Access Connections\AcTBenabler.exe" [2011-10-20 33344]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.ca/
mLocal Page = c:\windows\SYSTEM32\blank.htm
TCP: DhcpNameServer = 24.222.0.94 24.222.0.95
DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77} - hxxp://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect2.cab
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SepMasterService]
"ImagePath"="\"c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe\" /s \"Symantec Endpoint Protection\" /m \"c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\sms.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SmcService]
"ImagePath"="\"c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin64\Smc.exe\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{6D53EC84-6AAE-4787-AEEE-F4628F01010C}"=hex:51,66,7a,6c,4c,1d,38,12,ea,ef,40,
69,9c,24,e9,02,d1,f8,b7,22,8a,5f,45,18
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{C63CD127-A1CB-4D49-A4F7-D6F88A917BE6}"=hex:51,66,7a,6c,4c,1d,38,12,49,d2,2f,
c2,f9,ef,27,08,db,e1,95,b8,8f,cf,3f,f2
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:e9,1e,09,1f,ea,2d,cd,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,6f,4e,cf,08,fd,6a,15,48,8e,1d,0c,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,6f,4e,cf,08,fd,6a,15,48,8e,1d,0c,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\CurrentVersion]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Symantec\Symantec Endpoint Protection\CurrentVersion]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-05-25 23:42:19
ComboFix-quarantined-files.txt 2012-05-26 02:42
ComboFix2.txt 2012-05-23 17:53
ComboFix3.txt 2012-05-23 02:37
.
Pre-Run: 150,807,842,816 bytes free
Post-Run: 150,405,955,584 bytes free
.
- - End Of File - - 39A8829BE9550E10A8B0B4B32876F833


Hey, sorry for the delay but I have attached the log of the updated combo fix run. Unfortunately, the search engine redirect is still occuring :(

It is still redirecting to 'monster marketplace dot com'




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users