Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirect Virus to Scour.com


  • This topic is locked This topic is locked
23 replies to this topic

#1 bjorn7126

bjorn7126

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:44 AM

Posted 26 May 2012 - 02:59 PM

Hi,

Since last week, my internet browser kept redirecting many of my internet searches to a weird site (I cannot remember the name now). I ran Kaspersky's TDSS killer, Microsoft Securities Essentials Scan and Malwarebytes Scan. Malwarebytes removed a virus. Afterwards, the redirect still appears every once in a while (around one in every 20 searches) but the redirect site has changed to Scour.com. Then I ran ComboFix (without realizing I shouldn't run it unless instructed... oops).

After that I saw this forum on your website and followed the instructions to 4. Enable my Firewall, 5. Disable CD emulation software using Defogger, 7. DDS log, 8. GMER log (I was only allowed to check the Services, Registry and Files and C:\ boxes. All other boxes were greyed out).

Attached are the logs produced from ComboFix, DDS and GMER.

I greatly appreciate the help and thank you in advance.

Bjorn7126

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:44 PM

Posted 27 May 2012 - 06:40 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



please ReRun Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 bjorn7126

bjorn7126
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:44 AM

Posted 27 May 2012 - 02:32 PM

Hi Gringo,

Log from Security Check

Results of screen317's Security Check version 0.99.38
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
Microsoft Security Essentials
(On Access scanning disabled!)
Error obtaining update status for antivirus!
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes Anti-Malware version 1.61.0.1400
Adobe Reader X (10.1.1)
Mozilla Firefox (12.0)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Microsoft Security Essentials msseces.exe
Windows Defender MSMpEng.exe
``````````End of Log````````````


Log from Combofix
ComboFix 12-05-27.02 - Bjorn7126 05/27/2012 14:00:08.2.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.6027.4430 [GMT -5:00]
Running from: c:\users\B\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Bjorn7126\AppData\Local\Temp\_MEI35362\_ctypes.pyd
c:\users\Bjorn7126\AppData\Local\Temp\_MEI35362\_elementtree.pyd
c:\users\Bjorn7126\AppData\Local\Temp\_MEI35362\_hashlib.pyd
c:\users\Bjorn7126\AppData\Local\Temp\_MEI35362\_socket.pyd
c:\users\Bjorn7126\AppData\Local\Temp\_MEI35362\_ssl.pyd
c:\users\Bjorn7126\AppData\Local\Temp\_MEI35362\pyexpat.pyd
c:\users\Bjorn7126\AppData\Local\Temp\_MEI35362\pysqlite2._sqlite.pyd
c:\users\Bjorn7126\AppData\Local\Temp\_MEI35362\python26.dll
c:\users\Bjorn7126\AppData\Local\Temp\_MEI35362\pythoncom26.dll
c:\users\Bjorn7126\AppData\Local\Temp\_MEI35362\PyWinTypes26.dll
c:\users\Bjorn7126\AppData\Local\Temp\_MEI35362\select.pyd
c:\users\Bjorn7126\AppData\Local\Temp\_MEI35362\win32api.pyd
c:\users\Bjorn7126\AppData\Local\Temp\_MEI35362\win32com.shell.shell.pyd
c:\users\Bjorn7126\AppData\Local\Temp\_MEI35362\win32crypt.pyd
c:\users\Bjorn7126\AppData\Local\Temp\_MEI35362\win32event.pyd
c:\users\Bjorn7126\AppData\Local\Temp\_MEI35362\win32file.pyd
c:\users\Bjorn7126\AppData\Local\Temp\_MEI35362\win32gui.pyd
c:\users\Bjorn7126\AppData\Local\Temp\_MEI35362\win32inet.pyd
c:\users\Bjorn7126\AppData\Local\Temp\_MEI35362\win32process.pyd
c:\users\Bjorn7126\AppData\Local\Temp\_MEI35362\wx._controls_.pyd
c:\users\Bjorn7126\AppData\Local\Temp\_MEI35362\wx._core_.pyd
c:\users\Bjorn7126\AppData\Local\Temp\_MEI35362\wx._gdi_.pyd
c:\users\Bjorn7126\AppData\Local\Temp\_MEI35362\wx._html2.pyd
c:\users\Bjorn7126\AppData\Local\Temp\_MEI35362\wx._misc_.pyd
c:\users\Bjorn7126\AppData\Local\Temp\_MEI35362\wx._windows_.pyd
c:\users\Bjorn7126\AppData\Local\Temp\_MEI35362\wx._wizard.pyd
c:\users\Bjorn7126\AppData\Local\Temp\_MEI35362\wxbase293u_net_vc.dll
c:\users\Bjorn7126\AppData\Local\Temp\_MEI35362\wxbase293u_vc.dll
c:\users\Bjorn7126\AppData\Local\Temp\_MEI35362\wxmsw293u_adv_vc.dll
c:\users\Bjorn7126\AppData\Local\Temp\_MEI35362\wxmsw293u_core_vc.dll
c:\users\Bjorn7126\AppData\Local\Temp\_MEI35362\wxmsw293u_html_vc.dll
c:\users\Bjorn7126\AppData\Local\Temp\_MEI35362\wxmsw293u_webview_vc.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-04-27 to 2012-05-27 )))))))))))))))))))))))))))))))
.
.
2012-05-27 19:08 . 2012-05-27 19:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-27 16:28 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{83D77086-48FA-4F75-BFFD-561FB44C31F7}\mpengine.dll
2012-05-27 07:29 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-05-23 08:22 . 2012-05-23 08:22 -------- d-----w- c:\programdata\GFI Software
2012-05-23 07:54 . 2012-05-23 07:54 -------- d-----w- c:\program files\CCleaner
2012-05-23 07:51 . 2012-05-27 18:56 -------- d-----w- c:\windows\system32\appmgmt
2012-05-23 07:48 . 2012-05-23 07:54 -------- d-----w- c:\program files (x86)\VS Revo Group
2012-05-23 07:43 . 2012-05-23 07:43 -------- d-----w- c:\users\Bjorn7126\AppData\Roaming\Malwarebytes
2012-05-23 07:42 . 2012-05-23 07:42 -------- d-----w- c:\programdata\Malwarebytes
2012-05-23 07:42 . 2012-05-23 07:42 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-05-23 07:42 . 2012-04-04 20:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-23 07:27 . 2012-05-23 07:27 8769696 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-05-23 07:12 . 2012-05-23 07:11 839112 ----a-w- c:\windows\system32\deployJava1.dll
2012-05-23 07:11 . 2012-05-23 07:11 955848 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-05-23 07:11 . 2012-05-23 07:11 -------- d-----w- c:\program files\Java
2012-05-23 07:02 . 2012-05-23 07:27 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-23 07:02 . 2012-05-23 07:02 -------- d-----w- c:\windows\system32\Macromed
2012-05-23 06:47 . 2012-05-23 06:47 -------- d-----w- C:\TDSSKiller_Quarantine
2012-05-15 08:10 . 2012-05-27 18:58 -------- d-s---w- c:\users\Bjorn7126\Google Drive
2012-05-15 08:08 . 2012-05-23 07:08 -------- d-----w- c:\program files (x86)\Google
2012-05-13 08:00 . 2012-05-13 08:00 -------- d-----w- c:\program files\Microsoft Silverlight
2012-05-13 08:00 . 2012-05-13 08:00 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2012-05-11 14:39 . 2012-05-11 14:39 -------- d-----w- c:\program files (x86)\AVIedit
2012-05-07 01:22 . 2012-05-07 01:22 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-05-07 01:22 . 2012-05-07 01:22 157352 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-07 01:22 . 2012-05-07 01:22 129976 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-23 07:27 . 2011-05-20 20:15 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-21 01:44 . 2010-10-25 02:25 98688 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-03-21 01:44 . 2010-10-25 02:25 203888 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-03-01 06:46 . 2012-04-12 08:00 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-03-01 06:38 . 2012-04-12 08:00 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-03-01 06:33 . 2012-04-12 08:00 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-03-01 06:28 . 2012-04-12 08:00 5120 ----a-w- c:\windows\system32\wmi.dll
2012-03-01 05:37 . 2012-04-12 08:00 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-03-01 05:33 . 2012-04-12 08:00 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-03-01 05:29 . 2012-04-12 08:00 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-02-28 06:56 . 2012-04-12 08:02 2311168 ----a-w- c:\windows\system32\jscript9.dll
2012-02-28 06:49 . 2012-04-12 08:02 1390080 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 06:48 . 2012-04-12 08:02 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-28 06:42 . 2012-04-12 08:02 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-28 01:18 . 2012-04-12 08:02 1799168 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-02-28 01:11 . 2012-04-12 08:02 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-02-28 01:11 . 2012-04-12 08:02 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
2012-02-28 01:03 . 2012-04-12 08:02 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
.
.
((((((((((((((((((((((((((((( SnapShot@2012-05-26_04.40.04 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2012-05-26 01:46 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-05-27 18:57 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-05-26 01:46 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-05-27 18:57 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-05-26 01:46 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-05-27 18:57 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-11-21 03:09 . 2012-05-27 19:10 48766 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-05-27 19:10 40848 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-05-12 19:09 . 2012-05-27 18:59 11278 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3726172487-2278243930-1178291279-1000_UserData.bin
+ 2011-05-17 19:35 . 2012-05-26 05:01 1964 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2012-05-27 19:08 . 2012-05-27 19:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-05-26 04:38 . 2012-05-26 04:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-05-27 19:08 . 2012-05-27 19:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-05-26 04:38 . 2012-05-26 04:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-05-11 20:55 . 2012-05-27 16:11 394082 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 02:36 . 2012-05-25 02:10 626540 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-05-27 19:04 626540 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-05-27 19:04 107784 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-05-25 02:10 107784 c:\windows\system32\perfc009.dat
- 2011-08-14 06:30 . 2012-05-26 04:37 793344 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-08-14 06:30 . 2012-05-27 19:08 793344 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2009-07-14 05:01 . 2012-05-27 19:08 438992 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-05-26 04:37 438992 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-05-12 08:48 . 2012-05-27 18:56 57939060 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3726172487-2278243930-1178291279-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\programdata\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2007-03-29 222128]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2012-05-02 11396840]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IMSS"="c:\program files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" [2011-01-17 112152]
"PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2011-07-04 1605992]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"RotateImage"="c:\program files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe" [2008-10-30 55808]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
.
c:\users\Bjorn7126\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2011-7-27 1211680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-15 116648]
R2 HyperW7Svc;HyperW7 Service;c:\program files\Lenovo\RapidBoot\HyperW7Svc64.exe [2010-12-03 116072]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-23 257696]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 DozeSvc;Lenovo Doze Mode Service;c:\program files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2011-07-04 477032]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-15 116648]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-07 129976]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 PCDSRVC{127174DC-C366ED8B-06020000}_0;PCDSRVC{127174DC-C366ED8B-06020000}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor\pcdsrvc_x64.pkms [2010-08-11 24560]
R3 pmxdrv;pmxdrv;c:\windows\system32\drivers\pmxdrv.sys [x]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2011-07-04 83304]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 DzHDD64;DzHDD64;c:\windows\System32\DRIVERS\DzHDD64.sys [x]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys [x]
S1 PHCORE;PHCORE;c:\program files\Lenovo\RapidBoot\PHCORE64.SYS [2010-12-03 31592]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 aksdf;aksdf;c:\windows\system32\drivers\aksdf.sys [x]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-08-08 1166848]
S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-06-03 134928]
S2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg64.exe [x]
S2 hasplms;Sentinel HASP License Manager;c:\windows\system32\hasplms.exe -run [x]
S2 jhi_service;Intel® Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2011-02-07 210896]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [2011-01-14 40808]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2011-04-04 45496]
S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [2011-01-14 59240]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2010-04-07 93032]
S2 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE [2011-07-04 148840]
S2 risdxc;risdxc;c:\windows\system32\DRIVERS\risdxc64.sys [x]
S2 smihlp2;SMI Helper Driver (smihlp2);c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [2011-05-30 13128]
S2 SROSVC;Screen Reading Optimizer Service Program;c:\program files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe [2011-03-02 443240]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [2011-04-20 144232]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2011-03-29 64952]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-01-17 2656280]
S3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys [x]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [x]
S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-23 07:27]
.
2012-05-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-15 08:08]
.
2012-05-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-15 08:08]
.
2012-05-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3726172487-2278243930-1178291279-1000Core.job
- c:\users\Bjorn7126\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-13 21:13]
.
2012-05-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3726172487-2278243930-1178291279-1000UA.job
- c:\users\Bjorn7126\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-13 21:13]
.
2012-05-27 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\uaclauncher.exe [2010-08-11 21:00]
.
2012-05-27 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\pcdrcui.exe [2010-08-11 21:00]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-05-02 23:31 779776 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-05-02 23:31 779776 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-05-02 23:31 779776 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-05-02 23:31 779776 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"TpShocks"="TpShocks.exe" [2011-03-29 380776]
"ForteConfig"="c:\program files\Conexant\ForteConfig\fmapp.exe" [2010-10-26 49056]
"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2011-01-14 41320]
"ALCKRESI.EXE"="c:\program files\Lenovo\AutoLock\ALCKRESI.EXE" [2011-05-25 281960]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-04-13 2399632]
"AcWin7Hlpr"="c:\program files (x86)\Lenovo\Access Connections\AcTBenabler.exe" [2011-04-14 31592]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2011-03-15 316032]
"PSQLLauncher"="c:\program files\ThinkVantage Fingerprint Software\launcher.exe" [2011-07-14 85832]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-18 165456]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-30 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-30 418840]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77} - hxxp://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect2.cab
FF - ProfilePath - c:\users\Bjorn7126\AppData\Roaming\Mozilla\Firefox\Profiles\2ikd6ktf.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{127174DC-C366ED8B-06020000}_0]
"ImagePath"="\??\c:\program files\pc-doctor\pcdsrvc_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3B85D734-4D1E-A5B8-7A2C9FEBD20E3A7C}\{9B78C2B1-5ACD-EEEE-C2C08A9F5ADC5CE8}\{497F871A-1051-F8C7-F54470C03EAE9AE4}*]
"XOGCPEUPGZA3BTOUPKIJ6FJXTE1"=hex:01,00,01,00,00,00,00,00,9a,27,1e,8a,da,80,81,
12,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F9F9DEBB-68B5-F470-73ABBBDFE6B7698C}\{2DE0854A-58E2-477C-18CA38B62B72F56E}\{B78F9583-EE49-B075-5FB6B2640AC6C572}*]
"XOGCPEUPGZA3BTOUPKIJ6FJXTE1"=hex:01,00,01,00,00,00,00,00,9a,27,1e,8a,da,80,81,
12,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
c:\program files (x86)\Cisco Systems\VPN Client\cvpnd.exe
c:\windows\system32\hasplms.exe
c:\windows\SysWOW64\SAsrv.exe
c:\program files (x86)\Lenovo\Access Connections\AcSvc.exe
c:\progra~1\Lenovo\Zoom\TPSCREX.EXE
c:\progra~1\Lenovo\HOTKEY\TPONSCR.EXE
c:\progra~1\LENOVO\VIRTSCRL\virtscrl.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2012-05-27 14:14:44 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-27 19:14
ComboFix2.txt 2012-05-26 04:44
.
Pre-Run: 112,351,170,560 bytes free
Post-Run: 112,309,309,440 bytes free
.
- - End Of File - - EF7DD6500B3C2EA66121F79FE355AA9E


Previous problems

None that I am aware of. Scanning the computer using MSE or Symmantec turned up tracking cookies every once in a while. Approximately 1.5 weeks ago, the computer was sent in to Lenovo to replace a fan that stopped working.


Status of computer now
Still appears to be redirecting after second time running Combofix. I search "virus removal" on Google. I click on "home.mcafee.com/virusinfo/virus-removal-tools" link, and it redirected me to a very sketchy website "http://buy-static.norton.com/norton/ps/3up_us_en_navnis360_nbnfr.html?om_sem_cid=hho_sem_sy:us:lks:en:e|kw0000007791|263328-107175-27681|answerherefinders.in%2Findex.php%3Fsearch%3Dvirus%2520removal|1583921757-425e.1f83.4fc27f20.3899". As previously, the redirect does not appear every time.

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:44 PM

Posted 27 May 2012 - 03:43 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 bjorn7126

bjorn7126
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:44 AM

Posted 27 May 2012 - 05:28 PM

Log file from Kaspersky's TDSS

16:10:47.0361 5824 TDSS rootkit removing tool 2.7.37.0 May 23 2012 08:15:30
16:10:47.0871 5824 ============================================================
16:10:47.0871 5824 Current date / time: 2012/05/27 16:10:47.0871
16:10:47.0871 5824 SystemInfo:
16:10:47.0871 5824
16:10:47.0871 5824 OS Version: 6.1.7601 ServicePack: 1.0
16:10:47.0871 5824 Product type: Workstation
16:10:47.0871 5824 ComputerName: BJORN7126-THINK
16:10:47.0871 5824 UserName: Bjorn7126
16:10:47.0871 5824 Windows directory: C:\Windows
16:10:47.0871 5824 System windows directory: C:\Windows
16:10:47.0871 5824 Running under WOW64
16:10:47.0871 5824 Processor architecture: Intel x64
16:10:47.0871 5824 Number of processors: 4
16:10:47.0872 5824 Page size: 0x1000
16:10:47.0872 5824 Boot type: Normal boot
16:10:47.0872 5824 ============================================================
16:10:48.0272 5824 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:10:48.0277 5824 ============================================================
16:10:48.0277 5824 \Device\Harddisk0\DR0:
16:10:48.0277 5824 MBR partitions:
16:10:48.0277 5824 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x258000
16:10:48.0277 5824 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x258800, BlocksNum 0x1BBE4800
16:10:48.0277 5824 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1BE3D000, BlocksNum 0x1388000
16:10:48.0277 5824 ============================================================
16:10:48.0298 5824 C: <-> \Device\Harddisk0\DR0\Partition1
16:10:48.0341 5824 Q: <-> \Device\Harddisk0\DR0\Partition2
16:10:48.0342 5824 ============================================================
16:10:48.0342 5824 Initialize success
16:10:48.0342 5824 ============================================================
16:10:50.0166 1260 ============================================================
16:10:50.0166 1260 Scan started
16:10:50.0166 1260 Mode: Manual;
16:10:50.0166 1260 ============================================================
16:10:50.0683 1260 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
16:10:50.0684 1260 1394ohci - ok
16:10:50.0777 1260 5U877 (f4af97702bad85bfef64b9a557f11b6f) C:\Windows\system32\DRIVERS\5U877.sys
16:10:50.0778 1260 5U877 - ok
16:10:50.0816 1260 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
16:10:50.0818 1260 ACPI - ok
16:10:50.0843 1260 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
16:10:50.0843 1260 AcpiPmi - ok
16:10:50.0957 1260 AcPrfMgrSvc (deeccadbd25f65d65293a09721b3a447) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
16:10:50.0958 1260 AcPrfMgrSvc - ok
16:10:51.0003 1260 AcSvc (a7753804c6c66c9c80f4e29659fd721c) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
16:10:51.0004 1260 AcSvc - ok
16:10:51.0073 1260 AdobeARMservice (11a52cf7b265631deeb24c6149309eff) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
16:10:51.0074 1260 AdobeARMservice - ok
16:10:51.0236 1260 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
16:10:51.0237 1260 AdobeFlashPlayerUpdateSvc - ok
16:10:51.0404 1260 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
16:10:51.0406 1260 adp94xx - ok
16:10:51.0456 1260 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
16:10:51.0457 1260 adpahci - ok
16:10:51.0501 1260 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
16:10:51.0502 1260 adpu320 - ok
16:10:51.0536 1260 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
16:10:51.0537 1260 AeLookupSvc - ok
16:10:51.0629 1260 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
16:10:51.0631 1260 AFD - ok
16:10:51.0662 1260 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
16:10:51.0663 1260 agp440 - ok
16:10:51.0708 1260 aksdf (95bc4330fa44240ca00c641a73c7e62d) C:\Windows\system32\drivers\aksdf.sys
16:10:51.0709 1260 aksdf - ok
16:10:51.0789 1260 aksfridge (e2e5cf34d6c56ace5e986969a3d9b0b5) C:\Windows\system32\drivers\aksfridge.sys
16:10:51.0790 1260 aksfridge - ok
16:10:51.0846 1260 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
16:10:51.0847 1260 ALG - ok
16:10:51.0860 1260 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
16:10:51.0861 1260 aliide - ok
16:10:51.0882 1260 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
16:10:51.0882 1260 amdide - ok
16:10:51.0901 1260 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
16:10:51.0901 1260 AmdK8 - ok
16:10:51.0907 1260 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
16:10:51.0908 1260 AmdPPM - ok
16:10:51.0933 1260 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
16:10:51.0933 1260 amdsata - ok
16:10:51.0972 1260 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
16:10:51.0973 1260 amdsbs - ok
16:10:52.0000 1260 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
16:10:52.0000 1260 amdxata - ok
16:10:52.0046 1260 AMPPAL (7d9e301ab3247765702d0b65e2e47e50) C:\Windows\system32\DRIVERS\AMPPAL.sys
16:10:52.0047 1260 AMPPAL - ok
16:10:52.0051 1260 AMPPALP (7d9e301ab3247765702d0b65e2e47e50) C:\Windows\system32\DRIVERS\amppal.sys
16:10:52.0052 1260 AMPPALP - ok
16:10:52.0194 1260 AMPPALR3 (864c632b999be1237a3dc46736e71f27) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
16:10:52.0198 1260 AMPPALR3 - ok
16:10:52.0333 1260 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
16:10:52.0333 1260 AppID - ok
16:10:52.0375 1260 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
16:10:52.0376 1260 AppIDSvc - ok
16:10:52.0414 1260 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
16:10:52.0415 1260 Appinfo - ok
16:10:52.0456 1260 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
16:10:52.0457 1260 AppMgmt - ok
16:10:52.0491 1260 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
16:10:52.0492 1260 arc - ok
16:10:52.0510 1260 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
16:10:52.0511 1260 arcsas - ok
16:10:52.0524 1260 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
16:10:52.0524 1260 AsyncMac - ok
16:10:52.0547 1260 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
16:10:52.0547 1260 atapi - ok
16:10:52.0637 1260 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
16:10:52.0640 1260 AudioEndpointBuilder - ok
16:10:52.0645 1260 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
16:10:52.0648 1260 AudioSrv - ok
16:10:52.0695 1260 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
16:10:52.0695 1260 AxInstSV - ok
16:10:52.0756 1260 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
16:10:52.0758 1260 b06bdrv - ok
16:10:52.0800 1260 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
16:10:52.0802 1260 b57nd60a - ok
16:10:52.0836 1260 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
16:10:52.0836 1260 BDESVC - ok
16:10:52.0859 1260 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
16:10:52.0859 1260 Beep - ok
16:10:52.0919 1260 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
16:10:52.0922 1260 BFE - ok
16:10:52.0996 1260 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
16:10:53.0000 1260 BITS - ok
16:10:53.0068 1260 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
16:10:53.0068 1260 blbdrive - ok
16:10:53.0096 1260 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
16:10:53.0097 1260 bowser - ok
16:10:53.0120 1260 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
16:10:53.0120 1260 BrFiltLo - ok
16:10:53.0128 1260 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
16:10:53.0129 1260 BrFiltUp - ok
16:10:53.0176 1260 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
16:10:53.0177 1260 BridgeMP - ok
16:10:53.0217 1260 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
16:10:53.0218 1260 Browser - ok
16:10:53.0250 1260 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
16:10:53.0251 1260 Brserid - ok
16:10:53.0275 1260 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
16:10:53.0275 1260 BrSerWdm - ok
16:10:53.0286 1260 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
16:10:53.0286 1260 BrUsbMdm - ok
16:10:53.0290 1260 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
16:10:53.0290 1260 BrUsbSer - ok
16:10:53.0329 1260 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
16:10:53.0329 1260 BthEnum - ok
16:10:53.0350 1260 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
16:10:53.0350 1260 BTHMODEM - ok
16:10:53.0377 1260 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
16:10:53.0378 1260 BthPan - ok
16:10:53.0447 1260 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\system32\Drivers\BTHport.sys
16:10:53.0450 1260 BTHPORT - ok
16:10:53.0491 1260 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
16:10:53.0492 1260 bthserv - ok
16:10:53.0580 1260 BTHSSecurityMgr (9e2af97302b9f4bf97e952a865eb31ae) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
16:10:53.0581 1260 BTHSSecurityMgr - ok
16:10:53.0604 1260 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\system32\Drivers\BTHUSB.sys
16:10:53.0604 1260 BTHUSB - ok
16:10:53.0677 1260 BTWAMPFL (f8cfafbd5bf8b3ddb0d3c2943a5af8ce) C:\Windows\system32\DRIVERS\btwampfl.sys
16:10:53.0679 1260 BTWAMPFL - ok
16:10:53.0741 1260 btwaudio (24bff9d75310f3059ee44f38bf0de0b2) C:\Windows\system32\drivers\btwaudio.sys
16:10:53.0742 1260 btwaudio - ok
16:10:53.0813 1260 btwavdt (858b305ade425732cff9ded182f94fb8) C:\Windows\system32\DRIVERS\btwavdt.sys
16:10:53.0814 1260 btwavdt - ok
16:10:53.0910 1260 btwdins (305097081be9a372484360c696f025ee) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
16:10:53.0914 1260 btwdins - ok
16:10:54.0065 1260 btwl2cap (b9354f9f111c64f2495b60f1e24cb453) C:\Windows\system32\DRIVERS\btwl2cap.sys
16:10:54.0065 1260 btwl2cap - ok
16:10:54.0089 1260 btwrchid (3bd876387d6c538690300f9ec198856b) C:\Windows\system32\DRIVERS\btwrchid.sys
16:10:54.0089 1260 btwrchid - ok
16:10:54.0106 1260 catchme - ok
16:10:54.0127 1260 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
16:10:54.0127 1260 cdfs - ok
16:10:54.0166 1260 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
16:10:54.0167 1260 cdrom - ok
16:10:54.0205 1260 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
16:10:54.0206 1260 CertPropSvc - ok
16:10:54.0230 1260 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
16:10:54.0230 1260 circlass - ok
16:10:54.0283 1260 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
16:10:54.0285 1260 CLFS - ok
16:10:54.0378 1260 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:10:54.0379 1260 clr_optimization_v2.0.50727_32 - ok
16:10:54.0443 1260 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:10:54.0443 1260 clr_optimization_v2.0.50727_64 - ok
16:10:54.0491 1260 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:10:54.0492 1260 clr_optimization_v4.0.30319_32 - ok
16:10:54.0532 1260 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:10:54.0533 1260 clr_optimization_v4.0.30319_64 - ok
16:10:54.0557 1260 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
16:10:54.0557 1260 CmBatt - ok
16:10:54.0577 1260 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
16:10:54.0577 1260 cmdide - ok
16:10:54.0656 1260 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
16:10:54.0658 1260 CNG - ok
16:10:54.0789 1260 CnxtHdAudService (db6f09464c57606892bf6d2458483417) C:\Windows\system32\drivers\CHDRT64.sys
16:10:54.0796 1260 CnxtHdAudService - ok
16:10:54.0957 1260 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
16:10:54.0958 1260 Compbatt - ok
16:10:54.0979 1260 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
16:10:54.0979 1260 CompositeBus - ok
16:10:54.0993 1260 COMSysApp - ok
16:10:55.0014 1260 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
16:10:55.0014 1260 crcdisk - ok
16:10:55.0113 1260 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
16:10:55.0114 1260 CryptSvc - ok
16:10:55.0163 1260 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
16:10:55.0165 1260 CSC - ok
16:10:55.0211 1260 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
16:10:55.0214 1260 CscService - ok
16:10:55.0274 1260 CVirtA (44bddeb03c84a1c993c992ffb5700357) C:\Windows\system32\DRIVERS\CVirtA64.sys
16:10:55.0274 1260 CVirtA - ok
16:10:55.0384 1260 CVPND (66257cb4e4fb69887cddc71663741435) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
16:10:55.0391 1260 CVPND - ok
16:10:55.0544 1260 CVPNDRVA (cc8e52daa9826064ba464dbe531f2bb5) C:\Windows\system32\Drivers\CVPNDRVA.sys
16:10:55.0546 1260 CVPNDRVA - ok
16:10:55.0587 1260 CxAudMsg (9d0d050170d47e778b624a28c90f23de) C:\Windows\system32\CxAudMsg64.exe
16:10:55.0588 1260 CxAudMsg - ok
16:10:55.0659 1260 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
16:10:55.0662 1260 DcomLaunch - ok
16:10:55.0699 1260 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
16:10:55.0700 1260 defragsvc - ok
16:10:55.0777 1260 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
16:10:55.0777 1260 DfsC - ok
16:10:55.0834 1260 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
16:10:55.0836 1260 Dhcp - ok
16:10:55.0868 1260 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
16:10:55.0869 1260 discache - ok
16:10:55.0916 1260 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
16:10:55.0916 1260 Disk - ok
16:10:55.0937 1260 dmvsc (5db085a8a6600be6401f2b24eecb5415) C:\Windows\system32\drivers\dmvsc.sys
16:10:55.0937 1260 dmvsc - ok
16:10:55.0978 1260 DNE (05cb5910b3ca6019fc3cca815ee06ffb) C:\Windows\system32\DRIVERS\dne64x.sys
16:10:55.0979 1260 DNE - ok
16:10:56.0024 1260 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
16:10:56.0025 1260 Dnscache - ok
16:10:56.0069 1260 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
16:10:56.0071 1260 dot3svc - ok
16:10:56.0179 1260 DozeSvc (7719fb1a82b2972b1f326ad2f80c2606) C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE
16:10:56.0181 1260 DozeSvc - ok
16:10:56.0213 1260 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
16:10:56.0214 1260 DPS - ok
16:10:56.0270 1260 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
16:10:56.0270 1260 drmkaud - ok
16:10:56.0340 1260 dtsoftbus01 (d3d64cf7b2bceaa34a270f45a3fffb36) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
16:10:56.0341 1260 dtsoftbus01 - ok
16:10:56.0409 1260 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
16:10:56.0413 1260 DXGKrnl - ok
16:10:56.0442 1260 DzHDD64 (ce4cffd9f64b86bceb1c343fc9924d72) C:\Windows\system32\DRIVERS\DzHDD64.sys
16:10:56.0442 1260 DzHDD64 - ok
16:10:56.0497 1260 e1cexpress (471612d324d8682b98b267bd091d2219) C:\Windows\system32\DRIVERS\e1c62x64.sys
16:10:56.0498 1260 e1cexpress - ok
16:10:56.0528 1260 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
16:10:56.0529 1260 EapHost - ok
16:10:56.0698 1260 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
16:10:56.0712 1260 ebdrv - ok
16:10:56.0866 1260 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
16:10:56.0867 1260 EFS - ok
16:10:56.0961 1260 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
16:10:56.0964 1260 ehRecvr - ok
16:10:56.0981 1260 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
16:10:56.0982 1260 ehSched - ok
16:10:57.0082 1260 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
16:10:57.0084 1260 elxstor - ok
16:10:57.0087 1260 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
16:10:57.0088 1260 ErrDev - ok
16:10:57.0144 1260 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
16:10:57.0146 1260 EventSystem - ok
16:10:57.0285 1260 EvtEng (e3a96d5ae6e5c7b5472011ba77353368) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
16:10:57.0291 1260 EvtEng - ok
16:10:57.0437 1260 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
16:10:57.0438 1260 exfat - ok
16:10:57.0465 1260 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
16:10:57.0466 1260 fastfat - ok
16:10:57.0537 1260 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
16:10:57.0540 1260 Fax - ok
16:10:57.0567 1260 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
16:10:57.0567 1260 fdc - ok
16:10:57.0608 1260 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
16:10:57.0608 1260 fdPHost - ok
16:10:57.0615 1260 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
16:10:57.0616 1260 FDResPub - ok
16:10:57.0643 1260 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
16:10:57.0643 1260 FileInfo - ok
16:10:57.0661 1260 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
16:10:57.0661 1260 Filetrace - ok
16:10:57.0691 1260 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
16:10:57.0691 1260 flpydisk - ok
16:10:57.0759 1260 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
16:10:57.0761 1260 FltMgr - ok
16:10:57.0866 1260 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
16:10:57.0871 1260 FontCache - ok
16:10:57.0926 1260 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:10:57.0927 1260 FontCache3.0.0.0 - ok
16:10:57.0963 1260 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
16:10:57.0964 1260 FsDepends - ok
16:10:58.0010 1260 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
16:10:58.0010 1260 Fs_Rec - ok
16:10:58.0054 1260 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
16:10:58.0055 1260 fvevol - ok
16:10:58.0083 1260 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
16:10:58.0083 1260 gagp30kx - ok
16:10:58.0178 1260 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
16:10:58.0182 1260 gpsvc - ok
16:10:58.0330 1260 gupdate (506708142bc63daba64f2d3ad1dcd5bf) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:10:58.0331 1260 gupdate - ok
16:10:58.0359 1260 gupdatem (506708142bc63daba64f2d3ad1dcd5bf) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:10:58.0360 1260 gupdatem - ok
16:10:58.0424 1260 hardlock (78fad9117e4527f2ca82259da10f40bd) C:\Windows\system32\drivers\hardlock.sys
16:10:58.0425 1260 hardlock - ok
16:10:58.0449 1260 hasplms - ok
16:10:58.0478 1260 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
16:10:58.0479 1260 hcw85cir - ok
16:10:58.0532 1260 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
16:10:58.0533 1260 HdAudAddService - ok
16:10:58.0564 1260 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
16:10:58.0565 1260 HDAudBus - ok
16:10:58.0579 1260 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
16:10:58.0580 1260 HidBatt - ok
16:10:58.0609 1260 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
16:10:58.0610 1260 HidBth - ok
16:10:58.0615 1260 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
16:10:58.0615 1260 HidIr - ok
16:10:58.0643 1260 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
16:10:58.0643 1260 hidserv - ok
16:10:58.0681 1260 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
16:10:58.0682 1260 HidUsb - ok
16:10:58.0715 1260 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
16:10:58.0716 1260 hkmsvc - ok
16:10:58.0743 1260 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
16:10:58.0745 1260 HomeGroupListener - ok
16:10:58.0783 1260 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
16:10:58.0784 1260 HomeGroupProvider - ok
16:10:58.0815 1260 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
16:10:58.0816 1260 HpSAMD - ok
16:10:58.0887 1260 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
16:10:58.0891 1260 HTTP - ok
16:10:58.0917 1260 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
16:10:58.0918 1260 hwpolicy - ok
16:10:59.0000 1260 HyperW7Svc (9149907ff8681ad6475607eebf62dd2f) C:\Program Files\Lenovo\RapidBoot\HyperW7Svc64.exe
16:10:59.0001 1260 HyperW7Svc - ok
16:10:59.0041 1260 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
16:10:59.0042 1260 i8042prt - ok
16:10:59.0116 1260 iaStor (d7921d5a870b11cc1adab198a519d50a) C:\Windows\system32\drivers\iaStor.sys
16:10:59.0118 1260 iaStor - ok
16:10:59.0178 1260 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
16:10:59.0179 1260 iaStorV - ok
16:10:59.0219 1260 IBMPMDRV (a9bd44426a69079240767fe4aee0ea71) C:\Windows\system32\DRIVERS\ibmpmdrv.sys
16:10:59.0219 1260 IBMPMDRV - ok
16:10:59.0232 1260 IBMPMSVC (57d4a3ed5497db0c5a53e680a9bdd1c6) C:\Windows\system32\ibmpmsvc.exe
16:10:59.0232 1260 IBMPMSVC - ok
16:10:59.0361 1260 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:10:59.0365 1260 idsvc - ok
16:11:00.0043 1260 igfx (33faa40b288002c89529dbd14f3ab72c) C:\Windows\system32\DRIVERS\igdkmd64.sys
16:11:00.0093 1260 igfx - ok
16:11:00.0226 1260 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
16:11:00.0226 1260 iirsp - ok
16:11:00.0313 1260 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
16:11:00.0317 1260 IKEEXT - ok
16:11:00.0386 1260 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
16:11:00.0387 1260 IntcDAud - ok
16:11:00.0414 1260 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
16:11:00.0414 1260 intelide - ok
16:11:00.0432 1260 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
16:11:00.0433 1260 intelppm - ok
16:11:00.0478 1260 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
16:11:00.0479 1260 IPBusEnum - ok
16:11:00.0498 1260 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:11:00.0499 1260 IpFilterDriver - ok
16:11:00.0567 1260 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
16:11:00.0570 1260 iphlpsvc - ok
16:11:00.0588 1260 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
16:11:00.0588 1260 IPMIDRV - ok
16:11:00.0612 1260 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
16:11:00.0613 1260 IPNAT - ok
16:11:00.0636 1260 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
16:11:00.0637 1260 IRENUM - ok
16:11:00.0650 1260 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
16:11:00.0651 1260 isapnp - ok
16:11:00.0695 1260 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
16:11:00.0696 1260 iScsiPrt - ok
16:11:00.0845 1260 jhi_service (6faf199fdffdd2376973143c3e012765) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
16:11:00.0846 1260 jhi_service - ok
16:11:00.0872 1260 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
16:11:00.0873 1260 kbdclass - ok
16:11:00.0904 1260 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
16:11:00.0905 1260 kbdhid - ok
16:11:00.0955 1260 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:11:00.0956 1260 KeyIso - ok
16:11:00.0977 1260 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
16:11:00.0978 1260 KSecDD - ok
16:11:00.0994 1260 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
16:11:00.0995 1260 KSecPkg - ok
16:11:01.0026 1260 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
16:11:01.0026 1260 ksthunk - ok
16:11:01.0076 1260 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
16:11:01.0078 1260 KtmRm - ok
16:11:01.0132 1260 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
16:11:01.0134 1260 LanmanServer - ok
16:11:01.0170 1260 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
16:11:01.0172 1260 LanmanWorkstation - ok
16:11:01.0249 1260 LENOVO.CAMMUTE (094aa6adbb4a5be48f8426b628d938dc) C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
16:11:01.0250 1260 LENOVO.CAMMUTE - ok
16:11:01.0328 1260 LENOVO.MICMUTE (128158d8b1df639bf3e3fdbcbb64cdac) C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
16:11:01.0328 1260 LENOVO.MICMUTE - ok
16:11:01.0335 1260 lenovo.smi (2b9d8555dc004e240082d18e7725ce20) C:\Windows\system32\DRIVERS\smiifx64.sys
16:11:01.0335 1260 lenovo.smi - ok
16:11:01.0372 1260 LENOVO.TPKNRSVC (7f56266131aadaf019dc2f5540ecc284) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
16:11:01.0372 1260 LENOVO.TPKNRSVC - ok
16:11:01.0405 1260 Lenovo.VIRTSCRLSVC (6f2cc57eb5836d2ac9bd37f3554d55f8) C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
16:11:01.0405 1260 Lenovo.VIRTSCRLSVC - ok
16:11:01.0439 1260 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
16:11:01.0439 1260 lltdio - ok
16:11:01.0485 1260 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
16:11:01.0487 1260 lltdsvc - ok
16:11:01.0503 1260 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
16:11:01.0504 1260 lmhosts - ok
16:11:01.0617 1260 LMS (97f9eaac985a663394cd8f54dcd3e73a) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
16:11:01.0618 1260 LMS - ok
16:11:01.0660 1260 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
16:11:01.0661 1260 LSI_FC - ok
16:11:01.0690 1260 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
16:11:01.0690 1260 LSI_SAS - ok
16:11:01.0697 1260 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
16:11:01.0698 1260 LSI_SAS2 - ok
16:11:01.0709 1260 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
16:11:01.0709 1260 LSI_SCSI - ok
16:11:01.0756 1260 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
16:11:01.0757 1260 luafv - ok
16:11:01.0790 1260 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
16:11:01.0791 1260 Mcx2Svc - ok
16:11:01.0820 1260 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
16:11:01.0820 1260 megasas - ok
16:11:01.0844 1260 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
16:11:01.0845 1260 MegaSR - ok
16:11:01.0868 1260 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
16:11:01.0868 1260 MEIx64 - ok
16:11:01.0976 1260 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
16:11:01.0977 1260 Microsoft Office Groove Audit Service - ok
16:11:02.0016 1260 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
16:11:02.0017 1260 MMCSS - ok
16:11:02.0031 1260 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
16:11:02.0032 1260 Modem - ok
16:11:02.0051 1260 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
16:11:02.0052 1260 monitor - ok
16:11:02.0084 1260 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
16:11:02.0085 1260 mouclass - ok
16:11:02.0125 1260 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
16:11:02.0125 1260 mouhid - ok
16:11:02.0145 1260 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
16:11:02.0145 1260 mountmgr - ok
16:11:02.0210 1260 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
16:11:02.0211 1260 MozillaMaintenance - ok
16:11:02.0304 1260 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys
16:11:02.0305 1260 MpFilter - ok
16:11:02.0336 1260 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
16:11:02.0337 1260 mpio - ok
16:11:02.0358 1260 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
16:11:02.0358 1260 mpsdrv - ok
16:11:02.0439 1260 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
16:11:02.0443 1260 MpsSvc - ok
16:11:02.0470 1260 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
16:11:02.0471 1260 MRxDAV - ok
16:11:02.0522 1260 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:11:02.0523 1260 mrxsmb - ok
16:11:02.0587 1260 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:11:02.0588 1260 mrxsmb10 - ok
16:11:02.0646 1260 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:11:02.0647 1260 mrxsmb20 - ok
16:11:02.0677 1260 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
16:11:02.0677 1260 msahci - ok
16:11:02.0689 1260 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
16:11:02.0690 1260 msdsm - ok
16:11:02.0736 1260 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
16:11:02.0738 1260 MSDTC - ok
16:11:02.0774 1260 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
16:11:02.0774 1260 Msfs - ok
16:11:02.0780 1260 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
16:11:02.0781 1260 mshidkmdf - ok
16:11:02.0783 1260 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
16:11:02.0784 1260 msisadrv - ok
16:11:02.0822 1260 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
16:11:02.0823 1260 MSiSCSI - ok
16:11:02.0825 1260 msiserver - ok
16:11:02.0854 1260 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
16:11:02.0854 1260 MSKSSRV - ok
16:11:02.0950 1260 MsMpSvc (59faaf2c83c8169ea20f9e335e418907) c:\Program Files\Microsoft Security Client\MsMpEng.exe
16:11:02.0950 1260 MsMpSvc - ok
16:11:02.0965 1260 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
16:11:02.0965 1260 MSPCLOCK - ok
16:11:02.0983 1260 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
16:11:02.0983 1260 MSPQM - ok
16:11:03.0025 1260 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
16:11:03.0027 1260 MsRPC - ok
16:11:03.0042 1260 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
16:11:03.0043 1260 mssmbios - ok
16:11:03.0067 1260 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
16:11:03.0067 1260 MSTEE - ok
16:11:03.0088 1260 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
16:11:03.0089 1260 MTConfig - ok
16:11:03.0103 1260 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
16:11:03.0103 1260 Mup - ok
16:11:03.0160 1260 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
16:11:03.0163 1260 napagent - ok
16:11:03.0215 1260 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
16:11:03.0216 1260 NativeWifiP - ok
16:11:03.0301 1260 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys
16:11:03.0305 1260 NDIS - ok
16:11:03.0339 1260 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
16:11:03.0339 1260 NdisCap - ok
16:11:03.0362 1260 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
16:11:03.0363 1260 NdisTapi - ok
16:11:03.0399 1260 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
16:11:03.0400 1260 Ndisuio - ok
16:11:03.0420 1260 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
16:11:03.0421 1260 NdisWan - ok
16:11:03.0446 1260 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
16:11:03.0447 1260 NDProxy - ok
16:11:03.0476 1260 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
16:11:03.0476 1260 NetBIOS - ok
16:11:03.0502 1260 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
16:11:03.0503 1260 NetBT - ok
16:11:03.0545 1260 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:11:03.0546 1260 Netlogon - ok
16:11:03.0597 1260 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
16:11:03.0599 1260 Netman - ok
16:11:03.0638 1260 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
16:11:03.0641 1260 netprofm - ok
16:11:03.0718 1260 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:11:03.0719 1260 NetTcpPortSharing - ok
16:11:04.0205 1260 NETwNs64 (50ad7f7040c22bb7caa59a0880875a21) C:\Windows\system32\DRIVERS\NETwNs64.sys
16:11:04.0244 1260 NETwNs64 - ok
16:11:04.0398 1260 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
16:11:04.0399 1260 nfrd960 - ok
16:11:04.0473 1260 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
16:11:04.0474 1260 NisDrv - ok
16:11:04.0589 1260 NisSrv (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe
16:11:04.0592 1260 NisSrv - ok
16:11:04.0650 1260 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
16:11:04.0652 1260 NlaSvc - ok
16:11:04.0667 1260 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
16:11:04.0668 1260 Npfs - ok
16:11:04.0695 1260 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
16:11:04.0696 1260 nsi - ok
16:11:04.0716 1260 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
16:11:04.0716 1260 nsiproxy - ok
16:11:04.0825 1260 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
16:11:04.0832 1260 Ntfs - ok
16:11:04.0958 1260 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
16:11:04.0958 1260 Null - ok
16:11:05.0001 1260 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
16:11:05.0002 1260 nvraid - ok
16:11:05.0025 1260 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
16:11:05.0026 1260 nvstor - ok
16:11:05.0068 1260 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
16:11:05.0069 1260 nv_agp - ok
16:11:05.0198 1260 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
16:11:05.0201 1260 odserv - ok
16:11:05.0221 1260 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
16:11:05.0221 1260 ohci1394 - ok
16:11:05.0292 1260 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:11:05.0292 1260 ose - ok
16:11:05.0351 1260 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
16:11:05.0353 1260 p2pimsvc - ok
16:11:05.0395 1260 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
16:11:05.0398 1260 p2psvc - ok
16:11:05.0421 1260 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
16:11:05.0422 1260 Parport - ok
16:11:05.0467 1260 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
16:11:05.0468 1260 partmgr - ok
16:11:05.0505 1260 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
16:11:05.0506 1260 PcaSvc - ok
16:11:05.0584 1260 PCDSRVC{127174DC-C366ED8B-06020000}_0 (acd84d961942e2204a4475f9af356f2e) c:\program files\pc-doctor\pcdsrvc_x64.pkms
16:11:05.0585 1260 PCDSRVC{127174DC-C366ED8B-06020000}_0 - ok
16:11:05.0621 1260 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
16:11:05.0622 1260 pci - ok
16:11:05.0646 1260 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
16:11:05.0646 1260 pciide - ok
16:11:05.0687 1260 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
16:11:05.0688 1260 pcmcia - ok
16:11:05.0701 1260 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
16:11:05.0702 1260 pcw - ok
16:11:05.0764 1260 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
16:11:05.0767 1260 PEAUTH - ok
16:11:05.0873 1260 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
16:11:05.0880 1260 PeerDistSvc - ok
16:11:06.0079 1260 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
16:11:06.0080 1260 PerfHost - ok
16:11:06.0153 1260 PHCORE (18eea095af22ac5fa16fc27fb98c82d3) C:\Program Files\Lenovo\RapidBoot\PHCORE64.SYS
16:11:06.0153 1260 PHCORE - ok
16:11:06.0316 1260 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
16:11:06.0323 1260 pla - ok
16:11:06.0505 1260 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
16:11:06.0508 1260 PlugPlay - ok
16:11:06.0566 1260 pmxdrv (0bee791c7c7ace453c134e73633c497d) C:\Windows\system32\drivers\pmxdrv.sys
16:11:06.0567 1260 pmxdrv - ok
16:11:06.0597 1260 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
16:11:06.0598 1260 PNRPAutoReg - ok
16:11:06.0640 1260 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
16:11:06.0642 1260 PNRPsvc - ok
16:11:06.0694 1260 Point64 (33328fa8a580885ab0065be6db266e9f) C:\Windows\system32\DRIVERS\point64.sys
16:11:06.0695 1260 Point64 - ok
16:11:06.0756 1260 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
16:11:06.0759 1260 PolicyAgent - ok
16:11:06.0794 1260 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
16:11:06.0795 1260 Power - ok
16:11:06.0894 1260 Power Manager DBC Service (7a1e6cf32edff1f13186997fca086fc7) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
16:11:06.0895 1260 Power Manager DBC Service - ok
16:11:06.0943 1260 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
16:11:06.0943 1260 PptpMiniport - ok
16:11:06.0960 1260 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
16:11:06.0961 1260 Processor - ok
16:11:07.0020 1260 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
16:11:07.0022 1260 ProfSvc - ok
16:11:07.0067 1260 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:11:07.0068 1260 ProtectedStorage - ok
16:11:07.0097 1260 psadd (515a7c5a0886fcc60901916785efd549) C:\Windows\system32\DRIVERS\psadd.sys
16:11:07.0098 1260 psadd - ok
16:11:07.0135 1260 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
16:11:07.0136 1260 Psched - ok
16:11:07.0180 1260 PwmEWSvc (20eff1ca8922f6a834261b985550a51d) C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE
16:11:07.0181 1260 PwmEWSvc - ok
16:11:07.0266 1260 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
16:11:07.0273 1260 ql2300 - ok
16:11:07.0408 1260 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
16:11:07.0409 1260 ql40xx - ok
16:11:07.0456 1260 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
16:11:07.0458 1260 QWAVE - ok
16:11:07.0495 1260 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
16:11:07.0495 1260 QWAVEdrv - ok
16:11:07.0514 1260 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
16:11:07.0515 1260 RasAcd - ok
16:11:07.0550 1260 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
16:11:07.0551 1260 RasAgileVpn - ok
16:11:07.0582 1260 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
16:11:07.0584 1260 RasAuto - ok
16:11:07.0617 1260 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:11:07.0618 1260 Rasl2tp - ok
16:11:07.0669 1260 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
16:11:07.0672 1260 RasMan - ok
16:11:07.0710 1260 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
16:11:07.0711 1260 RasPppoe - ok
16:11:07.0761 1260 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
16:11:07.0761 1260 RasSstp - ok
16:11:07.0793 1260 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
16:11:07.0795 1260 rdbss - ok
16:11:07.0805 1260 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
16:11:07.0806 1260 rdpbus - ok
16:11:07.0817 1260 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:11:07.0817 1260 RDPCDD - ok
16:11:07.0843 1260 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
16:11:07.0844 1260 RDPDR - ok
16:11:07.0866 1260 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
16:11:07.0866 1260 RDPENCDD - ok
16:11:07.0880 1260 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
16:11:07.0881 1260 RDPREFMP - ok
16:11:07.0937 1260 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
16:11:07.0939 1260 RDPWD - ok
16:11:07.0976 1260 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
16:11:07.0977 1260 rdyboost - ok
16:11:08.0106 1260 RegSrvc (fd11c1287d38a46fb72353e14d50089c) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
16:11:08.0110 1260 RegSrvc - ok
16:11:08.0136 1260 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
16:11:08.0138 1260 RemoteAccess - ok
16:11:08.0181 1260 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
16:11:08.0182 1260 RemoteRegistry - ok
16:11:08.0266 1260 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
16:11:08.0267 1260 RFCOMM - ok
16:11:08.0306 1260 risdxc (ff501f212e5d5a97f8339928320f269e) C:\Windows\system32\DRIVERS\risdxc64.sys
16:11:08.0307 1260 risdxc - ok
16:11:08.0337 1260 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
16:11:08.0338 1260 RpcEptMapper - ok
16:11:08.0355 1260 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
16:11:08.0356 1260 RpcLocator - ok
16:11:08.0403 1260 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
16:11:08.0407 1260 RpcSs - ok
16:11:08.0452 1260 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
16:11:08.0452 1260 rspndr - ok
16:11:08.0471 1260 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
16:11:08.0472 1260 s3cap - ok
16:11:08.0523 1260 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:11:08.0524 1260 SamSs - ok
16:11:08.0526 1260 SAService - ok
16:11:08.0552 1260 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
16:11:08.0553 1260 sbp2port - ok
16:11:08.0581 1260 SBRE - ok
16:11:08.0618 1260 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
16:11:08.0620 1260 SCardSvr - ok
16:11:08.0642 1260 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
16:11:08.0643 1260 scfilter - ok
16:11:08.0722 1260 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
16:11:08.0729 1260 Schedule - ok
16:11:08.0763 1260 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
16:11:08.0764 1260 SCPolicySvc - ok
16:11:08.0793 1260 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
16:11:08.0795 1260 SDRSVC - ok
16:11:08.0849 1260 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
16:11:08.0849 1260 secdrv - ok
16:11:08.0871 1260 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
16:11:08.0872 1260 seclogon - ok
16:11:08.0893 1260 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
16:11:08.0894 1260 SENS - ok
16:11:08.0910 1260 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
16:11:08.0911 1260 SensrSvc - ok
16:11:08.0939 1260 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
16:11:08.0939 1260 Serenum - ok
16:11:08.0965 1260 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
16:11:08.0966 1260 Serial - ok
16:11:08.0992 1260 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
16:11:08.0992 1260 sermouse - ok
16:11:09.0026 1260 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
16:11:09.0028 1260 SessionEnv - ok
16:11:09.0043 1260 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
16:11:09.0044 1260 sffdisk - ok
16:11:09.0057 1260 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
16:11:09.0058 1260 sffp_mmc - ok
16:11:09.0062 1260 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
16:11:09.0062 1260 sffp_sd - ok
16:11:09.0093 1260 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
16:11:09.0093 1260 sfloppy - ok
16:11:09.0151 1260 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
16:11:09.0153 1260 SharedAccess - ok
16:11:09.0196 1260 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
16:11:09.0199 1260 ShellHWDetection - ok
16:11:09.0234 1260 Shockprf (c3f190562fe82efda7ccef305ebad3e3) C:\Windows\system32\DRIVERS\Apsx64.sys
16:11:09.0235 1260 Shockprf - ok
16:11:09.0271 1260 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
16:11:09.0272 1260 SiSRaid2 - ok
16:11:09.0279 1260 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
16:11:09.0280 1260 SiSRaid4 - ok
16:11:09.0301 1260 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
16:11:09.0301 1260 Smb - ok
16:11:09.0396 1260 smihlp2 (3bc2844af786ca422cc31d505acfa9f2) C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys
16:11:09.0396 1260 smihlp2 - ok
16:11:09.0408 1260 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
16:11:09.0409 1260 SNMPTRAP - ok
16:11:09.0435 1260 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
16:11:09.0436 1260 spldr - ok
16:11:09.0490 1260 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
16:11:09.0493 1260 Spooler - ok
16:11:09.0678 1260 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
16:11:09.0694 1260 sppsvc - ok
16:11:09.0844 1260 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
16:11:09.0846 1260 sppuinotify - ok
16:11:09.0939 1260 SROSVC (47118a04b1d4dccce3a1cda3c10095b9) C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe
16:11:09.0941 1260 SROSVC - ok
16:11:10.0034 1260 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
16:11:10.0036 1260 srv - ok
16:11:10.0079 1260 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
16:11:10.0081 1260 srv2 - ok
16:11:10.0108 1260 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
16:11:10.0109 1260 srvnet - ok
16:11:10.0165 1260 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
16:11:10.0167 1260 SSDPSRV - ok
16:11:10.0193 1260 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
16:11:10.0194 1260 SstpSvc - ok
16:11:10.0226 1260 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
16:11:10.0226 1260 stexstor - ok
16:11:10.0287 1260 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
16:11:10.0291 1260 stisvc - ok
16:11:10.0329 1260 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
16:11:10.0330 1260 storflt - ok
16:11:10.0357 1260 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
16:11:10.0358 1260 StorSvc - ok
16:11:10.0384 1260 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
16:11:10.0385 1260 storvsc - ok
16:11:10.0401 1260 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
16:11:10.0401 1260 swenum - ok
16:11:10.0469 1260 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
16:11:10.0472 1260 swprv - ok
16:11:10.0579 1260 SynTP (ffbe7c45999252c3131cbdd05e2fa135) C:\Windows\system32\DRIVERS\SynTP.sys
16:11:10.0585 1260 SynTP - ok
16:11:10.0788 1260 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
16:11:10.0797 1260 SysMain - ok
16:11:10.0911 1260 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
16:11:10.0912 1260 TabletInputService - ok
16:11:10.0945 1260 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
16:11:10.0947 1260 TapiSrv - ok
16:11:10.0962 1260 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
16:11:10.0964 1260 TBS - ok
16:11:11.0133 1260 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
16:11:11.0142 1260 Tcpip - ok
16:11:11.0390 1260 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
16:11:11.0399 1260 TCPIP6 - ok
16:11:11.0525 1260 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
16:11:11.0526 1260 tcpipreg - ok
16:11:11.0547 1260 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
16:11:11.0547 1260 TDPIPE - ok
16:11:11.0591 1260 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
16:11:11.0591 1260 TDTCP - ok
16:11:11.0642 1260 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
16:11:11.0643 1260 tdx - ok
16:11:11.0659 1260 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
16:11:11.0660 1260 TermDD - ok
16:11:11.0739 1260 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
16:11:11.0744 1260 TermService - ok
16:11:11.0759 1260 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
16:11:11.0761 1260 Themes - ok
16:11:11.0783 1260 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
16:11:11.0784 1260 THREADORDER - ok
16:11:11.0818 1260 TPDIGIMN (1bb77eccbfa3675b1ee8d6d6d37a1e1e) C:\Windows\system32\DRIVERS\ApsHM64.sys
16:11:11.0818 1260 TPDIGIMN - ok
16:11:11.0841 1260 TPHDEXLGSVC (88f81d810ff16ac65b02643daf308d4f) C:\Windows\system32\TPHDEXLG64.exe
16:11:11.0842 1260 TPHDEXLGSVC - ok
16:11:11.0968 1260 TPHKLOAD (2670d23a61cd706004c24a83d4d48294) C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
16:11:11.0969 1260 TPHKLOAD - ok
16:11:12.0038 1260 TPHKSVC (cb0625c2f5b7c72c50c5ae34f8e8f7d0) C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
16:11:12.0039 1260 TPHKSVC - ok
16:11:12.0085 1260 TPM (dbcc20c02e8a3e43b03c304a4e40a84f) C:\Windows\system32\drivers\tpm.sys
16:11:12.0086 1260 TPM - ok
16:11:12.0115 1260 TPPWRIF (7165b5a9b4867f64a6d6935f57d4196b) C:\Windows\system32\drivers\Tppwr64v.sys
16:11:12.0116 1260 TPPWRIF - ok
16:11:12.0165 1260 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
16:11:12.0167 1260 TrkWks - ok
16:11:12.0227 1260 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
16:11:12.0228 1260 TrustedInstaller - ok
16:11:12.0242 1260 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:11:12.0243 1260 tssecsrv - ok
16:11:12.0269 1260 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
16:11:12.0269 1260 TsUsbFlt - ok
16:11:12.0278 1260 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
16:11:12.0278 1260 TsUsbGD - ok
16:11:12.0317 1260 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
16:11:12.0318 1260 tunnel - ok
16:11:12.0325 1260 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
16:11:12.0325 1260 uagp35 - ok
16:11:12.0362 1260 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
16:11:12.0363 1260 udfs - ok
16:11:12.0388 1260 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
16:11:12.0390 1260 UI0Detect - ok
16:11:12.0421 1260 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
16:11:12.0422 1260 uliagpkx - ok
16:11:12.0459 1260 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
16:11:12.0459 1260 umbus - ok
16:11:12.0502 1260 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
16:11:12.0502 1260 UmPass - ok
16:11:12.0537 1260 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
16:11:12.0539 1260 UmRdpService - ok
16:11:12.0758 1260 UNS (a69cd6bdb82872999d2e46f9324ada83) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
16:11:12.0771 1260 UNS - ok
16:11:12.0919 1260 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
16:11:12.0921 1260 upnphost - ok
16:11:12.0978 1260 usbccgp (19ad7990c0b67e48dac5b26f99628223) C:\Windows\system32\DRIVERS\usbccgp.sys
16:11:12.0979 1260 usbccgp - ok
16:11:13.0004 1260 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
16:11:13.0005 1260 usbcir - ok
16:11:13.0047 1260 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
16:11:13.0048 1260 usbehci - ok
16:11:13.0093 1260 usbhub (8b892002d7b79312821169a14317ab86) C:\Windows\system32\DRIVERS\usbhub.sys
16:11:13.0095 1260 usbhub - ok
16:11:13.0120 1260 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
16:11:13.0121 1260 usbohci - ok
16:11:13.0158 1260 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
16:11:13.0158 1260 usbprint - ok
16:11:13.0173 1260 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:11:13.0173 1260 USBSTOR - ok
16:11:13.0194 1260 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
16:11:13.0194 1260 usbuhci - ok
16:11:13.0243 1260 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
16:11:13.0244 1260 usbvideo - ok
16:11:13.0264 1260 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
16:11:13.0266 1260 UxSms - ok
16:11:13.0312 1260 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:11:13.0313 1260 VaultSvc - ok
16:11:13.0346 1260 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
16:11:13.0346 1260 vdrvroot - ok
16:11:13.0402 1260 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
16:11:13.0405 1260 vds - ok
16:11:13.0424 1260 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
16:11:13.0424 1260 vga - ok
16:11:13.0435 1260 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
16:11:13.0436 1260 VgaSave - ok
16:11:13.0471 1260 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
16:11:13.0472 1260 vhdmp - ok
16:11:13.0489 1260 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
16:11:13.0490 1260 viaide - ok
16:11:13.0506 1260 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
16:11:13.0507 1260 vmbus - ok
16:11:13.0511 1260 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
16:11:13.0512 1260 VMBusHID - ok
16:11:13.0527 1260 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
16:11:13.0528 1260 volmgr - ok
16:11:13.0565 1260 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
16:11:13.0566 1260 volmgrx - ok
16:11:13.0607 1260 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
16:11:13.0609 1260 volsnap - ok
16:11:13.0648 1260 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
16:11:13.0649 1260 vsmraid - ok
16:11:13.0761 1260 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
16:11:13.0769 1260 VSS - ok
16:11:13.0904 1260 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
16:11:13.0905 1260 vwifibus - ok
16:11:13.0914 1260 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
16:11:13.0915 1260 vwififlt - ok
16:11:13.0923 1260 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
16:11:13.0923 1260 vwifimp - ok
16:11:13.0970 1260 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
16:11:13.0973 1260 W32Time - ok
16:11:13.0986 1260 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
16:11:13.0987 1260 WacomPen - ok
16:11:14.0027 1260 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
16:11:14.0028 1260 WANARP - ok
16:11:14.0030 1260 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
16:11:14.0031 1260 Wanarpv6 - ok
16:11:14.0167 1260 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
16:11:14.0173 1260 WatAdminSvc - ok
16:11:14.0274 1260 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
16:11:14.0282 1260 wbengine - ok
16:11:14.0410 1260 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
16:11:14.0412 1260 WbioSrvc - ok
16:11:14.0444 1260 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
16:11:14.0446 1260 wcncsvc - ok
16:11:14.0456 1260 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
16:11:14.0457 1260 WcsPlugInService - ok
16:11:14.0497 1260 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
16:11:14.0498 1260 Wd - ok
16:11:14.0554 1260 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
16:11:14.0557 1260 Wdf01000 - ok
16:11:14.0588 1260 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
16:11:14.0590 1260 WdiServiceHost - ok
16:11:14.0592 1260 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
16:11:14.0593 1260 WdiSystemHost - ok
16:11:14.0624 1260 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
16:11:14.0627 1260 WebClient - ok
16:11:14.0658 1260 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
16:11:14.0660 1260 Wecsvc - ok
16:11:14.0699 1260 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
16:11:14.0701 1260 wercplsupport - ok
16:11:14.0718 1260 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
16:11:14.0720 1260 WerSvc - ok
16:11:14.0782 1260 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
16:11:14.0782 1260 WfpLwf - ok
16:11:14.0812 1260 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
16:11:14.0812 1260 WIMMount - ok
16:11:14.0835 1260 WinDefend - ok
16:11:14.0839 1260 WinHttpAutoProxySvc - ok
16:11:14.0915 1260 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
16:11:14.0917 1260 Winmgmt - ok
16:11:15.0051 1260 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
16:11:15.0062 1260 WinRM - ok
16:11:15.0220 1260 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUSB.sys
16:11:15.0220 1260 WinUsb - ok
16:11:15.0304 1260 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
16:11:15.0309 1260 Wlansvc - ok
16:11:15.0364 1260 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
16:11:15.0365 1260 wlcrasvc - ok
16:11:15.0510 1260 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:11:15.0523 1260 wlidsvc - ok
16:11:15.0657 1260 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
16:11:15.0657 1260 WmiAcpi - ok
16:11:15.0729 1260 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
16:11:15.0730 1260 wmiApSrv - ok
16:11:15.0764 1260 WMPNetworkSvc - ok
16:11:15.0796 1260 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
16:11:15.0798 1260 WPCSvc - ok
16:11:15.0821 1260 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
16:11:15.0823 1260 WPDBusEnum - ok
16:11:15.0847 1260 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
16:11:15.0847 1260 ws2ifsl - ok
16:11:15.0879 1260 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
16:11:15.0881 1260 wscsvc - ok
16:11:15.0883 1260 WSearch - ok
16:11:16.0010 1260 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
16:11:16.0025 1260 wuauserv - ok
16:11:16.0152 1260 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
16:11:16.0153 1260 WudfPf - ok
16:11:16.0187 1260 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:11:16.0188 1260 WUDFRd - ok
16:11:16.0220 1260 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
16:11:16.0222 1260 wudfsvc - ok
16:11:16.0250 1260 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
16:11:16.0252 1260 WwanSvc - ok
16:11:16.0285 1260 MBR (0x1B8) (5cc59d0b5254a08dbb34534fb42dab08) \Device\Harddisk0\DR0
16:11:16.0504 1260 \Device\Harddisk0\DR0 - ok
16:11:16.0506 1260 Boot (0x1200) (397ee1aca44246a6e2a37649df5c0502) \Device\Harddisk0\DR0\Partition0
16:11:16.0507 1260 \Device\Harddisk0\DR0\Partition0 - ok
16:11:16.0519 1260 Boot (0x1200) (435e76a3c6413dadbe82e1f1426e83e1) \Device\Harddisk0\DR0\Partition1
16:11:16.0520 1260 \Device\Harddisk0\DR0\Partition1 - ok
16:11:16.0548 1260 Boot (0x1200) (c8648ce4cd4e9de05611485e2cc79803) \Device\Harddisk0\DR0\Partition2
16:11:16.0550 1260 \Device\Harddisk0\DR0\Partition2 - ok
16:11:16.0550 1260 ============================================================
16:11:16.0550 1260 Scan finished
16:11:16.0550 1260 ============================================================
16:11:16.0557 5864 Detected object count: 0
16:11:16.0557 5864 Actual detected object count: 0



log file from aswMBR

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-27 16:14:01
-----------------------------
16:14:01.896 OS Version: Windows x64 6.1.7601 Service Pack 1
16:14:01.896 Number of processors: 4 586 0x2A07
16:14:01.897 ComputerName: BJORN7126-THINK UserName: Bjorn7126
16:14:02.541 Initialize success
16:15:08.516 AVAST engine defs: 12052701
16:15:32.258 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
16:15:32.260 Disk 0 Vendor: HITACHI_ ESBZ Size: 238475MB BusType: 3
16:15:32.268 Disk 0 MBR read successfully
16:15:32.269 Disk 0 MBR scan
16:15:32.272 Disk 0 unknown MBR code
16:15:32.280 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 1200 MB offset 2048
16:15:32.313 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 227273 MB offset 2459648
16:15:32.353 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 10000 MB offset 467914752
16:15:32.424 Disk 0 scanning C:\Windows\system32\drivers
16:15:50.485 Service scanning
16:16:36.079 Modules scanning
16:16:36.084 Disk 0 trace - called modules:
16:16:36.127 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
16:16:36.454 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80077f4060]
16:16:36.456 3 CLASSPNP.SYS[fffff8800186c43f] -> nt!IofCallDriver -> [0xfffffa800656ec80]
16:16:36.459 5 ACPI.sys[fffff88000f107a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0xfffffa800656d050]
16:16:37.120 AVAST engine scan C:\Windows
16:16:40.464 AVAST engine scan C:\Windows\system32
16:20:23.112 AVAST engine scan C:\Windows\system32\drivers
16:20:43.146 AVAST engine scan C:\Users\Bjorn7126
16:28:06.072 AVAST engine scan C:\ProgramData
16:31:10.533 Scan finished successfully
17:23:09.478 Disk 0 MBR has been saved successfully to "C:\Users\Bjorn7126\Desktop\Bleeping Computer\MBR.dat"
17:23:09.482 The log file has been saved successfully to "C:\Users\Bjorn7126\Desktop\Bleeping Computer\aswMBR.txt"


Status of computer now
TDSSKiller did not identify any suspicious or infected files.

No improvement yet. Redirects appear to occur a bit more frequently today. Yesterday it seemed like it only redirected to scour.com, now it appears to redirect to several websites. It also seems more likely to occur the first time I open up a browser and do a search.

Edited by bjorn7126, 27 May 2012 - 05:30 PM.


#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:44 PM

Posted 27 May 2012 - 08:40 PM

Greetings

I would like to know which browsers are redirecting please verify all that are installed on the computer


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 bjorn7126

bjorn7126
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:44 AM

Posted 27 May 2012 - 09:50 PM

It is very hard for me to force the browser to redirect when I click on links. Usually, I notice it in passing.

I spent half an hour making random search queries and clicking on the first several links. I noticed that I got redirected by Firefox 2 times. Both times, the page shows "redirecting by scour.com..." and then proceeds to show the redirected page. I forgot what the first link was, but the second link I got redirected to was "https://bigfuture.collegeboard.org/?s_kwcid=TC-3529-9557130226-p-1425397321", a site that I have never previously been redirected to.

It does not appear that Internet Explorer redirects me. I exclusively use Firefox. So I'm not sure if I am only noticing it on Firefox because I use it more.


I'm not sure if this means anything or not, but when I was running combofix when you directed me to, for some reason I was unable to disable (or end process) Symantec Endpoint Protection. So I used add/remove to uninstall the program. Later on, when I clicked on a McAfee website search result, I was redirected to a Symantec Norton Antivirus page.

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:44 PM

Posted 27 May 2012 - 09:55 PM

Greetings


lets try this - I want you to uninstall FireFox and if asked about user data or settings then remove that also (you may backup the bookmarks)

Restart the computer and reinstall firefox and check it out for redirects


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:44 PM

Posted 29 May 2012 - 11:33 PM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 bjorn7126

bjorn7126
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:44 AM

Posted 30 May 2012 - 03:22 PM

Hey Gringo,

So it doesn't appear I've had a redirect for the past two days now. I think the issue might have been fixed with the Firefox reinstall. Anything else for me to do at this point?

Bjorn

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:44 PM

Posted 30 May 2012 - 08:38 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

RegNull::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3B85D734-4D1E-A5B8-7A2C9FEBD20E3A7C}\{9B78C2B1-5ACD-EEEE-C2C08A9F5ADC5CE8}\{497F871A-1051-F8C7-F54470C03EAE9AE4}*]

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 bjorn7126

bjorn7126
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:44 AM

Posted 03 June 2012 - 01:36 AM

1. Report from Combofix.

ComboFix 12-06-02.03 - Bjorn 06/03/2012 1:04.4.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.6027.3968 [GMT -5:00]
Running from: c:\users\Bjorn\Downloads\ComboFix.exe
Command switches used :: c:\users\Bjorn\Desktop\Bleeping Computer\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Bjorn\AppData\Local\Temp\_MEI31522\_cacheinvalidation.pyd
c:\users\Bjorn\AppData\Local\Temp\_MEI31522\_ctypes.pyd
c:\users\Bjorn\AppData\Local\Temp\_MEI31522\_elementtree.pyd
c:\users\Bjorn\AppData\Local\Temp\_MEI31522\_hashlib.pyd
c:\users\Bjorn\AppData\Local\Temp\_MEI31522\_socket.pyd
c:\users\Bjorn\AppData\Local\Temp\_MEI31522\_ssl.pyd
c:\users\Bjorn\AppData\Local\Temp\_MEI31522\pyexpat.pyd
c:\users\Bjorn\AppData\Local\Temp\_MEI31522\pysqlite2._sqlite.pyd
c:\users\Bjorn\AppData\Local\Temp\_MEI31522\python26.dll
c:\users\Bjorn\AppData\Local\Temp\_MEI31522\pythoncom26.dll
c:\users\Bjorn\AppData\Local\Temp\_MEI31522\PyWinTypes26.dll
c:\users\Bjorn\AppData\Local\Temp\_MEI31522\select.pyd
c:\users\Bjorn\AppData\Local\Temp\_MEI31522\win32api.pyd
c:\users\Bjorn\AppData\Local\Temp\_MEI31522\win32com.shell.shell.pyd
c:\users\Bjorn\AppData\Local\Temp\_MEI31522\win32crypt.pyd
c:\users\Bjorn\AppData\Local\Temp\_MEI31522\win32event.pyd
c:\users\Bjorn\AppData\Local\Temp\_MEI31522\win32file.pyd
c:\users\Bjorn\AppData\Local\Temp\_MEI31522\win32inet.pyd
c:\users\Bjorn\AppData\Local\Temp\_MEI31522\win32pdh.pyd
c:\users\Bjorn\AppData\Local\Temp\_MEI31522\win32process.pyd
c:\users\Bjorn\AppData\Local\Temp\_MEI31522\wx._controls_.pyd
c:\users\Bjorn\AppData\Local\Temp\_MEI31522\wx._core_.pyd
c:\users\Bjorn\AppData\Local\Temp\_MEI31522\wx._gdi_.pyd
c:\users\Bjorn\AppData\Local\Temp\_MEI31522\wx._html2.pyd
c:\users\Bjorn\AppData\Local\Temp\_MEI31522\wx._misc_.pyd
c:\users\Bjorn\AppData\Local\Temp\_MEI31522\wx._windows_.pyd
c:\users\Bjorn\AppData\Local\Temp\_MEI31522\wx._wizard.pyd
c:\users\Bjorn\AppData\Local\Temp\_MEI31522\wxbase293u_net_vc.dll
c:\users\Bjorn\AppData\Local\Temp\_MEI31522\wxbase293u_vc.dll
c:\users\Bjorn\AppData\Local\Temp\_MEI31522\wxmsw293u_adv_vc.dll
c:\users\Bjorn\AppData\Local\Temp\_MEI31522\wxmsw293u_core_vc.dll
c:\users\Bjorn\AppData\Local\Temp\_MEI31522\wxmsw293u_html_vc.dll
c:\users\Bjorn\AppData\Local\Temp\_MEI31522\wxmsw293u_webview_vc.dll
.
---- Previous Run -------
.
c:\users\Bjorn\AppData\Local\Temp\_MEI39562\_cacheinvalidation.pyd
c:\users\Bjorn\AppData\Local\Temp\_MEI39562\_ctypes.pyd
c:\users\Bjorn\AppData\Local\Temp\_MEI39562\_elementtree.pyd
c:\users\Bjorn\AppData\Local\Temp\_MEI39562\_hashlib.pyd
c:\users\Bjorn\AppData\Local\Temp\_MEI39562\_socket.pyd
c:\users\Bjorn\AppData\Local\Temp\_MEI39562\_ssl.pyd
c:\users\Bjorn\AppData\Local\Temp\_MEI39562\pyexpat.pyd
c:\users\Bjorn\AppData\Local\Temp\_MEI39562\pysqlite2._sqlite.pyd
c:\users\Bjorn\AppData\Local\Temp\_MEI39562\python26.dll
c:\users\Bjorn\AppData\Local\Temp\_MEI39562\pythoncom26.dll
c:\users\Bjorn\AppData\Local\Temp\_MEI39562\PyWinTypes26.dll
c:\users\Bjorn\AppData\Local\Temp\_MEI39562\select.pyd
c:\users\Bjorn\AppData\Local\Temp\_MEI39562\win32api.pyd
c:\users\Bjorn\AppData\Local\Temp\_MEI39562\win32com.shell.shell.pyd
c:\users\Bjorn\AppData\Local\Temp\_MEI39562\win32crypt.pyd
c:\users\Bjorn\AppData\Local\Temp\_MEI39562\win32event.pyd
c:\users\Bjorn\AppData\Local\Temp\_MEI39562\win32file.pyd
c:\users\Bjorn\AppData\Local\Temp\_MEI39562\win32inet.pyd
c:\users\Bjorn\AppData\Local\Temp\_MEI39562\win32pdh.pyd
c:\users\Bjorn\AppData\Local\Temp\_MEI39562\win32process.pyd
c:\users\Bjorn\AppData\Local\Temp\_MEI39562\wx._controls_.pyd
c:\users\Bjorn\AppData\Local\Temp\_MEI39562\wx._core_.pyd
c:\users\Bjorn\AppData\Local\Temp\_MEI39562\wx._gdi_.pyd
c:\users\Bjorn\AppData\Local\Temp\_MEI39562\wx._html2.pyd
c:\users\Bjorn\AppData\Local\Temp\_MEI39562\wx._misc_.pyd
c:\users\Bjorn\AppData\Local\Temp\_MEI39562\wx._windows_.pyd
c:\users\Bjorn\AppData\Local\Temp\_MEI39562\wx._wizard.pyd
c:\users\Bjorn\AppData\Local\Temp\_MEI39562\wxbase293u_net_vc.dll
c:\users\Bjorn\AppData\Local\Temp\_MEI39562\wxbase293u_vc.dll
c:\users\Bjorn\AppData\Local\Temp\_MEI39562\wxmsw293u_adv_vc.dll
c:\users\Bjorn\AppData\Local\Temp\_MEI39562\wxmsw293u_core_vc.dll
c:\users\Bjorn\AppData\Local\Temp\_MEI39562\wxmsw293u_html_vc.dll
c:\users\Bjorn\AppData\Local\Temp\_MEI39562\wxmsw293u_webview_vc.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-05-03 to 2012-06-03 )))))))))))))))))))))))))))))))
.
.
2012-06-03 06:07 . 2012-06-03 06:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-02 12:10 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{41DD80A4-966E-4C5A-917F-45FF471BB51A}\mpengine.dll
2012-06-01 07:27 . 2012-06-01 07:27 -------- d-----w- c:\users\Bjorn\AppData\Local\Lenovo
2012-06-01 07:24 . 2012-06-01 07:24 53248 ----a-r- c:\users\Bjorn\AppData\Roaming\Microsoft\Installer\{0369F866-2CE0-4EB9-B426-88FA122C6E82}\ARPPRODUCTICON.exe
2012-06-01 07:24 . 2012-06-01 07:24 -------- d-----w- c:\program files\Common Files\Lenovo
2012-06-01 07:24 . 2012-06-01 07:24 53248 ----a-r- c:\users\Bjorn\AppData\Roaming\Microsoft\Installer\{6E6E7725-C7BC-4C39-8B3F-14B67331A120}\ARPPRODUCTICON.exe
2012-05-31 22:05 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-05-30 05:17 . 2012-05-30 05:17 -------- d-----w- c:\users\Default\AppData\Local\Google
2012-05-28 04:37 . 2012-05-28 04:37 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-05-23 08:22 . 2012-05-23 08:22 -------- d-----w- c:\programdata\GFI Software
2012-05-23 07:51 . 2012-05-27 18:56 -------- d-----w- c:\windows\system32\appmgmt
2012-05-23 07:48 . 2012-05-23 07:54 -------- d-----w- c:\program files (x86)\VS Revo Group
2012-05-23 07:43 . 2012-05-23 07:43 -------- d-----w- c:\users\Bjorn\AppData\Roaming\Malwarebytes
2012-05-23 07:42 . 2012-05-23 07:42 -------- d-----w- c:\programdata\Malwarebytes
2012-05-23 07:42 . 2012-05-23 07:42 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-05-23 07:42 . 2012-04-04 20:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-23 07:27 . 2012-05-23 07:27 8769696 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-05-23 07:12 . 2012-05-23 07:11 839112 ----a-w- c:\windows\system32\deployJava1.dll
2012-05-23 07:11 . 2012-05-23 07:11 955848 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-05-23 07:11 . 2012-05-23 07:11 -------- d-----w- c:\program files\Java
2012-05-23 07:02 . 2012-05-23 07:27 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-23 07:02 . 2012-05-23 07:02 -------- d-----w- c:\windows\system32\Macromed
2012-05-23 06:47 . 2012-05-23 06:47 -------- d-----w- C:\TDSSKiller_Quarantine
2012-05-15 08:10 . 2012-06-02 12:00 -------- d-s---w- c:\users\Bjorn\Google Drive
2012-05-15 08:08 . 2012-05-23 07:08 -------- d-----w- c:\program files (x86)\Google
2012-05-13 08:00 . 2012-05-13 08:00 -------- d-----w- c:\program files\Microsoft Silverlight
2012-05-13 08:00 . 2012-05-13 08:00 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2012-05-11 14:39 . 2012-05-11 14:39 -------- d-----w- c:\program files (x86)\AVIedit
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-23 07:27 . 2011-05-20 20:15 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-02 11:30 . 2011-05-05 18:11 2693696 ------w- c:\windows\PWMBTHLV.EXE
2012-05-02 11:30 . 2011-05-05 18:11 29512 ----a-w- c:\windows\system32\drivers\DZHDD64.SYS
2012-05-02 11:30 . 2011-05-05 18:11 2806848 ----a-w- c:\windows\system32\PWMCP64V.cpl
2012-05-02 11:30 . 2011-05-05 18:11 19784 ----a-w- c:\windows\system32\drivers\TPPWR64V.SYS
2012-03-21 01:44 . 2010-10-25 02:25 98688 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-03-21 01:44 . 2010-10-25 02:25 203888 ----a-w- c:\windows\system32\drivers\MpFilter.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-05-26_04.40.04 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2012-05-26 01:46 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-06-01 21:27 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-05-26 01:46 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-01 21:27 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-05-26 01:46 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-01 21:27 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-11-21 03:09 . 2012-05-28 04:36 49098 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-06-03 06:10 41250 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-05-12 19:09 . 2012-06-03 06:10 11648 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3726172487-2278243930-1178291279-1000_UserData.bin
+ 2011-05-05 18:12 . 2012-06-01 22:13 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-05-05 18:12 . 2012-05-23 12:53 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-05-05 18:12 . 2012-06-01 22:13 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-05-05 18:12 . 2012-05-23 12:53 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-05-23 12:53 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-01 22:13 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-05-17 19:35 . 2012-05-26 05:01 1964 c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2012-05-26 04:38 . 2012-05-26 04:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-03 06:08 . 2012-06-03 06:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-03 06:08 . 2012-06-03 06:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-05-26 04:38 . 2012-05-26 04:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-05-16 21:06 . 2012-05-29 08:08 309882 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2011-05-11 20:55 . 2012-06-03 02:18 394466 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-07-14 02:36 . 2012-06-02 12:02 626540 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-05-25 02:10 626540 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-06-02 12:02 107784 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-05-25 02:10 107784 c:\windows\system32\perfc009.dat
+ 2011-08-14 06:30 . 2012-06-03 06:07 793344 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2011-08-14 06:30 . 2012-05-26 04:37 793344 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2009-07-14 05:01 . 2012-05-26 04:37 438992 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-06-03 06:07 438992 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-06-01 07:24 . 2012-06-01 07:24 959488 c:\windows\assembly\NativeImages_v2.0.50727_32\PWMUICtl\b8c4aa4bb58b3c2c557df10f74d47a0b\PWMUICtl.ni.dll
+ 2012-06-01 07:24 . 2012-06-01 07:24 158720 c:\windows\assembly\NativeImages_v2.0.50727_32\PWMUIAux\05f632ca86d6a359f2cf2b06c5bcd929\PWMUIAux.ni.exe
+ 2012-06-01 07:24 . 2012-06-01 07:24 947712 c:\windows\assembly\NativeImages_v2.0.50727_32\PWMUI\5f8fb155a8ad4c4441de46cac8285833\PWMUI.ni.exe
+ 2011-09-06 21:20 . 2012-06-01 07:25 5999316 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3726172487-2278243930-1178291279-1000-4096.dat
+ 2011-12-08 06:37 . 2012-06-01 07:25 4788480 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3726172487-2278243930-1178291279-1000-12288.dat
+ 2012-04-04 14:55 . 2012-04-04 14:55 3464192 c:\windows\Installer\1537a1d8.msi
+ 2012-04-04 14:55 . 2012-04-04 14:55 2030080 c:\windows\Installer\1537a1d2.msi
+ 2011-05-12 08:48 . 2012-06-03 06:07 59476652 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3726172487-2278243930-1178291279-1000-8192.dat
+ 2012-05-18 00:31 . 2012-05-18 00:31 12476928 c:\windows\Installer\a75cd1d.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\programdata\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2007-03-29 222128]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2012-05-16 11921064]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IMSS"="c:\program files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" [2011-01-17 112152]
"PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2012-05-02 5940288]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"RotateImage"="c:\program files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe" [2008-10-30 55808]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
.
c:\users\Bjorn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2011-7-27 1211680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-15 116648]
R2 HyperW7Svc;HyperW7 Service;c:\program files\Lenovo\RapidBoot\HyperW7Svc64.exe [2010-12-03 116072]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-23 257696]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 DozeSvc;Lenovo Doze Mode Service;c:\program files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2012-05-02 320576]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-15 116648]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-21 129976]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 PCDSRVC{127174DC-C366ED8B-06020000}_0;PCDSRVC{127174DC-C366ED8B-06020000}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor\pcdsrvc_x64.pkms [2010-08-11 24560]
R3 pmxdrv;pmxdrv;c:\windows\system32\drivers\pmxdrv.sys [x]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2012-05-02 1662528]
R3 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE [2012-05-02 1665088]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 DzHDD64;DzHDD64;c:\windows\System32\DRIVERS\DzHDD64.sys [x]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys [x]
S1 PHCORE;PHCORE;c:\program files\Lenovo\RapidBoot\PHCORE64.SYS [2010-12-03 31592]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 aksdf;aksdf;c:\windows\system32\drivers\aksdf.sys [x]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-08-08 1166848]
S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-06-03 134928]
S2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg64.exe [x]
S2 hasplms;Sentinel HASP License Manager;c:\windows\system32\hasplms.exe -run [x]
S2 jhi_service;Intel® Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2011-02-07 210896]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [2011-01-14 40808]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2011-04-04 45496]
S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [2011-01-14 59240]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2010-04-07 93032]
S2 risdxc;risdxc;c:\windows\system32\DRIVERS\risdxc64.sys [x]
S2 smihlp2;SMI Helper Driver (smihlp2);c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [2011-05-30 13128]
S2 SROSVC;Screen Reading Optimizer Service Program;c:\program files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe [2011-03-02 443240]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [2011-04-20 144232]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2011-03-29 64952]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-01-17 2656280]
S3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys [x]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [x]
S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-23 07:27]
.
2012-06-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-15 08:08]
.
2012-06-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-15 08:08]
.
2012-06-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3726172487-2278243930-1178291279-1000Core.job
- c:\users\Bjorn\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-13 21:13]
.
2012-06-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3726172487-2278243930-1178291279-1000UA.job
- c:\users\Bjorn\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-13 21:13]
.
2012-06-03 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\uaclauncher.exe [2010-08-11 21:00]
.
2012-06-03 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\pcdrcui.exe [2010-08-11 21:00]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-05-16 22:53 754712 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-05-16 22:53 754712 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-05-16 22:53 754712 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-05-16 22:53 754712 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"TpShocks"="TpShocks.exe" [2011-03-29 380776]
"ForteConfig"="c:\program files\Conexant\ForteConfig\fmapp.exe" [2010-10-26 49056]
"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2011-01-14 41320]
"ALCKRESI.EXE"="c:\program files\Lenovo\AutoLock\ALCKRESI.EXE" [2011-05-25 281960]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-04-13 2399632]
"AcWin7Hlpr"="c:\program files (x86)\Lenovo\Access Connections\AcTBenabler.exe" [2011-04-14 31592]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2011-03-15 316032]
"PSQLLauncher"="c:\program files\ThinkVantage Fingerprint Software\launcher.exe" [2011-07-14 85832]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-18 165456]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-30 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-30 418840]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77} - hxxp://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect2.cab
FF - ProfilePath - c:\users\Bjorn\AppData\Roaming\Mozilla\Firefox\Profiles\lys987fq.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{127174DC-C366ED8B-06020000}_0]
"ImagePath"="\??\c:\program files\pc-doctor\pcdsrvc_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F9F9DEBB-68B5-F470-73ABBBDFE6B7698C}\{2DE0854A-58E2-477C-18CA38B62B72F56E}\{B78F9583-EE49-B075-5FB6B2640AC6C572}*]
"XOGCPEUPGZA3BTOUPKIJ6FJXTE1"=hex:01,00,01,00,00,00,00,00,9a,27,1e,8a,da,80,81,
12,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
c:\program files (x86)\Cisco Systems\VPN Client\cvpnd.exe
c:\windows\system32\hasplms.exe
c:\windows\SysWOW64\SAsrv.exe
c:\program files (x86)\Lenovo\Access Connections\AcSvc.exe
c:\progra~1\Lenovo\Zoom\TPSCREX.EXE
c:\progra~1\Lenovo\HOTKEY\TPONSCR.EXE
c:\progra~1\LENOVO\VIRTSCRL\virtscrl.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Internet Explorer\IELowutil.exe
.
**************************************************************************
.
Completion time: 2012-06-03 01:14:24 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-03 06:14
ComboFix2.txt 2012-05-27 19:14
ComboFix3.txt 2012-05-26 04:44
.
Pre-Run: 110,736,228,352 bytes free
Post-Run: 110,742,859,776 bytes free
.
- - End Of File - - 7D3025C5E5A37D59BBB207861E047E08

2. Problems
Appears that Combofix ran smoothly. I had a restart my computer afterwards due to the "illegal operation... deletion" error.

3. Computer behavior after running script
Everything seems to work okay after running that script. Does not appear that much changed.

#13 bjorn7126

bjorn7126
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:44 AM

Posted 03 June 2012 - 01:38 AM

accidental repost

Edited by bjorn7126, 03 June 2012 - 01:43 AM.


#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:44 PM

Posted 04 June 2012 - 09:23 PM

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 bjorn7126

bjorn7126
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:44 AM

Posted 07 June 2012 - 12:47 AM

1: Log from MBAM

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.07.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Bjorn7126 :: BJORN7126-THINK [administrator]

6/6/2012 11:27:39 PM
mbam-log-2012-06-06 (23-27-39).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 531715
Time elapsed: 1 hour(s), 11 minute(s), 26 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


2: Report form Hijack this.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:43:48 AM, on 6/6/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\PROGRA~1\Lenovo\Zoom\TPSCREX.EXE
C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE
C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe
C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files (x86)\Cisco Systems\VPN Client\vpngui.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Users\Bjorn7126\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
C:\Users\Bjorn7126\Downloads\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O4 - HKLM\..\Run: [IMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"
O4 - HKLM\..\Run: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [BingDesktop] C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe /fromkey
O4 - HKCU\..\Run: [ISUSPM] "C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77} (IASRunner Class) - http://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect2.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: AcPrfMgrSvc - Lenovo - C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
O23 - Service: AcSvc - Lenovo - C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service (AMPPALR3) - Intel Corporation - C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
O23 - Service: Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service (BTHSSecurityMgr) - Intel® Corporation - C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: @C:\Windows\system32\CxAudMsg64.exe,-100 (CxAudMsg) - Unknown owner - C:\Windows\system32\CxAudMsg64.exe (file missing)
O23 - Service: Lenovo Doze Mode Service (DozeSvc) - Lenovo. - C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Sentinel HASP License Manager (hasplms) - Unknown owner - C:\Windows\system32\hasplms.exe (file missing)
O23 - Service: HyperW7 Service (HyperW7Svc) - Lenovo Group Limited - C:\Program Files\Lenovo\RapidBoot\HyperW7Svc64.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\Windows\system32\ibmpmsvc.exe (file missing)
O23 - Service: Intel® Identity Protection Technology Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Lenovo Camera Mute (LENOVO.CAMMUTE) - Lenovo Group Limited - C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
O23 - Service: Lenovo Microphone Mute (LENOVO.MICMUTE) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
O23 - Service: Lenovo Keyboard Noise Reduction (LENOVO.TPKNRSVC) - Lenovo Group Limited - C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
O23 - Service: Lenovo Auto Scroll (Lenovo.VIRTSCRLSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Power Manager DBC Service - Lenovo - C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Cisco EnergyWise Enabler (PwmEWSvc) - Lenovo Group Limited - C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Conexant SmartAudio service (SAService) - Conexant Systems, Inc. - C:\Windows\system32\SAsrv.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Screen Reading Optimizer Service Program (SROSVC) - Lenovo Group Limited - C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Unknown owner - C:\Windows\System32\TPHDEXLG64.exe (file missing)
O23 - Service: Lenovo Hotkey Client Loader (TPHKLOAD) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
O23 - Service: On Screen Display (TPHKSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 13932 bytes


3. Problems

I have not been able to update Microsoft Security Essentials yesterday. The program says my virus and spyware definitions are out of date, however when I click "Update" it just starts "searching". The bar loads for a couple of seconds without completing and just does not update. No error message. The window still displays "Virus and spyware definitions: Out of Date".

4. Computer

Overall, there has not been any other redirects.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users