Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

infected with a Google redirect virus


  • Please log in to reply
11 replies to this topic

#1 fiorano

fiorano

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:22 PM

Posted 09 July 2012 - 04:14 AM

My computer appears to be infected with a redirect virus. When I type searches into Google, oftentimes the first search result (but sometimes the second or other) redirects to an advertisement page such as Budgetmatch.com. If I go back to the search results page and click on the same link again, only then am I able to access the page I originally searched for. This happens in both Firefox and Chrome.

I've tried Spybot Search & Destroy, MalwareBytes, TDSSkiller, FixTDSS but none of them have found anything and I don't know what I should do next. THanks in advance!


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7601.17514
Run by Brenda at 3:26:28 on 2012-07-09
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2814.1530 [GMT -4:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spy Sweeper *Disabled/Updated* {E840FC75-2A0B-9A7C-D915-4D1380A5C223}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe
C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Lenovo\Access Connections\AcSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\System32\TpShocks.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\rundll32.exe
C:\Program Files\Raxco\PerfectDisk\PDAgentS1.exe
C:\Program Files\Lenovo\Access Connections\SvcGuiHlpr.exe
C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\CustoPackTools\utils\RocketDock\RocketDock.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Users\Brenda\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Rainmeter\Rainmeter.exe
C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\DllHost.exe
C:\Users\Brenda\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Brenda\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Brenda\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Brenda\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Brenda\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Brenda\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Brenda\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Brenda\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Users\Brenda\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Brenda\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\Brenda\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
C:\Program Files\Webroot\WebrootSecurity\SSU.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\sppsvc.exe
c:\Program Files\Lenovo\System Update\SUService.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\SearchProtocolHost.exe
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://lenovo.msn.com
uDefault_Page_URL = hxxp://lenovo.msn.com
uInternet Settings,ProxyServer = 62.88.139.12:80
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\mif5ba~1\office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\mif5ba~1\office14\URLREDIR.DLL
BHO: IePasswordManagerHelper Class: {bf468356-bb7e-42d7-9f15-4f3b9bcfced2} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [RocketDock] "c:\program files\custopacktools\utils\rocketdock\RocketDock.exe"
uRun: [AdobeBridge]
uRun: [ctfmon.exe] "c:\windows\system32\ctfmon.exe"
uRun: [SpybotSD TeaTimer] "c:\program files\spybot - search & destroy\TeaTimer.exe"
uRun: [Google Update] "c:\users\brenda\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Spotify Web Helper] "c:\users\brenda\appdata\roaming\spotify\data\SpotifyWebHelper.exe"
mRun: [<NO NAME>]
mRun: [TpShocks] "TpShocks.exe"
mRun: [TPHOTKEY] "c:\program files\lenovo\hotkey\TPOSDSVC.exe"
mRun: [cAudioFilterAgent] "c:\program files\conexant\caudiofilteragent\cAudioFilterAgent.exe"
mRun: [SmartAudio] "c:\program files\conexant\saii\SAIICpl.exe" /t
mRun: [PWMTRV] "rundll32" c:\progra~1\thinkpad\utilit~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
mRun: [LENOVO.TPKNRRES] "c:\program files\lenovo\communications utility\TPKNRRES.exe"
mRun: [AcWin7Hlpr] "c:\program files\lenovo\access connections\AcTBenabler.exe"
mRun: [cssauth] "c:\program files\lenovo\client security solution\cssauth.exe" silent
mRun: [SynTPEnh] "%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe"
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [Launch Backup Service Once] "c:\program files\lenovo\rescue and recovery\rrstrigger.exe" -start
mRun: [IgfxTray] "c:\windows\system32\igfxtray.exe"
mRun: [HotKeysCmds] "c:\windows\system32\hkcmd.exe"
mRun: [Persistence] "c:\windows\system32\igfxpers.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [Logitech Download Assistant] "c:\windows\system32\rundll32.exe" c:\windows\system32\LogiLDA.dll,LogiFetch
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [SpySweeper] "c:\program files\webroot\webrootsecurity\SpySweeperUI.exe" /startintray
StartupFolder: c:\users\brenda\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office14\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\rainme~1.lnk - c:\program files\rainmeter\Rainmeter.exe
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\mif5ba~1\office14\ONBttnIE.dll/105
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
IE: {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{00FDE8F0-513D-4DA5-A68D-F91030303467} : DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{00FDE8F0-513D-4DA5-A68D-F91030303467}\6427565602341666560234F634F60275962756C6563737 : DhcpNameServer = 101.238.239.1
TCP: Interfaces\{00FDE8F0-513D-4DA5-A68D-F91030303467}\84F6C6964616970294E6E602D2023456E6472716C60247F67756270223F56333 : DhcpNameServer = 208.71.233.82 208.71.233.83
TCP: Interfaces\{6CBE207C-62FC-4D9D-BFE0-F8975F2DD6C5} : DhcpNameServer = 140.142.17.18 140.142.15.27
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\mif5ba~1\office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\brenda\appdata\roaming\mozilla\firefox\profiles\a3wlwtuw.default\
FF - prefs.js: network.proxy.http_port - 808
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: c:\progra~1\mif5ba~1\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\mif5ba~1\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\common files\ptc\np6_pvapplite9.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\brenda\appdata\local\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\users\brenda\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\brenda\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\users\brenda\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_257.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-3-20 171064]
R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2011-3-22 29832]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2009-10-9 20520]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2010-4-23 13480]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-7-26 172032]
R2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\lenovo\communications utility\CamMute.exe [2010-7-26 50536]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\lenovo\hotkey\micmute.exe [2010-4-23 45496]
R2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\lenovo\communications utility\TPKNRSVC.exe [2010-7-26 74088]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-7-1 654408]
R2 TPHKSVC;On Screen Display;c:\program files\lenovo\hotkey\TPHKSVC.exe [2010-4-23 63928]
R2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\western digital\wd drive manager\WDBtnMgrSvc.exe [2008-2-19 106496]
R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files\webroot\webrootsecurity\SpySweeper.exe [2011-3-22 4048256]
R2 WRConsumerService;Webroot Client Service;c:\program files\webroot\webrootsecurity\WRConsumerService.exe [2011-5-9 1201656]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-5-22 22344]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2010-7-26 175104]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-7-26 204288]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\drivers\rtl8192se.sys [2010-7-26 862208]
R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [2010-7-26 27320]
R3 usbsmi;Integrated Camera;c:\windows\system32\drivers\SMIksdrv.sys [2010-7-26 181120]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2012-1-9 1153368]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-27 257224]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-10 113120]
S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-3-20 74112]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-3-26 214952]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-10 4640000]
S3 Power Manager DBC Service;Power Manager DBC Service;c:\program files\thinkpad\utilities\PWMDBSVC.exe [2010-7-26 75112]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-6 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-1-9 1343400]
SUnknown eumbqgeq;eumbqgeq; [x]
SUnknown sllrpjdr;sllrpjdr; [x]
.
=============== Created Last 30 ================
.
2012-07-09 06:49:03 713784 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{3720f328-bde5-41dd-9138-69475be8be4e}\gapaengine.dll
2012-07-09 06:48:17 6762896 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{01c524a0-b301-4ddf-971b-150ceee4ffc6}\mpengine.dll
2012-07-09 06:44:23 -------- d-----w- c:\program files\Microsoft Security Client
2012-07-09 04:56:39 -------- d-----w- c:\windows\system32\appmgmt
2012-07-09 04:39:08 -------- d-----w- c:\program files\PC Tools
2012-07-09 04:32:36 203088 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2012-07-09 04:32:36 -------- d-----w- c:\program files\common files\PC Tools
2012-07-09 04:31:56 -------- d-----w- c:\programdata\PC Tools
2012-07-09 04:31:53 -------- d-----w- c:\users\brenda\appdata\roaming\TestApp
2012-07-09 03:47:48 -------- d-----w- c:\program files\CCleaner
2012-07-08 06:31:55 -------- d-----w- c:\users\brenda\appdata\local\{2CF4CBE9-344D-46E8-919D-9912E92397BC}
2012-07-08 06:31:37 -------- d-----w- c:\users\brenda\appdata\local\{2ADEEDB3-FD3E-4638-85F6-3ACA746B3C11}
2012-07-02 20:24:44 -------- d-----w- c:\users\brenda\appdata\local\{1FE565AA-64BF-4329-A0B7-FD930457039A}
2012-07-02 20:24:25 -------- d-----w- c:\users\brenda\appdata\local\{6961FEDE-4BAD-4CBD-9287-3868D1483F4A}
2012-06-30 00:28:46 -------- d-----w- c:\users\brenda\appdata\local\{D9EA06F8-E28C-40B8-8EAD-12B812896FDD}
2012-06-30 00:28:24 -------- d-----w- c:\users\brenda\appdata\local\{F94E399F-9463-4F04-92F1-41C093FAC009}
2012-06-29 12:28:04 -------- d-----w- c:\users\brenda\appdata\local\{7CB052DC-92DA-4F5A-BBEB-129756CB69D7}
2012-06-29 12:27:40 -------- d-----w- c:\users\brenda\appdata\local\{3E87A39D-7EA7-41B4-A93B-5449E6643A55}
2012-06-29 00:27:19 -------- d-----w- c:\users\brenda\appdata\local\{AB62CE8C-3485-4224-BFF5-20063F880491}
2012-06-29 00:26:54 -------- d-----w- c:\users\brenda\appdata\local\{BC27AC31-E7F7-4A69-9A34-098F7C531C23}
2012-06-28 12:26:32 -------- d-----w- c:\users\brenda\appdata\local\{59DFC9BE-F8A8-4623-A6AE-012F00041BC1}
2012-06-28 12:26:08 -------- d-----w- c:\users\brenda\appdata\local\{70BDB109-E461-483A-8138-15D419CBA502}
2012-06-28 00:25:46 -------- d-----w- c:\users\brenda\appdata\local\{A34CF49F-F96D-4AB3-A3FE-CF27DA152D7D}
2012-06-28 00:25:23 -------- d-----w- c:\users\brenda\appdata\local\{A655725E-A785-4075-B23F-98FD2D4DAB0A}
2012-06-27 12:24:51 -------- d-----w- c:\users\brenda\appdata\local\{1215A484-62E5-41EA-BB3B-622D9655EFCC}
2012-06-27 12:24:12 -------- d-----w- c:\users\brenda\appdata\local\{80A7EA00-F0D2-46B7-A930-79EB71186B81}
2012-06-27 00:23:53 -------- d-----w- c:\users\brenda\appdata\local\{E887EABF-23EF-425F-BD30-DD31A1B26D4A}
2012-06-27 00:23:31 -------- d-----w- c:\users\brenda\appdata\local\{B9C76289-71FD-4376-95AB-D990CA4B9089}
2012-06-26 12:23:11 -------- d-----w- c:\users\brenda\appdata\local\{AC1D5117-8073-433B-95CE-76E69AE944B3}
2012-06-26 12:22:49 -------- d-----w- c:\users\brenda\appdata\local\{C4C8462A-14F1-4E79-80AE-10E7FE0ABD3B}
2012-06-26 10:22:27 -------- d-----w- c:\users\brenda\appdata\local\CMD
2012-06-26 00:22:35 -------- d-----w- c:\users\brenda\appdata\local\{6C329C01-1784-4DA0-A53B-714769E49038}
2012-06-26 00:22:13 -------- d-----w- c:\users\brenda\appdata\local\{8CCF7F08-77D6-4701-BFEA-490DA22DEA6B}
2012-06-25 12:21:53 -------- d-----w- c:\users\brenda\appdata\local\{12DD3AB7-BA06-4D24-AF45-C5F477E5B38E}
2012-06-25 12:21:30 -------- d-----w- c:\users\brenda\appdata\local\{8755F0E8-9546-4654-B16B-5AAA4675F2B5}
2012-06-25 00:21:16 -------- d-----w- c:\users\brenda\appdata\local\{38A2CED0-11D0-4D63-B728-0F1DF833785E}
2012-06-25 00:20:54 -------- d-----w- c:\users\brenda\appdata\local\{5B51F625-91D2-4C6E-904E-CC98DD038FA9}
2012-06-24 12:20:37 -------- d-----w- c:\users\brenda\appdata\local\{9B601E6B-E484-45B0-8A3F-57F248AB14BC}
2012-06-24 12:20:14 -------- d-----w- c:\users\brenda\appdata\local\{97219995-8043-49A8-BA53-A8DED405E975}
2012-06-24 00:19:45 -------- d-----w- c:\users\brenda\appdata\local\{55F70C79-F244-43CE-85DB-79C93D2A3008}
2012-06-24 00:19:29 -------- d-----w- c:\users\brenda\appdata\local\{F2D3DB54-CC6A-4C16-8E29-481742C8E6B0}
2012-06-23 10:58:15 -------- d-----w- c:\users\brenda\appdata\local\{47980D42-E67F-4E21-9A5B-D8B9BA3E6471}
2012-06-23 10:57:44 -------- d-----w- c:\users\brenda\appdata\local\{A1BE309E-24C0-479C-9567-CD9914819D07}
2012-06-22 22:57:31 -------- d-----w- c:\users\brenda\appdata\local\{4188F144-1728-47BA-8F52-5D1063C80A7B}
2012-06-22 22:57:09 -------- d-----w- c:\users\brenda\appdata\local\{2B9152D0-31F8-4F5F-AC6E-E71150CCAEF3}
2012-06-22 10:56:55 -------- d-----w- c:\users\brenda\appdata\local\{D14BD286-B0B5-493E-B681-353EDB7734F4}
2012-06-22 10:56:33 -------- d-----w- c:\users\brenda\appdata\local\{80057299-8C72-4B43-8037-F741C7033D5A}
2012-06-21 22:56:18 -------- d-----w- c:\users\brenda\appdata\local\{C8A17729-7939-491F-B2C7-2248D704927B}
2012-06-21 22:55:55 -------- d-----w- c:\users\brenda\appdata\local\{6F1FFBE7-93C4-4524-8591-EB0E8FB2F831}
2012-06-21 10:55:43 -------- d-----w- c:\users\brenda\appdata\local\{54F6F2AC-50D9-4B07-BB70-2FBAA6D124C5}
2012-06-21 10:55:21 -------- d-----w- c:\users\brenda\appdata\local\{08CC7F37-7827-4274-94FC-F4070EBF963E}
2012-06-20 22:55:08 -------- d-----w- c:\users\brenda\appdata\local\{D03E058A-E36F-4E18-9E5E-01C217C6FD3B}
2012-06-20 22:54:55 -------- d-----w- c:\users\brenda\appdata\local\{78660BA2-5643-4520-8537-FBD79C579AAC}
2012-06-20 07:21:59 -------- d-----w- c:\users\brenda\appdata\local\{314D7071-A819-461B-86D0-68B7C2372981}
2012-06-20 07:21:37 -------- d-----w- c:\users\brenda\appdata\local\{53C6FDE6-060F-4BE8-9E44-E26398749DED}
2012-06-19 19:21:25 -------- d-----w- c:\users\brenda\appdata\local\{529CEC93-B9BC-483D-A86A-F2A72C353B06}
2012-06-19 19:21:03 -------- d-----w- c:\users\brenda\appdata\local\{87A69E2F-E28E-4771-A183-11DD70E7FFE4}
2012-06-19 08:37:53 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-19 08:37:28 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-19 08:36:41 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-19 08:36:41 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-19 07:20:43 -------- d-----w- c:\users\brenda\appdata\local\{B64E0E8C-C80F-4329-A1D6-99BBB9081718}
2012-06-19 07:20:21 -------- d-----w- c:\users\brenda\appdata\local\{703E7977-492C-4185-872F-EC35CAE8EFBC}
2012-06-18 23:27:48 -------- d-----w- c:\users\brenda\appdata\local\Apple Computer
2012-06-18 23:27:28 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-06-18 23:27:28 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2012-06-18 23:26:04 -------- d-----w- c:\program files\iPod
2012-06-18 23:26:02 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2012-06-18 23:26:02 -------- d-----w- c:\program files\iTunes
2012-06-18 23:24:06 -------- d-----w- c:\users\brenda\appdata\local\Apple
2012-06-18 23:22:59 -------- d-----w- c:\program files\Bonjour
2012-06-18 19:19:58 -------- d-----w- c:\users\brenda\appdata\local\{DFF56FA9-09C4-4878-851D-E43E783E5B54}
2012-06-18 07:19:36 -------- d-----w- c:\users\brenda\appdata\local\{34225982-B5F4-41C1-BBB7-27E91F0E5675}
2012-06-17 19:19:13 -------- d-----w- c:\users\brenda\appdata\local\{76992959-0BE0-46D9-8C97-4B70DE84FEDC}
2012-06-17 07:18:51 -------- d-----w- c:\users\brenda\appdata\local\{8404DCD0-FE96-44AD-B855-9C3A75F8BF67}
2012-06-16 19:18:39 -------- d-----w- c:\users\brenda\appdata\local\{0235E0B8-8908-409F-8A59-3EF84008A614}
2012-06-16 05:16:07 -------- d-----w- c:\users\brenda\appdata\local\{45B86C9F-6930-4574-ABFF-73D8ABAC3170}
2012-06-15 01:19:13 -------- d-----w- c:\users\brenda\appdata\local\{AE3D4E04-6905-47B2-9954-54B3C3631D3A}
2012-06-13 17:43:51 2342400 ----a-w- c:\windows\system32\msi.dll
2012-06-13 17:43:49 2343936 ----a-w- c:\windows\system32\win32k.sys
2012-06-13 17:43:48 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-13 17:43:48 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-13 17:43:48 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-13 17:43:46 164352 ----a-w- c:\windows\system32\profsvc.dll
2012-06-13 17:43:38 1158656 ----a-w- c:\windows\system32\crypt32.dll
2012-06-13 17:43:37 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-13 17:43:37 103936 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-12 23:41:05 -------- d-----w- c:\users\brenda\appdata\local\{4C15F6E8-84DE-43A9-BECE-4A2AE9ABB818}
2012-06-12 23:40:42 -------- d-----w- c:\users\brenda\appdata\local\{AB83BF1A-1434-4946-B96C-CE94775BB6B8}
.
==================== Find3M ====================
.
2012-06-12 00:39:16 4126880 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-06-09 02:37:37 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-09 02:37:37 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-15 03:03:54 981504 ----a-w- c:\windows\system32\wininet.dll
2012-04-28 03:17:07 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-20 03:16:44 1638912 ----a-w- c:\windows\system32\mshtml.tlb
.
============= FINISH: 3:27:58.69 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:01:22 AM

Posted 12 July 2012 - 03:40 PM

Hello florano and welcome to Bleeping Computer!

I am D-FRED-BROWN and I will be helping you. :)


Please print or save this topic. It will make it easier for you to follow the instructions and complete all of the necessary steps.


----------Step 1----------------
I know you've already run TDSSKiller before, but please run it one more time so we have an up-to-date idea of what may be remaining on the computer.

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

----------Step 2----------------
Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

***IMPORTANT: save ComboFix to your Desktop***

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please go here to see a list of programs that should be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**

Please include the C:\ComboFix.txt in your next reply for further review.


----------Step 3----------------
Please download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

----------Step 4----------------
In your next reply, please include the following:
  • TDSSKiller's logfile
  • ComboFix's report (C:\ComboFix.txt)
  • Security Check checkup.txt
After that, please let me know: How is your computer running now? Do you have any questions or concerns you'd like me to address? Don't hesitate to ask. :)

#3 fiorano

fiorano
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:22 PM

Posted 14 July 2012 - 04:46 AM

Thank you so much for helping me, D-FRED-BROWN. I have followed all your instructions and posted the logs below. My computer is running well, and so far I've done some random searches on Google on both Chrome and Firefox, and clicked on 4-5 links from each search result and have not been redirected yet. But I'll let you see from my logs how clean my computer is yet. Thanks again!

TDSSkiller log:

03:46:12.0969 2864 TDSS rootkit removing tool 2.7.45.0 Jul 9 2012 12:46:35
03:46:13.0483 2864 ============================================================
03:46:13.0483 2864 Current date / time: 2012/07/14 03:46:13.0483
03:46:13.0483 2864 SystemInfo:
03:46:13.0483 2864
03:46:13.0483 2864 OS Version: 6.1.7601 ServicePack: 1.0
03:46:13.0483 2864 Product type: Workstation
03:46:13.0483 2864 ComputerName: BRENDA-THINK
03:46:13.0483 2864 UserName: Brenda
03:46:13.0483 2864 Windows directory: C:\Windows
03:46:13.0483 2864 System windows directory: C:\Windows
03:46:13.0483 2864 Processor architecture: Intel x86
03:46:13.0483 2864 Number of processors: 2
03:46:13.0483 2864 Page size: 0x1000
03:46:13.0483 2864 Boot type: Normal boot
03:46:13.0483 2864 ============================================================
03:46:16.0120 2864 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
03:46:16.0182 2864 ============================================================
03:46:16.0182 2864 \Device\Harddisk0\DR0:
03:46:16.0182 2864 MBR partitions:
03:46:16.0182 2864 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x258000
03:46:16.0182 2864 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x258800, BlocksNum 0xE25F000
03:46:16.0182 2864 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1BE3D000, BlocksNum 0x1388000
03:46:16.0245 2864 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x172B9800, BlocksNum 0x4B83800
03:46:16.0245 2864 ============================================================
03:46:16.0291 2864 C: <-> \Device\Harddisk0\DR0\Partition1
03:46:16.0369 2864 Q: <-> \Device\Harddisk0\DR0\Partition2
03:46:16.0416 2864 F: <-> \Device\Harddisk0\DR0\Partition3
03:46:16.0494 2864 ============================================================
03:46:16.0494 2864 Initialize success
03:46:16.0494 2864 ============================================================
03:46:21.0065 4892 ============================================================
03:46:21.0065 4892 Scan started
03:46:21.0065 4892 Mode: Manual;
03:46:21.0065 4892 ============================================================
03:46:24.0139 4892 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
03:46:24.0155 4892 1394ohci - ok
03:46:24.0233 4892 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
03:46:24.0248 4892 ACPI - ok
03:46:24.0295 4892 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
03:46:24.0295 4892 AcpiPmi - ok
03:46:26.0089 4892 AcPrfMgrSvc (c8b90210aad4c319916598d0312d8fca) C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe
03:46:26.0105 4892 AcPrfMgrSvc - ok
03:46:26.0167 4892 AcSvc (5c17051bd808f6ff708bc9f2d0445092) C:\Program Files\Lenovo\Access Connections\AcSvc.exe
03:46:26.0183 4892 AcSvc - ok
03:46:26.0308 4892 AdobeFlashPlayerUpdateSvc (f3cd7b20b27d1772c946df993ff3635c) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
03:46:26.0308 4892 AdobeFlashPlayerUpdateSvc - ok
03:46:26.0401 4892 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
03:46:26.0417 4892 adp94xx - ok
03:46:26.0464 4892 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
03:46:26.0479 4892 adpahci - ok
03:46:26.0495 4892 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
03:46:26.0510 4892 adpu320 - ok
03:46:26.0557 4892 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
03:46:26.0573 4892 AeLookupSvc - ok
03:46:26.0651 4892 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
03:46:26.0682 4892 AFD - ok
03:46:26.0729 4892 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
03:46:26.0744 4892 agp440 - ok
03:46:26.0776 4892 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
03:46:26.0807 4892 aic78xx - ok
03:46:26.0854 4892 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
03:46:26.0869 4892 ALG - ok
03:46:26.0885 4892 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
03:46:26.0885 4892 aliide - ok
03:46:26.0947 4892 AMD External Events Utility (cc91047ec4a39a3120af6aed1b3663b4) C:\Windows\system32\atiesrxx.exe
03:46:26.0963 4892 AMD External Events Utility - ok
03:46:27.0025 4892 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
03:46:27.0025 4892 amdagp - ok
03:46:27.0056 4892 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
03:46:27.0056 4892 amdide - ok
03:46:27.0103 4892 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
03:46:27.0103 4892 AmdK8 - ok
03:46:27.0134 4892 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
03:46:27.0150 4892 AmdPPM - ok
03:46:27.0197 4892 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
03:46:27.0212 4892 amdsata - ok
03:46:27.0244 4892 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
03:46:27.0259 4892 amdsbs - ok
03:46:27.0275 4892 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
03:46:27.0275 4892 amdxata - ok
03:46:27.0337 4892 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
03:46:27.0337 4892 AppID - ok
03:46:27.0384 4892 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
03:46:27.0400 4892 AppIDSvc - ok
03:46:27.0446 4892 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
03:46:27.0446 4892 Appinfo - ok
03:46:27.0587 4892 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
03:46:27.0602 4892 Apple Mobile Device - ok
03:46:27.0665 4892 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
03:46:27.0680 4892 AppMgmt - ok
03:46:27.0727 4892 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
03:46:27.0727 4892 arc - ok
03:46:27.0758 4892 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
03:46:27.0758 4892 arcsas - ok
03:46:27.0790 4892 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
03:46:27.0790 4892 AsyncMac - ok
03:46:27.0836 4892 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
03:46:27.0836 4892 atapi - ok
03:46:27.0899 4892 AtiHdmiService (40a07e6916ac098e31a9e39ac202b8a1) C:\Windows\system32\drivers\AtiHdmi.sys
03:46:27.0899 4892 AtiHdmiService - ok
03:46:28.0242 4892 atikmdag (daaf32567f02697a698eaf82e1f04fa6) C:\Windows\system32\DRIVERS\atikmdag.sys
03:46:28.0367 4892 atikmdag - ok
03:46:28.0538 4892 AtiPcie (b73c832088dd54b55e04ff6f9646ad8c) C:\Windows\system32\DRIVERS\AtiPcie.sys
03:46:28.0538 4892 AtiPcie - ok
03:46:28.0616 4892 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
03:46:28.0663 4892 AudioEndpointBuilder - ok
03:46:28.0663 4892 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
03:46:28.0679 4892 Audiosrv - ok
03:46:28.0772 4892 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
03:46:28.0772 4892 AxInstSV - ok
03:46:28.0835 4892 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
03:46:28.0850 4892 b06bdrv - ok
03:46:28.0913 4892 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
03:46:28.0913 4892 b57nd60x - ok
03:46:28.0991 4892 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
03:46:29.0006 4892 BDESVC - ok
03:46:29.0022 4892 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
03:46:29.0022 4892 Beep - ok
03:46:29.0116 4892 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
03:46:29.0131 4892 BFE - ok
03:46:29.0225 4892 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\System32\qmgr.dll
03:46:29.0303 4892 BITS - ok
03:46:29.0334 4892 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
03:46:29.0334 4892 blbdrive - ok
03:46:29.0506 4892 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
03:46:29.0506 4892 Bonjour Service - ok
03:46:29.0568 4892 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
03:46:29.0584 4892 bowser - ok
03:46:29.0599 4892 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
03:46:29.0599 4892 BrFiltLo - ok
03:46:29.0630 4892 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
03:46:29.0630 4892 BrFiltUp - ok
03:46:29.0677 4892 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
03:46:29.0693 4892 Browser - ok
03:46:29.0724 4892 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
03:46:29.0740 4892 Brserid - ok
03:46:29.0786 4892 BrSerIf (1a5fc78e41840edf79d65ec16eff2787) C:\Windows\system32\Drivers\BrSerIf.sys
03:46:29.0802 4892 BrSerIf - ok
03:46:29.0818 4892 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
03:46:29.0833 4892 BrSerWdm - ok
03:46:29.0849 4892 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
03:46:29.0849 4892 BrUsbMdm - ok
03:46:29.0896 4892 BrUsbSer (a24c7b39602218f8dbdb2b6704325fc7) C:\Windows\system32\Drivers\BrUsbSer.sys
03:46:29.0896 4892 BrUsbSer - ok
03:46:29.0974 4892 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\drivers\BthEnum.sys
03:46:29.0974 4892 BthEnum - ok
03:46:30.0005 4892 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
03:46:30.0005 4892 BTHMODEM - ok
03:46:30.0052 4892 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
03:46:30.0067 4892 BthPan - ok
03:46:30.0130 4892 BTHPORT (c2fbf6d271d9a94d839c416bf186ead9) C:\Windows\System32\Drivers\BTHport.sys
03:46:30.0145 4892 BTHPORT - ok
03:46:30.0192 4892 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
03:46:30.0208 4892 bthserv - ok
03:46:30.0239 4892 BTHUSB (c81e9413a25a439f436b1d4b6a0cf9e9) C:\Windows\System32\Drivers\BTHUSB.sys
03:46:30.0239 4892 BTHUSB - ok
03:46:30.0395 4892 btwdins (0e3ee2bc0ec56bfe869fcde3e5806684) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
03:46:30.0410 4892 btwdins - ok
03:46:30.0473 4892 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
03:46:30.0473 4892 cdfs - ok
03:46:30.0551 4892 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
03:46:30.0566 4892 cdrom - ok
03:46:30.0613 4892 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
03:46:30.0613 4892 CertPropSvc - ok
03:46:30.0660 4892 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
03:46:30.0660 4892 circlass - ok
03:46:30.0738 4892 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
03:46:30.0738 4892 CLFS - ok
03:46:30.0816 4892 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
03:46:30.0832 4892 clr_optimization_v2.0.50727_32 - ok
03:46:30.0925 4892 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
03:46:30.0988 4892 clr_optimization_v4.0.30319_32 - ok
03:46:31.0019 4892 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
03:46:31.0019 4892 CmBatt - ok
03:46:31.0066 4892 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
03:46:31.0066 4892 cmdide - ok
03:46:31.0190 4892 CNG (247b4ce2dab1160cd422d532d5241e1f) C:\Windows\system32\Drivers\cng.sys
03:46:31.0206 4892 CNG - ok
03:46:31.0315 4892 CnxtHdAudService (c7ff2f6df3fb4d4a0df899ca744b0c27) C:\Windows\system32\drivers\CHDRT32.sys
03:46:31.0315 4892 CnxtHdAudService - ok
03:46:31.0378 4892 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
03:46:31.0378 4892 Compbatt - ok
03:46:31.0456 4892 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
03:46:31.0456 4892 CompositeBus - ok
03:46:31.0471 4892 COMSysApp - ok
03:46:31.0487 4892 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
03:46:31.0487 4892 crcdisk - ok
03:46:31.0565 4892 CryptSvc (06e771aa596b8761107ab57e99f128d7) C:\Windows\system32\cryptsvc.dll
03:46:31.0565 4892 CryptSvc - ok
03:46:31.0627 4892 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
03:46:31.0643 4892 CSC - ok
03:46:31.0736 4892 CscService (15f93b37f6801943360d9eb42485d5d3) C:\Windows\System32\cscsvc.dll
03:46:31.0752 4892 CscService - ok
03:46:31.0799 4892 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
03:46:31.0814 4892 DcomLaunch - ok
03:46:31.0861 4892 DefragFS (4bb22f61e7257ed353a39130b3ed2461) C:\Windows\system32\drivers\DefragFS.sys
03:46:31.0877 4892 DefragFS - ok
03:46:31.0924 4892 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
03:46:31.0939 4892 defragsvc - ok
03:46:32.0002 4892 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
03:46:32.0002 4892 DfsC - ok
03:46:32.0080 4892 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
03:46:32.0080 4892 Dhcp - ok
03:46:32.0111 4892 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
03:46:32.0111 4892 discache - ok
03:46:32.0158 4892 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
03:46:32.0158 4892 Disk - ok
03:46:32.0204 4892 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
03:46:32.0220 4892 Dnscache - ok
03:46:32.0267 4892 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
03:46:32.0282 4892 dot3svc - ok
03:46:32.0329 4892 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
03:46:32.0345 4892 DPS - ok
03:46:32.0376 4892 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
03:46:32.0376 4892 drmkaud - ok
03:46:32.0470 4892 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
03:46:32.0501 4892 DXGKrnl - ok
03:46:32.0532 4892 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
03:46:32.0532 4892 EapHost - ok
03:46:32.0782 4892 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
03:46:32.0860 4892 ebdrv - ok
03:46:33.0000 4892 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
03:46:33.0000 4892 EFS - ok
03:46:33.0109 4892 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
03:46:33.0140 4892 ehRecvr - ok
03:46:33.0172 4892 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
03:46:33.0172 4892 ehSched - ok
03:46:33.0281 4892 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
03:46:33.0296 4892 elxstor - ok
03:46:33.0343 4892 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
03:46:33.0343 4892 ErrDev - ok
03:46:33.0406 4892 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
03:46:33.0421 4892 EventSystem - ok
03:46:33.0452 4892 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
03:46:33.0468 4892 exfat - ok
03:46:33.0499 4892 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
03:46:33.0515 4892 fastfat - ok
03:46:33.0608 4892 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
03:46:33.0624 4892 Fax - ok
03:46:33.0640 4892 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
03:46:33.0640 4892 fdc - ok
03:46:33.0671 4892 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
03:46:33.0671 4892 fdPHost - ok
03:46:33.0718 4892 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
03:46:33.0718 4892 FDResPub - ok
03:46:33.0764 4892 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
03:46:33.0764 4892 FileInfo - ok
03:46:33.0796 4892 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
03:46:33.0796 4892 Filetrace - ok
03:46:33.0811 4892 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
03:46:33.0827 4892 flpydisk - ok
03:46:33.0858 4892 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
03:46:33.0874 4892 FltMgr - ok
03:46:33.0983 4892 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
03:46:34.0014 4892 FontCache - ok
03:46:34.0092 4892 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
03:46:34.0092 4892 FontCache3.0.0.0 - ok
03:46:34.0123 4892 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
03:46:34.0123 4892 FsDepends - ok
03:46:34.0170 4892 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys
03:46:34.0170 4892 Fs_Rec - ok
03:46:34.0248 4892 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
03:46:34.0248 4892 fvevol - ok
03:46:34.0295 4892 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
03:46:34.0310 4892 gagp30kx - ok
03:46:34.0357 4892 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
03:46:34.0357 4892 GEARAspiWDM - ok
03:46:34.0435 4892 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
03:46:34.0466 4892 gpsvc - ok
03:46:34.0482 4892 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
03:46:34.0482 4892 hcw85cir - ok
03:46:34.0576 4892 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
03:46:34.0607 4892 HdAudAddService - ok
03:46:34.0638 4892 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
03:46:34.0654 4892 HDAudBus - ok
03:46:34.0685 4892 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
03:46:34.0685 4892 HidBatt - ok
03:46:34.0716 4892 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
03:46:34.0716 4892 HidBth - ok
03:46:34.0747 4892 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
03:46:34.0747 4892 HidIr - ok
03:46:34.0778 4892 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\system32\hidserv.dll
03:46:34.0794 4892 hidserv - ok
03:46:34.0856 4892 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
03:46:34.0856 4892 HidUsb - ok
03:46:34.0903 4892 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
03:46:34.0919 4892 hkmsvc - ok
03:46:34.0966 4892 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
03:46:34.0966 4892 HomeGroupListener - ok
03:46:35.0028 4892 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
03:46:35.0044 4892 HomeGroupProvider - ok
03:46:35.0106 4892 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
03:46:35.0106 4892 HpSAMD - ok
03:46:35.0200 4892 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
03:46:35.0215 4892 HTTP - ok
03:46:35.0262 4892 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
03:46:35.0262 4892 hwpolicy - ok
03:46:35.0324 4892 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
03:46:35.0324 4892 i8042prt - ok
03:46:35.0418 4892 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
03:46:35.0434 4892 iaStorV - ok
03:46:35.0465 4892 IBMPMDRV (400d7095d5ae08970f839bcac1843106) C:\Windows\system32\DRIVERS\ibmpmdrv.sys
03:46:35.0465 4892 IBMPMDRV - ok
03:46:35.0496 4892 IBMPMSVC (06af18300c5b511a3d85c3e0b7909c10) C:\Windows\system32\ibmpmsvc.exe
03:46:35.0496 4892 IBMPMSVC - ok
03:46:35.0668 4892 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
03:46:35.0699 4892 idsvc - ok
03:46:36.0042 4892 igfx (9467514ea189475a6e7fdc5d7bde9d3f) C:\Windows\system32\DRIVERS\igdkmd32.sys
03:46:36.0151 4892 igfx - ok
03:46:36.0323 4892 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
03:46:36.0323 4892 iirsp - ok
03:46:36.0432 4892 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
03:46:36.0463 4892 IKEEXT - ok
03:46:36.0510 4892 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
03:46:36.0510 4892 intelide - ok
03:46:36.0541 4892 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
03:46:36.0541 4892 intelppm - ok
03:46:36.0635 4892 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
03:46:36.0650 4892 IPBusEnum - ok
03:46:36.0682 4892 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
03:46:36.0682 4892 IpFilterDriver - ok
03:46:36.0775 4892 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
03:46:36.0791 4892 iphlpsvc - ok
03:46:36.0838 4892 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
03:46:36.0838 4892 IPMIDRV - ok
03:46:36.0869 4892 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
03:46:36.0869 4892 IPNAT - ok
03:46:37.0040 4892 iPod Service (e6be7a41a28d8f2db174957454d32448) C:\Program Files\iPod\bin\iPodService.exe
03:46:37.0072 4892 iPod Service - ok
03:46:37.0118 4892 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
03:46:37.0118 4892 IRENUM - ok
03:46:37.0181 4892 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
03:46:37.0181 4892 isapnp - ok
03:46:37.0243 4892 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
03:46:37.0259 4892 iScsiPrt - ok
03:46:37.0290 4892 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
03:46:37.0290 4892 kbdclass - ok
03:46:37.0337 4892 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys
03:46:37.0337 4892 kbdhid - ok
03:46:37.0368 4892 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
03:46:37.0368 4892 KeyIso - ok
03:46:37.0415 4892 KSecDD (b7895b4182c0d16f6efadeb8081e8d36) C:\Windows\system32\Drivers\ksecdd.sys
03:46:37.0415 4892 KSecDD - ok
03:46:37.0462 4892 KSecPkg (d30159ac9237519fbc62c6ec247d2d46) C:\Windows\system32\Drivers\ksecpkg.sys
03:46:37.0477 4892 KSecPkg - ok
03:46:37.0540 4892 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
03:46:37.0555 4892 KtmRm - ok
03:46:37.0633 4892 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\system32\srvsvc.dll
03:46:37.0649 4892 LanmanServer - ok
03:46:37.0711 4892 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
03:46:37.0727 4892 LanmanWorkstation - ok
03:46:37.0836 4892 LENOVO.CAMMUTE (70481dabd9adab51a6933c5893b82925) C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
03:46:37.0836 4892 LENOVO.CAMMUTE - ok
03:46:37.0914 4892 LENOVO.MICMUTE (c88eb33793420a79f601fb5e33e2edd9) C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
03:46:37.0914 4892 LENOVO.MICMUTE - ok
03:46:37.0930 4892 lenovo.smi (3c3f7f424e324c6971632c5de5ff458f) C:\Windows\system32\DRIVERS\smiif32.sys
03:46:37.0945 4892 lenovo.smi - ok
03:46:37.0961 4892 LENOVO.TPKNRSVC (d0daf6a22037f6dee706a095c647aa41) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
03:46:37.0976 4892 LENOVO.TPKNRSVC - ok
03:46:38.0008 4892 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
03:46:38.0008 4892 lltdio - ok
03:46:38.0070 4892 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
03:46:38.0086 4892 lltdsvc - ok
03:46:38.0101 4892 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
03:46:38.0101 4892 lmhosts - ok
03:46:38.0132 4892 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
03:46:38.0148 4892 LSI_FC - ok
03:46:38.0164 4892 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
03:46:38.0179 4892 LSI_SAS - ok
03:46:38.0195 4892 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
03:46:38.0210 4892 LSI_SAS2 - ok
03:46:38.0226 4892 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
03:46:38.0242 4892 LSI_SCSI - ok
03:46:38.0273 4892 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
03:46:38.0288 4892 luafv - ok
03:46:38.0335 4892 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys
03:46:38.0335 4892 MBAMProtector - ok
03:46:38.0444 4892 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
03:46:38.0460 4892 MBAMService - ok
03:46:38.0507 4892 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
03:46:38.0522 4892 Mcx2Svc - ok
03:46:38.0538 4892 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
03:46:38.0554 4892 megasas - ok
03:46:38.0600 4892 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
03:46:38.0632 4892 MegaSR - ok
03:46:38.0725 4892 Microsoft SharePoint Workspace Audit Service - ok
03:46:38.0788 4892 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
03:46:38.0788 4892 MMCSS - ok
03:46:38.0803 4892 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
03:46:38.0819 4892 Modem - ok
03:46:38.0897 4892 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
03:46:38.0897 4892 monitor - ok
03:46:38.0975 4892 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
03:46:38.0975 4892 mouclass - ok
03:46:39.0022 4892 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
03:46:39.0022 4892 mouhid - ok
03:46:39.0068 4892 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
03:46:39.0068 4892 mountmgr - ok
03:46:39.0193 4892 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
03:46:39.0240 4892 MozillaMaintenance - ok
03:46:39.0318 4892 MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\Windows\system32\DRIVERS\MpFilter.sys
03:46:39.0318 4892 MpFilter - ok
03:46:39.0380 4892 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
03:46:39.0396 4892 mpio - ok
03:46:39.0427 4892 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
03:46:39.0443 4892 mpsdrv - ok
03:46:39.0536 4892 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
03:46:39.0552 4892 MpsSvc - ok
03:46:39.0599 4892 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
03:46:39.0614 4892 MRxDAV - ok
03:46:39.0677 4892 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
03:46:39.0692 4892 mrxsmb - ok
03:46:39.0755 4892 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
03:46:39.0755 4892 mrxsmb10 - ok
03:46:39.0786 4892 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
03:46:39.0802 4892 mrxsmb20 - ok
03:46:39.0848 4892 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
03:46:39.0848 4892 msahci - ok
03:46:39.0911 4892 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
03:46:39.0926 4892 msdsm - ok
03:46:39.0958 4892 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
03:46:39.0973 4892 MSDTC - ok
03:46:40.0020 4892 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
03:46:40.0020 4892 Msfs - ok
03:46:40.0036 4892 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
03:46:40.0036 4892 mshidkmdf - ok
03:46:40.0082 4892 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
03:46:40.0082 4892 msisadrv - ok
03:46:40.0145 4892 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
03:46:40.0160 4892 MSiSCSI - ok
03:46:40.0160 4892 msiserver - ok
03:46:40.0192 4892 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
03:46:40.0207 4892 MSKSSRV - ok
03:46:40.0332 4892 MsMpSvc (24516bf4e12a46cb67302e2cdcb8cddf) c:\Program Files\Microsoft Security Client\MsMpEng.exe
03:46:40.0332 4892 MsMpSvc - ok
03:46:40.0348 4892 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
03:46:40.0348 4892 MSPCLOCK - ok
03:46:40.0363 4892 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
03:46:40.0363 4892 MSPQM - ok
03:46:40.0394 4892 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
03:46:40.0410 4892 MsRPC - ok
03:46:40.0472 4892 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
03:46:40.0472 4892 mssmbios - ok
03:46:40.0488 4892 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
03:46:40.0488 4892 MSTEE - ok
03:46:40.0519 4892 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
03:46:40.0519 4892 MTConfig - ok
03:46:40.0535 4892 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
03:46:40.0550 4892 Mup - ok
03:46:40.0644 4892 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
03:46:40.0660 4892 napagent - ok
03:46:40.0722 4892 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
03:46:40.0738 4892 NativeWifiP - ok
03:46:40.0831 4892 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
03:46:40.0862 4892 NDIS - ok
03:46:40.0878 4892 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
03:46:40.0878 4892 NdisCap - ok
03:46:40.0909 4892 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
03:46:40.0925 4892 NdisTapi - ok
03:46:40.0987 4892 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
03:46:40.0987 4892 Ndisuio - ok
03:46:41.0034 4892 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
03:46:41.0050 4892 NdisWan - ok
03:46:41.0081 4892 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
03:46:41.0081 4892 NDProxy - ok
03:46:41.0096 4892 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
03:46:41.0112 4892 NetBIOS - ok
03:46:41.0159 4892 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
03:46:41.0174 4892 NetBT - ok
03:46:41.0206 4892 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
03:46:41.0206 4892 Netlogon - ok
03:46:41.0268 4892 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
03:46:41.0284 4892 Netman - ok
03:46:41.0330 4892 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
03:46:41.0362 4892 netprofm - ok
03:46:41.0455 4892 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
03:46:41.0471 4892 NetTcpPortSharing - ok
03:46:41.0767 4892 netw5v32 (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys
03:46:41.0861 4892 netw5v32 - ok
03:46:42.0032 4892 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
03:46:42.0032 4892 nfrd960 - ok
03:46:42.0110 4892 NisDrv (b52f26bade7d7e4a79706e3fd91834cd) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
03:46:42.0110 4892 NisDrv - ok
03:46:42.0220 4892 NisSrv (290c0d4c4889398797f8df3be00b9698) c:\Program Files\Microsoft Security Client\NisSrv.exe
03:46:42.0235 4892 NisSrv - ok
03:46:42.0282 4892 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
03:46:42.0298 4892 NlaSvc - ok
03:46:42.0329 4892 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
03:46:42.0329 4892 Npfs - ok
03:46:42.0360 4892 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
03:46:42.0360 4892 nsi - ok
03:46:42.0391 4892 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
03:46:42.0391 4892 nsiproxy - ok
03:46:42.0516 4892 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
03:46:42.0547 4892 Ntfs - ok
03:46:42.0578 4892 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
03:46:42.0594 4892 Null - ok
03:46:42.0641 4892 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
03:46:42.0656 4892 nvraid - ok
03:46:42.0719 4892 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
03:46:42.0734 4892 nvstor - ok
03:46:42.0781 4892 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
03:46:42.0797 4892 nv_agp - ok
03:46:42.0859 4892 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
03:46:42.0859 4892 ohci1394 - ok
03:46:42.0968 4892 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
03:46:42.0984 4892 ose - ok
03:46:43.0343 4892 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
03:46:43.0452 4892 osppsvc - ok
03:46:43.0608 4892 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
03:46:43.0624 4892 p2pimsvc - ok
03:46:43.0686 4892 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
03:46:43.0702 4892 p2psvc - ok
03:46:43.0733 4892 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
03:46:43.0748 4892 Parport - ok
03:46:43.0780 4892 partmgr (3f34a1b4c5f6475f320c275e63afce9b) C:\Windows\system32\drivers\partmgr.sys
03:46:43.0795 4892 partmgr - ok
03:46:43.0811 4892 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
03:46:43.0811 4892 Parvdm - ok
03:46:43.0842 4892 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
03:46:43.0889 4892 PcaSvc - ok
03:46:43.0951 4892 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
03:46:43.0967 4892 pci - ok
03:46:44.0014 4892 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
03:46:44.0014 4892 pciide - ok
03:46:44.0060 4892 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
03:46:44.0076 4892 pcmcia - ok
03:46:44.0092 4892 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
03:46:44.0092 4892 pcw - ok
03:46:44.0326 4892 PDAgent (302219d4130db6388332bdc7728ac97f) C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
03:46:44.0372 4892 PDAgent - ok
03:46:44.0482 4892 PDEngine (053b18957f17bb558072487dffaae73e) C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
03:46:44.0528 4892 PDEngine - ok
03:46:44.0731 4892 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
03:46:44.0747 4892 PEAUTH - ok
03:46:44.0856 4892 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll
03:46:44.0887 4892 PeerDistSvc - ok
03:46:45.0059 4892 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
03:46:45.0106 4892 pla - ok
03:46:45.0293 4892 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
03:46:45.0308 4892 PlugPlay - ok
03:46:45.0324 4892 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
03:46:45.0340 4892 PNRPAutoReg - ok
03:46:45.0371 4892 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
03:46:45.0386 4892 PNRPsvc - ok
03:46:45.0464 4892 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
03:46:45.0480 4892 PolicyAgent - ok
03:46:45.0527 4892 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
03:46:45.0542 4892 Power - ok
03:46:45.0636 4892 Power Manager DBC Service (61f79e1bc440323138c7701c761d2525) C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
03:46:45.0636 4892 Power Manager DBC Service - ok
03:46:45.0714 4892 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
03:46:45.0730 4892 PptpMiniport - ok
03:46:45.0745 4892 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
03:46:45.0745 4892 Processor - ok
03:46:45.0823 4892 ProfSvc (cadefac453040e370a1bdff3973be00d) C:\Windows\system32\profsvc.dll
03:46:45.0839 4892 ProfSvc - ok
03:46:45.0870 4892 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
03:46:45.0870 4892 ProtectedStorage - ok
03:46:45.0917 4892 psadd (72de205cd4006dc45b1401859c506679) C:\Windows\system32\DRIVERS\psadd.sys
03:46:45.0917 4892 psadd - ok
03:46:45.0948 4892 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
03:46:45.0964 4892 Psched - ok
03:46:46.0010 4892 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\Windows\system32\Drivers\PxHelp20.sys
03:46:46.0026 4892 PxHelp20 - ok
03:46:46.0322 4892 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
03:46:46.0385 4892 ql2300 - ok
03:46:46.0556 4892 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
03:46:46.0556 4892 ql40xx - ok
03:46:46.0634 4892 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
03:46:46.0634 4892 QWAVE - ok
03:46:46.0681 4892 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
03:46:46.0681 4892 QWAVEdrv - ok
03:46:46.0697 4892 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
03:46:46.0712 4892 RasAcd - ok
03:46:46.0759 4892 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
03:46:46.0759 4892 RasAgileVpn - ok
03:46:46.0900 4892 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
03:46:46.0915 4892 RasAuto - ok
03:46:46.0931 4892 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
03:46:46.0931 4892 Rasl2tp - ok
03:46:47.0009 4892 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
03:46:47.0024 4892 RasMan - ok
03:46:47.0040 4892 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
03:46:47.0056 4892 RasPppoe - ok
03:46:47.0087 4892 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
03:46:47.0087 4892 RasSstp - ok
03:46:47.0149 4892 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
03:46:47.0165 4892 rdbss - ok
03:46:47.0196 4892 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
03:46:47.0196 4892 rdpbus - ok
03:46:47.0258 4892 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
03:46:47.0258 4892 RDPCDD - ok
03:46:47.0555 4892 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
03:46:47.0586 4892 RDPDR - ok
03:46:47.0681 4892 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
03:46:47.0696 4892 RDPENCDD - ok
03:46:47.0712 4892 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
03:46:47.0712 4892 RDPREFMP - ok
03:46:47.0774 4892 RDPWD (f031683e6d1fea157abb2ff260b51e61) C:\Windows\system32\drivers\RDPWD.sys
03:46:47.0774 4892 RDPWD - ok
03:46:47.0852 4892 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
03:46:47.0868 4892 rdyboost - ok
03:46:47.0899 4892 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
03:46:47.0915 4892 RemoteAccess - ok
03:46:48.0086 4892 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
03:46:48.0195 4892 RemoteRegistry - ok
03:46:48.0320 4892 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
03:46:48.0336 4892 RFCOMM - ok
03:46:48.0367 4892 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
03:46:48.0383 4892 RpcEptMapper - ok
03:46:48.0398 4892 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
03:46:48.0414 4892 RpcLocator - ok
03:46:48.0492 4892 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
03:46:48.0492 4892 RpcSs - ok
03:46:48.0539 4892 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
03:46:48.0539 4892 rspndr - ok
03:46:48.0601 4892 RSUSBSTOR (7cc293d2f95f8d0a5a4883e21b303d89) C:\Windows\system32\Drivers\RtsUStor.sys
03:46:48.0632 4892 RSUSBSTOR - ok
03:46:48.0679 4892 RTL8167 (c5a68c5ec01fd6f03396dd154b48db56) C:\Windows\system32\DRIVERS\Rt86win7.sys
03:46:48.0726 4892 RTL8167 - ok
03:46:48.0851 4892 rtl8192se (12dc84ea9fcd649e0a972bf6f1d9dd0f) C:\Windows\system32\DRIVERS\rtl8192se.sys
03:46:48.0882 4892 rtl8192se - ok
03:46:48.0929 4892 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
03:46:48.0929 4892 s3cap - ok
03:46:48.0960 4892 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
03:46:48.0975 4892 SamSs - ok
03:46:49.0038 4892 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
03:46:49.0038 4892 sbp2port - ok
03:46:49.0256 4892 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
03:46:49.0287 4892 SBSDWSCService - ok
03:46:49.0365 4892 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
03:46:49.0381 4892 SCardSvr - ok
03:46:49.0459 4892 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
03:46:49.0459 4892 scfilter - ok
03:46:49.0568 4892 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
03:46:49.0599 4892 Schedule - ok
03:46:49.0646 4892 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
03:46:49.0646 4892 SCPolicySvc - ok
03:46:49.0709 4892 sdbus (0328be1c7f1cba23848179f8762e391c) C:\Windows\system32\drivers\sdbus.sys
03:46:49.0709 4892 sdbus - ok
03:46:49.0755 4892 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
03:46:49.0771 4892 SDRSVC - ok
03:46:49.0849 4892 SeaPort - ok
03:46:49.0911 4892 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
03:46:49.0911 4892 secdrv - ok
03:46:49.0958 4892 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
03:46:49.0958 4892 seclogon - ok
03:46:50.0005 4892 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll
03:46:50.0021 4892 SENS - ok
03:46:50.0036 4892 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
03:46:50.0052 4892 SensrSvc - ok
03:46:50.0067 4892 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
03:46:50.0067 4892 Serenum - ok
03:46:50.0114 4892 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
03:46:50.0114 4892 Serial - ok
03:46:50.0161 4892 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
03:46:50.0161 4892 sermouse - ok
03:46:50.0224 4892 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
03:46:50.0239 4892 SessionEnv - ok
03:46:50.0286 4892 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
03:46:50.0286 4892 sffdisk - ok
03:46:50.0302 4892 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
03:46:50.0302 4892 sffp_mmc - ok
03:46:50.0317 4892 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
03:46:50.0317 4892 sffp_sd - ok
03:46:50.0348 4892 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
03:46:50.0348 4892 sfloppy - ok
03:46:50.0411 4892 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
03:46:50.0426 4892 SharedAccess - ok
03:46:50.0520 4892 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
03:46:50.0536 4892 ShellHWDetection - ok
03:46:50.0582 4892 Shockprf (486a1bd22dd66d0a8542ebb0cd792bdb) C:\Windows\system32\DRIVERS\Apsx86.sys
03:46:50.0629 4892 Shockprf - ok
03:46:50.0692 4892 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
03:46:50.0692 4892 sisagp - ok
03:46:50.0723 4892 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
03:46:50.0723 4892 SiSRaid2 - ok
03:46:50.0785 4892 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
03:46:50.0785 4892 SiSRaid4 - ok
03:46:51.0191 4892 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
03:46:51.0222 4892 Smb - ok
03:46:51.0269 4892 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
03:46:51.0284 4892 SNMPTRAP - ok
03:46:51.0300 4892 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
03:46:51.0300 4892 spldr - ok
03:46:51.0394 4892 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
03:46:51.0409 4892 Spooler - ok
03:46:51.0768 4892 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
03:46:51.0877 4892 sppsvc - ok
03:46:52.0033 4892 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
03:46:52.0064 4892 sppuinotify - ok
03:46:52.0142 4892 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
03:46:52.0142 4892 srv - ok
03:46:52.0220 4892 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
03:46:52.0236 4892 srv2 - ok
03:46:52.0330 4892 SrvHsfHDA (e00fdfaff025e94f9821153750c35a6d) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
03:46:52.0330 4892 SrvHsfHDA - ok
03:46:52.0486 4892 SrvHsfV92 (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
03:46:52.0532 4892 SrvHsfV92 - ok
03:46:52.0673 4892 SrvHsfWinac (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
03:46:52.0688 4892 SrvHsfWinac - ok
03:46:52.0736 4892 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
03:46:52.0752 4892 srvnet - ok
03:46:52.0799 4892 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
03:46:52.0799 4892 SSDPSRV - ok
03:46:52.0861 4892 ssfs0bbc (6c46d1d2fc31a8cf0f1d6f9d6859d836) C:\Windows\system32\DRIVERS\ssfs0bbc.sys
03:46:52.0861 4892 ssfs0bbc - ok
03:46:52.0908 4892 sshrmd (cfbd9006204468f64c5737f71eb602f3) C:\Windows\system32\DRIVERS\sshrmd.sys
03:46:52.0908 4892 sshrmd - ok
03:46:52.0970 4892 ssidrv (808c18876dd615b82f08298c98af46b2) C:\Windows\system32\DRIVERS\ssidrv.sys
03:46:52.0986 4892 ssidrv - ok
03:46:53.0017 4892 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
03:46:53.0033 4892 SstpSvc - ok
03:46:53.0064 4892 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
03:46:53.0064 4892 stexstor - ok
03:46:53.0142 4892 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
03:46:53.0173 4892 StiSvc - ok
03:46:53.0220 4892 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
03:46:53.0235 4892 storflt - ok
03:46:53.0251 4892 StorSvc (0bf669f0a910beda4a32258d363af2a5) C:\Windows\system32\storsvc.dll
03:46:53.0251 4892 StorSvc - ok
03:46:53.0282 4892 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
03:46:53.0282 4892 storvsc - ok
03:46:53.0391 4892 SUService (7f7958c5b40f9441d1e8d704310d46ff) c:\Program Files\Lenovo\System Update\SUService.exe
03:46:53.0423 4892 SUService - ok
03:46:53.0454 4892 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
03:46:53.0454 4892 swenum - ok
03:46:53.0610 4892 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
03:46:53.0625 4892 SwitchBoard - ok
03:46:53.0688 4892 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
03:46:53.0688 4892 swprv - ok
03:46:53.0781 4892 SynTP (d7dc30b8b41e7a913c3fccc0631e72ec) C:\Windows\system32\DRIVERS\SynTP.sys
03:46:53.0797 4892 SynTP - ok
03:46:53.0937 4892 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
03:46:53.0969 4892 SysMain - ok
03:46:54.0015 4892 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
03:46:54.0047 4892 TabletInputService - ok
03:46:54.0093 4892 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
03:46:54.0109 4892 TapiSrv - ok
03:46:54.0156 4892 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
03:46:54.0156 4892 TBS - ok
03:46:54.0343 4892 Tcpip (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\drivers\tcpip.sys
03:46:54.0374 4892 Tcpip - ok
03:46:54.0405 4892 TCPIP6 (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\DRIVERS\tcpip.sys
03:46:54.0421 4892 TCPIP6 - ok
03:46:54.0468 4892 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
03:46:54.0468 4892 tcpipreg - ok
03:46:54.0515 4892 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
03:46:54.0530 4892 TDPIPE - ok
03:46:54.0577 4892 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
03:46:54.0577 4892 TDTCP - ok
03:46:54.0639 4892 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
03:46:54.0639 4892 tdx - ok
03:46:54.0686 4892 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
03:46:54.0702 4892 TermDD - ok
03:46:54.0795 4892 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
03:46:54.0811 4892 TermService - ok
03:46:54.0889 4892 Themes (59cfda4eacb3788f8b17f87b49b0ac0e) C:\Windows\system32\themeservice.dll
03:46:54.0889 4892 Themes - ok
03:46:55.0076 4892 ThinkVantage Registry Monitor Service (82c4830ab23a7ab125f38da9a46b6a6d) C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
03:46:55.0107 4892 ThinkVantage Registry Monitor Service - ok
03:46:55.0139 4892 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
03:46:55.0139 4892 THREADORDER - ok
03:46:55.0217 4892 TPDIGIMN (20a439d6475d6fe1909159c0143d0466) C:\Windows\system32\DRIVERS\ApsHM86.sys
03:46:55.0217 4892 TPDIGIMN - ok
03:46:55.0248 4892 TPHDEXLGSVC (3775e4aa5f72264dbab7a578dd913ecf) C:\Windows\system32\TPHDEXLG.exe
03:46:55.0248 4892 TPHDEXLGSVC - ok
03:46:55.0326 4892 TPHKSVC (2cf225e19490f499528b926263fe4554) C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
03:46:55.0326 4892 TPHKSVC - ok
03:46:55.0357 4892 TPM (5ad05191dc8b444a7ba4d79b76c42a30) C:\Windows\system32\drivers\tpm.sys
03:46:55.0357 4892 TPM - ok
03:46:55.0404 4892 TPPWRIF (6412da2b8d079d821b99b3a99943284e) C:\Windows\system32\drivers\Tppwr32v.sys
03:46:55.0404 4892 TPPWRIF - ok
03:46:55.0451 4892 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
03:46:55.0466 4892 TrkWks - ok
03:46:55.0560 4892 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
03:46:55.0575 4892 TrustedInstaller - ok
03:46:55.0591 4892 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
03:46:55.0591 4892 tssecsrv - ok
03:46:55.0653 4892 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
03:46:55.0653 4892 TsUsbFlt - ok
03:46:55.0716 4892 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
03:46:55.0731 4892 tunnel - ok
03:46:55.0872 4892 TVT Backup Service (b56da1aa776c15043d10f82b32aa000d) C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
03:46:55.0919 4892 TVT Backup Service - ok
03:46:56.0090 4892 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
03:46:56.0090 4892 uagp35 - ok
03:46:56.0153 4892 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
03:46:56.0168 4892 udfs - ok
03:46:56.0324 4892 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
03:46:56.0340 4892 UI0Detect - ok
03:46:56.0621 4892 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
03:46:56.0636 4892 uliagpkx - ok
03:46:56.0714 4892 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
03:46:56.0714 4892 umbus - ok
03:46:56.0745 4892 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
03:46:56.0745 4892 UmPass - ok
03:46:56.0808 4892 UmRdpService (409994a8eaceee4e328749c0353527a0) C:\Windows\System32\umrdp.dll
03:46:56.0855 4892 UmRdpService - ok
03:46:56.0886 4892 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
03:46:56.0901 4892 upnphost - ok
03:46:56.0917 4892 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
03:46:56.0917 4892 usbccgp - ok
03:46:56.0964 4892 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
03:46:56.0979 4892 usbcir - ok
03:46:56.0995 4892 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\drivers\usbehci.sys
03:46:56.0995 4892 usbehci - ok
03:46:57.0042 4892 usbfilter (19999ca8e83f16d271afc467b84718d7) C:\Windows\system32\DRIVERS\usbfilter.sys
03:46:57.0042 4892 usbfilter - ok
03:46:57.0089 4892 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
03:46:57.0104 4892 usbhub - ok
03:46:57.0120 4892 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\DRIVERS\usbohci.sys
03:46:57.0120 4892 usbohci - ok
03:46:57.0167 4892 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
03:46:57.0182 4892 usbprint - ok
03:46:57.0213 4892 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
03:46:57.0229 4892 usbscan - ok
03:46:57.0260 4892 usbsmi (07ea2284c901ad3f5d1cf56268dadc6d) C:\Windows\system32\DRIVERS\SMIksdrv.sys
03:46:57.0276 4892 usbsmi - ok
03:46:57.0291 4892 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
03:46:57.0307 4892 USBSTOR - ok
03:46:57.0323 4892 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys
03:46:57.0323 4892 usbuhci - ok
03:46:57.0401 4892 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys
03:46:57.0401 4892 usbvideo - ok
03:46:57.0447 4892 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
03:46:57.0447 4892 UxSms - ok
03:46:57.0494 4892 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
03:46:57.0494 4892 VaultSvc - ok
03:46:57.0557 4892 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
03:46:57.0557 4892 vdrvroot - ok
03:46:57.0635 4892 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
03:46:57.0650 4892 vds - ok
03:46:57.0713 4892 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
03:46:57.0713 4892 vga - ok
03:46:57.0744 4892 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
03:46:57.0759 4892 VgaSave - ok
03:46:57.0791 4892 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
03:46:57.0806 4892 vhdmp - ok
03:46:57.0837 4892 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
03:46:57.0853 4892 viaagp - ok
03:46:57.0884 4892 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
03:46:57.0900 4892 ViaC7 - ok
03:46:57.0947 4892 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
03:46:57.0947 4892 viaide - ok
03:46:58.0025 4892 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
03:46:58.0025 4892 vmbus - ok
03:46:58.0087 4892 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
03:46:58.0087 4892 VMBusHID - ok
03:46:58.0118 4892 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
03:46:58.0118 4892 volmgr - ok
03:46:58.0181 4892 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
03:46:58.0196 4892 volmgrx - ok
03:46:58.0259 4892 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
03:46:58.0259 4892 volsnap - ok
03:46:58.0305 4892 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
03:46:58.0321 4892 vsmraid - ok
03:46:58.0430 4892 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
03:46:58.0477 4892 VSS - ok
03:46:58.0493 4892 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
03:46:58.0493 4892 vwifibus - ok
03:46:58.0539 4892 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
03:46:58.0539 4892 vwififlt - ok
03:46:58.0571 4892 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys
03:46:58.0571 4892 vwifimp - ok
03:46:58.0649 4892 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
03:46:58.0695 4892 W32Time - ok
03:46:58.0727 4892 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
03:46:58.0727 4892 WacomPen - ok
03:46:58.0789 4892 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
03:46:58.0789 4892 WANARP - ok
03:46:58.0805 4892 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
03:46:58.0805 4892 Wanarpv6 - ok
03:46:58.0961 4892 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
03:46:58.0992 4892 WatAdminSvc - ok
03:46:59.0117 4892 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
03:46:59.0163 4892 wbengine - ok
03:46:59.0210 4892 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
03:46:59.0226 4892 WbioSrvc - ok
03:46:59.0288 4892 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
03:46:59.0304 4892 wcncsvc - ok
03:46:59.0319 4892 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
03:46:59.0335 4892 WcsPlugInService - ok
03:46:59.0413 4892 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
03:46:59.0413 4892 Wd - ok
03:46:59.0522 4892 WDBtnMgrSvc.exe (0cd7813c3a238e1f23c336f7db9d9445) C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
03:46:59.0538 4892 WDBtnMgrSvc.exe - ok
03:46:59.0600 4892 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
03:46:59.0631 4892 Wdf01000 - ok
03:46:59.0678 4892 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
03:46:59.0694 4892 WdiServiceHost - ok
03:46:59.0694 4892 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
03:46:59.0694 4892 WdiSystemHost - ok
03:46:59.0756 4892 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
03:46:59.0787 4892 WebClient - ok
03:47:00.0817 4892 WebrootSpySweeperService (51b4f00a7685f0fe5ece6b113926e323) C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
03:47:01.0269 4892 WebrootSpySweeperService - ok
03:47:01.0425 4892 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
03:47:01.0441 4892 Wecsvc - ok
03:47:01.0503 4892 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
03:47:01.0519 4892 wercplsupport - ok
03:47:01.0550 4892 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
03:47:01.0581 4892 WerSvc - ok
03:47:01.0847 4892 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
03:47:01.0847 4892 WfpLwf - ok
03:47:01.0878 4892 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
03:47:01.0878 4892 WIMMount - ok
03:47:01.0893 4892 WinHttpAutoProxySvc - ok
03:47:01.0987 4892 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
03:47:02.0003 4892 Winmgmt - ok
03:47:02.0127 4892 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
03:47:02.0159 4892 WinRM - ok
03:47:02.0283 4892 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
03:47:02.0330 4892 Wlansvc - ok
03:47:02.0564 4892 wlidsvc (fb01d4ae207b9efdbabfc55dc95c7e31) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
03:47:02.0611 4892 wlidsvc - ok
03:47:02.0751 4892 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
03:47:02.0767 4892 WmiAcpi - ok
03:47:02.0829 4892 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
03:47:02.0845 4892 wmiApSrv - ok
03:47:03.0048 4892 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
03:47:03.0079 4892 WMPNetworkSvc - ok
03:47:03.0110 4892 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
03:47:03.0110 4892 WPCSvc - ok
03:47:03.0173 4892 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
03:47:03.0188 4892 WPDBusEnum - ok
03:47:03.0375 4892 WRConsumerService (172ddc7acc6a4a9053f39619da69d576) C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
03:47:03.0407 4892 WRConsumerService - ok
03:47:03.0485 4892 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
03:47:03.0485 4892 ws2ifsl - ok
03:47:03.0500 4892 WSearch - ok
03:47:03.0687 4892 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
03:47:03.0750 4892 wuauserv - ok
03:47:03.0890 4892 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
03:47:03.0906 4892 WudfPf - ok
03:47:03.0953 4892 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
03:47:03.0968 4892 WUDFRd - ok
03:47:04.0015 4892 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
03:47:04.0031 4892 wudfsvc - ok
03:47:04.0062 4892 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
03:47:04.0093 4892 WwanSvc - ok
03:47:04.0140 4892 MBR (0x1B8) (558c34e58320106660df6b11849ec044) \Device\Harddisk0\DR0
03:47:04.0202 4892 \Device\Harddisk0\DR0 - ok
03:47:04.0202 4892 Boot (0x1200) (7a772b9822d656eb5f9029da29741712) \Device\Harddisk0\DR0\Partition0
03:47:04.0202 4892 \Device\Harddisk0\DR0\Partition0 - ok
03:47:04.0218 4892 Boot (0x1200) (85918e5bf1388e97d2adfe8883846ada) \Device\Harddisk0\DR0\Partition1
03:47:04.0233 4892 \Device\Harddisk0\DR0\Partition1 - ok
03:47:04.0265 4892 Boot (0x1200) (a854822a028a38eaead57c07d2db2b92) \Device\Harddisk0\DR0\Partition2
03:47:04.0280 4892 \Device\Harddisk0\DR0\Partition2 - ok
03:47:04.0296 4892 Boot (0x1200) (541d27a2019cc050a51f441c67222f62) \Device\Harddisk0\DR0\Partition3
03:47:04.0296 4892 \Device\Harddisk0\DR0\Partition3 - ok
03:47:04.0296 4892 ============================================================
03:47:04.0296 4892 Scan finished
03:47:04.0296 4892 ============================================================
03:47:04.0311 5460 Detected object count: 0
03:47:04.0311 5460 Actual detected object count: 0
03:47:40.0550 2480 Deinitialize success



ComboFix:

ComboFix 12-07-13.03 - Brenda 07/14/2012 3:59.1.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2814.1924 [GMT -4:00]
Running from: c:\users\Brenda\Desktop\ComboFix.exe
SP: Spy Sweeper *Disabled/Updated* {E840FC75-2A0B-9A7C-D915-4D1380A5C223}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Brenda\AppData\Local\Microsoft\Windows\Temporary Internet Files\{03A28FC1-FD61-4D2B-BB61-AB5629DCC2F6}.xps
c:\users\Brenda\AppData\Local\Microsoft\Windows\Temporary Internet Files\{4785E62C-301A-43CA-86FF-2CB99C534D54}.xps
c:\users\Brenda\AppData\Local\Microsoft\Windows\Temporary Internet Files\{79679471-CDE8-425C-BA33-F54DDF739E10}.xps
c:\users\Brenda\AppData\Local\Microsoft\Windows\Temporary Internet Files\{B2DBAC5C-2505-4DB5-94C0-E1055E4878D8}.xps
c:\users\Brenda\AppData\Local\Microsoft\Windows\Temporary Internet Files\{E28F2FA8-52BD-40F1-8897-BBC9FDADD6FD}.xps
c:\users\Brenda\AppData\Local\Microsoft\Windows\Temporary Internet Files\{E919DA48-09B4-4D1D-951C-85C78AF6A43D}.xps
c:\users\Brenda\AppData\Roaming\Local
c:\users\Brenda\AppData\Roaming\Local\Temp\DDM\Settings\0.ddi
c:\users\Brenda\AppData\Roaming\Local\Temp\DDM\Settings\1.ddi
c:\users\Brenda\AppData\Roaming\Local\Temp\DDM\Settings\Criminal.Minds.S06E13.1080i_ns.avi(2).ddr
c:\users\Brenda\AppData\Roaming\Local\Temp\DDM\Settings\Criminal.Minds.S06E13.1080i_ns.avi.ddr
c:\users\Brenda\AppData\Roaming\Local\Temp\DDM\Settings\settings.ddi
c:\users\Brenda\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Criminal.Minds.S06E13.1080i_ns.avi(2).ddp
c:\users\Brenda\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Criminal.Minds.S06E13.1080i_ns.avi.ddp
Q:\AUTORUN.INF
.
.
((((((((((((((((((((((((( Files Created from 2012-06-14 to 2012-07-14 )))))))))))))))))))))))))))))))
.
.
2012-07-14 08:19 . 2012-07-14 08:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-13 15:36 . 2012-06-18 07:14 6762896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4D0BDE81-02C4-400D-A71F-08AB92C1784E}\mpengine.dll
2012-07-13 01:32 . 2012-06-18 07:14 6762896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-11 07:04 . 2012-06-12 02:40 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-07-09 06:49 . 2012-02-09 18:17 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3720F328-BDE5-41DD-9138-69475BE8BE4E}\gapaengine.dll
2012-07-09 06:44 . 2012-07-09 06:45 -------- d-----w- c:\program files\Microsoft Security Client
2012-07-09 04:39 . 2012-07-09 05:23 -------- d-----w- c:\program files\PC Tools
2012-07-09 04:32 . 2012-07-09 05:23 -------- d-----w- c:\program files\Common Files\PC Tools
2012-07-09 04:32 . 2012-05-11 15:14 203088 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2012-07-09 04:31 . 2012-07-09 05:20 -------- d-----w- c:\programdata\PC Tools
2012-07-09 04:31 . 2012-07-09 04:31 -------- d-----w- c:\users\Brenda\AppData\Roaming\TestApp
2012-07-09 03:47 . 2012-07-09 03:47 -------- d-----w- c:\program files\CCleaner
2012-06-26 10:22 . 2012-07-09 07:19 -------- d-----w- c:\users\Brenda\AppData\Local\CMD
2012-06-19 08:37 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-19 08:37 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-19 08:37 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-19 08:37 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-19 08:37 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-19 08:37 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-19 08:37 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-19 08:36 . 2012-06-02 19:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-19 08:36 . 2012-06-02 19:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-18 23:27 . 2012-06-18 23:27 -------- d-----w- c:\users\Brenda\AppData\Local\Apple Computer
2012-06-18 23:27 . 2012-06-18 23:46 -------- d-----w- c:\users\Brenda\AppData\Roaming\Apple Computer
2012-06-18 23:27 . 2009-05-18 17:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-06-18 23:27 . 2008-04-17 16:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2012-06-18 23:26 . 2012-06-18 23:26 -------- d-----w- c:\program files\iPod
2012-06-18 23:26 . 2012-06-18 23:27 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2012-06-18 23:26 . 2012-06-18 23:27 -------- d-----w- c:\program files\iTunes
2012-06-18 23:26 . 2012-06-18 23:26 -------- d-----w- c:\programdata\Apple Computer
2012-06-18 23:24 . 2012-06-18 23:24 -------- d-----w- c:\users\Brenda\AppData\Local\Apple
2012-06-18 23:23 . 2012-06-18 23:23 -------- d-----w- c:\program files\Apple Software Update
2012-06-18 23:22 . 2012-06-18 23:23 -------- d-----w- c:\program files\Bonjour
2012-06-18 23:22 . 2012-06-18 23:26 -------- d-----w- c:\program files\Common Files\Apple
2012-06-18 23:22 . 2012-06-18 23:23 -------- d-----w- c:\programdata\Apple
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-12 00:39 . 2012-04-27 22:19 4126880 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-06-09 02:37 . 2012-04-27 21:56 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-09 02:37 . 2011-06-27 01:55 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-15 03:03 . 2012-06-13 17:44 981504 ----a-w- c:\windows\system32\wininet.dll
2012-05-01 04:44 . 2012-06-13 17:43 164352 ----a-w- c:\windows\system32\profsvc.dll
2012-04-28 03:17 . 2012-06-13 17:44 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-26 04:45 . 2012-06-13 17:43 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-26 04:45 . 2012-06-13 17:43 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-26 04:41 . 2012-06-13 17:43 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-04-24 04:36 . 2012-06-13 17:43 1158656 ----a-w- c:\windows\system32\crypt32.dll
2012-04-24 04:36 . 2012-06-13 17:43 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2012-04-24 04:36 . 2012-06-13 17:43 103936 ----a-w- c:\windows\system32\cryptnet.dll
2012-04-20 03:16 . 2012-06-13 17:44 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-19 07:13 . 2012-02-07 17:21 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Brenda\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Brenda\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Brenda\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files\CustoPackTools\utils\RocketDock\RocketDock.exe" [2010-06-22 495616]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Spotify Web Helper"="c:\users\Brenda\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-07-05 1192664]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TpShocks"="TpShocks.exe" [2009-12-11 337256]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2009-12-21 69568]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent.exe" [2010-01-29 494136]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768]
"PWMTRV"="c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2010-05-06 886120]
"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2010-04-20 62312]
"AcWin7Hlpr"="c:\program files\Lenovo\Access Connections\AcTBenabler.exe" [2009-10-14 36864]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2009-08-26 3089720]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-04-23 1725736]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Launch Backup Service Once"="c:\program files\Lenovo\Rescue and Recovery\rrstrigger.exe" [2009-08-28 21304]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-24 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-24 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-24 150552]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-04 1246544]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
"SpySweeper"="c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe" [2011-04-20 6515800]
.
c:\users\Brenda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2011-9-18 100864]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WD Anywhere Backup Launcher.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WD Anywhere Backup Launcher.lnk
backup=c:\windows\pss\WD Anywhere Backup Launcher.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WD Drive Manager]
2008-02-19 10:13 438272 ----a-w- c:\program files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
.
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.EXE [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 ssfs0bbc;ssfs0bbc;c:\windows\system32\DRIVERS\ssfs0bbc.sys [x]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM86.sys [x]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiif32.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [x]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [x]
S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [x]
S2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [x]
S2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\WebrootSecurity\WRConsumerService.exe [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
S3 usbsmi;Integrated Camera;c:\windows\system32\DRIVERS\SMIksdrv.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 25472277
*Deregistered* - 25472277
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-27 02:37]
.
2012-07-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-138944317-1647647150-2863773970-1001Core.job
- c:\users\Brenda\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-08 09:37]
.
2012-07-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-138944317-1647647150-2863773970-1001UA.job
- c:\users\Brenda\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-08 09:37]
.
2012-07-01 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\pcdlauncher.exe [2009-11-20 10:12]
.
2012-07-13 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\pcdr5cuiw32.exe [2010-01-28 17:51]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://lenovo.msn.com
uInternet Settings,ProxyServer = 62.88.139.12:80
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MIF5BA~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\users\Brenda\AppData\Roaming\Mozilla\Firefox\Profiles\a3wlwtuw.default\
FF - prefs.js: network.proxy.http_port - 808
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKCU-Run-AdobeBridge - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-07-14 04:22:58
ComboFix-quarantined-files.txt 2012-07-14 08:22
.
Pre-Run: 34,480,762,880 bytes free
Post-Run: 37,095,923,712 bytes free
.
- - End Of File - - 03FC7969ED7D46129BF4A7C065098D32




Security Check:


Results of screen317's Security Check version 0.99.42
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Disabled!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Spy Sweeper
Spy Sweeper Core
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.61.0.1400
CCleaner
JavaFX 2.1.0
Java™ 6 Update 29
Java™ 7 Update 4
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player 11.3.300.257
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (13.0.1)
Google Chrome 20.0.1132.47
Google Chrome 20.0.1132.57
Google Chrome Plugins...
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Malwarebytes Anti-Malware mbamservice.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 2%
````````````````````End of Log``````````````````````

#4 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:01:22 AM

Posted 14 July 2012 - 12:03 PM

We've got just a little more to clean.


Please do the following:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KILLALL::

Driver::
25472277

File::
C:\Windows\System32\Drivers\25472277.sys

Reboot::


Save this as CFScript.txt, in the same location as ComboFix.exe

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I shall require in your next reply.
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Please include the newly-created C:\ComboFix.txt in your next reply, and let me know how things are running now ;)

#5 fiorano

fiorano
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:22 PM

Posted 16 July 2012 - 11:52 PM

I followed the instructions and here's the new ComboFix log. My computer is still running well, I haven't noticed any changes from before and after this step. Google search results are not redirecting to spam pages.


ComboFix 12-07-16.01 - Brenda 07/17/2012 0:20.2.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2814.1880 [GMT -4:00]
Running from: c:\users\Brenda\Desktop\ComboFix.exe
Command switches used :: c:\users\Brenda\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Spy Sweeper *Disabled/Updated* {E840FC75-2A0B-9A7C-D915-4D1380A5C223}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\System32\Drivers\25472277.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Brenda\AppData\Local\{6A92B919-BDC6-4808-83D5-2837F2D9662E}
c:\users\Brenda\AppData\Local\{6A92B919-BDC6-4808-83D5-2837F2D9662E}\chrome.manifest
c:\users\Brenda\AppData\Local\{6A92B919-BDC6-4808-83D5-2837F2D9662E}\chrome\content\_cfg.js
c:\users\Brenda\AppData\Local\{6A92B919-BDC6-4808-83D5-2837F2D9662E}\chrome\content\overlay.xul
c:\users\Brenda\AppData\Local\{6A92B919-BDC6-4808-83D5-2837F2D9662E}\install.rdf
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_25472277
.
.
((((((((((((((((((((((((( Files Created from 2012-06-17 to 2012-07-17 )))))))))))))))))))))))))))))))
.
.
2012-07-17 04:38 . 2012-07-17 04:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-16 02:19 . 2012-06-18 07:14 6762896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E284AC39-223B-4E34-9D0F-BEECA83A5BE9}\mpengine.dll
2012-07-15 20:38 . 2012-06-18 07:14 6762896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-15 05:01 . 2012-07-15 05:01 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FEA8F9B2-F782-499C-8552-DD384403F4E5}\offreg.dll
2012-07-14 14:52 . 2012-06-18 07:14 6762896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FEA8F9B2-F782-499C-8552-DD384403F4E5}\mpengine.dll
2012-07-11 07:04 . 2012-06-12 02:40 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-07-09 06:49 . 2012-02-09 18:17 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3720F328-BDE5-41DD-9138-69475BE8BE4E}\gapaengine.dll
2012-07-09 06:44 . 2012-07-09 06:45 -------- d-----w- c:\program files\Microsoft Security Client
2012-07-09 04:39 . 2012-07-09 05:23 -------- d-----w- c:\program files\PC Tools
2012-07-09 04:32 . 2012-07-09 05:23 -------- d-----w- c:\program files\Common Files\PC Tools
2012-07-09 04:32 . 2012-05-11 15:14 203088 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2012-07-09 04:31 . 2012-07-09 05:20 -------- d-----w- c:\programdata\PC Tools
2012-07-09 04:31 . 2012-07-09 04:31 -------- d-----w- c:\users\Brenda\AppData\Roaming\TestApp
2012-07-09 03:47 . 2012-07-09 03:47 -------- d-----w- c:\program files\CCleaner
2012-06-26 10:22 . 2012-07-09 07:19 -------- d-----w- c:\users\Brenda\AppData\Local\CMD
2012-06-19 08:37 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-19 08:37 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-19 08:37 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-19 08:37 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-19 08:37 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-19 08:37 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-19 08:37 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-19 08:36 . 2012-06-02 19:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-19 08:36 . 2012-06-02 19:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-18 23:27 . 2012-06-18 23:27 -------- d-----w- c:\users\Brenda\AppData\Local\Apple Computer
2012-06-18 23:27 . 2012-06-18 23:46 -------- d-----w- c:\users\Brenda\AppData\Roaming\Apple Computer
2012-06-18 23:27 . 2009-05-18 17:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-06-18 23:27 . 2008-04-17 16:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2012-06-18 23:26 . 2012-06-18 23:26 -------- d-----w- c:\program files\iPod
2012-06-18 23:26 . 2012-06-18 23:27 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2012-06-18 23:26 . 2012-06-18 23:27 -------- d-----w- c:\program files\iTunes
2012-06-18 23:26 . 2012-06-18 23:26 -------- d-----w- c:\programdata\Apple Computer
2012-06-18 23:24 . 2012-06-18 23:24 -------- d-----w- c:\users\Brenda\AppData\Local\Apple
2012-06-18 23:23 . 2012-06-18 23:23 -------- d-----w- c:\program files\Apple Software Update
2012-06-18 23:22 . 2012-06-18 23:23 -------- d-----w- c:\program files\Bonjour
2012-06-18 23:22 . 2012-06-18 23:26 -------- d-----w- c:\program files\Common Files\Apple
2012-06-18 23:22 . 2012-06-18 23:23 -------- d-----w- c:\programdata\Apple
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-12 00:39 . 2012-04-27 22:19 4126880 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-06-09 02:37 . 2012-04-27 21:56 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-09 02:37 . 2011-06-27 01:55 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-31 16:25 . 2011-01-08 01:48 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-05-15 03:03 . 2012-06-13 17:44 981504 ----a-w- c:\windows\system32\wininet.dll
2012-05-01 04:44 . 2012-06-13 17:43 164352 ----a-w- c:\windows\system32\profsvc.dll
2012-04-28 03:17 . 2012-06-13 17:44 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-26 04:45 . 2012-06-13 17:43 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-26 04:45 . 2012-06-13 17:43 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-26 04:41 . 2012-06-13 17:43 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-04-24 04:36 . 2012-06-13 17:43 1158656 ----a-w- c:\windows\system32\crypt32.dll
2012-04-24 04:36 . 2012-06-13 17:43 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2012-04-24 04:36 . 2012-06-13 17:43 103936 ----a-w- c:\windows\system32\cryptnet.dll
2012-04-20 03:16 . 2012-06-13 17:44 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-19 07:13 . 2012-02-07 17:21 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Brenda\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Brenda\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Brenda\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files\CustoPackTools\utils\RocketDock\RocketDock.exe" [2010-06-22 495616]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Spotify Web Helper"="c:\users\Brenda\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-07-05 1192664]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TpShocks"="TpShocks.exe" [2009-12-11 337256]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2009-12-21 69568]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent.exe" [2010-01-29 494136]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768]
"PWMTRV"="c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2010-05-06 886120]
"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2010-04-20 62312]
"AcWin7Hlpr"="c:\program files\Lenovo\Access Connections\AcTBenabler.exe" [2009-10-14 36864]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2009-08-26 3089720]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-04-23 1725736]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Launch Backup Service Once"="c:\program files\Lenovo\Rescue and Recovery\rrstrigger.exe" [2009-08-28 21304]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-24 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-24 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-24 150552]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-04 1246544]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
"SpySweeper"="c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe" [2011-04-20 6515800]
.
c:\users\Brenda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2011-9-18 100864]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WD Anywhere Backup Launcher.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WD Anywhere Backup Launcher.lnk
backup=c:\windows\pss\WD Anywhere Backup Launcher.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WD Drive Manager]
2008-02-19 10:13 438272 ----a-w- c:\program files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.EXE [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 ssfs0bbc;ssfs0bbc;c:\windows\system32\DRIVERS\ssfs0bbc.sys [x]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM86.sys [x]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiif32.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [x]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [x]
S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [x]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [x]
S2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [x]
S2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\WebrootSecurity\WRConsumerService.exe [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
S3 usbsmi;Integrated Camera;c:\windows\system32\DRIVERS\SMIksdrv.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-27 02:37]
.
2012-07-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-138944317-1647647150-2863773970-1001Core.job
- c:\users\Brenda\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-08 09:37]
.
2012-07-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-138944317-1647647150-2863773970-1001UA.job
- c:\users\Brenda\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-08 09:37]
.
2012-07-01 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\pcdlauncher.exe [2009-11-20 10:12]
.
2012-07-16 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\pcdr5cuiw32.exe [2010-01-28 17:51]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://lenovo.msn.com
uInternet Settings,ProxyServer = 62.88.139.12:80
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MIF5BA~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\users\Brenda\AppData\Roaming\Mozilla\Firefox\Profiles\a3wlwtuw.default\
FF - prefs.js: network.proxy.http_port - 808
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(680)
c:\users\Brenda\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
c:\program files\Lenovo\Access Connections\ACDeskBand.dll
c:\program files\Lenovo\Access Connections\AcLocSettings.dll
c:\program files\Lenovo\Access Connections\AcCryptHlpr.dll
c:\program files\Lenovo\Access Connections\ACHelper.dll
c:\program files\Lenovo\Access Connections\AcSvcStub.dll
c:\program files\ThinkPad\Bluetooth Software\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\windows\system32\atieclxx.exe
c:\program files\Lenovo\Access Connections\AcPrfMgrSvc.exe
c:\progra~1\Lenovo\HOTKEY\tpnumlkd.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Raxco\PerfectDisk\PDAgent.exe
c:\program files\Webroot\WebrootSecurity\SpySweeper.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Lenovo\Access Connections\AcSvc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Raxco\PerfectDisk\PDAgentS1.exe
c:\windows\system32\conhost.exe
c:\windows\system32\DllHost.exe
c:\program files\ThinkPad\Bluetooth Software\btwdins.exe
c:\windows\system32\sppsvc.exe
c:\program files\Lenovo\System Update\SUService.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2012-07-17 00:46:48 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-17 04:46
ComboFix2.txt 2012-07-14 08:22
.
Pre-Run: 35,421,323,264 bytes free
Post-Run: 35,286,351,872 bytes free
.
- - End Of File - - 7DE13C3EF3354490C59D4C87B6559D0E

#6 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:01:22 AM

Posted 17 July 2012 - 01:11 PM

Looking good. Before we do anything else, please run this online scan to verify there aren't any traces left that we may have missed:


Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats is Unchecked and the option Scan unwanted applications is checked
  • Click Scan
    Wait for the scan to finish
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


#7 fiorano

fiorano
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:22 PM

Posted 19 July 2012 - 02:05 AM

Thanks, the scan results showed:

C:\Users\Brenda\Downloads\bmg.exe multiple threats
C:\Users\Brenda\Downloads\download_downloader_261b(1).exe a variant of Win32/ExpressFiles application
C:\Users\Brenda\Downloads\download_downloader_261b.exe a variant of Win32/ExpressFiles application
C:\Users\Brenda\Downloads\livevdo-plugin-v10.exe Win32/Toolbar.Zugo application


and this is the log.txt file:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK

#8 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:01:22 AM

Posted 20 July 2012 - 04:01 PM

Please do the following:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KILLALL::

File::
C:\Users\Brenda\Downloads\livevdo-plugin-v10.exe
C:\Users\Brenda\Downloads\bmg.exe
C:\Users\Brenda\Downloads\download_downloader_261b(1).exe
C:\Users\Brenda\Downloads\download_downloader_261b.exe


Save this as CFScript.txt, in the same location as ComboFix.exe

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I shall require in your next reply.
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Please include the newly-created C:\ComboFix.txt in your next reply, and let me know how things are running now ;)

#9 fiorano

fiorano
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:22 PM

Posted 23 July 2012 - 04:26 AM

Thanks for your continued help, here's the ComboFix log:


ComboFix 12-07-21.01 - Brenda 07/23/2012 4:17.3.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2814.1835 [GMT -4:00]
Running from: c:\users\Brenda\Desktop\ComboFix.exe
Command switches used :: c:\users\Brenda\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Spy Sweeper *Disabled/Updated* {E840FC75-2A0B-9A7C-D915-4D1380A5C223}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\Brenda\Downloads\bmg.exe"
"c:\users\Brenda\Downloads\download_downloader_261b(1).exe"
"c:\users\Brenda\Downloads\download_downloader_261b.exe"
"c:\users\Brenda\Downloads\livevdo-plugin-v10.exe"
.
.
((((((((((((((((((((((((( Files Created from 2012-06-23 to 2012-07-23 )))))))))))))))))))))))))))))))
.
.
2012-07-23 08:36 . 2012-07-23 08:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-23 07:40 . 2012-06-29 08:44 6891424 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{561FA0A8-2877-4096-9879-9A4C20E6D7E7}\mpengine.dll
2012-07-22 11:42 . 2012-06-29 08:44 6891424 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-20 21:06 . 2012-07-20 21:06 -------- d-----w- c:\users\Brenda\AppData\Roaming\Amazon
2012-07-20 21:05 . 2012-07-20 21:05 -------- d-----w- c:\program files\Amazon
2012-07-19 04:17 . 2012-07-19 04:17 -------- d-----w- c:\program files\ESET
2012-07-15 05:01 . 2012-07-15 05:01 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FEA8F9B2-F782-499C-8552-DD384403F4E5}\offreg.dll
2012-07-14 14:52 . 2012-06-18 07:14 6762896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FEA8F9B2-F782-499C-8552-DD384403F4E5}\mpengine.dll
2012-07-11 07:04 . 2012-06-12 02:40 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-07-09 06:49 . 2012-02-09 18:17 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3720F328-BDE5-41DD-9138-69475BE8BE4E}\gapaengine.dll
2012-07-09 06:44 . 2012-07-09 06:45 -------- d-----w- c:\program files\Microsoft Security Client
2012-07-09 04:39 . 2012-07-09 05:23 -------- d-----w- c:\program files\PC Tools
2012-07-09 04:32 . 2012-07-09 05:23 -------- d-----w- c:\program files\Common Files\PC Tools
2012-07-09 04:32 . 2012-05-11 15:14 203088 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2012-07-09 04:31 . 2012-07-09 05:20 -------- d-----w- c:\programdata\PC Tools
2012-07-09 04:31 . 2012-07-09 04:31 -------- d-----w- c:\users\Brenda\AppData\Roaming\TestApp
2012-07-09 03:47 . 2012-07-09 03:47 -------- d-----w- c:\program files\CCleaner
2012-06-26 10:22 . 2012-07-09 07:19 -------- d-----w- c:\users\Brenda\AppData\Local\CMD
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-12 00:39 . 2012-04-27 22:19 4126880 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-06-09 02:37 . 2012-04-27 21:56 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-09 02:37 . 2011-06-27 01:55 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-02 22:19 . 2012-06-19 08:37 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-19 08:37 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-19 08:37 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-19 08:37 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-19 08:37 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-19 08:37 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-19 08:37 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19 . 2012-06-19 08:36 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:12 . 2012-06-19 08:36 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-05-31 16:25 . 2011-01-08 01:48 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-05-15 03:03 . 2012-06-13 17:44 981504 ----a-w- c:\windows\system32\wininet.dll
2012-05-01 04:44 . 2012-06-13 17:43 164352 ----a-w- c:\windows\system32\profsvc.dll
2012-04-28 03:17 . 2012-06-13 17:44 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-26 04:45 . 2012-06-13 17:43 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-26 04:45 . 2012-06-13 17:43 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-26 04:41 . 2012-06-13 17:43 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-07-19 07:29 . 2012-02-07 17:21 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Brenda\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Brenda\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Brenda\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files\CustoPackTools\utils\RocketDock\RocketDock.exe" [2010-06-22 495616]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Spotify Web Helper"="c:\users\Brenda\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-07-23 1193176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TpShocks"="TpShocks.exe" [2009-12-11 337256]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2009-12-21 69568]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent.exe" [2010-01-29 494136]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768]
"PWMTRV"="c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2010-05-06 886120]
"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2010-04-20 62312]
"AcWin7Hlpr"="c:\program files\Lenovo\Access Connections\AcTBenabler.exe" [2009-10-14 36864]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2009-08-26 3089720]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-04-23 1725736]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Launch Backup Service Once"="c:\program files\Lenovo\Rescue and Recovery\rrstrigger.exe" [2009-08-28 21304]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-24 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-24 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-24 150552]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-04 1246544]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
"SpySweeper"="c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe" [2011-04-20 6515800]
.
c:\users\Brenda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2011-9-18 100864]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WD Anywhere Backup Launcher.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WD Anywhere Backup Launcher.lnk
backup=c:\windows\pss\WD Anywhere Backup Launcher.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WD Drive Manager]
2008-02-19 10:13 438272 ----a-w- c:\program files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.EXE [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 ssfs0bbc;ssfs0bbc;c:\windows\system32\DRIVERS\ssfs0bbc.sys [x]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM86.sys [x]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiif32.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [x]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [x]
S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [x]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [x]
S2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [x]
S2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\WebrootSecurity\WRConsumerService.exe [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
S3 usbsmi;Integrated Camera;c:\windows\system32\DRIVERS\SMIksdrv.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-27 02:37]
.
2012-07-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-138944317-1647647150-2863773970-1001Core.job
- c:\users\Brenda\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-08 09:37]
.
2012-07-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-138944317-1647647150-2863773970-1001UA.job
- c:\users\Brenda\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-08 09:37]
.
2012-07-01 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\pcdlauncher.exe [2009-11-20 10:12]
.
2012-07-23 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\pcdr5cuiw32.exe [2010-01-28 17:51]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://lenovo.msn.com
uInternet Settings,ProxyServer = 62.88.139.12:80
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MIF5BA~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\users\Brenda\AppData\Roaming\Mozilla\Firefox\Profiles\a3wlwtuw.default\
FF - prefs.js: network.proxy.http_port - 808
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(5068)
c:\users\Brenda\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
c:\program files\Lenovo\Access Connections\ACDeskBand.dll
c:\program files\Lenovo\Access Connections\AcLocSettings.dll
c:\program files\Lenovo\Access Connections\AcCryptHlpr.dll
c:\program files\Lenovo\Access Connections\ACHelper.dll
c:\program files\Lenovo\Access Connections\AcSvcStub.dll
c:\program files\ThinkPad\Bluetooth Software\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\windows\system32\atieclxx.exe
c:\program files\Lenovo\Access Connections\AcPrfMgrSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Raxco\PerfectDisk\PDAgent.exe
c:\program files\Webroot\WebrootSecurity\SpySweeper.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Lenovo\Access Connections\AcSvc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\progra~1\Lenovo\HOTKEY\tpnumlkd.exe
c:\program files\Raxco\PerfectDisk\PDAgentS1.exe
c:\windows\system32\conhost.exe
c:\windows\system32\DllHost.exe
c:\program files\ThinkPad\Bluetooth Software\btwdins.exe
c:\windows\system32\sppsvc.exe
c:\program files\Lenovo\System Update\SUService.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2012-07-23 05:21:39 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-23 09:21
ComboFix2.txt 2012-07-17 04:46
ComboFix3.txt 2012-07-14 08:22
.
Pre-Run: 36,091,809,792 bytes free
Post-Run: 36,139,307,008 bytes free
.
- - End Of File - - 6F7DD147DB893C578DDEB35F234AF133

#10 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:01:22 AM

Posted 24 July 2012 - 02:32 PM

Looking better.

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats is Unchecked and the option Scan unwanted applications is checked
  • Click Scan
    Wait for the scan to finish
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


#11 fiorano

fiorano
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:22 PM

Posted 29 July 2012 - 06:40 AM

Here's what the ESET showed: (it seems to be the same 4 results as the last time I used the ESET scanner.


C:\Users\Brenda\Downloads\bmg.exe multiple threats
C:\Users\Brenda\Downloads\download_downloader_261b(1).exe a variant of Win32/ExpressFiles application
C:\Users\Brenda\Downloads\download_downloader_261b.exe a variant of Win32/ExpressFiles application
C:\Users\Brenda\Downloads\livevdo-plugin-v10.exe Win32/Toolbar.Zugo application


and the log.txt file:


ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
esets_scanner_update returned -1 esets_gle=53251

#12 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:01:22 AM

Posted 29 July 2012 - 11:09 AM

Go ahead and run the scan again, but this time make sure that Remove found threats and Scan unwanted applications are both checked.

Edited by D-FRED-BROWN, 29 July 2012 - 11:09 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users