Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Intermittent Google Redirects in Firefox and Chrome


  • This topic is locked This topic is locked
16 replies to this topic

#1 IManCool

IManCool

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:30 AM

Posted 11 June 2012 - 01:00 PM

Hello! First, I want to say thanks so much for offering your time and expertise in helping out the masses and avoiding the headache that goes into clean installs. I try hard not to get infected, but it finally seemed to happen so I need help! Over the last week, I noticed that Google results in Firefox and Chrome intermittently redirect to spam sites- it was so subtle that at first I didn't realize anything was wrong but then finally caught on as it got more and more annoying. It seems like I have no other symptoms. I ran MBAM which came out clean and at this point I'm reaching out for help. Thanks in advance!

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Igor Feinstein at 13:53:35 on 2012-06-11
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4094.2233 [GMT -4:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k WbioSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\AEADISRV.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe
C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\DRIVERS\xaudio64.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
C:\Windows\System32\TpShocks.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Hotspot Shield\bin\openvpntray.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files (x86)\Lenovo\System Update\SUService.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
mRun: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
mRun: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
StartupFolder: C:\Users\IGORFE~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
mPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: DisableCAD = 1 (0x1)
IE: Download with Mipony - file://C:\Program Files (x86)\MiPony\Browser\IEContext.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
Trusted Zone: intuit.com\ttlc
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 167.206.254.2 167.206.254.1
TCP: Interfaces\{2EF0E2B0-2CC7-4A50-8DE0-7D662D886E33} : DhcpNameServer = 167.206.254.2 167.206.254.1
TCP: Interfaces\{2EF0E2B0-2CC7-4A50-8DE0-7D662D886E33}\23034465 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{2EF0E2B0-2CC7-4A50-8DE0-7D662D886E33}\23034465D2F4 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{2EF0E2B0-2CC7-4A50-8DE0-7D662D886E33}\249676023557378696 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{2EF0E2B0-2CC7-4A50-8DE0-7D662D886E33}\F6074796D657D677966696 : DhcpNameServer = 10.240.205.161 10.240.205.162
TCP: Interfaces\{8E45E9B5-F8E6-42D9-B050-476C104A3A05} : NameServer = 10.1.32.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
LSA: Notification Packages = scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun-x64: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
mRun-x64: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
mRun-x64: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Igor Feinstein\AppData\Roaming\Mozilla\Firefox\Profiles\dtbnh4a3.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Igor Feinstein\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Users\Igor Feinstein\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Igor Feinstein\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
.
============= SERVICES / DRIVERS ===============
.
R0 DzHDD64;DzHDD64;C:\Windows\system32\DRIVERS\DzHDD64.sys --> C:\Windows\system32\DRIVERS\DzHDD64.sys [?]
R0 TPDIGIMN;TPDIGIMN;C:\Windows\system32\DRIVERS\ApsHM64.sys --> C:\Windows\system32\DRIVERS\ApsHM64.sys [?]
R1 lenovo.smi;Lenovo System Interface Driver;C:\Windows\system32\DRIVERS\smiifx64.sys --> C:\Windows\system32\DRIVERS\smiifx64.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 aksdf;aksdf;C:\Windows\system32\DRIVERS\aksdf.sys --> C:\Windows\system32\DRIVERS\aksdf.sys [?]
R2 hshld;Hotspot Shield Service;C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe [2012-1-6 331608]
R2 HssWd;Hotspot Shield Monitoring Service;C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -product HSS --> C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -product HSS [?]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-8-25 13672]
R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe [2011-11-16 133992]
R2 smihlp;SMI Helper Driver (smihlp);C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [2009-3-13 13840]
R2 Symantec AntiVirus;Symantec Endpoint Protection;C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe [2011-1-3 1839776]
R2 TPHKLOAD;Lenovo Hotkey Client Loader;C:\Program Files\Lenovo\HOTKEY\tphkload.exe [2011-11-16 145256]
R2 TPHKSVC;On Screen Display;C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe [2011-11-16 142696]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [2011-4-1 428640]
R3 CAXHWAZL;CAXHWAZL;C:\Windows\system32\DRIVERS\CAXHWAZL.sys --> C:\Windows\system32\DRIVERS\CAXHWAZL.sys [?]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-6-10 138912]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-6-6 136176]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;C:\Program Files\Lenovo\HOTKEY\micmute.exe [2012-5-10 101736]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-15 158856]
S3 %S_ServiceName%;%S_ServiceName%;C:\Windows\system32\Drivers\usgh_x64.sys --> C:\Windows\system32\Drivers\usgh_x64.sys [?]
S3 btusbflt;Bluetooth USB Filter;C:\Windows\system32\drivers\btusbflt.sys --> C:\Windows\system32\drivers\btusbflt.sys [?]
S3 CompFilter64;UVCCompositeFilter;C:\Windows\system32\DRIVERS\lvbflt64.sys --> C:\Windows\system32\DRIVERS\lvbflt64.sys [?]
S3 DozeSvc;Lenovo Doze Mode Service;C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2011-6-4 478056]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-6-6 136176]
S3 HP8107Fltr;HP-HP8107;C:\Windows\system32\DRIVERS\HP8107.sys --> C:\Windows\system32\DRIVERS\HP8107.sys [?]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]
S3 LVUVC64;Logitech HD Pro Webcam C910(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-2 129976]
S3 Power Manager DBC Service;Power Manager DBC Service;C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe [2011-6-4 89152]
S3 PwmEWSvc;Cisco EnergyWise Enabler;C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.exe [2011-6-4 175168]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
.
=============== Created Last 30 ================
.
2012-06-11 05:37:38 -------- d-sh--w- C:\$RECYCLE.BIN
2012-06-11 03:39:20 -------- d-----w- C:\Users\Igor Feinstein\AppData\Local\{3278311A-7DE0-49A8-93AD-C09B48A27353}
2012-06-11 03:39:09 -------- d-----w- C:\Users\Igor Feinstein\AppData\Local\{B11B5B7C-E657-4325-9B61-3CE9C7FA9A2D}
2012-06-11 03:19:34 388096 ----a-r- C:\Users\Igor Feinstein\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-06-11 03:19:34 -------- d-----w- C:\Program Files (x86)\Trend Micro
2012-06-10 06:40:21 -------- d-----w- C:\Users\Igor Feinstein\AppData\Local\{6324B4B9-013D-427D-93B2-90F9772FA01A}
2012-06-10 06:40:13 -------- d-----w- C:\Users\Igor Feinstein\AppData\Local\{EE47F294-20E6-4A64-8B0A-B043E9B53927}
2012-06-08 16:44:19 -------- d-----w- C:\Users\Igor Feinstein\AppData\Roaming\HDRsoft
2012-06-08 16:44:19 -------- d-----w- C:\Program Files\PhotomatixPro4
2012-06-06 00:47:41 -------- d-----w- C:\Users\Igor Feinstein\AppData\Local\CANON_INC
2012-06-06 00:19:09 -------- d-----w- C:\ProgramData\ZoomBrowser
2012-06-06 00:18:08 -------- d-----w- C:\Program Files (x86)\Canon
2012-06-06 00:16:28 -------- d-----w- C:\Program Files (x86)\Common Files\Canon
2012-05-23 01:04:22 163048 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin
2012-05-14 23:57:56 -------- d-----w- C:\Users\Igor Feinstein\AppData\Local\{D59A22D9-D0EB-4F59-BFEB-E912807ED1A5}
2012-05-14 23:57:44 -------- d-----w- C:\Users\Igor Feinstein\AppData\Local\{0BD0A89C-2556-427B-8DD8-ACE2EFC7549D}
.
==================== Find3M ====================
.
2012-05-10 23:07:23 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-10 23:07:22 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-26 14:17:54 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-04-19 00:56:30 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2012-04-19 00:56:30 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2012-04-04 19:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-03-31 06:05:57 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-31 04:39:37 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-31 04:39:37 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-03-31 03:10:03 3146240 ----a-w- C:\Windows\System32\win32k.sys
2012-03-30 11:35:47 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-03-17 07:58:57 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys
.
============= FINISH: 13:53:56.47 ===============

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:30 AM

Posted 12 June 2012 - 06:05 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 IManCool

IManCool
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:30 AM

Posted 12 June 2012 - 02:06 PM

Hi Gringo,

I did what you advised and the logs are below. Unfortunately I still seem to be getting intermittently redirected. Hope you can help!

----------------------

Results of screen317's Security Check version 0.99.41
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Symantec Endpoint Protection
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.61.0.1400
Java™ 6 Update 31
Java version out of date!
Adobe Flash Player 11.2.202.235
Adobe Reader X (10.1.3)
Mozilla Firefox (12.0)
Google Chrome 19.0.1084.52
Google Chrome 19.0.1084.56
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

----------------

ComboFix 12-06-12.01 - Igor Feinstein 06/12/2012 14:57:20.2.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4094.2305 [GMT -4:00]
Running from: c:\users\Igor Feinstein\Desktop\ComboFix.exe
AV: Symantec Endpoint Protection *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Symantec Endpoint Protection *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-05-12 to 2012-06-12 )))))))))))))))))))))))))))))))
.
.
2012-06-12 19:01 . 2012-06-12 19:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-11 03:19 . 2012-06-11 03:19 388096 ----a-r- c:\users\Igor Feinstein\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-06-11 03:19 . 2012-06-11 03:19 -------- d-----w- c:\program files (x86)\Trend Micro
2012-06-08 16:44 . 2012-06-08 16:44 -------- d-----w- c:\program files\PhotomatixPro4
2012-06-08 16:44 . 2012-06-08 16:44 -------- d-----w- c:\users\Igor Feinstein\AppData\Roaming\HDRsoft
2012-06-06 00:53 . 2012-06-06 00:53 -------- d-----w- c:\users\Igor Feinstein\AppData\Roaming\Canon
2012-06-06 00:47 . 2012-06-06 00:47 -------- d-----w- c:\users\Igor Feinstein\AppData\Local\CANON_INC
2012-06-06 00:19 . 2012-06-06 00:19 -------- d-----w- c:\programdata\ZoomBrowser
2012-06-06 00:18 . 2012-06-06 00:19 -------- d-----w- c:\program files (x86)\Canon
2012-06-06 00:16 . 2012-06-06 00:16 -------- d-----w- c:\program files (x86)\Common Files\Canon
2012-05-23 01:04 . 2012-05-23 01:04 163048 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-10 23:07 . 2012-04-01 18:18 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-10 23:07 . 2011-06-05 03:22 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-26 14:17 . 2011-06-05 23:25 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-04-19 00:56 . 2012-04-19 00:56 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2012-04-19 00:56 . 2012-04-19 00:56 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2012-04-04 19:56 . 2011-11-19 00:50 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-02 01:51 . 2011-03-28 22:36 19352 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-03-31 06:05 . 2012-05-10 14:43 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-31 04:39 . 2012-05-10 14:43 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-31 04:39 . 2012-05-10 14:43 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-31 03:10 . 2012-05-10 14:43 3146240 ----a-w- c:\windows\system32\win32k.sys
2012-03-30 11:35 . 2012-05-10 14:42 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-03-17 07:58 . 2012-05-10 14:42 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2009-05-18 1314816]
"PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2011-10-04 1631296]
"ccApp"="c:\program files (x86)\Common Files\Symantec Shared\ccApp.exe" [2011-01-03 115560]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
.
c:\users\Igor Feinstein\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-04 136176]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2011-07-12 101736]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-15 158856]
R3 %S_ServiceName%;%S_ServiceName%;c:\windows\system32\Drivers\usgh_x64.sys [x]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
R3 CompFilter64;UVCCompositeFilter;c:\windows\system32\DRIVERS\lvbflt64.sys [x]
R3 DozeSvc;Lenovo Doze Mode Service;c:\program files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2011-10-04 478056]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-04 136176]
R3 HP8107Fltr;HP-HP8107;c:\windows\system32\DRIVERS\HP8107.sys [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
R3 LVUVC64;Logitech HD Pro Webcam C910(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-02 129976]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2011-10-04 89152]
R3 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE [2011-10-04 175168]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
S0 DzHDD64;DzHDD64;c:\windows\System32\DRIVERS\DzHDD64.sys [x]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys [x]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 aksdf;aksdf;c:\windows\system32\DRIVERS\aksdf.sys [x]
S2 hshld;Hotspot Shield Service;c:\program files (x86)\Hotspot Shield\bin\openvpnas.exe [2012-01-06 331608]
S2 HssWd;Hotspot Shield Monitoring Service;c:\program files (x86)\Hotspot Shield\bin\hsswd.exe [2012-01-04 329544]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-08-25 13672]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2011-07-12 133992]
S2 smihlp;SMI Helper Driver (smihlp);c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [2009-03-13 13840]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [2011-07-12 145256]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2011-07-12 142696]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-04-01 428640]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [x]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-06-05 138912]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-06 20:19]
.
2012-06-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-06 20:19]
.
2012-06-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1986358900-745509992-569623703-1001Core.job
- c:\users\Igor Feinstein\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-04 20:19]
.
2012-06-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1986358900-745509992-569623703-1001UA.job
- c:\users\Igor Feinstein\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-04 20:19]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PSQLLauncher"="c:\program files\ThinkVantage Fingerprint Software\launcher.exe" [2010-07-21 85328]
"TpShocks"="TpShocks.exe" [2011-03-29 380776]
"nwiz"="nwiz.exe" [2009-08-27 1712672]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-09-05 16336488]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-12-03 248320]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Download with Mipony - file://c:\program files (x86)\MiPony\Browser\IEContext.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 167.206.254.2 167.206.254.1
TCP: Interfaces\{8E45E9B5-F8E6-42D9-B050-476C104A3A05}: NameServer = 10.1.32.1
FF - ProfilePath - c:\users\Igor Feinstein\AppData\Roaming\Mozilla\Firefox\Profiles\dtbnh4a3.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-06-12 15:02:38
ComboFix-quarantined-files.txt 2012-06-12 19:02
ComboFix2.txt 2012-06-11 05:40
.
Pre-Run: 82,106,908,672 bytes free
Post-Run: 82,046,808,064 bytes free
.
- - End Of File - - E16773138A51139F45A9B68CBE3CD2A5

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:30 AM

Posted 12 June 2012 - 02:41 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 IManCool

IManCool
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:30 AM

Posted 12 June 2012 - 04:17 PM

Hi Gringo,

I ran both but the aswMBR gave me a BSOD the first time I tried but the second time it ran normally. Here are the logs:

--------------

15:43:44.0022 2832 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
15:43:44.0278 2832 ============================================================
15:43:44.0278 2832 Current date / time: 2012/06/12 15:43:44.0278
15:43:44.0278 2832 SystemInfo:
15:43:44.0278 2832
15:43:44.0278 2832 OS Version: 6.1.7601 ServicePack: 1.0
15:43:44.0278 2832 Product type: Workstation
15:43:44.0278 2832 ComputerName: IGORFEINSTEIN
15:43:44.0279 2832 UserName: Igor Feinstein
15:43:44.0279 2832 Windows directory: C:\Windows
15:43:44.0279 2832 System windows directory: C:\Windows
15:43:44.0279 2832 Running under WOW64
15:43:44.0279 2832 Processor architecture: Intel x64
15:43:44.0279 2832 Number of processors: 2
15:43:44.0279 2832 Page size: 0x1000
15:43:44.0279 2832 Boot type: Normal boot
15:43:44.0279 2832 ============================================================
15:43:44.0889 2832 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x50C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
15:43:44.0894 2832 ============================================================
15:43:44.0894 2832 \Device\Harddisk0\DR0:
15:43:44.0894 2832 MBR partitions:
15:43:44.0894 2832 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0xD07800, BlocksNum 0x11D11800
15:43:44.0894 2832 ============================================================
15:43:44.0923 2832 C: <-> \Device\Harddisk0\DR0\Partition0
15:43:44.0923 2832 ============================================================
15:43:44.0923 2832 Initialize success
15:43:44.0923 2832 ============================================================
15:43:57.0980 4460 ============================================================
15:43:57.0980 4460 Scan started
15:43:57.0980 4460 Mode: Manual;
15:43:57.0980 4460 ============================================================
15:43:58.0449 4460 %S_ServiceName% (e879b74d01aa1bd267e95fd3178cae98) C:\Windows\system32\Drivers\usgh_x64.sys
15:43:58.0457 4460 %S_ServiceName% - ok
15:43:58.0524 4460 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
15:43:58.0528 4460 1394ohci - ok
15:43:58.0589 4460 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
15:43:58.0595 4460 ACPI - ok
15:43:58.0625 4460 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
15:43:58.0634 4460 AcpiPmi - ok
15:43:58.0700 4460 ADIHdAudAddService (560649e6a9c11f6124f97310ef387c45) C:\Windows\system32\drivers\ADIHdAud.sys
15:43:58.0714 4460 ADIHdAudAddService - ok
15:43:58.0833 4460 Adobe LM Service (8b46d5a1d3ef08232c04d0eafb871fb2) C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
15:43:58.0843 4460 Adobe LM Service - ok
15:43:58.0920 4460 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
15:43:58.0933 4460 AdobeARMservice - ok
15:43:59.0005 4460 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
15:43:59.0018 4460 adp94xx - ok
15:43:59.0065 4460 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
15:43:59.0075 4460 adpahci - ok
15:43:59.0117 4460 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
15:43:59.0128 4460 adpu320 - ok
15:43:59.0182 4460 AEADIFilters (3bdb13c79cc8c06e2f8182595903ed69) C:\Windows\system32\AEADISRV.EXE
15:43:59.0190 4460 AEADIFilters - ok
15:43:59.0213 4460 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
15:43:59.0214 4460 AeLookupSvc - ok
15:43:59.0287 4460 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
15:43:59.0295 4460 AFD - ok
15:43:59.0344 4460 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
15:43:59.0346 4460 agp440 - ok
15:43:59.0395 4460 aksdf (94c0972b06c75456ed574dd46417b1d8) C:\Windows\system32\DRIVERS\aksdf.sys
15:43:59.0397 4460 aksdf - ok
15:43:59.0427 4460 akshasp (a56f1b0f967aef8a82d7771e6d166def) C:\Windows\system32\DRIVERS\akshasp.sys
15:43:59.0434 4460 akshasp - ok
15:43:59.0465 4460 aksusb (a9a09bc526e614ce9f29bb23c2a76ced) C:\Windows\system32\DRIVERS\aksusb.sys
15:43:59.0472 4460 aksusb - ok
15:43:59.0488 4460 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
15:43:59.0495 4460 ALG - ok
15:43:59.0519 4460 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
15:43:59.0526 4460 aliide - ok
15:43:59.0551 4460 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
15:43:59.0586 4460 amdide - ok
15:43:59.0624 4460 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
15:43:59.0631 4460 AmdK8 - ok
15:43:59.0650 4460 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
15:43:59.0657 4460 AmdPPM - ok
15:43:59.0703 4460 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
15:43:59.0711 4460 amdsata - ok
15:43:59.0737 4460 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
15:43:59.0747 4460 amdsbs - ok
15:43:59.0763 4460 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
15:43:59.0770 4460 amdxata - ok
15:43:59.0836 4460 ApfiltrService (f41e7c078d07118ef7cbea0a74fa1deb) C:\Windows\system32\DRIVERS\Apfiltr.sys
15:43:59.0846 4460 ApfiltrService - ok
15:43:59.0884 4460 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
15:43:59.0886 4460 AppID - ok
15:43:59.0915 4460 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
15:43:59.0921 4460 AppIDSvc - ok
15:43:59.0974 4460 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
15:43:59.0982 4460 Appinfo - ok
15:44:00.0065 4460 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:44:00.0082 4460 Apple Mobile Device - ok
15:44:00.0128 4460 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
15:44:00.0139 4460 AppMgmt - ok
15:44:00.0179 4460 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
15:44:00.0188 4460 arc - ok
15:44:00.0209 4460 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
15:44:00.0218 4460 arcsas - ok
15:44:00.0242 4460 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
15:44:00.0243 4460 AsyncMac - ok
15:44:00.0275 4460 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
15:44:00.0276 4460 atapi - ok
15:44:00.0389 4460 athr (8c56e93749ba53a4b645963d3439e01e) C:\Windows\system32\DRIVERS\athrx.sys
15:44:00.0418 4460 athr - ok
15:44:00.0570 4460 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
15:44:00.0604 4460 AudioEndpointBuilder - ok
15:44:00.0610 4460 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
15:44:00.0614 4460 AudioSrv - ok
15:44:00.0649 4460 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
15:44:00.0657 4460 AxInstSV - ok
15:44:00.0732 4460 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
15:44:00.0746 4460 b06bdrv - ok
15:44:00.0792 4460 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
15:44:00.0804 4460 b57nd60a - ok
15:44:00.0841 4460 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
15:44:00.0848 4460 BDESVC - ok
15:44:00.0869 4460 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
15:44:00.0870 4460 Beep - ok
15:44:00.0951 4460 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
15:44:00.0971 4460 BFE - ok
15:44:01.0035 4460 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
15:44:01.0047 4460 BITS - ok
15:44:01.0106 4460 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
15:44:01.0114 4460 blbdrive - ok
15:44:01.0230 4460 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
15:44:01.0241 4460 Bonjour Service - ok
15:44:01.0269 4460 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
15:44:01.0271 4460 bowser - ok
15:44:01.0287 4460 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:44:01.0293 4460 BrFiltLo - ok
15:44:01.0304 4460 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:44:01.0311 4460 BrFiltUp - ok
15:44:01.0357 4460 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
15:44:01.0360 4460 BridgeMP - ok
15:44:01.0402 4460 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
15:44:01.0411 4460 Browser - ok
15:44:01.0446 4460 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
15:44:01.0456 4460 Brserid - ok
15:44:01.0478 4460 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
15:44:01.0485 4460 BrSerWdm - ok
15:44:01.0505 4460 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
15:44:01.0513 4460 BrUsbMdm - ok
15:44:01.0521 4460 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
15:44:01.0527 4460 BrUsbSer - ok
15:44:01.0579 4460 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
15:44:01.0581 4460 BthEnum - ok
15:44:01.0614 4460 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
15:44:01.0616 4460 BTHMODEM - ok
15:44:01.0663 4460 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
15:44:01.0671 4460 BthPan - ok
15:44:01.0740 4460 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
15:44:01.0748 4460 BTHPORT - ok
15:44:01.0789 4460 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
15:44:01.0796 4460 bthserv - ok
15:44:01.0818 4460 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
15:44:01.0827 4460 BTHUSB - ok
15:44:01.0856 4460 btusbflt (2641a3fe3d7b0646308f33b67f3b5300) C:\Windows\system32\drivers\btusbflt.sys
15:44:01.0863 4460 btusbflt - ok
15:44:01.0872 4460 catchme - ok
15:44:01.0918 4460 CAXHWAZL (fdb53a8d3bc52dc29884587e768e3388) C:\Windows\system32\DRIVERS\CAXHWAZL.sys
15:44:01.0932 4460 CAXHWAZL - ok
15:44:02.0002 4460 ccEvtMgr (f3e5c6ceec35c3f65221100b00afb5f9) C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
15:44:02.0015 4460 ccEvtMgr - ok
15:44:02.0018 4460 ccSetMgr (f3e5c6ceec35c3f65221100b00afb5f9) C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
15:44:02.0019 4460 ccSetMgr - ok
15:44:02.0041 4460 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
15:44:02.0043 4460 cdfs - ok
15:44:02.0078 4460 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
15:44:02.0081 4460 cdrom - ok
15:44:02.0127 4460 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
15:44:02.0134 4460 CertPropSvc - ok
15:44:02.0160 4460 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
15:44:02.0167 4460 circlass - ok
15:44:02.0215 4460 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
15:44:02.0220 4460 CLFS - ok
15:44:02.0292 4460 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:44:02.0319 4460 clr_optimization_v2.0.50727_32 - ok
15:44:02.0361 4460 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:44:02.0369 4460 clr_optimization_v2.0.50727_64 - ok
15:44:02.0436 4460 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:44:02.0449 4460 clr_optimization_v4.0.30319_32 - ok
15:44:02.0486 4460 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:44:02.0496 4460 clr_optimization_v4.0.30319_64 - ok
15:44:02.0533 4460 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
15:44:02.0534 4460 CmBatt - ok
15:44:02.0556 4460 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
15:44:02.0562 4460 cmdide - ok
15:44:02.0608 4460 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
15:44:02.0615 4460 CNG - ok
15:44:02.0640 4460 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
15:44:02.0641 4460 Compbatt - ok
15:44:02.0673 4460 CompFilter64 (553aa50f4d8f80320b59c6566d385a2f) C:\Windows\system32\DRIVERS\lvbflt64.sys
15:44:02.0682 4460 CompFilter64 - ok
15:44:02.0754 4460 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
15:44:02.0756 4460 CompositeBus - ok
15:44:02.0771 4460 COMSysApp - ok
15:44:02.0789 4460 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
15:44:02.0796 4460 crcdisk - ok
15:44:02.0842 4460 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
15:44:02.0853 4460 CryptSvc - ok
15:44:02.0917 4460 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
15:44:02.0925 4460 CSC - ok
15:44:02.0993 4460 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
15:44:03.0001 4460 CscService - ok
15:44:03.0055 4460 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
15:44:03.0059 4460 DcomLaunch - ok
15:44:03.0097 4460 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
15:44:03.0109 4460 defragsvc - ok
15:44:03.0169 4460 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
15:44:03.0171 4460 DfsC - ok
15:44:03.0218 4460 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
15:44:03.0233 4460 Dhcp - ok
15:44:03.0281 4460 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
15:44:03.0282 4460 discache - ok
15:44:03.0321 4460 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
15:44:03.0323 4460 Disk - ok
15:44:03.0371 4460 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
15:44:03.0382 4460 Dnscache - ok
15:44:03.0419 4460 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
15:44:03.0430 4460 dot3svc - ok
15:44:03.0473 4460 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
15:44:03.0475 4460 Dot4 - ok
15:44:03.0496 4460 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\DRIVERS\Dot4Prt.sys
15:44:03.0498 4460 Dot4Print - ok
15:44:03.0528 4460 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
15:44:03.0530 4460 dot4usb - ok
15:44:03.0638 4460 DozeSvc (277247b79da2230d0c3aeb83e6cd8ca7) C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE
15:44:03.0655 4460 DozeSvc - ok
15:44:03.0686 4460 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
15:44:03.0688 4460 DPS - ok
15:44:03.0722 4460 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
15:44:03.0724 4460 drmkaud - ok
15:44:03.0771 4460 dtsoftbus01 (fb9bef3401ee5ecc2603311b9c64f44a) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
15:44:03.0775 4460 dtsoftbus01 - ok
15:44:03.0860 4460 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
15:44:03.0874 4460 DXGKrnl - ok
15:44:03.0979 4460 DzHDD64 (ce4cffd9f64b86bceb1c343fc9924d72) C:\Windows\system32\DRIVERS\DzHDD64.sys
15:44:03.0981 4460 DzHDD64 - ok
15:44:04.0030 4460 e1express (416a2007878ed1d6fc5dddb9e1f6db3e) C:\Windows\system32\DRIVERS\e1e6032e.sys
15:44:04.0073 4460 e1express - ok
15:44:04.0114 4460 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
15:44:04.0122 4460 EapHost - ok
15:44:04.0418 4460 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
15:44:04.0471 4460 ebdrv - ok
15:44:04.0589 4460 eeCtrl (ba6420c1f7070ed8f1ba372844f3e1ec) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
15:44:04.0602 4460 eeCtrl - ok
15:44:04.0709 4460 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
15:44:04.0717 4460 EFS - ok
15:44:04.0798 4460 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
15:44:04.0832 4460 ehRecvr - ok
15:44:04.0862 4460 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
15:44:04.0888 4460 ehSched - ok
15:44:04.0976 4460 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
15:44:04.0992 4460 elxstor - ok
15:44:05.0095 4460 EraserUtilRebootDrv (1343df3451bc0c442dc69837c6fba21b) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
15:44:05.0129 4460 EraserUtilRebootDrv - ok
15:44:05.0157 4460 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
15:44:05.0159 4460 ErrDev - ok
15:44:05.0212 4460 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
15:44:05.0216 4460 EventSystem - ok
15:44:05.0239 4460 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
15:44:05.0243 4460 exfat - ok
15:44:05.0271 4460 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
15:44:05.0274 4460 fastfat - ok
15:44:05.0415 4460 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
15:44:05.0433 4460 Fax - ok
15:44:05.0462 4460 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
15:44:05.0469 4460 fdc - ok
15:44:05.0491 4460 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
15:44:05.0498 4460 fdPHost - ok
15:44:05.0512 4460 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
15:44:05.0519 4460 FDResPub - ok
15:44:05.0547 4460 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
15:44:05.0549 4460 FileInfo - ok
15:44:05.0563 4460 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
15:44:05.0564 4460 Filetrace - ok
15:44:05.0578 4460 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
15:44:05.0584 4460 flpydisk - ok
15:44:05.0616 4460 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
15:44:05.0620 4460 FltMgr - ok
15:44:05.0718 4460 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
15:44:05.0743 4460 FontCache - ok
15:44:05.0810 4460 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:44:05.0819 4460 FontCache3.0.0.0 - ok
15:44:05.0865 4460 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
15:44:05.0867 4460 FsDepends - ok
15:44:05.0883 4460 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
15:44:05.0890 4460 Fs_Rec - ok
15:44:05.0932 4460 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
15:44:05.0936 4460 fvevol - ok
15:44:05.0970 4460 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
15:44:05.0977 4460 gagp30kx - ok
15:44:06.0003 4460 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:44:06.0010 4460 GEARAspiWDM - ok
15:44:06.0082 4460 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
15:44:06.0128 4460 gpsvc - ok
15:44:06.0241 4460 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:44:06.0260 4460 gupdate - ok
15:44:06.0281 4460 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:44:06.0282 4460 gupdatem - ok
15:44:06.0341 4460 Hardlock (78fad9117e4527f2ca82259da10f40bd) C:\Windows\system32\drivers\hardlock.sys
15:44:06.0354 4460 Hardlock - ok
15:44:06.0382 4460 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
15:44:06.0389 4460 hcw85cir - ok
15:44:06.0436 4460 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
15:44:06.0442 4460 HdAudAddService - ok
15:44:06.0466 4460 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
15:44:06.0468 4460 HDAudBus - ok
15:44:06.0481 4460 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
15:44:06.0488 4460 HidBatt - ok
15:44:06.0513 4460 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
15:44:06.0521 4460 HidBth - ok
15:44:06.0538 4460 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
15:44:06.0544 4460 HidIr - ok
15:44:06.0574 4460 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
15:44:06.0581 4460 hidserv - ok
15:44:06.0615 4460 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
15:44:06.0616 4460 HidUsb - ok
15:44:06.0640 4460 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
15:44:06.0648 4460 hkmsvc - ok
15:44:06.0683 4460 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
15:44:06.0694 4460 HomeGroupListener - ok
15:44:06.0730 4460 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
15:44:06.0741 4460 HomeGroupProvider - ok
15:44:06.0775 4460 HP8107Fltr (43a7573a319761acf57a3825d8402d41) C:\Windows\system32\DRIVERS\HP8107.sys
15:44:06.0781 4460 HP8107Fltr - ok
15:44:06.0815 4460 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
15:44:06.0823 4460 HpSAMD - ok
15:44:06.0954 4460 HSF_DPV (e90d0e3d9715f3bec7db2d6321dddee8) C:\Windows\system32\DRIVERS\CAX_DPV.sys
15:44:07.0332 4460 HSF_DPV - ok
15:44:07.0481 4460 hshld (44452f7a09d00573dc6e714874257cc9) C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe
15:44:07.0494 4460 hshld - ok
15:44:07.0612 4460 HssDrv (a60c877e1cd3aa2e4e5ccd8af305c0f1) C:\Windows\system32\DRIVERS\HssDrv.sys
15:44:07.0620 4460 HssDrv - ok
15:44:07.0675 4460 HssSrv (2cfea9c337b699aca38487e8a7438f35) C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
15:44:07.0706 4460 HssSrv - ok
15:44:07.0744 4460 HssTrayService (6b1dc08d22231c9e508a715f07fce7fb) C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE
15:44:07.0754 4460 HssTrayService - ok
15:44:07.0757 4460 HssWd - ok
15:44:07.0830 4460 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
15:44:07.0841 4460 HTTP - ok
15:44:07.0860 4460 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
15:44:07.0861 4460 hwpolicy - ok
15:44:07.0906 4460 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
15:44:07.0908 4460 i8042prt - ok
15:44:07.0957 4460 iaStor (bbb3b6df1abb0fe35802ede85cc1c011) C:\Windows\system32\DRIVERS\iaStor.sys
15:44:07.0959 4460 iaStor - ok
15:44:08.0019 4460 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
15:44:08.0031 4460 iaStorV - ok
15:44:08.0078 4460 IBMPMDRV (e03fa8b9c161e34d21a4e3850e490eb7) C:\Windows\system32\DRIVERS\ibmpmdrv.sys
15:44:08.0085 4460 IBMPMDRV - ok
15:44:08.0097 4460 IBMPMSVC (ce5ae01bec8b7c75101cd3d0e30c1a14) C:\Windows\system32\ibmpmsvc.exe
15:44:08.0105 4460 IBMPMSVC - ok
15:44:08.0216 4460 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:44:08.0240 4460 idsvc - ok
15:44:08.0263 4460 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
15:44:08.0271 4460 iirsp - ok
15:44:08.0350 4460 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
15:44:08.0381 4460 IKEEXT - ok
15:44:08.0413 4460 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
15:44:08.0419 4460 intelide - ok
15:44:08.0446 4460 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
15:44:08.0448 4460 intelppm - ok
15:44:08.0579 4460 IntuitUpdateServiceV4 (1663a135865f0ba6e853353e98e67f2a) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
15:44:08.0585 4460 IntuitUpdateServiceV4 - ok
15:44:08.0627 4460 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
15:44:08.0635 4460 IPBusEnum - ok
15:44:08.0660 4460 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:44:08.0662 4460 IpFilterDriver - ok
15:44:08.0744 4460 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
15:44:08.0752 4460 iphlpsvc - ok
15:44:08.0774 4460 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
15:44:08.0781 4460 IPMIDRV - ok
15:44:08.0826 4460 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
15:44:08.0829 4460 IPNAT - ok
15:44:08.0960 4460 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
15:44:08.0976 4460 iPod Service - ok
15:44:08.0996 4460 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
15:44:08.0997 4460 IRENUM - ok
15:44:09.0020 4460 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
15:44:09.0021 4460 isapnp - ok
15:44:09.0049 4460 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
15:44:09.0054 4460 iScsiPrt - ok
15:44:09.0086 4460 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
15:44:09.0088 4460 kbdclass - ok
15:44:09.0125 4460 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
15:44:09.0127 4460 kbdhid - ok
15:44:09.0150 4460 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:44:09.0152 4460 KeyIso - ok
15:44:09.0164 4460 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
15:44:09.0166 4460 KSecDD - ok
15:44:09.0188 4460 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
15:44:09.0191 4460 KSecPkg - ok
15:44:09.0221 4460 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
15:44:09.0223 4460 ksthunk - ok
15:44:09.0276 4460 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
15:44:09.0291 4460 KtmRm - ok
15:44:09.0323 4460 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
15:44:09.0336 4460 LanmanServer - ok
15:44:09.0366 4460 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
15:44:09.0376 4460 LanmanWorkstation - ok
15:44:09.0460 4460 LENOVO.MICMUTE (340288b3b2edc8afd5ff127df85142a7) C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
15:44:09.0487 4460 LENOVO.MICMUTE - ok
15:44:09.0513 4460 lenovo.smi (2b9d8555dc004e240082d18e7725ce20) C:\Windows\system32\DRIVERS\smiifx64.sys
15:44:09.0519 4460 lenovo.smi - ok
15:44:09.0545 4460 Lenovo.VIRTSCRLSVC (f7de50781dc4d162c1005eb30d98f931) C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
15:44:09.0553 4460 Lenovo.VIRTSCRLSVC - ok
15:44:09.0800 4460 LiveUpdate (6abe9ecaab7dd0cc6f46ec830e0fe8fc) C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE
15:44:09.0828 4460 LiveUpdate - ok
15:44:09.0965 4460 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
15:44:09.0966 4460 lltdio - ok
15:44:10.0022 4460 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
15:44:10.0035 4460 lltdsvc - ok
15:44:10.0051 4460 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
15:44:10.0060 4460 lmhosts - ok
15:44:10.0093 4460 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
15:44:10.0101 4460 LSI_FC - ok
15:44:10.0121 4460 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
15:44:10.0129 4460 LSI_SAS - ok
15:44:10.0147 4460 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:44:10.0155 4460 LSI_SAS2 - ok
15:44:10.0177 4460 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:44:10.0186 4460 LSI_SCSI - ok
15:44:10.0217 4460 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
15:44:10.0219 4460 luafv - ok
15:44:10.0284 4460 LVRS64 (803085f59ec92b3827cc4d90fcbfd335) C:\Windows\system32\DRIVERS\lvrs64.sys
15:44:10.0296 4460 LVRS64 - ok
15:44:10.0593 4460 LVUVC64 (a8d7c97016e6b76ef472a4c7ab357ee3) C:\Windows\system32\DRIVERS\lvuvc64.sys
15:44:10.0662 4460 LVUVC64 - ok
15:44:10.0781 4460 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
15:44:10.0789 4460 Mcx2Svc - ok
15:44:10.0882 4460 MDM (7cf1b716372b89568ae4c0fe769f5869) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
15:44:10.0884 4460 MDM - ok
15:44:10.0948 4460 mdmxsdk (e4f44ec214b3e381e1fc844a02926666) C:\Windows\system32\DRIVERS\mdmxsdk.sys
15:44:10.0954 4460 mdmxsdk - ok
15:44:10.0981 4460 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
15:44:10.0988 4460 megasas - ok
15:44:11.0032 4460 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
15:44:11.0043 4460 MegaSR - ok
15:44:11.0076 4460 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
15:44:11.0078 4460 MMCSS - ok
15:44:11.0088 4460 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
15:44:11.0088 4460 Modem - ok
15:44:11.0126 4460 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
15:44:11.0133 4460 monitor - ok
15:44:11.0168 4460 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
15:44:11.0169 4460 mouclass - ok
15:44:11.0190 4460 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
15:44:11.0192 4460 mouhid - ok
15:44:11.0222 4460 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
15:44:11.0224 4460 mountmgr - ok
15:44:11.0279 4460 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
15:44:11.0305 4460 MozillaMaintenance - ok
15:44:11.0343 4460 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
15:44:11.0346 4460 mpio - ok
15:44:11.0364 4460 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
15:44:11.0365 4460 mpsdrv - ok
15:44:11.0473 4460 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
15:44:11.0517 4460 MpsSvc - ok
15:44:11.0548 4460 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
15:44:11.0551 4460 MRxDAV - ok
15:44:11.0583 4460 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:44:11.0586 4460 mrxsmb - ok
15:44:11.0639 4460 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:44:11.0644 4460 mrxsmb10 - ok
15:44:11.0664 4460 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:44:11.0666 4460 mrxsmb20 - ok
15:44:11.0674 4460 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
15:44:11.0681 4460 msahci - ok
15:44:11.0701 4460 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
15:44:11.0704 4460 msdsm - ok
15:44:11.0739 4460 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
15:44:11.0749 4460 MSDTC - ok
15:44:11.0772 4460 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
15:44:11.0774 4460 Msfs - ok
15:44:11.0781 4460 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
15:44:11.0782 4460 mshidkmdf - ok
15:44:11.0803 4460 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
15:44:11.0804 4460 msisadrv - ok
15:44:11.0845 4460 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
15:44:11.0855 4460 MSiSCSI - ok
15:44:11.0858 4460 msiserver - ok
15:44:11.0885 4460 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
15:44:11.0887 4460 MSKSSRV - ok
15:44:11.0897 4460 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
15:44:11.0903 4460 MSPCLOCK - ok
15:44:11.0914 4460 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
15:44:11.0915 4460 MSPQM - ok
15:44:11.0959 4460 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
15:44:11.0965 4460 MsRPC - ok
15:44:11.0977 4460 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
15:44:11.0978 4460 mssmbios - ok
15:44:11.0992 4460 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
15:44:11.0993 4460 MSTEE - ok
15:44:12.0008 4460 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
15:44:12.0014 4460 MTConfig - ok
15:44:12.0035 4460 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
15:44:12.0037 4460 Mup - ok
15:44:12.0094 4460 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
15:44:12.0112 4460 napagent - ok
15:44:12.0160 4460 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
15:44:12.0165 4460 NativeWifiP - ok
15:44:12.0288 4460 NAVENG (8043d41f881d6ace40b854ad6e32217f) C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20120611.002\ENG64.SYS
15:44:12.0297 4460 NAVENG - ok
15:44:12.0497 4460 NAVEX15 (9a9ab2fc45d701daed465d14980f1305) C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20120611.002\EX64.SYS
15:44:12.0515 4460 NAVEX15 - ok
15:44:12.0717 4460 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys
15:44:12.0728 4460 NDIS - ok
15:44:12.0760 4460 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
15:44:12.0762 4460 NdisCap - ok
15:44:12.0786 4460 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
15:44:12.0788 4460 NdisTapi - ok
15:44:12.0812 4460 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
15:44:12.0814 4460 Ndisuio - ok
15:44:12.0844 4460 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
15:44:12.0847 4460 NdisWan - ok
15:44:12.0876 4460 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
15:44:12.0877 4460 NDProxy - ok
15:44:12.0904 4460 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
15:44:12.0906 4460 NetBIOS - ok
15:44:12.0938 4460 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
15:44:12.0942 4460 NetBT - ok
15:44:12.0968 4460 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:44:12.0970 4460 Netlogon - ok
15:44:13.0026 4460 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
15:44:13.0043 4460 Netman - ok
15:44:13.0076 4460 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
15:44:13.0110 4460 netprofm - ok
15:44:13.0174 4460 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:44:13.0184 4460 NetTcpPortSharing - ok
15:44:13.0226 4460 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
15:44:13.0234 4460 nfrd960 - ok
15:44:13.0274 4460 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
15:44:13.0290 4460 NlaSvc - ok
15:44:13.0302 4460 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
15:44:13.0304 4460 Npfs - ok
15:44:13.0327 4460 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
15:44:13.0334 4460 nsi - ok
15:44:13.0341 4460 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
15:44:13.0342 4460 nsiproxy - ok
15:44:13.0480 4460 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
15:44:13.0503 4460 Ntfs - ok
15:44:13.0610 4460 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
15:44:13.0611 4460 Null - ok
15:44:14.0388 4460 nvlddmkm (5d0c43555b4244d9f5699a12288d1847) C:\Windows\system32\DRIVERS\nvlddmkm.sys
15:44:14.0661 4460 nvlddmkm - ok
15:44:14.0811 4460 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
15:44:14.0820 4460 nvraid - ok
15:44:14.0854 4460 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
15:44:14.0864 4460 nvstor - ok
15:44:14.0921 4460 nvsvc (ff2afebfc073a073231cba987029c612) C:\Windows\system32\nvvsvc.exe
15:44:14.0932 4460 nvsvc - ok
15:44:14.0963 4460 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
15:44:14.0972 4460 nv_agp - ok
15:44:15.0086 4460 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
15:44:15.0118 4460 odserv - ok
15:44:15.0133 4460 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
15:44:15.0135 4460 ohci1394 - ok
15:44:15.0171 4460 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:44:15.0217 4460 ose - ok
15:44:15.0265 4460 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
15:44:15.0270 4460 p2pimsvc - ok
15:44:15.0308 4460 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
15:44:15.0323 4460 p2psvc - ok
15:44:15.0343 4460 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
15:44:15.0350 4460 Parport - ok
15:44:15.0395 4460 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
15:44:15.0397 4460 partmgr - ok
15:44:15.0420 4460 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
15:44:15.0431 4460 PcaSvc - ok
15:44:15.0455 4460 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
15:44:15.0458 4460 pci - ok
15:44:15.0493 4460 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
15:44:15.0494 4460 pciide - ok
15:44:15.0520 4460 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
15:44:15.0524 4460 pcmcia - ok
15:44:15.0541 4460 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
15:44:15.0543 4460 pcw - ok
15:44:15.0611 4460 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
15:44:15.0620 4460 PEAUTH - ok
15:44:15.0725 4460 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
15:44:15.0744 4460 PeerDistSvc - ok
15:44:15.0836 4460 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
15:44:15.0848 4460 PerfHost - ok
15:44:16.0017 4460 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
15:44:16.0051 4460 pla - ok
15:44:16.0132 4460 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
15:44:16.0151 4460 PlugPlay - ok
15:44:16.0176 4460 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
15:44:16.0184 4460 PNRPAutoReg - ok
15:44:16.0225 4460 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
15:44:16.0227 4460 PNRPsvc - ok
15:44:16.0283 4460 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
15:44:16.0300 4460 PolicyAgent - ok
15:44:16.0330 4460 Power (a2cca4fb273e6050f17a0a416cff2fcd) C:\Windows\system32\umpo.dll
15:44:16.0333 4460 Power - ok
15:44:16.0426 4460 Power Manager DBC Service (836fe79de8767d77136b6491a3d61089) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
15:44:16.0443 4460 Power Manager DBC Service - ok
15:44:16.0497 4460 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
15:44:16.0500 4460 PptpMiniport - ok
15:44:16.0518 4460 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
15:44:16.0526 4460 Processor - ok
15:44:16.0567 4460 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
15:44:16.0580 4460 ProfSvc - ok
15:44:16.0601 4460 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:44:16.0602 4460 ProtectedStorage - ok
15:44:16.0626 4460 psadd (05a4779e4994b21473edbe85aabe8030) C:\Windows\system32\DRIVERS\psadd.sys
15:44:16.0634 4460 psadd - ok
15:44:16.0677 4460 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
15:44:16.0678 4460 Psched - ok
15:44:16.0717 4460 PwmEWSvc (576444157f1cb25ae2057eed586d4889) C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE
15:44:16.0734 4460 PwmEWSvc - ok
15:44:16.0859 4460 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
15:44:16.0889 4460 ql2300 - ok
15:44:17.0020 4460 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
15:44:17.0029 4460 ql40xx - ok
15:44:17.0075 4460 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
15:44:17.0087 4460 QWAVE - ok
15:44:17.0100 4460 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
15:44:17.0101 4460 QWAVEdrv - ok
15:44:17.0118 4460 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
15:44:17.0120 4460 RasAcd - ok
15:44:17.0162 4460 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
15:44:17.0164 4460 RasAgileVpn - ok
15:44:17.0181 4460 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
15:44:17.0190 4460 RasAuto - ok
15:44:17.0222 4460 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:44:17.0225 4460 Rasl2tp - ok
15:44:17.0276 4460 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
15:44:17.0291 4460 RasMan - ok
15:44:17.0310 4460 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
15:44:17.0312 4460 RasPppoe - ok
15:44:17.0340 4460 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
15:44:17.0342 4460 RasSstp - ok
15:44:17.0391 4460 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
15:44:17.0396 4460 rdbss - ok
15:44:17.0424 4460 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
15:44:17.0426 4460 rdpbus - ok
15:44:17.0482 4460 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:44:17.0483 4460 RDPCDD - ok
15:44:17.0527 4460 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
15:44:17.0530 4460 RDPDR - ok
15:44:17.0546 4460 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
15:44:17.0547 4460 RDPENCDD - ok
15:44:17.0578 4460 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
15:44:17.0579 4460 RDPREFMP - ok
15:44:17.0621 4460 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
15:44:17.0622 4460 RdpVideoMiniport - ok
15:44:17.0662 4460 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
15:44:17.0666 4460 RDPWD - ok
15:44:17.0717 4460 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
15:44:17.0720 4460 rdyboost - ok
15:44:17.0751 4460 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
15:44:17.0760 4460 RemoteAccess - ok
15:44:17.0790 4460 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
15:44:17.0802 4460 RemoteRegistry - ok
15:44:17.0844 4460 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
15:44:17.0847 4460 RFCOMM - ok
15:44:17.0881 4460 rimmptsk (d13d70fac45fc1df69f88559b1f72f0a) C:\Windows\system32\DRIVERS\rimmpx64.sys
15:44:17.0889 4460 rimmptsk - ok
15:44:17.0905 4460 rimsptsk (bb9edc55b0b8cb4fcd713428820e0776) C:\Windows\system32\DRIVERS\rimspx64.sys
15:44:17.0913 4460 rimsptsk - ok
15:44:17.0946 4460 rismxdp (2a43f9e6dbde12bc0c104785c3b3f5df) C:\Windows\system32\DRIVERS\rixdpx64.sys
15:44:17.0953 4460 rismxdp - ok
15:44:17.0973 4460 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
15:44:17.0983 4460 RpcEptMapper - ok
15:44:18.0001 4460 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
15:44:18.0008 4460 RpcLocator - ok
15:44:18.0051 4460 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
15:44:18.0055 4460 RpcSs - ok
15:44:18.0092 4460 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
15:44:18.0094 4460 rspndr - ok
15:44:18.0121 4460 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
15:44:18.0127 4460 s3cap - ok
15:44:18.0151 4460 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:44:18.0152 4460 SamSs - ok
15:44:18.0175 4460 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
15:44:18.0185 4460 sbp2port - ok
15:44:18.0222 4460 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
15:44:18.0233 4460 SCardSvr - ok
15:44:18.0268 4460 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
15:44:18.0272 4460 scfilter - ok
15:44:18.0371 4460 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
15:44:18.0418 4460 Schedule - ok
15:44:18.0444 4460 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
15:44:18.0445 4460 SCPolicySvc - ok
15:44:18.0482 4460 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
15:44:18.0485 4460 sdbus - ok
15:44:18.0525 4460 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
15:44:18.0535 4460 SDRSVC - ok
15:44:18.0563 4460 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
15:44:18.0570 4460 secdrv - ok
15:44:18.0591 4460 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
15:44:18.0600 4460 seclogon - ok
15:44:18.0632 4460 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
15:44:18.0643 4460 SENS - ok
15:44:18.0655 4460 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
15:44:18.0662 4460 SensrSvc - ok
15:44:18.0675 4460 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
15:44:18.0682 4460 Serenum - ok
15:44:18.0723 4460 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
15:44:18.0731 4460 Serial - ok
15:44:18.0768 4460 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
15:44:18.0769 4460 sermouse - ok
15:44:18.0806 4460 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
15:44:18.0815 4460 SessionEnv - ok
15:44:18.0840 4460 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
15:44:18.0841 4460 sffdisk - ok
15:44:18.0858 4460 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
15:44:18.0859 4460 sffp_mmc - ok
15:44:18.0868 4460 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\DRIVERS\sffp_sd.sys
15:44:18.0869 4460 sffp_sd - ok
15:44:18.0887 4460 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
15:44:18.0893 4460 sfloppy - ok
15:44:18.0966 4460 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
15:44:18.0980 4460 SharedAccess - ok
15:44:19.0031 4460 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
15:44:19.0045 4460 ShellHWDetection - ok
15:44:19.0083 4460 Shockprf (c3f190562fe82efda7ccef305ebad3e3) C:\Windows\system32\DRIVERS\Apsx64.sys
15:44:19.0085 4460 Shockprf - ok
15:44:19.0120 4460 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:44:19.0127 4460 SiSRaid2 - ok
15:44:19.0163 4460 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
15:44:19.0171 4460 SiSRaid4 - ok
15:44:19.0266 4460 SkypeUpdate (db0405d9aad62f0762e0876ac142b7e1) C:\Program Files (x86)\Skype\Updater\Updater.exe
15:44:19.0395 4460 SkypeUpdate - ok
15:44:19.0473 4460 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
15:44:19.0475 4460 Smb - ok
15:44:19.0741 4460 SmcService (13ffb1d55c2710abc3119474a83c0a44) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
15:44:19.0782 4460 SmcService - ok
15:44:19.0851 4460 smihlp (c5b1a19b14f19b08ae72fcb20a3075b6) C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys
15:44:19.0858 4460 smihlp - ok
15:44:19.0932 4460 SNAC (0bdef6dadb43601fdcb031b4b0383580) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE
15:44:19.0948 4460 SNAC - ok
15:44:20.0059 4460 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
15:44:20.0066 4460 SNMPTRAP - ok
15:44:20.0347 4460 SNP2UVC (3bcd7556f3222221c31b1577b5527ed7) C:\Windows\system32\DRIVERS\snp2uvc.sys
15:44:20.0404 4460 SNP2UVC - ok
15:44:20.0509 4460 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
15:44:20.0510 4460 spldr - ok
15:44:20.0569 4460 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
15:44:20.0581 4460 Spooler - ok
15:44:20.0818 4460 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
15:44:21.0092 4460 sppsvc - ok
15:44:21.0157 4460 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
15:44:21.0165 4460 sppuinotify - ok
15:44:21.0222 4460 SRTSP (83834ebc0786ccf5ee64fbbb6a89cf3a) C:\Windows\system32\Drivers\SRTSP64.SYS
15:44:21.0229 4460 SRTSP - ok
15:44:21.0269 4460 SRTSPL (e47d5d68917e0d70e3730263d41cefa3) C:\Windows\system32\Drivers\SRTSPL64.SYS
15:44:21.0282 4460 SRTSPL - ok
15:44:21.0295 4460 SRTSPX (ea2051ff6a40c89eaa98c1769ad68597) C:\Windows\system32\Drivers\SRTSPX64.SYS
15:44:21.0303 4460 SRTSPX - ok
15:44:21.0356 4460 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
15:44:21.0363 4460 srv - ok
15:44:21.0401 4460 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
15:44:21.0408 4460 srv2 - ok
15:44:21.0460 4460 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
15:44:21.0473 4460 SrvHsfHDA - ok
15:44:21.0577 4460 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
15:44:21.0606 4460 SrvHsfV92 - ok
15:44:21.0769 4460 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
15:44:21.0788 4460 SrvHsfWinac - ok
15:44:21.0822 4460 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
15:44:21.0825 4460 srvnet - ok
15:44:21.0865 4460 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
15:44:21.0876 4460 SSDPSRV - ok
15:44:21.0895 4460 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
15:44:21.0930 4460 SstpSvc - ok
15:44:21.0957 4460 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
15:44:21.0964 4460 stexstor - ok
15:44:22.0025 4460 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
15:44:22.0044 4460 stisvc - ok
15:44:22.0075 4460 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
15:44:22.0083 4460 storflt - ok
15:44:22.0101 4460 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
15:44:22.0109 4460 storvsc - ok
15:44:22.0185 4460 SUService (59b5a060a31bd4bab030c4fcd1048292) C:\Program Files (x86)\Lenovo\System Update\SUService.exe
15:44:22.0193 4460 SUService - ok
15:44:22.0201 4460 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
15:44:22.0234 4460 swenum - ok
15:44:22.0299 4460 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
15:44:22.0315 4460 swprv - ok
15:44:22.0512 4460 Symantec AntiVirus (4402cf4959a30cb6a008099aba8f22a9) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
15:44:22.0523 4460 Symantec AntiVirus - ok
15:44:22.0652 4460 SymEvent (d1f1a5e72e33d6be449f5f1f4a513dd1) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
15:44:22.0663 4460 SymEvent - ok
15:44:22.0666 4460 Synth3dVsc - ok
15:44:22.0805 4460 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
15:44:22.0845 4460 SysMain - ok
15:44:22.0918 4460 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
15:44:22.0926 4460 TabletInputService - ok
15:44:22.0987 4460 taphss (f33fdc72298df4bf9813a55d21f4eb31) C:\Windows\system32\DRIVERS\taphss.sys
15:44:22.0995 4460 taphss - ok
15:44:23.0023 4460 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
15:44:23.0040 4460 TapiSrv - ok
15:44:23.0072 4460 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
15:44:23.0074 4460 TBS - ok
15:44:23.0235 4460 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
15:44:23.0261 4460 Tcpip - ok
15:44:23.0468 4460 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
15:44:23.0477 4460 TCPIP6 - ok
15:44:23.0546 4460 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
15:44:23.0553 4460 tcpipreg - ok
15:44:23.0581 4460 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
15:44:23.0589 4460 TDPIPE - ok
15:44:23.0622 4460 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
15:44:23.0628 4460 TDTCP - ok
15:44:23.0661 4460 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
15:44:23.0670 4460 tdx - ok
15:44:23.0690 4460 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
15:44:23.0698 4460 TermDD - ok
15:44:23.0752 4460 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
15:44:23.0773 4460 TermService - ok
15:44:23.0799 4460 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
15:44:23.0807 4460 Themes - ok
15:44:23.0834 4460 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
15:44:23.0836 4460 THREADORDER - ok
15:44:23.0877 4460 TPDIGIMN (1bb77eccbfa3675b1ee8d6d6d37a1e1e) C:\Windows\system32\DRIVERS\ApsHM64.sys
15:44:23.0878 4460 TPDIGIMN - ok
15:44:23.0904 4460 TPHDEXLGSVC (88f81d810ff16ac65b02643daf308d4f) C:\Windows\system32\TPHDEXLG64.exe
15:44:23.0913 4460 TPHDEXLGSVC - ok
15:44:24.0003 4460 TPHKLOAD (83415782d47f8064fcafea308abb2246) C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
15:44:24.0012 4460 TPHKLOAD - ok
15:44:24.0029 4460 TPHKSVC (c04bb65441913ab621c58a8bd3169b23) C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
15:44:24.0065 4460 TPHKSVC - ok
15:44:24.0096 4460 TPM (dbcc20c02e8a3e43b03c304a4e40a84f) C:\Windows\system32\drivers\tpm.sys
15:44:24.0103 4460 TPM - ok
15:44:24.0144 4460 TPPWRIF (7165b5a9b4867f64a6d6935f57d4196b) C:\Windows\system32\drivers\Tppwr64v.sys
15:44:24.0152 4460 TPPWRIF - ok
15:44:24.0169 4460 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
15:44:24.0179 4460 TrkWks - ok
15:44:24.0245 4460 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
15:44:24.0254 4460 TrustedInstaller - ok
15:44:24.0280 4460 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:44:24.0288 4460 tssecsrv - ok
15:44:24.0313 4460 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
15:44:24.0320 4460 TsUsbFlt - ok
15:44:24.0323 4460 tsusbhub - ok
15:44:24.0367 4460 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
15:44:24.0370 4460 tunnel - ok
15:44:24.0400 4460 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
15:44:24.0408 4460 uagp35 - ok
15:44:24.0459 4460 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
15:44:24.0472 4460 udfs - ok
15:44:24.0496 4460 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
15:44:24.0504 4460 UI0Detect - ok
15:44:24.0537 4460 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
15:44:24.0545 4460 uliagpkx - ok
15:44:24.0566 4460 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
15:44:24.0574 4460 umbus - ok
15:44:24.0591 4460 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
15:44:24.0597 4460 UmPass - ok
15:44:24.0637 4460 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
15:44:24.0649 4460 UmRdpService - ok
15:44:24.0738 4460 UMVPFSrv (8b802b483cbde06f62dbc04dc7afaf8e) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
15:44:24.0764 4460 UMVPFSrv - ok
15:44:24.0798 4460 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
15:44:24.0811 4460 upnphost - ok
15:44:24.0848 4460 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
15:44:24.0857 4460 usbaudio - ok
15:44:24.0891 4460 usbccgp (6cc0985c3bb5931f73ff0846e06a9483) C:\Windows\system32\DRIVERS\usbccgp.sys
15:44:24.0899 4460 usbccgp - ok
15:44:24.0938 4460 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
15:44:24.0946 4460 usbcir - ok
15:44:24.0966 4460 usbehci (6b3d5e6a9da786ec755b00bc180c700b) C:\Windows\system32\DRIVERS\usbehci.sys
15:44:24.0968 4460 usbehci - ok
15:44:25.0026 4460 usbhub (94abe9da48e466bbe84c73e0c6652ed1) C:\Windows\system32\DRIVERS\usbhub.sys
15:44:25.0031 4460 usbhub - ok
15:44:25.0060 4460 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
15:44:25.0067 4460 usbohci - ok
15:44:25.0098 4460 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
15:44:25.0105 4460 usbprint - ok
15:44:25.0124 4460 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
15:44:25.0131 4460 usbscan - ok
15:44:25.0151 4460 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:44:25.0159 4460 USBSTOR - ok
15:44:25.0191 4460 usbuhci (1529632fc96032d337b298f8a285d640) C:\Windows\system32\DRIVERS\usbuhci.sys
15:44:25.0193 4460 usbuhci - ok
15:44:25.0222 4460 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
15:44:25.0232 4460 usbvideo - ok
15:44:25.0261 4460 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
15:44:25.0270 4460 UxSms - ok
15:44:25.0301 4460 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:44:25.0302 4460 VaultSvc - ok
15:44:25.0322 4460 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
15:44:25.0323 4460 vdrvroot - ok
15:44:25.0373 4460 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
15:44:25.0390 4460 vds - ok
15:44:25.0412 4460 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
15:44:25.0419 4460 vga - ok
15:44:25.0437 4460 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
15:44:25.0444 4460 VgaSave - ok
15:44:25.0457 4460 VGPU - ok
15:44:25.0484 4460 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
15:44:25.0496 4460 vhdmp - ok
15:44:25.0508 4460 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
15:44:25.0515 4460 viaide - ok
15:44:25.0543 4460 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
15:44:25.0546 4460 vmbus - ok
15:44:25.0558 4460 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
15:44:25.0565 4460 VMBusHID - ok
15:44:25.0582 4460 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
15:44:25.0584 4460 volmgr - ok
15:44:25.0625 4460 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
15:44:25.0630 4460 volmgrx - ok
15:44:25.0662 4460 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
15:44:25.0667 4460 volsnap - ok
15:44:25.0711 4460 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
15:44:25.0722 4460 vsmraid - ok
15:44:25.0848 4460 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
15:44:25.0879 4460 VSS - ok
15:44:25.0975 4460 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
15:44:25.0981 4460 vwifibus - ok
15:44:26.0005 4460 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
15:44:26.0013 4460 vwififlt - ok
15:44:26.0041 4460 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
15:44:26.0050 4460 vwifimp - ok
15:44:26.0099 4460 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
15:44:26.0156 4460 W32Time - ok
15:44:26.0172 4460 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
15:44:26.0214 4460 WacomPen - ok
15:44:26.0264 4460 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:44:26.0301 4460 WANARP - ok
15:44:26.0318 4460 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:44:26.0319 4460 Wanarpv6 - ok
15:44:26.0449 4460 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
15:44:26.0487 4460 WatAdminSvc - ok
15:44:26.0606 4460 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
15:44:26.0636 4460 wbengine - ok
15:44:26.0757 4460 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
15:44:26.0769 4460 WbioSrvc - ok
15:44:26.0814 4460 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
15:44:26.0828 4460 wcncsvc - ok
15:44:26.0845 4460 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
15:44:26.0853 4460 WcsPlugInService - ok
15:44:26.0885 4460 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
15:44:26.0892 4460 Wd - ok
15:44:26.0951 4460 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
15:44:26.0960 4460 Wdf01000 - ok
15:44:26.0975 4460 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
15:44:26.0985 4460 WdiServiceHost - ok
15:44:26.0988 4460 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
15:44:26.0990 4460 WdiSystemHost - ok
15:44:27.0033 4460 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
15:44:27.0052 4460 WebClient - ok
15:44:27.0077 4460 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
15:44:27.0090 4460 Wecsvc - ok
15:44:27.0104 4460 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
15:44:27.0113 4460 wercplsupport - ok
15:44:27.0130 4460 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
15:44:27.0139 4460 WerSvc - ok
15:44:27.0178 4460 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
15:44:27.0184 4460 WfpLwf - ok
15:44:27.0196 4460 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
15:44:27.0203 4460 WIMMount - ok
15:44:27.0280 4460 winachsf (057b062cf9a11e04db45b8c3afc28b11) C:\Windows\system32\DRIVERS\CAX_CNXT.sys
15:44:27.0299 4460 winachsf - ok
15:44:27.0353 4460 WinDefend - ok
15:44:27.0358 4460 WinHttpAutoProxySvc - ok
15:44:27.0416 4460 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
15:44:27.0428 4460 Winmgmt - ok
15:44:27.0585 4460 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
15:44:27.0622 4460 WinRM - ok
15:44:27.0755 4460 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUSB.sys
15:44:27.0762 4460 WinUsb - ok
15:44:27.0846 4460 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
15:44:27.0867 4460 Wlansvc - ok
15:44:28.0096 4460 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:44:28.0114 4460 wlidsvc - ok
15:44:28.0158 4460 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
15:44:28.0159 4460 WmiAcpi - ok
15:44:28.0221 4460 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
15:44:28.0254 4460 wmiApSrv - ok
15:44:28.0290 4460 WMPNetworkSvc - ok
15:44:28.0297 4460 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
15:44:28.0305 4460 WPCSvc - ok
15:44:28.0339 4460 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
15:44:28.0378 4460 WPDBusEnum - ok
15:44:28.0406 4460 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
15:44:28.0407 4460 ws2ifsl - ok
15:44:28.0445 4460 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
15:44:28.0455 4460 wscsvc - ok
15:44:28.0502 4460 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys
15:44:28.0509 4460 WSDPrintDevice - ok
15:44:28.0512 4460 WSearch - ok
15:44:28.0688 4460 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
15:44:28.0784 4460 wuauserv - ok
15:44:28.0899 4460 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
15:44:28.0908 4460 WudfPf - ok
15:44:28.0926 4460 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:44:28.0930 4460 WUDFRd - ok
15:44:28.0957 4460 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
15:44:28.0966 4460 wudfsvc - ok
15:44:28.0999 4460 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
15:44:29.0012 4460 WwanSvc - ok
15:44:29.0034 4460 XAudio (638c99d993afab0e1fab226e2bbe6d79) C:\Windows\system32\DRIVERS\xaudio64.sys
15:44:29.0041 4460 XAudio - ok
15:44:29.0096 4460 XAudioService (3e775f0bd28ddeff53d78578b97a3cff) C:\Windows\system32\DRIVERS\xaudio64.exe
15:44:29.0105 4460 XAudioService - ok
15:44:29.0148 4460 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
15:44:29.0402 4460 \Device\Harddisk0\DR0 - ok
15:44:29.0405 4460 Boot (0x1200) (37a02b25f84e5b2b7a2ae9218f5b0540) \Device\Harddisk0\DR0\Partition0
15:44:29.0406 4460 \Device\Harddisk0\DR0\Partition0 - ok
15:44:29.0406 4460 ============================================================
15:44:29.0406 4460 Scan finished
15:44:29.0406 4460 ============================================================
15:44:29.0414 5680 Detected object count: 0
15:44:29.0414 5680 Actual detected object count: 0

-----------------

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-12 16:31:46
-----------------------------
16:31:46.656 OS Version: Windows x64 6.1.7601 Service Pack 1
16:31:46.656 Number of processors: 2 586 0x1706
16:31:46.671 ComputerName: IGORFEINSTEIN UserName:
16:31:47.467 Initialize success
16:31:51.195 AVAST engine defs: 12061200
16:31:56.546 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
16:31:56.546 Disk 0 Vendor: HITACHI_ DCDZ Size: 152627MB BusType: 3
16:31:56.562 Disk 0 MBR read successfully
16:31:56.577 Disk 0 MBR scan
16:31:56.577 Disk 0 Windows 7 default MBR code
16:31:56.577 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 6670 MB offset 2048
16:31:56.593 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 145955 MB offset 13662208
16:31:56.609 Disk 0 scanning C:\Windows\system32\drivers
16:32:07.357 Service scanning
16:32:31.041 Modules scanning
16:32:31.041 Disk 0 trace - called modules:
16:32:31.072 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
16:32:31.072 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800579d5d0]
16:32:31.571 3 CLASSPNP.SYS[fffff8800185143f] -> nt!IofCallDriver -> [0xfffffa800472ea10]
16:32:31.571 5 ACPI.sys[fffff88000f7f7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0xfffffa800472f050]
16:32:32.414 AVAST engine scan C:\Windows
16:32:34.738 AVAST engine scan C:\Windows\system32
16:35:12.239 AVAST engine scan C:\Windows\system32\drivers
16:35:23.487 AVAST engine scan C:\Users\Igor Feinstein
16:41:33.662 AVAST engine scan C:\ProgramData
16:42:15.940 Scan finished successfully
17:16:10.340 Disk 0 MBR has been saved successfully to "C:\Users\Igor Feinstein\Desktop\MBR.dat"
17:16:10.340 The log file has been saved successfully to "C:\Users\Igor Feinstein\Desktop\aswMBR.txt"

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:30 AM

Posted 12 June 2012 - 09:15 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 IManCool

IManCool
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:30 AM

Posted 12 June 2012 - 10:13 PM

Hi Gringo,

I ran the script but I'm STILL getting redirected once in a while. Ugh! Any ideas?

----------

ComboFix 12-06-12.03 - Igor Feinstein 06/12/2012 23:03:48.3.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4094.2262 [GMT -4:00]
Running from: c:\users\Igor Feinstein\Desktop\ComboFix.exe
Command switches used :: c:\users\Igor Feinstein\Desktop\CFScript.txt
AV: Symantec Endpoint Protection *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Symantec Endpoint Protection *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-05-13 to 2012-06-13 )))))))))))))))))))))))))))))))
.
.
2012-06-13 03:08 . 2012-06-13 03:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-13 01:00 . 2012-05-15 05:41 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{46EE5AA7-81D9-493E-BF9A-A3CB2B40C1C5}\mpengine.dll
2012-06-12 20:23 . 2012-06-12 20:23 -------- d-----w- c:\users\Igor Feinstein\AppData\Local\Lenovo
2012-06-12 20:06 . 2012-02-29 19:15 41024 ----a-w- c:\windows\system32\tpinspm.dll
2012-06-12 20:06 . 2012-02-29 19:15 48704 ----a-w- c:\windows\system32\ibmpmsvc.exe
2012-06-12 20:06 . 2012-02-29 19:14 42312 ----a-w- c:\windows\system32\drivers\ibmpmdrv.sys
2012-06-11 03:19 . 2012-06-11 03:19 388096 ----a-r- c:\users\Igor Feinstein\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-06-11 03:19 . 2012-06-11 03:19 -------- d-----w- c:\program files (x86)\Trend Micro
2012-06-08 16:44 . 2012-06-08 16:44 -------- d-----w- c:\program files\PhotomatixPro4
2012-06-08 16:44 . 2012-06-08 16:44 -------- d-----w- c:\users\Igor Feinstein\AppData\Roaming\HDRsoft
2012-06-06 00:53 . 2012-06-06 00:53 -------- d-----w- c:\users\Igor Feinstein\AppData\Roaming\Canon
2012-06-06 00:47 . 2012-06-06 00:47 -------- d-----w- c:\users\Igor Feinstein\AppData\Local\CANON_INC
2012-06-06 00:19 . 2012-06-06 00:19 -------- d-----w- c:\programdata\ZoomBrowser
2012-06-06 00:18 . 2012-06-06 00:19 -------- d-----w- c:\program files (x86)\Canon
2012-06-06 00:16 . 2012-06-06 00:16 -------- d-----w- c:\program files (x86)\Common Files\Canon
2012-05-23 01:04 . 2012-05-23 01:04 163048 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-10 23:07 . 2012-04-01 18:18 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-10 23:07 . 2011-06-05 03:22 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-26 14:17 . 2011-06-05 23:25 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-04-19 00:56 . 2012-04-19 00:56 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2012-04-19 00:56 . 2012-04-19 00:56 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2012-04-04 19:56 . 2011-11-19 00:50 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-02 01:51 . 2011-03-28 22:36 19352 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-03-31 06:05 . 2012-05-10 14:43 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-31 04:39 . 2012-05-10 14:43 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-31 04:39 . 2012-05-10 14:43 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-31 03:10 . 2012-05-10 14:43 3146240 ----a-w- c:\windows\system32\win32k.sys
2012-03-30 11:35 . 2012-05-10 14:42 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-03-17 07:58 . 2012-05-10 14:42 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-03-15 10:07 . 2011-06-04 23:11 2693696 ------w- c:\windows\PWMBTHLV.EXE
2012-03-15 10:07 . 2011-06-04 23:11 29512 ----a-w- c:\windows\system32\drivers\DZHDD64.SYS
2012-03-15 10:07 . 2011-06-04 23:11 2806336 ----a-w- c:\windows\system32\PWMCP64V.cpl
2012-03-15 10:07 . 2011-06-04 23:11 19784 ----a-w- c:\windows\system32\drivers\TPPWR64V.SYS
.
.
((((((((((((((((((((((((((((( SnapShot@2012-06-12_19.01.30 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:54 . 2012-06-13 00:46 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-06-11 23:26 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-06-11 23:26 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-13 00:46 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-06-11 23:26 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-13 00:46 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-06-04 19:49 . 2012-06-12 20:24 40392 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-06-12 20:24 39634 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-06-04 19:13 . 2012-06-12 20:24 17906 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1986358900-745509992-569623703-1001_UserData.bin
+ 2009-07-14 05:30 . 2012-06-12 20:07 86016 c:\windows\system32\DriverStore\infpub.dat
- 2009-07-14 05:30 . 2012-05-10 23:11 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2012-06-12 20:06 . 2012-02-29 19:15 41024 c:\windows\system32\DriverStore\FileRepository\ibmpmdrv.inf_amd64_neutral_c2ce95c7e945a6e4\x64\tpinspm.dll
+ 2012-06-12 20:06 . 2012-02-29 19:15 48704 c:\windows\system32\DriverStore\FileRepository\ibmpmdrv.inf_amd64_neutral_c2ce95c7e945a6e4\x64\ibmpmsvc.exe
+ 2012-06-12 20:06 . 2012-02-29 19:14 42312 c:\windows\system32\DriverStore\FileRepository\ibmpmdrv.inf_amd64_neutral_c2ce95c7e945a6e4\x64\ibmpmdrv.sys
+ 2009-07-14 04:46 . 2012-06-13 00:57 88736 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2012-06-12 20:18 . 2012-06-12 20:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-06-11 05:46 . 2012-06-11 05:46 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-12 20:18 . 2012-06-12 20:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-06-11 05:46 . 2012-06-11 05:46 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-06-04 22:40 . 2012-06-13 00:46 322282 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 02:36 . 2012-06-11 05:51 627316 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-06-12 21:32 627316 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-06-11 05:51 107600 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-06-12 21:32 107600 c:\windows\system32\perfc009.dat
- 2009-07-14 05:30 . 2012-05-10 23:11 143360 c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2012-06-12 20:07 143360 c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2012-06-12 20:07 143360 c:\windows\system32\DriverStore\infstor.dat
- 2009-07-14 05:30 . 2012-05-10 23:11 143360 c:\windows\system32\DriverStore\infstor.dat
- 2009-07-14 05:01 . 2012-06-11 05:44 326180 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-06-12 20:17 326180 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-01-17 17:43 . 2012-01-17 17:43 830464 c:\windows\Installer\11b482.msi
+ 2012-01-17 17:43 . 2012-01-17 17:43 806912 c:\windows\Installer\11b46d.msi
+ 2008-08-08 18:11 . 2008-08-08 18:11 232960 c:\windows\Installer\11b455.msi
+ 2012-06-12 20:08 . 2012-06-12 20:08 954880 c:\windows\assembly\NativeImages_v2.0.50727_32\PWMUICtl\85f2b378d0a30b03c65890cf39867ee6\PWMUICtl.ni.dll
+ 2012-06-12 20:08 . 2012-06-12 20:08 158720 c:\windows\assembly\NativeImages_v2.0.50727_32\PWMUIAux\c2dcee14ba54d20625dddfe2f01a050c\PWMUIAux.ni.exe
+ 2012-06-12 20:08 . 2012-06-12 20:08 947712 c:\windows\assembly\NativeImages_v2.0.50727_32\PWMUI\7c7b7c6179308277a38b0c91488d6a0e\PWMUI.ni.exe
- 2009-07-14 04:45 . 2012-06-10 21:03 6019631 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-07-14 04:45 . 2012-06-12 20:22 6019631 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2009-05-18 1314816]
"PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2012-03-15 5935680]
"ccApp"="c:\program files (x86)\Common Files\Symantec Shared\ccApp.exe" [2011-01-03 115560]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
.
c:\users\Igor Feinstein\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-04 136176]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2011-07-12 101736]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-15 158856]
R3 %S_ServiceName%;%S_ServiceName%;c:\windows\system32\Drivers\usgh_x64.sys [x]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
R3 CompFilter64;UVCCompositeFilter;c:\windows\system32\DRIVERS\lvbflt64.sys [x]
R3 DozeSvc;Lenovo Doze Mode Service;c:\program files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2012-03-15 320576]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-04 136176]
R3 HP8107Fltr;HP-HP8107;c:\windows\system32\DRIVERS\HP8107.sys [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
R3 LVUVC64;Logitech HD Pro Webcam C910(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-02 129976]
R3 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE [2012-03-15 165440]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
S0 DzHDD64;DzHDD64;c:\windows\System32\DRIVERS\DzHDD64.sys [x]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys [x]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 aksdf;aksdf;c:\windows\system32\DRIVERS\aksdf.sys [x]
S2 hshld;Hotspot Shield Service;c:\program files (x86)\Hotspot Shield\bin\openvpnas.exe [2012-01-06 331608]
S2 HssWd;Hotspot Shield Monitoring Service;c:\program files (x86)\Hotspot Shield\bin\hsswd.exe [2012-01-04 329544]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-08-25 13672]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2011-07-12 133992]
S2 smihlp;SMI Helper Driver (smihlp);c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [2009-03-13 13840]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [2011-07-12 145256]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2011-07-12 142696]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-04-01 428640]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [x]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-06-05 138912]
S3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2012-03-15 1662528]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - aswMBR
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-06 20:19]
.
2012-06-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-06 20:19]
.
2012-06-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1986358900-745509992-569623703-1001Core.job
- c:\users\Igor Feinstein\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-04 20:19]
.
2012-06-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1986358900-745509992-569623703-1001UA.job
- c:\users\Igor Feinstein\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-04 20:19]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PSQLLauncher"="c:\program files\ThinkVantage Fingerprint Software\launcher.exe" [2010-07-21 85328]
"TpShocks"="TpShocks.exe" [2011-03-29 380776]
"nwiz"="nwiz.exe" [2009-08-27 1712672]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-09-05 16336488]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-12-03 248320]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Download with Mipony - file://c:\program files (x86)\MiPony\Browser\IEContext.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 167.206.254.2 167.206.254.1
TCP: Interfaces\{8E45E9B5-F8E6-42D9-B050-476C104A3A05}: NameServer = 10.1.32.1
FF - ProfilePath - c:\users\Igor Feinstein\AppData\Roaming\Mozilla\Firefox\Profiles\dtbnh4a3.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: network.proxy.type - 0
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-06-12 23:10:14
ComboFix-quarantined-files.txt 2012-06-13 03:10
ComboFix2.txt 2012-06-12 19:02
ComboFix3.txt 2012-06-11 05:40
.
Pre-Run: 80,448,221,184 bytes free
Post-Run: 80,447,586,304 bytes free
.
- - End Of File - - BDCE56427D2E778C769BB451DBD6098F

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:30 AM

Posted 12 June 2012 - 10:15 PM

In which browser is this happening in - check all that are installed


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 IManCool

IManCool
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:30 AM

Posted 12 June 2012 - 10:22 PM

It is happening in Firefox and Chrome but IE seems to be OK (ironically enough)!

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:30 AM

Posted 12 June 2012 - 10:34 PM

Greetings


I want you to uninstall firefox and chrome - if asked about user data or settings then remove that also (bookmarks may be backed up)

restart the computer and reinstall them and check them out



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 IManCool

IManCool
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:30 AM

Posted 13 June 2012 - 03:47 PM

Hi Gringo,

That seems to have fixed it- I don't seem to be getting any more redirects in either browser. Is there anything else I should do?

Thanks!

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:30 AM

Posted 13 June 2012 - 08:33 PM

Hello

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 IManCool

IManCool
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:30 AM

Posted 13 June 2012 - 08:35 PM

Update for Microsoft Office 2007 (KB2508958)
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player 11 ActiveX
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Reader X (10.1.3)
Adobe Shockwave Player 11.5
Adobe Stock Photos 1.0
Apple Application Support
Apple Software Update
Avisoft-SASLab Pro + RECORDER
CANON iMAGE GATEWAY MyCamera Download Plugin
CANON iMAGE GATEWAY Task for ZoomBrowser EX
Canon MOV Decoder
Canon MOV Encoder
Canon MovieEdit Task for ZoomBrowser EX
Canon Utilities Digital Photo Professional 3.10
Canon Utilities EOS Sample Music
Canon Utilities EOS Utility
Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX
Canon Utilities Movie Uploader for YouTube
Canon Utilities PhotoStitch
Canon Utilities Picture Style Editor
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
Canvas 11.1
Captcha.trader Mipony Plugin 1.0
ChromGraph USB V2.51 for 2000, XP,Vista
Combined Community Codec Pack 2010-10-10
D3DX10
DAEMON Tools Lite
Debut Video Capture Software
DivX Setup
EndNote X5
FrostWire 4.21.8
FrostWire 5.3.5
Google Chrome
Google Talk Plugin
Google Update Helper
HiJackThis
Hotspot Shield 2.24
Integrated Camera
Java Auto Updater
Java™ 6 Update 31
Juniper Networks Setup Client
K-Lite Mega Codec Pack 7.1.9
Lenovo Patch Utility
LiveUpdate 3.3 (Symantec Corporation)
Logitech Webcam Software
LWS Webcam Software
Malwarebytes Anti-Malware version 1.61.0.1400
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Save as PDF Add-in for 2007 Microsoft Office programs
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
MiPony 1.6.4
Mozilla Firefox 12.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
Parrot Software Update Tool
Power Manager
Prism Video File Converter
QuickTime
ResearchSoft Direct Export Helper
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Skype™ 5.8
SoundMAX
System Update
ThinkPad UltraNav Utility
TurboTax 2011
TurboTax 2011 wctiper
TurboTax 2011 WinPerFedFormset
TurboTax 2011 WinPerReleaseEngine
TurboTax 2011 WinPerTaxSupport
TurboTax 2011 wnyiper
TurboTax 2011 wrapper
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2598290) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VC80CRTRedist - 8.0.50727.4053
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Media Player Firefox Plugin
WinZip 11.2
Yahoo! Messenger

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:30 AM

Posted 13 June 2012 - 08:38 PM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

FrostWire 4.21.8
FrostWire 5.3.5
Java™ 6 Update 31
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.



Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:30 AM

Posted 15 June 2012 - 11:37 PM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users