Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Pop-up ads in lower right corner of Firefox window, and occationally redirected


  • This topic is locked This topic is locked
20 replies to this topic

#1 microwu

microwu

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:02 AM

Posted 12 July 2012 - 03:40 PM

Hi,

I'm running a 64-bit Win 7 laptop. I've tried Avast, Malwarebytes' Anti-Malware and Windows Defender, all with the latest definition, but all the results showed my system is clean. I still see these pop-up ads and sometimes get redirected when I click a link. Please help!
Thank you!!



.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by wu at 16:38:26 on 2012-07-12
Microsoft Windows 7 Professional 6.1.7601.1.950.886.1033.18.3987.1547 [GMT -4:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\DTS.exe
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\ATService.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
C:\Program Files\Lenovo\Lenovo Mouse Suite\PelService.exe
C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Lenovo\Lenovo Mouse Suite\PelElvDm.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Smith Micro\StuffIt 2010\ArcNameService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\TpShocks.exe
C:\Windows\System32\ico.exe
C:\Windows\System32\FSRremoS.EXE
C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Digital Line Detect\DLG.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files (x86)\RotateImage\RCIMGDIR.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Users\wu\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\system32\rundll32.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\AMT\LMS.exe
C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE
C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Windows\system32\crypserv.exe
C:\Program Files (x86)\Stellar Phoenix Outlook PST Repair\CRP32002.NGN
C:\Windows\System32\Pelmiced.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\mbam-chameleon.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com.tw/
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Babylon Toolbar: {98889811-442d-49dd-99d7-dc866be87dbc} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.35.10\BabylonToolbarTlbr.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [AlcoholAutomount] "C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount
uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_235_Plugin.exe -update plugin
mRun: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun: [<NO NAME>]
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [RotateImage] C:\Program Files (x86)\RotateImage\RCIMGDIR.exe
mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
StartupFolder: C:\Users\wu\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\wu\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\wu\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MAGICD~1.LNK - C:\Program Files (x86)\MagicDisc\MagicDisc.exe
StartupFolder: C:\Users\wu\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\ThinkPad\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\DIGITA~1.LNK - C:\Program Files (x86)\Digital Line Detect\DLG.exe
uPolicies-explorer: DisallowCpl = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: DisableCAD = 1 (0x1)
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
DPF: {2B38E40E-977D-4767-919C-2AA29C041618} - hxxps://ebank.bot.com.tw/NNBank/NN/FCardS.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {A6616B31-4860-41E2-98E3-CA7649AF172F} - file:///F:/launch.ocx
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {F9A2A26C-07E3-4B16-8787-6F6051304730} - hxxps://efinance.tcb-bank.com.tw/ActiveX/EATM.cab
TCP: DhcpNameServer = 128.219.232.12 128.219.232.14
TCP: Interfaces\{FE79A0D3-4FA6-4F3C-B040-F2F12BD66B43} : DhcpNameServer = 128.219.232.12 128.219.232.14
TCP: Interfaces\{FE79A0D3-4FA6-4F3C-B040-F2F12BD66B43}\245737970596E656D27657563747 : DhcpNameServer = 24.159.64.23 24.217.201.67 66.189.0.100
TCP: Interfaces\{FE79A0D3-4FA6-4F3C-B040-F2F12BD66B43}\84F445149425 : DhcpNameServer = 192.168.10.1 4.2.2.1
TCP: Interfaces\{FE79A0D3-4FA6-4F3C-B040-F2F12BD66B43}\C457C457 : DhcpNameServer = 192.168.0.1
Handler: ncbi8 - {2B576DD3-0B3E-4718-BCBF-B15E4FB8009D} - C:\Program Files (x86)\Invitrogen\Vector NTI Advance 10\Ncbi.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
LSA: Notification Packages = scecli ACGina
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB-X64: Babylon Toolbar: {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.35.10\BabylonToolbarTlbr.dll
TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
mRun-x64: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun-x64: [(Default)]
mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [RotateImage] C:\Program Files (x86)\RotateImage\RCIMGDIR.exe
mRun-x64: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
Hosts: 64.27.9.109 www.google-analytics.com.
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\wu\AppData\Roaming\Mozilla\Firefox\Profiles\zrsq7ouv.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.tw/
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Veetle\Player\npvlc.dll
FF - plugin: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
.
============= SERVICES / DRIVERS ===============
.
R0 DzHDD64;DzHDD64;C:\Windows\system32\DRIVERS\DzHDD64.sys --> C:\Windows\system32\DRIVERS\DzHDD64.sys [?]
R0 iaNvStor;Intel® Turbo Memory Controller;C:\Windows\system32\DRIVERS\iaNvStor.sys --> C:\Windows\system32\DRIVERS\iaNvStor.sys [?]
R0 TPDIGIMN;TPDIGIMN;C:\Windows\system32\DRIVERS\ApsHM64.sys --> C:\Windows\system32\DRIVERS\ApsHM64.sys [?]
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R1 lenovo.smi;Lenovo System Interface Driver;C:\Windows\system32\DRIVERS\smiifx64.sys --> C:\Windows\system32\DRIVERS\smiifx64.sys [?]
R1 pelmoubt;Mouse Suite Bluetooth Driver;C:\Windows\system32\DRIVERS\pelmoubt.sys --> C:\Windows\system32\DRIVERS\pelmoubt.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AMPPALR3;IntelR CentrinoR Wireless BluetoothR 3.0 + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-8-7 1166848]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 ATService;AuthenTec Fingerprint Service;C:\Windows\system32\ATService.exe --> C:\Windows\system32\ATService.exe [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-3-27 44768]
R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-6-3 134928]
R2 dtsvc;Data Transfer Service;C:\Windows\system32\DTS.exe --> C:\Windows\system32\DTS.exe [?]
R2 HsfXAudioService;HsfXAudioService;C:\Windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-7-18 13592]
R2 LENOVO.CAMMUTE;Lenovo Camera Mute;C:\Program Files\Lenovo\Communications Utility\CamMute.exe [2012-7-5 43584]
R2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe [2012-7-5 62016]
R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe [2012-1-31 133992]
R2 PelService;Session Launcher Service;C:\Program Files\Lenovo\Lenovo Mouse Suite\PelService.exe [2010-2-12 228864]
R2 TPHKLOAD;Lenovo Hotkey Client Loader;C:\Program Files\Lenovo\HOTKEY\tphkload.exe [2012-1-31 145256]
R2 TPHKSVC;On Screen Display;C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe [2012-1-31 142696]
R2 TVicPort64;TVicPort64;C:\Windows\system32\drivers\TVicPort64.sys --> C:\Windows\system32\drivers\TVicPort64.sys [?]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2010-1-15 2058776]
R3 5U875UVC;Integrated Camera;C:\Windows\system32\DRIVERS\RCUVCMNP.sys --> C:\Windows\system32\DRIVERS\RCUVCMNP.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AMPPAL;IntelR CentrinoR Wireless BluetoothR 3.0 + High Speed Virtual Adapter;C:\Windows\system32\DRIVERS\AMPPAL.sys --> C:\Windows\system32\DRIVERS\AMPPAL.sys [?]
R3 ATSwpWDF;AuthenTec TruePrint USB Driver;C:\Windows\system32\Drivers\ATSwpWDF.sys --> C:\Windows\system32\Drivers\ATSwpWDF.sys [?]
R3 CAXHWAZL;CAXHWAZL;C:\Windows\system32\DRIVERS\CAXHWAZL.sys --> C:\Windows\system32\DRIVERS\CAXHWAZL.sys [?]
R3 DozeSvc;Lenovo Doze Mode Service;C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2010-11-3 478056]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;C:\Windows\system32\DRIVERS\e1y62x64.sys --> C:\Windows\system32\DRIVERS\e1y62x64.sys [?]
R3 GenericMount;Generic Mount Driver;C:\Windows\system32\DRIVERS\GenericMount.sys --> C:\Windows\system32\DRIVERS\GenericMount.sys [?]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 intelkmd;intelkmd;C:\Windows\system32\DRIVERS\igdpmd64.sys --> C:\Windows\system32\DRIVERS\igdpmd64.sys [?]
R3 LenovoRd;LenovoRd;C:\Windows\system32\Drivers\LenovoRd.sys --> C:\Windows\system32\Drivers\LenovoRd.sys [?]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\system32\DRIVERS\LEqdUsb.Sys --> C:\Windows\system32\DRIVERS\LEqdUsb.Sys [?]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\system32\DRIVERS\LHidEqd.Sys --> C:\Windows\system32\DRIVERS\LHidEqd.Sys [?]
R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]
R3 Power Manager DBC Service;Power Manager DBC Service;C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe [2010-1-15 89152]
R3 TVTI2C;Lenovo SM bus driver;C:\Windows\system32\DRIVERS\Tvti2c.sys --> C:\Windows\system32\DRIVERS\Tvti2c.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;C:\Program Files\Lenovo\HOTKEY\micmute.exe [2012-3-27 101736]
S2 Secunia CSI Agent;Secunia CSI Agent;C:\CSI\csia.exe --start-service --> C:\CSI\csia.exe --start-service [?]
S2 StarWindServiceAE;StarWind AE Service;C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe --> C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [?]
S3 ADMonitor;AD Monitor;C:\Windows\system32\ADMonitor.exe --> C:\Windows\system32\ADMonitor.exe [?]
S3 AMPPALP;IntelR CentrinoR Wireless BluetoothR 3.0 + High Speed Protocol;C:\Windows\system32\DRIVERS\amppal.sys --> C:\Windows\system32\DRIVERS\amppal.sys [?]
S3 btusbflt;Bluetooth USB Filter;C:\Windows\system32\drivers\btusbflt.sys --> C:\Windows\system32\drivers\btusbflt.sys [?]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
S3 ivusb;Initio Driver for USB Default Controller;C:\Windows\system32\DRIVERS\ivusb.sys --> C:\Windows\system32\DRIVERS\ivusb.sys [?]
S3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\system32\DRIVERS\LVPr2M64.sys --> C:\Windows\system32\DRIVERS\LVPr2M64.sys [?]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]
S3 LVUVC64;Logitech QuickCam Pro 9000(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-25 113120]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 pelbtm;Bluetooth Mouse Filter Driver;C:\Windows\system32\DRIVERS\pelbtm.sys --> C:\Windows\system32\DRIVERS\pelbtm.sys [?]
S3 PwmEWSvc;Cisco EnergyWise Enabler;C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.exe [2012-1-3 175168]
S3 RMWPService;RMWPService;C:\Program Files (x86)\Reference Manager 12\WebPublisher\thirdparty\Apache2\bin\RMWP_Apache_Admin.exe [2004-1-28 20537]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-07-12 18:51:47 -------- d-----w- C:\ProgramData\CrypKey
2012-07-12 18:51:32 28664 ----a-w- C:\Windows\System32\Ckldrv.sys
2012-07-12 18:51:32 27648 ----a-r- C:\Windows\Setup_ck.exe
2012-07-12 18:51:32 18432 ----a-w- C:\Windows\Setup_ck.dll
2012-07-12 18:51:32 165888 ----a-w- C:\Windows\Ckconfig.exe
2012-07-12 18:51:32 122880 ----a-w- C:\Windows\System32\Crypserv.exe
2012-07-12 18:51:32 11776 ----a-w- C:\Windows\Ckrfresh.exe
2012-07-12 18:51:28 178176 ----a-w- C:\Windows\SysWow64\StellarProfile.dll
2012-07-12 18:51:28 1207808 ----a-w- C:\Windows\SysWow64\PhoenixDll.dll
2012-07-12 18:51:20 -------- d-----w- C:\Program Files (x86)\Stellar Phoenix Outlook PST Repair
2012-07-12 07:04:38 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{BA898C21-BED4-47F7-9120-56C6042C329C}\offreg.dll
2012-07-12 07:03:37 9013136 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{BA898C21-BED4-47F7-9120-56C6042C329C}\mpengine.dll
2012-07-12 04:07:59 388096 ----a-r- C:\Users\wu\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-07-12 04:07:59 -------- d-----w- C:\Program Files (x86)\Trend Micro
2012-07-11 04:04:22 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-10 23:19:09 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-07-07 04:06:38 86528 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2012-07-07 03:55:36 -------- d-----w- C:\Windows\System32\SPReview
2012-07-07 03:54:48 -------- d-----w- C:\Windows\System32\EventProviders
2012-07-07 03:40:17 48976 ----a-w- C:\Windows\System32\netfxperf.dll
2012-07-07 03:40:17 1942856 ----a-w- C:\Windows\System32\dfshim.dll
2012-07-07 03:38:59 428032 ----a-w- C:\Windows\SysWow64\secproc.dll
2012-07-07 03:37:59 849920 ----a-w- C:\Windows\System32\qmgr.dll
2012-07-07 03:36:59 285696 ----a-w- C:\Windows\System32\schtasks.exe
2012-07-07 03:35:59 92672 ----a-w- C:\Windows\System32\TabSvc.dll
2012-07-07 03:34:59 413696 ----a-w- C:\Windows\SysWow64\PhotoScreensaver.scr
2012-07-07 03:33:59 663040 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2012-07-07 03:32:58 9728 ----a-w- C:\Windows\SysWow64\sscore.dll
2012-07-07 03:31:50 189952 ----a-w- C:\Windows\SysWow64\sqmapi.dll
2012-07-07 03:31:48 209920 ----a-w- C:\Windows\SysWow64\PkgMgr.exe
2012-07-07 03:31:48 189952 ----a-w- C:\Windows\SysWow64\wdscore.dll
2012-07-07 03:31:40 323072 ----a-w- C:\Windows\SysWow64\drvstore.dll
2012-07-07 03:31:39 257024 ----a-w- C:\Windows\SysWow64\dpx.dll
2012-07-07 03:31:35 189952 ----a-w- C:\Program Files (x86)\Windows Portable Devices\sqmapi.dll
2012-07-07 03:31:34 606208 ----a-w- C:\Windows\SysWow64\wbem\fastprox.dll
2012-07-07 03:31:34 363008 ----a-w- C:\Windows\SysWow64\wbemcomn.dll
2012-07-07 03:29:59 529408 ----a-w- C:\Windows\System32\wbemcomn.dll
2012-07-07 03:29:59 524288 ----a-w- C:\Windows\System32\wmicmiplugin.dll
2012-07-07 03:29:59 244736 ----a-w- C:\Program Files\Windows Portable Devices\sqmapi.dll
2012-07-07 03:29:59 1225216 ----a-w- C:\Windows\System32\wbem\wbemcore.dll
2012-07-07 03:29:49 244736 ----a-w- C:\Windows\System32\sqmapi.dll
2012-07-07 03:29:48 933376 ----a-w- C:\Windows\System32\SmiEngine.dll
2012-07-07 03:29:44 199168 ----a-w- C:\Windows\System32\PkgMgr.exe
2012-07-07 03:29:19 422912 ----a-w- C:\Windows\System32\drvstore.dll
2012-07-07 03:29:19 399872 ----a-w- C:\Windows\System32\dpx.dll
2012-07-02 16:22:25 -------- d-----w- C:\Users\wu\AppData\Local\{16B5E7BA-375E-4786-B1B5-68F1C84F0982}
2012-07-02 16:17:49 -------- d-----w- C:\Users\wu\AppData\Local\{2EFAC366-A508-4422-A394-F928C38C5AD3}
2012-07-02 15:26:19 -------- dc----w- C:\Users\wu\AppData\Local\MigWiz
2012-07-02 15:17:19 -------- d-----w- C:\Users\wu\AppData\Local\{5FF53A8D-0A15-4E98-BF2E-E769A4A81CA2}
2012-07-02 15:15:37 -------- d-----w- C:\Users\wu\AppData\Local\Panasonic
2012-07-02 15:10:40 -------- d-----w- C:\Users\wu\AppData\Local\Apple Computer
2012-06-29 04:00:22 -------- d-----w- C:\Program Files (x86)\Garmin GPS Plugin
2012-06-29 04:00:21 -------- d-----w- C:\Program Files\Garmin GPS Plugin
2012-06-29 04:00:13 -------- d-----w- C:\Program Files (x86)\Garmin
2012-06-14 19:00:05 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-06-14 19:00:05 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-06-14 19:00:05 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-06-14 18:56:57 33792 ----a-w- C:\Windows\System32\profprov.dll
2012-06-14 18:56:57 209920 ----a-w- C:\Windows\System32\profsvc.dll
2012-06-14 18:56:50 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-06-14 18:56:47 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-06-14 18:56:47 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-06-14 18:56:37 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-06-14 18:56:30 2342400 ----a-w- C:\Windows\SysWow64\msi.dll
2012-06-14 18:56:29 3216384 ----a-w- C:\Windows\System32\msi.dll
2012-06-14 18:55:50 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-06-14 18:55:50 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-06-14 18:55:50 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-06-14 18:55:50 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-06-14 18:55:49 1462272 ----a-w- C:\Windows\System32\crypt32.dll
2012-06-14 18:55:49 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-06-14 18:45:25 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-14 18:45:20 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-14 18:45:16 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-14 18:45:16 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-12 23:46:48 94208 ----a-w- C:\Program Files (x86)\Common Files\System\Ole DB\msdaosp.dll
2012-06-12 23:46:48 163840 ----a-w- C:\Windows\System32\odbccp32.dll
2012-06-12 23:46:48 126976 ----a-w- C:\Program Files\Common Files\System\Ole DB\msdaosp.dll
2012-06-12 23:46:48 122880 ----a-w- C:\Windows\SysWow64\odbccp32.dll
2012-06-12 23:46:48 106496 ----a-w- C:\Windows\System32\odbccr32.dll
2012-06-12 23:46:47 86016 ----a-w- C:\Windows\SysWow64\odbccu32.dll
2012-06-12 23:46:47 81920 ----a-w- C:\Windows\SysWow64\odbccr32.dll
2012-06-12 23:46:47 319488 ----a-w- C:\Windows\SysWow64\odbcjt32.dll
2012-06-12 23:46:47 106496 ----a-w- C:\Windows\System32\odbccu32.dll
2012-06-12 23:46:46 212992 ----a-w- C:\Windows\System32\odbctrac.dll
2012-06-12 23:46:46 163840 ----a-w- C:\Windows\SysWow64\odbctrac.dll
2012-06-12 23:45:32 1544704 ----a-w- C:\Windows\System32\DWrite.dll
2012-06-12 23:45:31 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-06-12 23:44:56 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll
2012-06-12 23:44:55 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll
2012-06-12 23:41:02 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2012-06-12 23:41:02 366592 ----a-w- C:\Windows\System32\qdvd.dll
2012-06-12 23:41:01 1572864 ----a-w- C:\Windows\System32\quartz.dll
2012-06-12 23:41:01 1328128 ----a-w- C:\Windows\SysWow64\quartz.dll
2012-06-12 23:40:28 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2012-06-12 23:40:28 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
2012-06-12 23:39:55 288768 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2012-06-12 23:38:42 31232 ----a-w- C:\Windows\System32\lsass.exe
2012-06-12 23:38:41 29184 ----a-w- C:\Windows\System32\sspisrv.dll
2012-06-12 23:38:41 28160 ----a-w- C:\Windows\System32\secur32.dll
2012-06-12 23:38:40 1447936 ----a-w- C:\Windows\System32\lsasrv.dll
2012-06-12 23:38:40 136192 ----a-w- C:\Windows\System32\sspicli.dll
2012-06-12 23:38:39 395776 ----a-w- C:\Windows\System32\webio.dll
2012-06-12 23:38:39 314880 ----a-w- C:\Windows\SysWow64\webio.dll
2012-06-12 23:31:39 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2012-06-12 23:30:45 515584 ----a-w- C:\Windows\System32\timedate.cpl
2012-06-12 23:30:45 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl
2012-06-12 23:20:01 -------- d-----r- C:\Program Files (x86)\Skype
2012-06-12 23:15:30 75776 ----a-w- C:\Windows\System32\MSDvbNP.ax
2012-06-12 23:15:30 72704 ----a-w- C:\Windows\SysWow64\Mpeg2Data.ax
2012-06-12 23:15:30 59904 ----a-w- C:\Windows\SysWow64\MSDvbNP.ax
2012-06-12 23:15:30 288256 ----a-w- C:\Windows\System32\MSNP.ax
2012-06-12 23:15:29 613888 ----a-w- C:\Windows\System32\psisdecd.dll
2012-06-12 23:15:29 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll
2012-06-12 23:15:29 204288 ----a-w- C:\Windows\SysWow64\MSNP.ax
2012-06-12 23:15:29 104960 ----a-w- C:\Windows\System32\Mpeg2Data.ax
2012-06-12 23:15:28 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax
2012-06-12 23:15:28 108032 ----a-w- C:\Windows\System32\psisrndr.ax
2012-06-12 23:15:06 498688 ----a-w- C:\Windows\System32\drivers\afd.sys
2012-06-12 23:14:57 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2012-06-12 23:14:31 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-06-12 23:14:30 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-06-12 23:14:30 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-06-12 23:05:19 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-06-12 23:05:19 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-06-12 23:05:19 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-06-12 23:05:19 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-06-12 23:05:18 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-06-12 23:05:18 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-06-12 23:05:18 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-06-12 22:59:05 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll
2012-06-12 22:59:05 634880 ----a-w- C:\Windows\System32\msvcrt.dll
2012-06-12 22:58:28 331776 ----a-w- C:\Windows\System32\oleacc.dll
2012-06-12 22:58:28 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
2012-06-12 22:58:27 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2012-06-12 22:58:27 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2012-06-12 22:58:24 723456 ----a-w- C:\Windows\System32\EncDec.dll
2012-06-12 22:58:24 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
2012-06-12 22:58:00 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-06-12 22:58:00 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-06-12 22:57:54 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-06-12 22:57:43 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-06-12 22:57:42 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2012-06-12 22:57:33 1731920 ----a-w- C:\Windows\System32\ntdll.dll
2012-06-12 22:57:32 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll
2012-06-12 22:57:29 77312 ----a-w- C:\Windows\System32\packager.dll
2012-06-12 22:57:29 67072 ----a-w- C:\Windows\SysWow64\packager.dll
.
==================== Find3M ====================
.
2012-07-07 04:03:06 175616 ----a-w- C:\Windows\System32\msclmd.dll
2012-07-07 04:03:06 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2012-07-03 17:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-06-12 23:05:09 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-05-31 16:25:12 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-05-24 10:36:25 955848 ----a-w- C:\Windows\System32\npDeployJava1.dll
2012-05-24 10:36:25 839112 ----a-w- C:\Windows\System32\deployJava1.dll
2012-05-23 02:19:25 221696 ----a-w- C:\Windows\System32\liunt.ime
2012-05-23 02:19:25 183296 ----a-w- C:\Windows\SysWow64\liunt.ime
2012-05-11 06:24:14 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-11 06:24:14 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-04-19 01:56:30 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2012-04-19 01:56:30 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
.
============= FINISH: 16:38:49.80 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:02 AM

Posted 13 July 2012 - 12:31 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 microwu

microwu
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:02 AM

Posted 13 July 2012 - 08:22 AM

Thank you Gringo, I will run the tests later today.

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:02 AM

Posted 13 July 2012 - 12:32 PM

OK I will be waiting for them



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 microwu

microwu
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:02 AM

Posted 13 July 2012 - 10:01 PM

Here's the securitycheck log:

Results of screen317's Security Check version 0.99.42
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
avast! Antivirus
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
secunia4
Malwarebytes Anti-Malware version 1.61.0.1400
Java™ 6 Update 31
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player 11.2.202.235 Flash Player out of Date!
Mozilla Firefox (13.0.1)
Google Chrome 19.0.1084.52
Google Chrome 19.0.1084.56
````````Process Check: objlist.exe by Laurent````````
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:02 AM

Posted 13 July 2012 - 10:02 PM

:thumbup2:
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 microwu

microwu
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:02 AM

Posted 13 July 2012 - 10:26 PM

And the ComboFix log. I just randomly browsed a few pages and didn't see pop-up ads.

ComboFix 12-07-13.03 - wu 07/13/2012 22:33:07.2.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3987.2018 [GMT -4:00]
Running from: d:\wu\desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-06-14 to 2012-07-14 )))))))))))))))))))))))))))))))
.
.
2012-07-14 02:42 . 2012-07-14 02:42 -------- d-----w- c:\users\wu.VETMED\AppData\Local\temp
2012-07-14 02:42 . 2012-07-14 02:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-14 01:13 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AE10A029-40E0-42F9-B4BE-6EBD202A0DE6}\mpengine.dll
2012-07-12 18:51 . 2012-07-12 18:51 -------- d-----w- c:\programdata\CrypKey
2012-07-12 18:51 . 2008-05-07 23:29 122880 ----a-w- c:\windows\system32\Crypserv.exe
2012-07-12 18:51 . 2008-03-17 17:12 28664 ----a-w- c:\windows\system32\Ckldrv.sys
2012-07-12 18:51 . 1999-06-18 20:49 165888 ----a-w- c:\windows\Ckconfig.exe
2012-07-12 18:51 . 1996-05-03 16:21 27648 ----a-r- c:\windows\Setup_ck.exe
2012-07-12 18:51 . 1996-05-03 14:36 18432 ----a-w- c:\windows\Setup_ck.dll
2012-07-12 18:51 . 1995-07-04 17:33 11776 ----a-w- c:\windows\Ckrfresh.exe
2012-07-12 18:51 . 2006-04-17 15:56 1207808 ----a-w- c:\windows\SysWow64\PhoenixDll.dll
2012-07-12 18:51 . 2004-10-17 01:46 178176 ----a-w- c:\windows\SysWow64\StellarProfile.dll
2012-07-12 18:51 . 2012-07-12 18:51 -------- d-----w- c:\program files (x86)\Stellar Phoenix Outlook PST Repair
2012-07-12 04:07 . 2012-07-12 04:07 388096 ----a-r- c:\users\wu\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-07-12 04:07 . 2012-07-12 04:07 -------- d-----w- c:\program files (x86)\Trend Micro
2012-07-11 04:04 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-10 23:19 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-07-07 04:06 . 2012-07-07 04:06 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-07-07 03:55 . 2012-07-07 03:55 -------- d-----w- c:\windows\system32\SPReview
2012-07-07 03:54 . 2012-07-07 03:54 -------- d-----w- c:\windows\system32\EventProviders
2012-07-07 03:40 . 2010-11-05 01:57 48976 ----a-w- c:\windows\system32\netfxperf.dll
2012-07-07 03:40 . 2010-11-05 01:57 1942856 ----a-w- c:\windows\system32\dfshim.dll
2012-07-07 03:38 . 2010-11-20 12:20 428032 ----a-w- c:\windows\SysWow64\secproc.dll
2012-07-07 03:37 . 2010-11-20 13:27 849920 ----a-w- c:\windows\system32\qmgr.dll
2012-07-07 03:36 . 2010-11-20 13:27 1243136 ----a-w- c:\windows\system32\WMNetMgr.dll
2012-07-07 03:35 . 2010-11-20 13:32 112000 ----a-w- c:\windows\system32\consent.exe
2012-07-07 03:34 . 2010-11-20 13:27 335360 ----a-w- c:\windows\system32\msieftp.dll
2012-07-07 03:33 . 2010-11-20 12:21 105984 ----a-w- c:\windows\SysWow64\WPDShServiceObj.dll
2012-07-07 03:32 . 2010-11-20 13:27 28160 ----a-w- c:\windows\system32\shgina.dll
2012-07-07 03:31 . 2010-11-20 12:21 189952 ----a-w- c:\windows\SysWow64\sqmapi.dll
2012-07-07 03:31 . 2010-11-20 12:21 189952 ----a-w- c:\windows\SysWow64\wdscore.dll
2012-07-07 03:31 . 2010-11-20 12:17 209920 ----a-w- c:\windows\SysWow64\PkgMgr.exe
2012-07-07 03:31 . 2010-11-20 12:18 323072 ----a-w- c:\windows\SysWow64\drvstore.dll
2012-07-07 03:31 . 2010-11-20 12:18 257024 ----a-w- c:\windows\SysWow64\dpx.dll
2012-07-07 03:31 . 2010-11-20 12:21 189952 ----a-w- c:\program files (x86)\Windows Portable Devices\sqmapi.dll
2012-07-07 03:31 . 2010-11-20 12:21 363008 ----a-w- c:\windows\SysWow64\wbemcomn.dll
2012-07-07 03:31 . 2010-11-20 12:19 606208 ----a-w- c:\windows\SysWow64\wbem\fastprox.dll
2012-07-07 03:29 . 2010-11-20 13:27 524288 ----a-w- c:\windows\system32\wmicmiplugin.dll
2012-07-07 03:29 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll
2012-07-07 03:29 . 2010-11-20 13:27 1225216 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2012-07-07 03:29 . 2010-11-20 13:27 244736 ----a-w- c:\program files\Windows Portable Devices\sqmapi.dll
2012-07-07 03:29 . 2010-11-20 13:27 244736 ----a-w- c:\windows\system32\sqmapi.dll
2012-07-07 03:29 . 2010-11-20 13:27 933376 ----a-w- c:\windows\system32\SmiEngine.dll
2012-07-07 03:29 . 2010-11-20 13:25 199168 ----a-w- c:\windows\system32\PkgMgr.exe
2012-07-07 03:29 . 2010-11-20 13:26 422912 ----a-w- c:\windows\system32\drvstore.dll
2012-07-07 03:29 . 2010-11-20 13:26 399872 ----a-w- c:\windows\system32\dpx.dll
2012-07-02 15:43 . 2012-07-09 02:38 -------- d-----w- c:\users\Administrator
2012-07-02 15:26 . 2012-07-06 14:22 -------- dc----w- c:\users\wu\AppData\Local\MigWiz
2012-07-02 15:15 . 2012-07-02 15:15 -------- d-----w- c:\users\wu\AppData\Local\Panasonic
2012-07-02 15:10 . 2012-07-02 15:10 -------- d-----w- c:\users\wu\AppData\Local\Apple Computer
2012-06-29 04:00 . 2012-06-29 04:00 -------- d-----w- c:\program files (x86)\Garmin GPS Plugin
2012-06-29 04:00 . 2012-06-29 04:00 -------- d-----w- c:\program files\Garmin GPS Plugin
2012-06-29 04:00 . 2012-06-29 04:00 -------- d-----w- c:\program files (x86)\Garmin
2012-06-14 19:00 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-14 19:00 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-14 19:00 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-14 18:56 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-06-14 18:56 . 2010-11-20 13:27 33792 ----a-w- c:\windows\system32\profprov.dll
2012-06-14 18:56 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-06-14 18:56 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-06-14 18:56 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-06-14 18:56 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-14 18:56 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll
2012-06-14 18:56 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll
2012-06-14 18:55 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-14 18:55 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-14 18:55 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-06-14 18:55 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-06-14 18:55 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-06-14 18:55 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-06-14 18:45 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-14 18:45 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-14 18:45 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-14 18:45 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-14 18:45 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-14 18:45 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-14 18:45 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-14 18:45 . 2012-06-02 20:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-14 18:45 . 2012-06-02 20:15 36864 ----a-w- c:\windows\system32\wuapp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-07 04:03 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-07-07 04:03 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-07-03 17:46 . 2012-05-21 02:35 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-12 23:05 . 2010-10-20 16:23 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-05-31 16:25 . 2010-11-03 21:05 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-05-24 10:36 . 2012-05-24 10:36 955848 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-05-24 10:36 . 2010-10-20 16:24 839112 ----a-w- c:\windows\system32\deployJava1.dll
2012-05-23 02:19 . 2012-05-23 02:19 221696 ----a-w- c:\windows\system32\liunt.ime
2012-05-23 02:19 . 2012-05-23 02:19 183296 ----a-w- c:\windows\SysWow64\liunt.ime
2012-05-11 06:24 . 2012-04-26 03:49 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-11 06:24 . 2011-06-16 16:40 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-19 01:56 . 2012-04-19 01:56 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2012-04-19 01:56 . 2012-04-19 01:56 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-14_02.00.28 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2012-07-14 01:59 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-07-14 02:17 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-07-14 02:17 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-14 01:59 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-14 01:59 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-07-14 02:17 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 05:10 . 2012-07-14 02:19 64080 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-01-15 07:41 . 2012-07-14 02:19 16544 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3113954878-1287357467-2695863750-1000_UserData.bin
+ 2010-02-18 05:10 . 2012-07-14 02:12 3298 c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2012-07-14 01:59 . 2012-07-14 01:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-14 02:17 . 2012-07-14 02:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-14 02:17 . 2012-07-14 02:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-07-14 01:59 . 2012-07-14 01:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-01-15 07:41 . 2012-07-14 02:19 119670 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:01 . 2012-07-14 01:58 402232 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-07-14 02:16 402232 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 02:36 . 2012-07-14 02:24 1998568 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-07-14 02:24 1299036 c:\windows\system32\perfc009.dat
+ 2009-07-14 04:45 . 2012-07-14 02:17 2288696 c:\windows\system32\FNTCACHE.DAT
- 2010-01-15 08:15 . 2012-07-14 01:58 5471176 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2010-01-15 08:15 . 2012-07-14 02:16 5471176 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2012-07-05 18:10 . 2012-07-14 02:16 41508896 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3113954878-1287357467-2695863750-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\wu\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\wu\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\wu\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\wu\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2011-11-30 1631808]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2012-03-26 40376]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2012-03-26 640440]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"RotateImage"="c:\program files (x86)\RotateImage\RCIMGDIR.exe" [2008-10-30 55808]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-08-12 205336]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-05-20 284440]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-04-24 98304]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-07 4241512]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
.
c:\users\wu.VETMED\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\wu\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
MagicDisc.lnk - c:\program files (x86)\MagicDisc\MagicDisc.exe [2010-11-2 576000]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\users\wu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\wu\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
MagicDisc.lnk - c:\program files (x86)\MagicDisc\MagicDisc.exe [2010-11-2 576000]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2010-8-5 1090848]
Digital Line Detect.lnk - c:\program files (x86)\Digital Line Detect\DLG.exe [2010-11-2 50688]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DisallowCpl"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200404]
Ime File REG_SZ LIUNT.IME
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2011-07-12 101736]
R2 Secunia CSI Agent;Secunia CSI Agent;c:\csi\csia.exe [2011-01-27 681472]
R3 ADMonitor;AD Monitor;c:\windows\system32\ADMonitor.exe [2010-10-21 130048]
R3 ALSysIO;ALSysIO;c:\users\WUBC06~1.VET\AppData\Local\Temp\ALSysIO64.sys [x]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [2011-08-07 299008]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-08-18 54824]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-08-18 35104]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2010-07-28 29720]
R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [2010-05-08 30304]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-17 113120]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2010-03-18 7680512]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-08-28 5435904]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2010-04-28 82816]
R3 pelbtm;Bluetooth Mouse Filter Driver;c:\windows\system32\DRIVERS\pelbtm.sys [2007-09-20 16384]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2011-11-30 89152]
R3 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE [2011-11-30 175168]
R3 RMWPService;RMWPService;c:\program files (x86)\Reference Manager 12\WebPublisher\thirdparty\Apache2\bin\RMWP_Apache_Admin.exe [2004-01-29 20537]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-02-27 1255736]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [x]
S0 DzHDD64;DzHDD64;c:\windows\System32\DRIVERS\DzHDD64.sys [2011-11-30 31344]
S0 iaNvStor;Intel® Turbo Memory Controller;c:\windows\system32\DRIVERS\iaNvStor.sys [2009-08-21 344600]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys [2011-03-29 23664]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys [2010-09-07 15472]
S1 pelmoubt;Mouse Suite Bluetooth Driver;c:\windows\system32\DRIVERS\pelmoubt.sys [2009-04-23 22016]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-04-25 203776]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-08-07 1166848]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-03-07 69976]
S2 ATService;AuthenTec Fingerprint Service;c:\windows\system32\ATService.exe [2010-10-21 2715456]
S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-06-03 134928]
S2 dtsvc;Data Transfer Service;c:\windows\system32\DTS.exe [2010-10-21 117760]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-05-20 13592]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [2012-01-16 43584]
S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [2012-01-16 62016]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2011-07-12 133992]
S2 PelService;Session Launcher Service;c:\program files\Lenovo\Lenovo Mouse Suite\PelService.exe [2009-11-13 228864]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [2011-07-12 145256]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2011-07-12 142696]
S2 TVicPort64;TVicPort64; [x]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2010-02-04 2058776]
S3 5U875UVC;Integrated Camera;c:\windows\system32\DRIVERS\RCUVCMNP.sys [2009-10-23 220032]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-04-25 8013312]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-04-25 287232]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2011-08-07 299008]
S3 ATSwpWDF;AuthenTec TruePrint USB Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [2010-10-21 735616]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [2009-06-30 292864]
S3 DozeSvc;Lenovo Doze Mode Service;c:\program files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2011-11-30 478056]
S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y62x64.sys [2010-04-07 290008]
S3 GenericMount;Generic Mount Driver;c:\windows\system32\DRIVERS\GenericMount.sys [2009-09-22 54320]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-06-23 56344]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [2010-08-25 10611552]
S3 LenovoRd;LenovoRd;c:\windows\system32\Drivers\LenovoRd.sys [2009-05-11 118016]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [2009-06-17 74256]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [2009-06-17 13328]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2012-01-18 351136]
S3 LVUVC64;Logitech QuickCam Pro 9000(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2011-08-03 8604672]
S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys [2009-07-02 41536]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-159135561-1085475936-622671684-4151Core.job
- c:\users\wu.VETMED\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-25 03:47]
.
2012-07-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-159135561-1085475936-622671684-4151UA.job
- c:\users\wu.VETMED\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-25 03:47]
.
2012-07-14 c:\windows\Tasks\SDMsgUpdate (SD).job
- c:\progra~2\SMARTD~1\Messages\SDNotify.exe [2011-06-16 16:21]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-07 00:15 135408 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\wu\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\wu\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\wu\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\wu\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FingerPrintSoftware"="c:\program files\Lenovo Fingerprint Software\fpapp.exe \s" [X]
"FingerPrintSoftwareSplashScreen"="c:\program files\Lenovo Fingerprint Software\SplashScreen.exe \s" [X]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"TpShocks"="TpShocks.exe" [2011-03-29 380776]
"picon"="c:\program files (x86)\Common Files\Intel\Privacy Icon\PIconStartup.exe" [2010-02-04 111640]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768]
"AcWin7Hlpr"="c:\program files (x86)\Lenovo\Access Connections\AcTBenabler.exe" [2012-04-20 33344]
"IaNvSrv"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe" [2009-10-06 33304]
"Mouse Suite 98 Daemon"="ICO.EXE" [2007-09-17 92160]
"Daemon for Mouse Suite"="c:\program files\Lenovo\Lenovo Mouse Suite\ICO.EXE" [2007-09-17 92160]
"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2012-01-16 44096]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 415256]
"ResetACGauge"="c:\program files (x86)\Lenovo\Access Connections\smbhlpr.exe" [2012-04-20 154688]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com.tw/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.0.1
Handler: ncbi8 - {2B576DD3-0B3E-4718-BCBF-B15E4FB8009D} - c:\program files (x86)\Invitrogen\Vector NTI Advance 10\Ncbi.dll
DPF: {2B38E40E-977D-4767-919C-2AA29C041618} - hxxps://ebank.bot.com.tw/NNBank/NN/FCardS.CAB
DPF: {A6616B31-4860-41E2-98E3-CA7649AF172F} - file:///F:/launch.ocx
DPF: {F9A2A26C-07E3-4B16-8787-6F6051304730} - hxxps://efinance.tcb-bank.com.tw/ActiveX/EATM.cab
FF - ProfilePath - c:\users\wu\AppData\Roaming\Mozilla\Firefox\Profiles\zrsq7ouv.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.tw/
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-07-13 22:44:15
ComboFix-quarantined-files.txt 2012-07-14 02:44
.
Pre-Run: 43,938,680,832 bytes free
Post-Run: 43,872,534,528 bytes free
.
- - End Of File - - CFB0B77B1D31E55BD42897B37F3290D7

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:02 AM

Posted 13 July 2012 - 10:27 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 microwu

microwu
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:02 AM

Posted 13 July 2012 - 10:34 PM

TDSSKiller did not find any threats:

23:31:33.0767 5740 TDSS rootkit removing tool 2.7.45.0 Jul 9 2012 12:46:35
23:31:34.0124 5740 ============================================================
23:31:34.0124 5740 Current date / time: 2012/07/13 23:31:34.0124
23:31:34.0124 5740 SystemInfo:
23:31:34.0124 5740
23:31:34.0125 5740 OS Version: 6.1.7601 ServicePack: 1.0
23:31:34.0125 5740 Product type: Workstation
23:31:34.0125 5740 ComputerName: THINKPAD-WU
23:31:34.0125 5740 UserName: wu
23:31:34.0125 5740 Windows directory: C:\Windows
23:31:34.0125 5740 System windows directory: C:\Windows
23:31:34.0125 5740 Running under WOW64
23:31:34.0125 5740 Processor architecture: Intel x64
23:31:34.0125 5740 Number of processors: 2
23:31:34.0125 5740 Page size: 0x1000
23:31:34.0125 5740 Boot type: Normal boot
23:31:34.0125 5740 ============================================================
23:31:34.0633 5740 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xFC59, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
23:31:34.0639 5740 ============================================================
23:31:34.0639 5740 \Device\Harddisk1\DR1:
23:31:34.0639 5740 MBR partitions:
23:31:34.0639 5740 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xC7FF53F
23:31:34.0639 5740 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0xC7FF57E, BlocksNum 0x25801F3B
23:31:34.0639 5740 ============================================================
23:31:34.0674 5740 C: <-> \Device\Harddisk1\DR1\Partition0
23:31:34.0693 5740 D: <-> \Device\Harddisk1\DR1\Partition1
23:31:34.0694 5740 ============================================================
23:31:34.0694 5740 Initialize success
23:31:34.0694 5740 ============================================================
23:31:38.0362 4668 ============================================================
23:31:38.0362 4668 Scan started
23:31:38.0362 4668 Mode: Manual;
23:31:38.0362 4668 ============================================================
23:31:38.0765 4668 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
23:31:38.0767 4668 1394ohci - ok
23:31:38.0822 4668 5U875UVC (fa84047290e5091790a2670e9fd365ee) C:\Windows\system32\DRIVERS\RCUVCMNP.sys
23:31:38.0826 4668 5U875UVC - ok
23:31:38.0867 4668 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
23:31:38.0871 4668 ACPI - ok
23:31:38.0889 4668 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
23:31:38.0890 4668 AcpiPmi - ok
23:31:39.0058 4668 AcPrfMgrSvc (8398cf0ef0d21272d1786682a966f01a) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
23:31:39.0060 4668 AcPrfMgrSvc - ok
23:31:39.0143 4668 AcSvc (da76db4141000f4008a6474af975264b) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
23:31:39.0146 4668 AcSvc - ok
23:31:39.0190 4668 ADMonitor (1c542bdd302c037e6e0b3da1dd221c4b) C:\Windows\system32\ADMonitor.exe
23:31:39.0192 4668 ADMonitor - ok
23:31:39.0318 4668 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
23:31:39.0319 4668 AdobeARMservice - ok
23:31:39.0387 4668 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
23:31:39.0392 4668 adp94xx - ok
23:31:39.0448 4668 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
23:31:39.0452 4668 adpahci - ok
23:31:39.0477 4668 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
23:31:39.0480 4668 adpu320 - ok
23:31:39.0514 4668 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
23:31:39.0515 4668 AeLookupSvc - ok
23:31:39.0575 4668 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
23:31:39.0581 4668 AFD - ok
23:31:39.0631 4668 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
23:31:39.0633 4668 agp440 - ok
23:31:39.0650 4668 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
23:31:39.0651 4668 ALG - ok
23:31:39.0686 4668 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
23:31:39.0688 4668 aliide - ok
23:31:39.0802 4668 ALSysIO - ok
23:31:39.0860 4668 AMD External Events Utility (0b387cbb0c445893ea4907df6312d367) C:\Windows\system32\atiesrxx.exe
23:31:39.0863 4668 AMD External Events Utility - ok
23:31:39.0938 4668 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
23:31:39.0939 4668 amdide - ok
23:31:39.0986 4668 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
23:31:39.0988 4668 AmdK8 - ok
23:31:40.0358 4668 amdkmdag (393d90b57b1fa56caf4e6ccc7a55b069) C:\Windows\system32\DRIVERS\atikmdag.sys
23:31:40.0426 4668 amdkmdag - ok
23:31:40.0615 4668 amdkmdap (62171b584a80e74fff16a55bf95dd4c6) C:\Windows\system32\DRIVERS\atikmpag.sys
23:31:40.0619 4668 amdkmdap - ok
23:31:40.0657 4668 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
23:31:40.0658 4668 AmdPPM - ok
23:31:40.0700 4668 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
23:31:40.0702 4668 amdsata - ok
23:31:40.0722 4668 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
23:31:40.0724 4668 amdsbs - ok
23:31:40.0736 4668 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
23:31:40.0739 4668 amdxata - ok
23:31:40.0807 4668 AMPPAL (7d9e301ab3247765702d0b65e2e47e50) C:\Windows\system32\DRIVERS\AMPPAL.sys
23:31:40.0811 4668 AMPPAL - ok
23:31:40.0816 4668 AMPPALP (7d9e301ab3247765702d0b65e2e47e50) C:\Windows\system32\DRIVERS\amppal.sys
23:31:40.0818 4668 AMPPALP - ok
23:31:40.0957 4668 AMPPALR3 (864c632b999be1237a3dc46736e71f27) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
23:31:40.0963 4668 AMPPALR3 - ok
23:31:41.0119 4668 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
23:31:41.0121 4668 AppID - ok
23:31:41.0141 4668 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
23:31:41.0144 4668 AppIDSvc - ok
23:31:41.0174 4668 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
23:31:41.0175 4668 Appinfo - ok
23:31:41.0226 4668 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
23:31:41.0228 4668 AppMgmt - ok
23:31:41.0275 4668 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
23:31:41.0277 4668 arc - ok
23:31:41.0293 4668 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
23:31:41.0295 4668 arcsas - ok
23:31:41.0418 4668 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
23:31:41.0419 4668 aspnet_state - ok
23:31:41.0463 4668 aswFsBlk (b9da213b5271db5fce962d827e6d620d) C:\Windows\system32\drivers\aswFsBlk.sys
23:31:41.0465 4668 aswFsBlk - ok
23:31:41.0521 4668 aswMonFlt (21c9835d0e5ad2ff0f16134bcb32cc71) C:\Windows\system32\drivers\aswMonFlt.sys
23:31:41.0522 4668 aswMonFlt - ok
23:31:41.0564 4668 aswRdr (1b96a5867abd4fa6135d8298fcccf9c6) C:\Windows\System32\Drivers\aswrdr2.sys
23:31:41.0565 4668 aswRdr - ok
23:31:41.0646 4668 aswSnx (6e98bb288696777a3a8a07a52b0eaee9) C:\Windows\system32\drivers\aswSnx.sys
23:31:41.0655 4668 aswSnx - ok
23:31:41.0694 4668 aswSP (d9fb49f16e4eb02efecae8cbfe4bcb4c) C:\Windows\system32\drivers\aswSP.sys
23:31:41.0698 4668 aswSP - ok
23:31:41.0725 4668 aswTdi (7352bb9a564b94bbd7c9cbf165f55006) C:\Windows\system32\drivers\aswTdi.sys
23:31:41.0726 4668 aswTdi - ok
23:31:41.0763 4668 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
23:31:41.0765 4668 AsyncMac - ok
23:31:41.0800 4668 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
23:31:41.0802 4668 atapi - ok
23:31:42.0139 4668 atikmdag (393d90b57b1fa56caf4e6ccc7a55b069) C:\Windows\system32\DRIVERS\atikmdag.sys
23:31:42.0178 4668 atikmdag - ok
23:31:42.0444 4668 ATService (6409b498a62fac28458feed846b1b41a) C:\Windows\system32\ATService.exe
23:31:42.0471 4668 ATService - ok
23:31:42.0646 4668 ATSwpWDF (599fde158b87eb33538fb0cea1a5813f) C:\Windows\system32\Drivers\ATSwpWDF.sys
23:31:42.0654 4668 ATSwpWDF - ok
23:31:42.0721 4668 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
23:31:42.0729 4668 AudioEndpointBuilder - ok
23:31:42.0735 4668 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
23:31:42.0740 4668 AudioSrv - ok
23:31:42.0829 4668 avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
23:31:42.0830 4668 avast! Antivirus - ok
23:31:42.0874 4668 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
23:31:42.0877 4668 AxInstSV - ok
23:31:42.0954 4668 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
23:31:42.0959 4668 b06bdrv - ok
23:31:43.0000 4668 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
23:31:43.0003 4668 b57nd60a - ok
23:31:43.0049 4668 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
23:31:43.0051 4668 BDESVC - ok
23:31:43.0068 4668 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
23:31:43.0070 4668 Beep - ok
23:31:43.0138 4668 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
23:31:43.0146 4668 BFE - ok
23:31:43.0203 4668 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
23:31:43.0215 4668 BITS - ok
23:31:43.0277 4668 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
23:31:43.0279 4668 blbdrive - ok
23:31:43.0370 4668 Bonjour Service (73686fe0b2e0469f89fd2075be724704) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
23:31:43.0372 4668 Bonjour Service - ok
23:31:43.0421 4668 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
23:31:43.0423 4668 bowser - ok
23:31:43.0431 4668 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
23:31:43.0433 4668 BrFiltLo - ok
23:31:43.0441 4668 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
23:31:43.0443 4668 BrFiltUp - ok
23:31:43.0488 4668 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
23:31:43.0489 4668 BridgeMP - ok
23:31:43.0522 4668 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
23:31:43.0524 4668 Browser - ok
23:31:43.0546 4668 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
23:31:43.0549 4668 Brserid - ok
23:31:43.0570 4668 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
23:31:43.0572 4668 BrSerWdm - ok
23:31:43.0584 4668 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
23:31:43.0586 4668 BrUsbMdm - ok
23:31:43.0616 4668 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
23:31:43.0617 4668 BrUsbSer - ok
23:31:43.0659 4668 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
23:31:43.0661 4668 BthEnum - ok
23:31:43.0671 4668 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
23:31:43.0673 4668 BTHMODEM - ok
23:31:43.0701 4668 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
23:31:43.0703 4668 BthPan - ok
23:31:43.0748 4668 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
23:31:43.0754 4668 BTHPORT - ok
23:31:43.0786 4668 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
23:31:43.0788 4668 bthserv - ok
23:31:43.0884 4668 BTHSSecurityMgr (9e2af97302b9f4bf97e952a865eb31ae) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
23:31:43.0886 4668 BTHSSecurityMgr - ok
23:31:43.0892 4668 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
23:31:43.0894 4668 BTHUSB - ok
23:31:43.0937 4668 btusbflt (2641a3fe3d7b0646308f33b67f3b5300) C:\Windows\system32\drivers\btusbflt.sys
23:31:43.0939 4668 btusbflt - ok
23:31:43.0962 4668 btwaudio (a72a9101f9730db7332714e566614e4d) C:\Windows\system32\drivers\btwaudio.sys
23:31:43.0964 4668 btwaudio - ok
23:31:43.0987 4668 btwavdt (5ceec634b617525f2b6ad29f871033f7) C:\Windows\system32\drivers\btwavdt.sys
23:31:43.0989 4668 btwavdt - ok
23:31:44.0103 4668 btwdins (2d2b4b4b771ea12293efa0847a2ee990) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
23:31:44.0109 4668 btwdins - ok
23:31:44.0123 4668 btwl2cap (6149301dc3f81d6f9667a3fbac410975) C:\Windows\system32\DRIVERS\btwl2cap.sys
23:31:44.0125 4668 btwl2cap - ok
23:31:44.0139 4668 btwrchid (2af5604d28bef77b7cf4b9d232fe7cd3) C:\Windows\system32\DRIVERS\btwrchid.sys
23:31:44.0141 4668 btwrchid - ok
23:31:44.0171 4668 catchme - ok
23:31:44.0216 4668 CAXHWAZL (48360b88c4bf45850653bb7c86888ed4) C:\Windows\system32\DRIVERS\CAXHWAZL.sys
23:31:44.0220 4668 CAXHWAZL - ok
23:31:44.0245 4668 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
23:31:44.0247 4668 cdfs - ok
23:31:44.0309 4668 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
23:31:44.0311 4668 cdrom - ok
23:31:44.0359 4668 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
23:31:44.0361 4668 CertPropSvc - ok
23:31:44.0390 4668 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
23:31:44.0391 4668 circlass - ok
23:31:44.0427 4668 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
23:31:44.0432 4668 CLFS - ok
23:31:44.0486 4668 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:31:44.0488 4668 clr_optimization_v2.0.50727_32 - ok
23:31:44.0537 4668 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
23:31:44.0539 4668 clr_optimization_v2.0.50727_64 - ok
23:31:44.0660 4668 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:31:44.0662 4668 clr_optimization_v4.0.30319_32 - ok
23:31:44.0713 4668 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
23:31:44.0716 4668 clr_optimization_v4.0.30319_64 - ok
23:31:44.0771 4668 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
23:31:44.0773 4668 CmBatt - ok
23:31:44.0803 4668 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
23:31:44.0805 4668 cmdide - ok
23:31:44.0850 4668 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
23:31:44.0855 4668 CNG - ok
23:31:44.0914 4668 CnxtHdAudService (d3c4f72e8f8dc523b02a0c313ceeea99) C:\Windows\system32\drivers\CHDRT64.sys
23:31:44.0920 4668 CnxtHdAudService - ok
23:31:44.0969 4668 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
23:31:44.0971 4668 Compbatt - ok
23:31:45.0000 4668 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
23:31:45.0002 4668 CompositeBus - ok
23:31:45.0015 4668 COMSysApp - ok
23:31:45.0033 4668 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
23:31:45.0035 4668 crcdisk - ok
23:31:45.0049 4668 Crypkey License - ok
23:31:45.0091 4668 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
23:31:45.0093 4668 CryptSvc - ok
23:31:45.0141 4668 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
23:31:45.0146 4668 CSC - ok
23:31:45.0179 4668 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
23:31:45.0187 4668 CscService - ok
23:31:45.0225 4668 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
23:31:45.0233 4668 DcomLaunch - ok
23:31:45.0264 4668 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
23:31:45.0268 4668 defragsvc - ok
23:31:45.0347 4668 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
23:31:45.0350 4668 DfsC - ok
23:31:45.0406 4668 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
23:31:45.0410 4668 Dhcp - ok
23:31:45.0434 4668 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
23:31:45.0436 4668 discache - ok
23:31:45.0466 4668 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
23:31:45.0468 4668 Disk - ok
23:31:45.0505 4668 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
23:31:45.0509 4668 Dnscache - ok
23:31:45.0553 4668 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
23:31:45.0557 4668 dot3svc - ok
23:31:45.0672 4668 DozeSvc (277247b79da2230d0c3aeb83e6cd8ca7) C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE
23:31:45.0675 4668 DozeSvc - ok
23:31:45.0713 4668 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
23:31:45.0720 4668 DPS - ok
23:31:45.0786 4668 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
23:31:45.0787 4668 drmkaud - ok
23:31:45.0822 4668 dtsvc (c7d4ec54ab6c47c08e74df7012ef49db) C:\Windows\system32\DTS.exe
23:31:45.0825 4668 dtsvc - ok
23:31:45.0914 4668 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
23:31:45.0924 4668 DXGKrnl - ok
23:31:46.0007 4668 DzHDD64 (ce4cffd9f64b86bceb1c343fc9924d72) C:\Windows\system32\DRIVERS\DzHDD64.sys
23:31:46.0009 4668 DzHDD64 - ok
23:31:46.0069 4668 e1yexpress (1f20aeaad1be0121647257235b788224) C:\Windows\system32\DRIVERS\e1y62x64.sys
23:31:46.0072 4668 e1yexpress - ok
23:31:46.0090 4668 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
23:31:46.0093 4668 EapHost - ok
23:31:46.0241 4668 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
23:31:46.0272 4668 ebdrv - ok
23:31:46.0387 4668 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
23:31:46.0390 4668 EFS - ok
23:31:46.0487 4668 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
23:31:46.0495 4668 ehRecvr - ok
23:31:46.0524 4668 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
23:31:46.0526 4668 ehSched - ok
23:31:46.0579 4668 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
23:31:46.0586 4668 elxstor - ok
23:31:46.0614 4668 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
23:31:46.0615 4668 ErrDev - ok
23:31:46.0681 4668 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
23:31:46.0686 4668 EventSystem - ok
23:31:46.0854 4668 EvtEng (e3a96d5ae6e5c7b5472011ba77353368) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
23:31:46.0865 4668 EvtEng - ok
23:31:46.0997 4668 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
23:31:47.0000 4668 exfat - ok
23:31:47.0015 4668 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
23:31:47.0018 4668 fastfat - ok
23:31:47.0083 4668 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
23:31:47.0092 4668 Fax - ok
23:31:47.0104 4668 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
23:31:47.0106 4668 fdc - ok
23:31:47.0144 4668 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
23:31:47.0146 4668 fdPHost - ok
23:31:47.0160 4668 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
23:31:47.0162 4668 FDResPub - ok
23:31:47.0177 4668 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
23:31:47.0178 4668 FileInfo - ok
23:31:47.0190 4668 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
23:31:47.0191 4668 Filetrace - ok
23:31:47.0286 4668 FLEXnet Licensing Service (f76d04f7413b07daa029f6520b64b4e8) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
23:31:47.0290 4668 FLEXnet Licensing Service - ok
23:31:47.0303 4668 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
23:31:47.0305 4668 flpydisk - ok
23:31:47.0354 4668 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
23:31:47.0357 4668 FltMgr - ok
23:31:47.0429 4668 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
23:31:47.0442 4668 FontCache - ok
23:31:47.0514 4668 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
23:31:47.0516 4668 FontCache3.0.0.0 - ok
23:31:47.0549 4668 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
23:31:47.0550 4668 FsDepends - ok
23:31:47.0577 4668 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
23:31:47.0579 4668 Fs_Rec - ok
23:31:47.0647 4668 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
23:31:47.0651 4668 fvevol - ok
23:31:47.0679 4668 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
23:31:47.0680 4668 gagp30kx - ok
23:31:47.0721 4668 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
23:31:47.0723 4668 GEARAspiWDM - ok
23:31:47.0753 4668 GenericMount (022807b149127b8faa3dbeb13a7d9b41) C:\Windows\system32\DRIVERS\GenericMount.sys
23:31:47.0754 4668 GenericMount - ok
23:31:47.0815 4668 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
23:31:47.0825 4668 gpsvc - ok
23:31:47.0838 4668 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
23:31:47.0840 4668 hcw85cir - ok
23:31:47.0901 4668 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
23:31:47.0905 4668 HdAudAddService - ok
23:31:47.0941 4668 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
23:31:47.0943 4668 HDAudBus - ok
23:31:47.0981 4668 HECIx64 (15c9789470b8855ac2f54fdf96802d13) C:\Windows\system32\DRIVERS\HECIx64.sys
23:31:47.0983 4668 HECIx64 - ok
23:31:47.0998 4668 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
23:31:47.0999 4668 HidBatt - ok
23:31:48.0033 4668 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
23:31:48.0035 4668 HidBth - ok
23:31:48.0055 4668 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
23:31:48.0056 4668 HidIr - ok
23:31:48.0075 4668 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
23:31:48.0078 4668 hidserv - ok
23:31:48.0107 4668 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
23:31:48.0109 4668 HidUsb - ok
23:31:48.0139 4668 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
23:31:48.0143 4668 hkmsvc - ok
23:31:48.0177 4668 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
23:31:48.0182 4668 HomeGroupListener - ok
23:31:48.0217 4668 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
23:31:48.0222 4668 HomeGroupProvider - ok
23:31:48.0254 4668 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
23:31:48.0256 4668 HpSAMD - ok
23:31:48.0375 4668 HsfXAudioService (447256d1c026654c5cd3cc17e7b20631) C:\Windows\SysWOW64\XAudio64.dll
23:31:48.0383 4668 HsfXAudioService - ok
23:31:48.0453 4668 HSF_DPV (f6ac1087a131fbb385400667bea64fbe) C:\Windows\system32\DRIVERS\CAX_DPV.sys
23:31:48.0467 4668 HSF_DPV - ok
23:31:48.0642 4668 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
23:31:48.0651 4668 HTTP - ok
23:31:48.0685 4668 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
23:31:48.0687 4668 hwpolicy - ok
23:31:48.0743 4668 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
23:31:48.0745 4668 i8042prt - ok
23:31:48.0801 4668 iaNvStor (051e73f94f932b5975b6765e3b2f7dc6) C:\Windows\system32\DRIVERS\iaNvStor.sys
23:31:48.0804 4668 iaNvStor - ok
23:31:48.0854 4668 iaStor (2fdaec4b02729c48c0fd1b0b4695995b) C:\Windows\system32\Drivers\iaStor.sys
23:31:48.0857 4668 iaStor - ok
23:31:48.0934 4668 IAStorDataMgrSvc (d41861e56e7552c13674d7f147a02464) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
23:31:48.0935 4668 IAStorDataMgrSvc - ok
23:31:48.0987 4668 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
23:31:48.0992 4668 iaStorV - ok
23:31:49.0032 4668 IBMPMDRV (2151176db657aeff9b873d23380c3f5b) C:\Windows\system32\DRIVERS\ibmpmdrv.sys
23:31:49.0034 4668 IBMPMDRV - ok
23:31:49.0050 4668 IBMPMSVC (c76a67aed080538d420550c903696788) C:\Windows\system32\ibmpmsvc.exe
23:31:49.0053 4668 IBMPMSVC - ok
23:31:49.0141 4668 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
23:31:49.0149 4668 idsvc - ok
23:31:49.0566 4668 igfx (677aa5991026a65ada128c4b59cf2bad) C:\Windows\system32\DRIVERS\igdkmd64.sys
23:31:49.0663 4668 igfx - ok
23:31:49.0807 4668 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
23:31:49.0808 4668 iirsp - ok
23:31:49.0861 4668 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
23:31:49.0872 4668 IKEEXT - ok
23:31:49.0904 4668 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
23:31:49.0906 4668 intelide - ok
23:31:50.0329 4668 intelkmd (677aa5991026a65ada128c4b59cf2bad) C:\Windows\system32\DRIVERS\igdpmd64.sys
23:31:50.0423 4668 intelkmd - ok
23:31:50.0573 4668 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
23:31:50.0575 4668 intelppm - ok
23:31:50.0610 4668 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
23:31:50.0614 4668 IPBusEnum - ok
23:31:50.0653 4668 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:31:50.0655 4668 IpFilterDriver - ok
23:31:50.0692 4668 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
23:31:50.0699 4668 iphlpsvc - ok
23:31:50.0734 4668 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
23:31:50.0736 4668 IPMIDRV - ok
23:31:50.0760 4668 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
23:31:50.0762 4668 IPNAT - ok
23:31:50.0794 4668 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
23:31:50.0796 4668 IRENUM - ok
23:31:50.0812 4668 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
23:31:50.0814 4668 isapnp - ok
23:31:50.0840 4668 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
23:31:50.0844 4668 iScsiPrt - ok
23:31:50.0900 4668 ivusb (bd5bf20ec242e003a2f570b8754a56d1) C:\Windows\system32\DRIVERS\ivusb.sys
23:31:50.0902 4668 ivusb - ok
23:31:50.0936 4668 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
23:31:50.0938 4668 kbdclass - ok
23:31:50.0951 4668 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
23:31:50.0953 4668 kbdhid - ok
23:31:50.0978 4668 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:31:50.0981 4668 KeyIso - ok
23:31:51.0009 4668 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
23:31:51.0011 4668 KSecDD - ok
23:31:51.0024 4668 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
23:31:51.0026 4668 KSecPkg - ok
23:31:51.0055 4668 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
23:31:51.0057 4668 ksthunk - ok
23:31:51.0095 4668 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
23:31:51.0101 4668 KtmRm - ok
23:31:51.0154 4668 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
23:31:51.0160 4668 LanmanServer - ok
23:31:51.0206 4668 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
23:31:51.0211 4668 LanmanWorkstation - ok
23:31:51.0315 4668 LBTServ (88e52495b47c67126b510af53fdb0bc7) C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
23:31:51.0316 4668 LBTServ - ok
23:31:51.0415 4668 LENOVO.CAMMUTE (a4973df3264791952d6d7ab56565dd55) C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
23:31:51.0416 4668 LENOVO.CAMMUTE - ok
23:31:51.0458 4668 LENOVO.MICMUTE (340288b3b2edc8afd5ff127df85142a7) C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
23:31:51.0460 4668 LENOVO.MICMUTE - ok
23:31:51.0513 4668 lenovo.smi (2b9d8555dc004e240082d18e7725ce20) C:\Windows\system32\DRIVERS\smiifx64.sys
23:31:51.0515 4668 lenovo.smi - ok
23:31:51.0548 4668 LENOVO.TPKNRSVC (05d72de005be625ce60ce3be4fab9714) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
23:31:51.0549 4668 LENOVO.TPKNRSVC - ok
23:31:51.0621 4668 Lenovo.VIRTSCRLSVC (f7de50781dc4d162c1005eb30d98f931) C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
23:31:51.0623 4668 Lenovo.VIRTSCRLSVC - ok
23:31:51.0671 4668 LenovoRd (606da892a53fa863b67f8d3f8ff016a0) C:\Windows\system32\Drivers\LenovoRd.sys
23:31:51.0674 4668 LenovoRd - ok
23:31:51.0704 4668 LEqdUsb (becbd7cd46776b8739ee18061f45a581) C:\Windows\system32\DRIVERS\LEqdUsb.Sys
23:31:51.0706 4668 LEqdUsb - ok
23:31:51.0741 4668 LHidEqd (21d6bd7d62c270059eb8e2b1d4095880) C:\Windows\system32\DRIVERS\LHidEqd.Sys
23:31:51.0743 4668 LHidEqd - ok
23:31:51.0793 4668 LHidFilt (b6552d382ff070b4ed34cbd6737277c0) C:\Windows\system32\DRIVERS\LHidFilt.Sys
23:31:51.0795 4668 LHidFilt - ok
23:31:51.0847 4668 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
23:31:51.0848 4668 lltdio - ok
23:31:51.0883 4668 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
23:31:51.0888 4668 lltdsvc - ok
23:31:51.0899 4668 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
23:31:51.0902 4668 lmhosts - ok
23:31:51.0913 4668 LMouFilt (73c1f563ab73d459dffe682d66476558) C:\Windows\system32\DRIVERS\LMouFilt.Sys
23:31:51.0915 4668 LMouFilt - ok
23:31:52.0001 4668 LMS (7f697d6eb3e47fbc7757229daee406b4) C:\Program Files (x86)\Intel\AMT\LMS.exe
23:31:52.0003 4668 LMS - ok
23:31:52.0042 4668 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
23:31:52.0044 4668 LSI_FC - ok
23:31:52.0064 4668 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
23:31:52.0066 4668 LSI_SAS - ok
23:31:52.0081 4668 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
23:31:52.0082 4668 LSI_SAS2 - ok
23:31:52.0096 4668 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
23:31:52.0098 4668 LSI_SCSI - ok
23:31:52.0116 4668 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
23:31:52.0118 4668 luafv - ok
23:31:52.0162 4668 LUsbFilt (9d9714e78eac9e5368208649489c920e) C:\Windows\system32\Drivers\LUsbFilt.Sys
23:31:52.0164 4668 LUsbFilt - ok
23:31:52.0218 4668 LVPr2M64 (b3944d06eb4b64d57bd7e5fe89415f58) C:\Windows\system32\DRIVERS\LVPr2M64.sys
23:31:52.0220 4668 LVPr2M64 - ok
23:31:52.0240 4668 LVPr2Mon (b3944d06eb4b64d57bd7e5fe89415f58) C:\Windows\system32\DRIVERS\LVPr2M64.sys
23:31:52.0241 4668 LVPr2Mon - ok
23:31:52.0285 4668 LVRS64 (0c85b2b6fb74b36a251792d45e0ef860) C:\Windows\system32\DRIVERS\lvrs64.sys
23:31:52.0289 4668 LVRS64 - ok
23:31:52.0501 4668 LVUVC64 (ff3a488924b0032b1a9ca6948c1fa9e8) C:\Windows\system32\DRIVERS\lvuvc64.sys
23:31:52.0545 4668 LVUVC64 - ok
23:31:52.0714 4668 mcdbus (79d51e7f5926e8ce1b3ebecebae28cff) C:\Windows\system32\DRIVERS\mcdbus.sys
23:31:52.0717 4668 mcdbus - ok
23:31:52.0750 4668 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
23:31:52.0753 4668 Mcx2Svc - ok
23:31:52.0809 4668 mdmxsdk (e4f44ec214b3e381e1fc844a02926666) C:\Windows\system32\DRIVERS\mdmxsdk.sys
23:31:52.0811 4668 mdmxsdk - ok
23:31:52.0839 4668 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
23:31:52.0840 4668 megasas - ok
23:31:52.0858 4668 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
23:31:52.0862 4668 MegaSR - ok
23:31:52.0896 4668 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
23:31:52.0899 4668 MMCSS - ok
23:31:52.0914 4668 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
23:31:52.0915 4668 Modem - ok
23:31:52.0963 4668 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
23:31:52.0966 4668 monitor - ok
23:31:52.0994 4668 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
23:31:52.0996 4668 mouclass - ok
23:31:53.0009 4668 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
23:31:53.0011 4668 mouhid - ok
23:31:53.0034 4668 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
23:31:53.0037 4668 mountmgr - ok
23:31:53.0152 4668 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
23:31:53.0153 4668 MozillaMaintenance - ok
23:31:53.0184 4668 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
23:31:53.0187 4668 mpio - ok
23:31:53.0212 4668 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
23:31:53.0214 4668 mpsdrv - ok
23:31:53.0271 4668 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
23:31:53.0281 4668 MpsSvc - ok
23:31:53.0313 4668 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
23:31:53.0315 4668 MRxDAV - ok
23:31:53.0354 4668 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
23:31:53.0358 4668 mrxsmb - ok
23:31:53.0390 4668 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:31:53.0394 4668 mrxsmb10 - ok
23:31:53.0411 4668 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:31:53.0413 4668 mrxsmb20 - ok
23:31:53.0442 4668 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
23:31:53.0444 4668 msahci - ok
23:31:53.0478 4668 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
23:31:53.0480 4668 msdsm - ok
23:31:53.0507 4668 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
23:31:53.0511 4668 MSDTC - ok
23:31:53.0566 4668 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
23:31:53.0568 4668 Msfs - ok
23:31:53.0597 4668 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
23:31:53.0598 4668 mshidkmdf - ok
23:31:53.0614 4668 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
23:31:53.0616 4668 msisadrv - ok
23:31:53.0641 4668 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
23:31:53.0645 4668 MSiSCSI - ok
23:31:53.0648 4668 msiserver - ok
23:31:53.0679 4668 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
23:31:53.0680 4668 MSKSSRV - ok
23:31:53.0689 4668 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
23:31:53.0690 4668 MSPCLOCK - ok
23:31:53.0700 4668 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
23:31:53.0701 4668 MSPQM - ok
23:31:53.0746 4668 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
23:31:53.0750 4668 MsRPC - ok
23:31:53.0786 4668 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
23:31:53.0788 4668 mssmbios - ok
23:31:53.0792 4668 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
23:31:53.0793 4668 MSTEE - ok
23:31:53.0804 4668 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
23:31:53.0805 4668 MTConfig - ok
23:31:53.0832 4668 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
23:31:53.0834 4668 Mup - ok
23:31:53.0862 4668 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
23:31:53.0869 4668 napagent - ok
23:31:53.0929 4668 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
23:31:53.0933 4668 NativeWifiP - ok
23:31:54.0002 4668 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
23:31:54.0012 4668 NDIS - ok
23:31:54.0028 4668 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
23:31:54.0030 4668 NdisCap - ok
23:31:54.0062 4668 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
23:31:54.0065 4668 NdisTapi - ok
23:31:54.0096 4668 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
23:31:54.0098 4668 Ndisuio - ok
23:31:54.0132 4668 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
23:31:54.0136 4668 NdisWan - ok
23:31:54.0167 4668 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
23:31:54.0169 4668 NDProxy - ok
23:31:54.0235 4668 Net Driver HPZ12 (59267d2f0328599aa3b5408c2e06126f) C:\Windows\system32\HPZinw12.dll
23:31:54.0238 4668 Net Driver HPZ12 - ok
23:31:54.0275 4668 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
23:31:54.0276 4668 NetBIOS - ok
23:31:54.0319 4668 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
23:31:54.0323 4668 NetBT - ok
23:31:54.0346 4668 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:31:54.0348 4668 Netlogon - ok
23:31:54.0396 4668 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
23:31:54.0402 4668 Netman - ok
23:31:54.0504 4668 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:31:54.0507 4668 NetMsmqActivator - ok
23:31:54.0510 4668 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:31:54.0512 4668 NetPipeActivator - ok
23:31:54.0543 4668 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
23:31:54.0549 4668 netprofm - ok
23:31:54.0553 4668 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:31:54.0554 4668 NetTcpActivator - ok
23:31:54.0558 4668 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:31:54.0559 4668 NetTcpPortSharing - ok
23:31:54.0910 4668 NETw5s64 (24f64343f14a119308456e1ca7507b26) C:\Windows\system32\DRIVERS\NETw5s64.sys
23:31:54.0979 4668 NETw5s64 - ok
23:31:55.0331 4668 netw5v64 (bc9a55a6deef3f9a328e3cb2b31aafd3) C:\Windows\system32\DRIVERS\netw5v64.sys
23:31:55.0381 4668 netw5v64 - ok
23:31:55.0876 4668 NETwNs64 (50ad7f7040c22bb7caa59a0880875a21) C:\Windows\system32\DRIVERS\NETwNs64.sys
23:31:55.0949 4668 NETwNs64 - ok
23:31:56.0087 4668 NetworkX (2263727032e9b19231a706046b8c82d3) C:\Windows\system32\ckldrv.sys
23:31:56.0089 4668 NetworkX - ok
23:31:56.0122 4668 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
23:31:56.0124 4668 nfrd960 - ok
23:31:56.0160 4668 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
23:31:56.0166 4668 NlaSvc - ok
23:31:56.0175 4668 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
23:31:56.0177 4668 Npfs - ok
23:31:56.0191 4668 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
23:31:56.0195 4668 nsi - ok
23:31:56.0213 4668 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
23:31:56.0216 4668 nsiproxy - ok
23:31:56.0311 4668 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
23:31:56.0327 4668 Ntfs - ok
23:31:56.0474 4668 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
23:31:56.0476 4668 Null - ok
23:31:56.0524 4668 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
23:31:56.0526 4668 nvraid - ok
23:31:56.0542 4668 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
23:31:56.0545 4668 nvstor - ok
23:31:56.0565 4668 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
23:31:56.0567 4668 nv_agp - ok
23:31:56.0678 4668 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
23:31:56.0682 4668 odserv - ok
23:31:56.0696 4668 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
23:31:56.0698 4668 ohci1394 - ok
23:31:56.0728 4668 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:31:56.0730 4668 ose - ok
23:31:56.0768 4668 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
23:31:56.0773 4668 p2pimsvc - ok
23:31:56.0801 4668 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
23:31:56.0808 4668 p2psvc - ok
23:31:56.0863 4668 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
23:31:56.0865 4668 Parport - ok
23:31:56.0900 4668 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
23:31:56.0902 4668 partmgr - ok
23:31:56.0916 4668 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
23:31:56.0921 4668 PcaSvc - ok
23:31:56.0960 4668 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
23:31:56.0962 4668 pci - ok
23:31:56.0978 4668 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
23:31:56.0980 4668 pciide - ok
23:31:57.0001 4668 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
23:31:57.0004 4668 pcmcia - ok
23:31:57.0034 4668 pcouffin (af7ce12c4f3dc8cb2b07685c916bbcfe) C:\Windows\system32\Drivers\pcouffin.sys
23:31:57.0036 4668 pcouffin - ok
23:31:57.0051 4668 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
23:31:57.0053 4668 pcw - ok
23:31:57.0090 4668 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
23:31:57.0098 4668 PEAUTH - ok
23:31:57.0173 4668 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
23:31:57.0189 4668 PeerDistSvc - ok
23:31:57.0330 4668 pelbtm (1e7a1b51f1f15e20c70913ffbb4aa77f) C:\Windows\system32\DRIVERS\pelbtm.sys
23:31:57.0331 4668 pelbtm - ok
23:31:57.0371 4668 pelmoubt (355238115a4e65cd09da6790bc33db5e) C:\Windows\system32\DRIVERS\pelmoubt.sys
23:31:57.0373 4668 pelmoubt - ok
23:31:57.0457 4668 PelService (a300716022d9b2aa45b6b194f02a8a0a) C:\Program Files\Lenovo\Lenovo Mouse Suite\PelService.exe
23:31:57.0460 4668 PelService - ok
23:31:57.0533 4668 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
23:31:57.0536 4668 PerfHost - ok
23:31:57.0621 4668 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
23:31:57.0637 4668 pla - ok
23:31:57.0775 4668 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
23:31:57.0782 4668 PlugPlay - ok
23:31:57.0862 4668 Pml Driver HPZ12 (5261a2fd55183ac6993145ab6662cddf) C:\Windows\system32\HPZipm12.dll
23:31:57.0864 4668 Pml Driver HPZ12 - ok
23:31:57.0891 4668 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
23:31:57.0896 4668 PNRPAutoReg - ok
23:31:57.0925 4668 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
23:31:57.0929 4668 PNRPsvc - ok
23:31:57.0970 4668 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
23:31:57.0976 4668 PolicyAgent - ok
23:31:58.0010 4668 Power (a2cca4fb273e6050f17a0a416cff2fcd) C:\Windows\system32\umpo.dll
23:31:58.0016 4668 Power - ok
23:31:58.0091 4668 Power Manager DBC Service (ebf8a077be308c0c6d55d90f89a43547) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
23:31:58.0092 4668 Power Manager DBC Service - ok
23:31:58.0160 4668 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
23:31:58.0163 4668 PptpMiniport - ok
23:31:58.0188 4668 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
23:31:58.0190 4668 Processor - ok
23:31:58.0246 4668 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
23:31:58.0251 4668 ProfSvc - ok
23:31:58.0279 4668 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:31:58.0282 4668 ProtectedStorage - ok
23:31:58.0323 4668 psadd (515a7c5a0886fcc60901916785efd549) C:\Windows\system32\DRIVERS\psadd.sys
23:31:58.0325 4668 psadd - ok
23:31:58.0371 4668 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
23:31:58.0373 4668 Psched - ok
23:31:58.0424 4668 PwmEWSvc (254de0e4fb8822ca9e5495dcac3bf11c) C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE
23:31:58.0427 4668 PwmEWSvc - ok
23:31:58.0496 4668 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
23:31:58.0511 4668 ql2300 - ok
23:31:58.0658 4668 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
23:31:58.0660 4668 ql40xx - ok
23:31:58.0689 4668 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
23:31:58.0695 4668 QWAVE - ok
23:31:58.0711 4668 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
23:31:58.0712 4668 QWAVEdrv - ok
23:31:58.0726 4668 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
23:31:58.0728 4668 RasAcd - ok
23:31:58.0771 4668 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
23:31:58.0772 4668 RasAgileVpn - ok
23:31:58.0789 4668 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
23:31:58.0794 4668 RasAuto - ok
23:31:58.0831 4668 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
23:31:58.0834 4668 Rasl2tp - ok
23:31:58.0879 4668 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
23:31:58.0886 4668 RasMan - ok
23:31:58.0904 4668 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
23:31:58.0906 4668 RasPppoe - ok
23:31:58.0924 4668 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
23:31:58.0926 4668 RasSstp - ok
23:31:58.0952 4668 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
23:31:58.0956 4668 rdbss - ok
23:31:58.0975 4668 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
23:31:58.0977 4668 rdpbus - ok
23:31:58.0991 4668 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
23:31:58.0993 4668 RDPCDD - ok
23:31:59.0027 4668 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
23:31:59.0030 4668 RDPDR - ok
23:31:59.0073 4668 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
23:31:59.0074 4668 RDPENCDD - ok
23:31:59.0081 4668 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
23:31:59.0084 4668 RDPREFMP - ok
23:31:59.0116 4668 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
23:31:59.0119 4668 RDPWD - ok
23:31:59.0164 4668 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
23:31:59.0168 4668 rdyboost - ok
23:31:59.0305 4668 RegSrvc (fd11c1287d38a46fb72353e14d50089c) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
23:31:59.0314 4668 RegSrvc - ok
23:31:59.0342 4668 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
23:31:59.0346 4668 RemoteAccess - ok
23:31:59.0379 4668 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
23:31:59.0385 4668 RemoteRegistry - ok
23:31:59.0434 4668 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
23:31:59.0437 4668 RFCOMM - ok
23:31:59.0485 4668 rimmptsk (f45d6e12eb99a668f52201637c67c8f5) C:\Windows\system32\DRIVERS\rimmpx64.sys
23:31:59.0487 4668 rimmptsk - ok
23:31:59.0498 4668 rimsptsk (eac02ed935a9c1f2ddd8d985c465b854) C:\Windows\system32\DRIVERS\rimspx64.sys
23:31:59.0500 4668 rimsptsk - ok
23:31:59.0535 4668 rismxdp (931a8f843b4120df527c3684daf77fd9) C:\Windows\system32\DRIVERS\rixdpx64.sys
23:31:59.0537 4668 rismxdp - ok
23:31:59.0697 4668 RMWPService (bd527596146f8265134992dd9b8aa9d5) C:\Program Files (x86)\Reference Manager 12\WebPublisher\thirdparty\Apache2\bin\RMWP_Apache_Admin.exe
23:31:59.0699 4668 RMWPService - ok
23:31:59.0736 4668 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
23:31:59.0740 4668 RpcEptMapper - ok
23:31:59.0767 4668 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
23:31:59.0770 4668 RpcLocator - ok
23:31:59.0817 4668 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
23:31:59.0823 4668 RpcSs - ok
23:31:59.0873 4668 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
23:31:59.0875 4668 rspndr - ok
23:31:59.0905 4668 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
23:31:59.0907 4668 s3cap - ok
23:31:59.0937 4668 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:31:59.0940 4668 SamSs - ok
23:31:59.0954 4668 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
23:31:59.0957 4668 sbp2port - ok
23:31:59.0978 4668 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
23:31:59.0983 4668 SCardSvr - ok
23:32:00.0003 4668 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
23:32:00.0005 4668 scfilter - ok
23:32:00.0069 4668 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
23:32:00.0083 4668 Schedule - ok
23:32:00.0118 4668 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
23:32:00.0119 4668 SCPolicySvc - ok
23:32:00.0192 4668 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
23:32:00.0195 4668 sdbus - ok
23:32:00.0214 4668 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
23:32:00.0220 4668 SDRSVC - ok
23:32:00.0260 4668 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
23:32:00.0262 4668 secdrv - ok
23:32:00.0292 4668 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
23:32:00.0297 4668 seclogon - ok
23:32:00.0328 4668 Secunia CSI Agent - ok
23:32:00.0357 4668 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
23:32:00.0361 4668 SENS - ok
23:32:00.0379 4668 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
23:32:00.0387 4668 SensrSvc - ok
23:32:00.0416 4668 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
23:32:00.0418 4668 Serenum - ok
23:32:00.0450 4668 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
23:32:00.0452 4668 Serial - ok
23:32:00.0468 4668 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
23:32:00.0470 4668 sermouse - ok
23:32:00.0504 4668 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
23:32:00.0509 4668 SessionEnv - ok
23:32:00.0537 4668 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
23:32:00.0539 4668 sffdisk - ok
23:32:00.0554 4668 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
23:32:00.0556 4668 sffp_mmc - ok
23:32:00.0563 4668 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
23:32:00.0565 4668 sffp_sd - ok
23:32:00.0594 4668 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
23:32:00.0596 4668 sfloppy - ok
23:32:00.0650 4668 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
23:32:00.0655 4668 SharedAccess - ok
23:32:00.0684 4668 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
23:32:00.0691 4668 ShellHWDetection - ok
23:32:00.0746 4668 Shockprf (c3f190562fe82efda7ccef305ebad3e3) C:\Windows\system32\DRIVERS\Apsx64.sys
23:32:00.0749 4668 Shockprf - ok
23:32:00.0760 4668 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
23:32:00.0761 4668 SiSRaid2 - ok
23:32:00.0773 4668 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
23:32:00.0775 4668 SiSRaid4 - ok
23:32:00.0807 4668 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
23:32:00.0809 4668 Smb - ok
23:32:00.0853 4668 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
23:32:00.0858 4668 SNMPTRAP - ok
23:32:00.0880 4668 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
23:32:00.0882 4668 spldr - ok
23:32:00.0934 4668 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
23:32:00.0943 4668 Spooler - ok
23:32:01.0104 4668 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
23:32:01.0139 4668 sppsvc - ok
23:32:01.0254 4668 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
23:32:01.0258 4668 sppuinotify - ok
23:32:01.0309 4668 sptd - ok
23:32:01.0355 4668 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
23:32:01.0361 4668 srv - ok
23:32:01.0391 4668 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
23:32:01.0396 4668 srv2 - ok
23:32:01.0440 4668 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
23:32:01.0443 4668 SrvHsfHDA - ok
23:32:01.0510 4668 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
23:32:01.0524 4668 SrvHsfV92 - ok
23:32:01.0670 4668 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
23:32:01.0679 4668 SrvHsfWinac - ok
23:32:01.0713 4668 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
23:32:01.0716 4668 srvnet - ok
23:32:01.0759 4668 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
23:32:01.0764 4668 SSDPSRV - ok
23:32:01.0777 4668 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
23:32:01.0782 4668 SstpSvc - ok
23:32:01.0821 4668 StarWindServiceAE - ok
23:32:01.0869 4668 Steam Client Service - ok
23:32:01.0896 4668 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
23:32:01.0899 4668 stexstor - ok
23:32:01.0955 4668 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
23:32:01.0965 4668 stisvc - ok
23:32:02.0007 4668 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
23:32:02.0009 4668 storflt - ok
23:32:02.0028 4668 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
23:32:02.0033 4668 StorSvc - ok
23:32:02.0050 4668 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
23:32:02.0052 4668 storvsc - ok
23:32:02.0185 4668 Stuffit Archive Name Service (8ccbe4de7fc348c8374cfcb81a8720a4) C:\Program Files (x86)\Smith Micro\StuffIt 2010\ArcNameService.exe
23:32:02.0196 4668 Stuffit Archive Name Service - ok
23:32:02.0322 4668 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
23:32:02.0324 4668 swenum - ok
23:32:02.0367 4668 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
23:32:02.0377 4668 swprv - ok
23:32:02.0423 4668 SynTP (4965deb8264564ea55658277cc10b2f2) C:\Windows\system32\DRIVERS\SynTP.sys
23:32:02.0428 4668 SynTP - ok
23:32:02.0534 4668 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
23:32:02.0554 4668 SysMain - ok
23:32:02.0665 4668 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
23:32:02.0670 4668 TabletInputService - ok
23:32:02.0696 4668 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
23:32:02.0703 4668 TapiSrv - ok
23:32:02.0725 4668 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
23:32:02.0730 4668 TBS - ok
23:32:02.0835 4668 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
23:32:02.0853 4668 Tcpip - ok
23:32:03.0028 4668 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
23:32:03.0038 4668 TCPIP6 - ok
23:32:03.0101 4668 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
23:32:03.0103 4668 tcpipreg - ok
23:32:03.0128 4668 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
23:32:03.0130 4668 TDPIPE - ok
23:32:03.0154 4668 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
23:32:03.0157 4668 TDTCP - ok
23:32:03.0201 4668 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
23:32:03.0204 4668 tdx - ok
23:32:03.0239 4668 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
23:32:03.0241 4668 TermDD - ok
23:32:03.0282 4668 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
23:32:03.0292 4668 TermService - ok
23:32:03.0316 4668 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
23:32:03.0321 4668 Themes - ok
23:32:03.0354 4668 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
23:32:03.0357 4668 THREADORDER - ok
23:32:03.0386 4668 TPDIGIMN (1bb77eccbfa3675b1ee8d6d6d37a1e1e) C:\Windows\system32\DRIVERS\ApsHM64.sys
23:32:03.0388 4668 TPDIGIMN - ok
23:32:03.0405 4668 TPHDEXLGSVC (88f81d810ff16ac65b02643daf308d4f) C:\Windows\system32\TPHDEXLG64.exe
23:32:03.0410 4668 TPHDEXLGSVC - ok
23:32:03.0514 4668 TPHKLOAD (83415782d47f8064fcafea308abb2246) C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
23:32:03.0516 4668 TPHKLOAD - ok
23:32:03.0552 4668 TPHKSVC (c04bb65441913ab621c58a8bd3169b23) C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
23:32:03.0554 4668 TPHKSVC - ok
23:32:03.0598 4668 TPM (dbcc20c02e8a3e43b03c304a4e40a84f) C:\Windows\system32\drivers\tpm.sys
23:32:03.0600 4668 TPM - ok
23:32:03.0654 4668 TPPWRIF (7165b5a9b4867f64a6d6935f57d4196b) C:\Windows\system32\drivers\Tppwr64v.sys
23:32:03.0656 4668 TPPWRIF - ok
23:32:03.0698 4668 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
23:32:03.0703 4668 TrkWks - ok
23:32:03.0758 4668 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
23:32:03.0760 4668 TrustedInstaller - ok
23:32:03.0792 4668 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
23:32:03.0794 4668 tssecsrv - ok
23:32:03.0841 4668 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
23:32:03.0843 4668 TsUsbFlt - ok
23:32:03.0893 4668 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
23:32:03.0895 4668 tunnel - ok
23:32:03.0913 4668 TVICPORT - ok
23:32:03.0957 4668 TVicPort64 (a65643ed30a30e46317c0b25818bc9b7) C:\Windows\system32\drivers\TVicPort64.sys
23:32:03.0959 4668 TVicPort64 - ok
23:32:03.0990 4668 TVTI2C (fcfa0cff6c50ff3a58a22a15ea2a9fe5) C:\Windows\system32\DRIVERS\Tvti2c.sys
23:32:03.0992 4668 TVTI2C - ok
23:32:04.0013 4668 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
23:32:04.0015 4668 uagp35 - ok
23:32:04.0057 4668 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
23:32:04.0061 4668 udfs - ok
23:32:04.0101 4668 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
23:32:04.0106 4668 UI0Detect - ok
23:32:04.0134 4668 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
23:32:04.0136 4668 uliagpkx - ok
23:32:04.0164 4668 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
23:32:04.0167 4668 umbus - ok
23:32:04.0177 4668 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
23:32:04.0179 4668 UmPass - ok
23:32:04.0217 4668 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
23:32:04.0223 4668 UmRdpService - ok
23:32:04.0343 4668 UMVPFSrv (67a95b9d129ed5399e7965cd09cf30e7) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
23:32:04.0346 4668 UMVPFSrv - ok
23:32:04.0486 4668 UNS (86deac5ced845d55c63b125e0908685e) C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe
23:32:04.0497 4668 UNS - ok
23:32:04.0618 4668 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
23:32:04.0625 4668 upnphost - ok
23:32:04.0673 4668 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
23:32:04.0675 4668 usbaudio - ok
23:32:04.0693 4668 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
23:32:04.0695 4668 usbccgp - ok
23:32:04.0734 4668 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
23:32:04.0737 4668 usbcir - ok
23:32:04.0749 4668 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
23:32:04.0751 4668 usbehci - ok
23:32:04.0778 4668 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
23:32:04.0782 4668 usbhub - ok
23:32:04.0787 4668 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
23:32:04.0790 4668 usbohci - ok
23:32:04.0826 4668 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
23:32:04.0828 4668 usbprint - ok
23:32:04.0840 4668 usbser (4acee387fa8fd39f83564fcd2fc234f2) C:\Windows\system32\DRIVERS\usbser.sys
23:32:04.0843 4668 usbser - ok
23:32:04.0863 4668 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS
23:32:04.0865 4668 USBSTOR - ok
23:32:04.0883 4668 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
23:32:04.0886 4668 usbuhci - ok
23:32:04.0930 4668 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
23:32:04.0933 4668 usbvideo - ok
23:32:04.0961 4668 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
23:32:04.0966 4668 UxSms - ok
23:32:05.0012 4668 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:32:05.0015 4668 VaultSvc - ok
23:32:05.0059 4668 VClone (84bb306b7863883018d7f3eb0c453bd5) C:\Windows\system32\DRIVERS\VClone.sys
23:32:05.0062 4668 VClone - ok
23:32:05.0094 4668 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
23:32:05.0096 4668 vdrvroot - ok
23:32:05.0147 4668 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
23:32:05.0156 4668 vds - ok
23:32:05.0193 4668 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
23:32:05.0196 4668 vga - ok
23:32:05.0209 4668 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
23:32:05.0212 4668 VgaSave - ok
23:32:05.0248 4668 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
23:32:05.0251 4668 vhdmp - ok
23:32:05.0263 4668 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
23:32:05.0265 4668 viaide - ok
23:32:05.0287 4668 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
23:32:05.0290 4668 vmbus - ok
23:32:05.0308 4668 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
23:32:05.0310 4668 VMBusHID - ok
23:32:05.0327 4668 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
23:32:05.0330 4668 volmgr - ok
23:32:05.0373 4668 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
23:32:05.0378 4668 volmgrx - ok
23:32:05.0404 4668 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
23:32:05.0408 4668 volsnap - ok
23:32:05.0413 4668 vpnva - ok
23:32:05.0434 4668 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
23:32:05.0436 4668 vsmraid - ok
23:32:05.0531 4668 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
23:32:05.0550 4668 VSS - ok
23:32:05.0677 4668 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
23:32:05.0679 4668 vwifibus - ok
23:32:05.0715 4668 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
23:32:05.0717 4668 vwififlt - ok
23:32:05.0746 4668 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
23:32:05.0749 4668 vwifimp - ok
23:32:05.0783 4668 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
23:32:05.0790 4668 W32Time - ok
23:32:05.0808 4668 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
23:32:05.0810 4668 WacomPen - ok
23:32:05.0851 4668 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
23:32:05.0854 4668 WANARP - ok
23:32:05.0857 4668 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
23:32:05.0859 4668 Wanarpv6 - ok
23:32:05.0942 4668 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
23:32:05.0955 4668 WatAdminSvc - ok
23:32:06.0030 4668 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
23:32:06.0049 4668 wbengine - ok
23:32:06.0172 4668 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
23:32:06.0178 4668 WbioSrvc - ok
23:32:06.0221 4668 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
23:32:06.0228 4668 wcncsvc - ok
23:32:06.0243 4668 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
23:32:06.0248 4668 WcsPlugInService - ok
23:32:06.0288 4668 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
23:32:06.0290 4668 Wd - ok
23:32:06.0326 4668 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
23:32:06.0333 4668 Wdf01000 - ok
23:32:06.0347 4668 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
23:32:06.0352 4668 WdiServiceHost - ok
23:32:06.0355 4668 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
23:32:06.0360 4668 WdiSystemHost - ok
23:32:06.0403 4668 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
23:32:06.0409 4668 WebClient - ok
23:32:06.0440 4668 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
23:32:06.0446 4668 Wecsvc - ok
23:32:06.0464 4668 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
23:32:06.0469 4668 wercplsupport - ok
23:32:06.0508 4668 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
23:32:06.0512 4668 WerSvc - ok
23:32:06.0572 4668 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
23:32:06.0574 4668 WfpLwf - ok
23:32:06.0603 4668 WimFltr (52ded146e4797e6ccf94799e8e22bb2a) C:\Windows\system32\DRIVERS\wimfltr.sys
23:32:06.0605 4668 WimFltr - ok
23:32:06.0617 4668 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
23:32:06.0620 4668 WIMMount - ok
23:32:06.0678 4668 winachsf (1edbbf412a382550af6eb35f5e46928e) C:\Windows\system32\DRIVERS\CAX_CNXT.sys
23:32:06.0686 4668 winachsf - ok
23:32:06.0713 4668 WinDefend - ok
23:32:06.0721 4668 WinHttpAutoProxySvc - ok
23:32:06.0779 4668 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
23:32:06.0782 4668 Winmgmt - ok
23:32:06.0888 4668 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
23:32:06.0911 4668 WinRM - ok
23:32:07.0074 4668 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\drivers\WinUSB.sys
23:32:07.0076 4668 WinUsb - ok
23:32:07.0139 4668 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
23:32:07.0151 4668 Wlansvc - ok
23:32:07.0355 4668 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
23:32:07.0373 4668 wlidsvc - ok
23:32:07.0527 4668 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
23:32:07.0529 4668 WmiAcpi - ok
23:32:07.0584 4668 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
23:32:07.0587 4668 wmiApSrv - ok
23:32:07.0635 4668 WMPNetworkSvc - ok
23:32:07.0657 4668 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
23:32:07.0662 4668 WPCSvc - ok
23:32:07.0694 4668 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
23:32:07.0700 4668 WPDBusEnum - ok
23:32:07.0717 4668 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
23:32:07.0720 4668 ws2ifsl - ok
23:32:07.0752 4668 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
23:32:07.0757 4668 wscsvc - ok
23:32:07.0761 4668 WSearch - ok
23:32:07.0887 4668 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
23:32:07.0913 4668 wuauserv - ok
23:32:08.0059 4668 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
23:32:08.0062 4668 WudfPf - ok
23:32:08.0107 4668 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\drivers\WUDFRd.sys
23:32:08.0110 4668 WUDFRd - ok
23:32:08.0139 4668 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
23:32:08.0144 4668 wudfsvc - ok
23:32:08.0182 4668 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
23:32:08.0189 4668 WwanSvc - ok
23:32:08.0232 4668 XAudio (e8f3fa126a06f8e7088f63757112a186) C:\Windows\system32\DRIVERS\XAudio64.sys
23:32:08.0234 4668 XAudio - ok
23:32:08.0292 4668 MBR (0x1B8) (a3095e5b8060d0d6b97e87ec1bb50c3c) \Device\Harddisk1\DR1
23:32:08.0325 4668 \Device\Harddisk1\DR1 - ok
23:32:08.0327 4668 Boot (0x1200) (4234c539a557a18d0299eb193ccfa211) \Device\Harddisk1\DR1\Partition0
23:32:08.0328 4668 \Device\Harddisk1\DR1\Partition0 - ok
23:32:08.0353 4668 Boot (0x1200) (a8dc0ed25a2a3dcd7a64adacf6db2014) \Device\Harddisk1\DR1\Partition1
23:32:08.0354 4668 \Device\Harddisk1\DR1\Partition1 - ok
23:32:08.0355 4668 ============================================================
23:32:08.0355 4668 Scan finished
23:32:08.0355 4668 ============================================================
23:32:08.0363 5528 Detected object count: 0
23:32:08.0363 5528 Actual detected object count: 0

#10 microwu

microwu
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:02 AM

Posted 13 July 2012 - 11:12 PM

And the aswMBR log:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-13 23:49:00
-----------------------------
23:49:00.335 OS Version: Windows x64 6.1.7601 Service Pack 1
23:49:00.335 Number of processors: 2 586 0x170A
23:49:00.336 ComputerName: THINKPAD-WU UserName: wu
23:49:01.233 Initialize success
23:49:01.293 AVAST engine defs: 12071301
23:49:05.895 Disk 0 \Device\Harddisk0\DR0 -> \Device\RobsonImd-0
23:49:05.898 Disk 0 Vendor: Size: 1405MB BusType: 0
23:49:05.900 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-1
23:49:05.903 Disk 1 Vendor: Hitachi_ PC4O Size: 476940MB BusType: 3
23:49:05.955 Disk 1 MBR read successfully
23:49:05.959 Disk 1 MBR scan
23:49:05.962 Disk 1 unknown MBR code
23:49:05.981 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 102398 MB offset 63
23:49:06.016 Disk 1 Partition 2 00 07 HPFS/NTFS NTFS 307203 MB offset 209712510
23:49:06.056 Disk 1 Partition 3 00 83 Linux 62997 MB offset 838866105
23:49:06.089 Disk 1 Partition 4 00 82 Linux swap 4337 MB offset 967884120
23:49:06.197 Disk 1 scanning C:\Windows\system32\drivers
23:49:20.663 Service scanning
23:49:32.818 Modules scanning
23:49:33.039 Disk 1 trace - called modules:
23:49:33.064 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
23:49:33.070 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa8008df3790]
23:49:33.076 3 CLASSPNP.SYS[fffff88001c1743f] -> nt!IofCallDriver -> [0xfffffa8004c332f0]
23:49:33.086 5 ACPI.sys[fffff88000f8b7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004c5e050]
23:49:33.738 AVAST engine scan C:\Windows
23:49:38.272 AVAST engine scan C:\Windows\system32
23:52:39.365 AVAST engine scan C:\Windows\system32\drivers
23:52:53.286 AVAST engine scan C:\Users\wu
00:07:53.639 AVAST engine scan C:\ProgramData
00:10:52.849 Scan finished successfully
00:10:58.573 Disk 1 MBR has been saved successfully to "D:\wu\desktop\MBR.dat"
00:10:58.583 The log file has been saved successfully to "D:\wu\desktop\aswMBR.txt"

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:02 AM

Posted 14 July 2012 - 10:50 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 microwu

microwu
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:02 AM

Posted 14 July 2012 - 10:39 PM

Computer seems to be ok. No ads seen.

ComboFix 12-07-14.01 - wu 07/14/2012 22:47:53.3.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3987.1673 [GMT -4:00]
Running from: d:\wu\desktop\ComboFix.exe
Command switches used :: d:\wu\desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-06-15 to 2012-07-15 )))))))))))))))))))))))))))))))
.
.
2012-07-15 02:57 . 2012-07-15 02:57 -------- d-----w- c:\users\wu.VETMED\AppData\Local\temp
2012-07-15 02:57 . 2012-07-15 02:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-15 01:54 . 2012-07-15 02:05 -------- d-----w- C:\PFS8.1 PE_TMP
2012-07-14 04:49 . 2012-07-14 04:49 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AE10A029-40E0-42F9-B4BE-6EBD202A0DE6}\offreg.dll
2012-07-14 01:13 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AE10A029-40E0-42F9-B4BE-6EBD202A0DE6}\mpengine.dll
2012-07-12 18:51 . 2012-07-12 18:51 -------- d-----w- c:\programdata\CrypKey
2012-07-12 18:51 . 2008-05-07 23:29 122880 ----a-w- c:\windows\system32\Crypserv.exe
2012-07-12 18:51 . 2008-03-17 17:12 28664 ----a-w- c:\windows\system32\Ckldrv.sys
2012-07-12 18:51 . 1999-06-18 20:49 165888 ----a-w- c:\windows\Ckconfig.exe
2012-07-12 18:51 . 1996-05-03 16:21 27648 ----a-r- c:\windows\Setup_ck.exe
2012-07-12 18:51 . 1996-05-03 14:36 18432 ----a-w- c:\windows\Setup_ck.dll
2012-07-12 18:51 . 1995-07-04 17:33 11776 ----a-w- c:\windows\Ckrfresh.exe
2012-07-12 18:51 . 2006-04-17 15:56 1207808 ----a-w- c:\windows\SysWow64\PhoenixDll.dll
2012-07-12 18:51 . 2004-10-17 01:46 178176 ----a-w- c:\windows\SysWow64\StellarProfile.dll
2012-07-12 18:51 . 2012-07-12 18:51 -------- d-----w- c:\program files (x86)\Stellar Phoenix Outlook PST Repair
2012-07-12 04:07 . 2012-07-12 04:07 388096 ----a-r- c:\users\wu\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-07-12 04:07 . 2012-07-12 04:07 -------- d-----w- c:\program files (x86)\Trend Micro
2012-07-11 04:04 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-10 23:19 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-07-07 04:06 . 2012-07-07 04:06 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-07-07 03:55 . 2012-07-07 03:55 -------- d-----w- c:\windows\system32\SPReview
2012-07-07 03:54 . 2012-07-07 03:54 -------- d-----w- c:\windows\system32\EventProviders
2012-07-07 03:40 . 2010-11-05 01:57 48976 ----a-w- c:\windows\system32\netfxperf.dll
2012-07-07 03:40 . 2010-11-05 01:57 1942856 ----a-w- c:\windows\system32\dfshim.dll
2012-07-07 03:38 . 2010-11-20 12:20 428032 ----a-w- c:\windows\SysWow64\secproc.dll
2012-07-07 03:37 . 2010-11-20 13:27 849920 ----a-w- c:\windows\system32\qmgr.dll
2012-07-07 03:36 . 2010-11-20 13:27 1243136 ----a-w- c:\windows\system32\WMNetMgr.dll
2012-07-07 03:35 . 2010-11-20 13:32 112000 ----a-w- c:\windows\system32\consent.exe
2012-07-07 03:34 . 2010-11-20 13:27 335360 ----a-w- c:\windows\system32\msieftp.dll
2012-07-07 03:33 . 2010-11-20 12:21 105984 ----a-w- c:\windows\SysWow64\WPDShServiceObj.dll
2012-07-07 03:32 . 2010-11-20 13:27 28160 ----a-w- c:\windows\system32\shgina.dll
2012-07-07 03:31 . 2010-11-20 12:21 189952 ----a-w- c:\windows\SysWow64\sqmapi.dll
2012-07-07 03:31 . 2010-11-20 12:21 189952 ----a-w- c:\windows\SysWow64\wdscore.dll
2012-07-07 03:31 . 2010-11-20 12:17 209920 ----a-w- c:\windows\SysWow64\PkgMgr.exe
2012-07-07 03:31 . 2010-11-20 12:18 323072 ----a-w- c:\windows\SysWow64\drvstore.dll
2012-07-07 03:31 . 2010-11-20 12:18 257024 ----a-w- c:\windows\SysWow64\dpx.dll
2012-07-07 03:31 . 2010-11-20 12:21 189952 ----a-w- c:\program files (x86)\Windows Portable Devices\sqmapi.dll
2012-07-07 03:31 . 2010-11-20 12:21 363008 ----a-w- c:\windows\SysWow64\wbemcomn.dll
2012-07-07 03:31 . 2010-11-20 12:19 606208 ----a-w- c:\windows\SysWow64\wbem\fastprox.dll
2012-07-07 03:29 . 2010-11-20 13:27 524288 ----a-w- c:\windows\system32\wmicmiplugin.dll
2012-07-07 03:29 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll
2012-07-07 03:29 . 2010-11-20 13:27 1225216 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2012-07-07 03:29 . 2010-11-20 13:27 244736 ----a-w- c:\program files\Windows Portable Devices\sqmapi.dll
2012-07-07 03:29 . 2010-11-20 13:27 244736 ----a-w- c:\windows\system32\sqmapi.dll
2012-07-07 03:29 . 2010-11-20 13:27 933376 ----a-w- c:\windows\system32\SmiEngine.dll
2012-07-07 03:29 . 2010-11-20 13:25 199168 ----a-w- c:\windows\system32\PkgMgr.exe
2012-07-07 03:29 . 2010-11-20 13:26 422912 ----a-w- c:\windows\system32\drvstore.dll
2012-07-07 03:29 . 2010-11-20 13:26 399872 ----a-w- c:\windows\system32\dpx.dll
2012-07-02 15:43 . 2012-07-09 02:38 -------- d-----w- c:\users\Administrator
2012-07-02 15:26 . 2012-07-06 14:22 -------- dc----w- c:\users\wu\AppData\Local\MigWiz
2012-07-02 15:15 . 2012-07-02 15:15 -------- d-----w- c:\users\wu\AppData\Local\Panasonic
2012-07-02 15:10 . 2012-07-02 15:10 -------- d-----w- c:\users\wu\AppData\Local\Apple Computer
2012-06-29 04:00 . 2012-06-29 04:00 -------- d-----w- c:\program files (x86)\Garmin GPS Plugin
2012-06-29 04:00 . 2012-06-29 04:00 -------- d-----w- c:\program files\Garmin GPS Plugin
2012-06-29 04:00 . 2012-06-29 04:00 -------- d-----w- c:\program files (x86)\Garmin
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-07 04:03 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-07-07 04:03 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-07-03 17:46 . 2012-05-21 02:35 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-12 23:05 . 2010-10-20 16:23 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-06-02 22:19 . 2012-06-14 18:45 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-14 18:45 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-14 18:45 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-14 18:45 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-14 18:45 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-14 18:45 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-14 18:45 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 20:19 . 2012-06-14 18:45 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 20:15 . 2012-06-14 18:45 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-05-31 16:25 . 2010-11-03 21:05 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-05-24 10:36 . 2012-05-24 10:36 955848 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-05-24 10:36 . 2010-10-20 16:24 839112 ----a-w- c:\windows\system32\deployJava1.dll
2012-05-23 02:19 . 2012-05-23 02:19 221696 ----a-w- c:\windows\system32\liunt.ime
2012-05-23 02:19 . 2012-05-23 02:19 183296 ----a-w- c:\windows\SysWow64\liunt.ime
2012-05-11 06:24 . 2012-04-26 03:49 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-11 06:24 . 2011-06-16 16:40 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-04 11:06 . 2012-06-14 18:56 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-14 18:56 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-14 18:56 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40 . 2012-06-14 18:56 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-04-28 03:55 . 2012-06-14 18:56 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-26 05:41 . 2012-06-14 19:00 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-26 05:41 . 2012-06-14 19:00 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-26 05:34 . 2012-06-14 19:00 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-04-24 05:37 . 2012-06-14 18:55 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-04-24 05:37 . 2012-06-14 18:55 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-04-24 05:37 . 2012-06-14 18:55 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-04-24 04:36 . 2012-06-14 18:55 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-04-24 04:36 . 2012-06-14 18:55 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-04-24 04:36 . 2012-06-14 18:55 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-04-19 01:56 . 2012-04-19 01:56 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2012-04-19 01:56 . 2012-04-19 01:56 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-14_02.00.28 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2012-07-14 01:59 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-07-15 01:37 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-07-15 01:37 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-14 01:59 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-14 01:59 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-07-15 01:37 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 05:10 . 2012-07-14 02:19 64080 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-01-15 07:41 . 2012-07-14 02:19 16544 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3113954878-1287357467-2695863750-1000_UserData.bin
+ 2010-01-15 04:47 . 2012-07-14 04:40 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-01-15 04:47 . 2012-07-12 20:11 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-05-28 13:40 . 2012-07-14 04:40 49152 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2012-05-28 13:40 . 2012-07-12 20:11 49152 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-12 20:11 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-07-14 04:40 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-02-18 05:10 . 2012-07-14 02:12 3298 c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2012-07-14 01:59 . 2012-07-14 01:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-14 02:17 . 2012-07-14 02:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-14 02:17 . 2012-07-14 02:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-07-14 01:59 . 2012-07-14 01:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-02-11 16:19 . 2012-07-15 01:36 458546 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2010-01-15 07:41 . 2012-07-14 02:19 119670 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 04:46 . 2012-07-14 03:57 117248 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2009-07-14 05:01 . 2012-07-14 01:58 402232 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-07-14 02:16 402232 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 02:36 . 2012-07-15 01:40 2011200 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-07-15 01:40 1303440 c:\windows\system32\perfc009.dat
+ 2009-07-14 04:45 . 2012-07-14 02:17 2288696 c:\windows\system32\FNTCACHE.DAT
- 2010-01-15 08:15 . 2012-07-14 01:58 5471176 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2010-01-15 08:15 . 2012-07-14 02:16 5471176 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2012-07-05 18:10 . 2012-07-14 02:16 41508896 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3113954878-1287357467-2695863750-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\wu\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\wu\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\wu\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\wu\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2011-11-30 1631808]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2012-03-26 40376]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2012-03-26 640440]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"RotateImage"="c:\program files (x86)\RotateImage\RCIMGDIR.exe" [2008-10-30 55808]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-08-12 205336]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-05-20 284440]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-04-24 98304]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-07 4241512]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
.
c:\users\wu.VETMED\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\wu\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
MagicDisc.lnk - c:\program files (x86)\MagicDisc\MagicDisc.exe [2010-11-2 576000]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\users\wu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\wu\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
MagicDisc.lnk - c:\program files (x86)\MagicDisc\MagicDisc.exe [2010-11-2 576000]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2010-8-5 1090848]
Digital Line Detect.lnk - c:\program files (x86)\Digital Line Detect\DLG.exe [2010-11-2 50688]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DisallowCpl"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200404]
Ime File REG_SZ LIUNT.IME
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2011-07-12 101736]
R2 Secunia CSI Agent;Secunia CSI Agent;c:\csi\csia.exe [2011-01-27 681472]
R3 ADMonitor;AD Monitor;c:\windows\system32\ADMonitor.exe [2010-10-21 130048]
R3 ALSysIO;ALSysIO;c:\users\WUBC06~1.VET\AppData\Local\Temp\ALSysIO64.sys [x]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [2011-08-07 299008]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-08-18 54824]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-08-18 35104]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2010-07-28 29720]
R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [2010-05-08 30304]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-17 113120]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2010-03-18 7680512]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-08-28 5435904]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2010-04-28 82816]
R3 pelbtm;Bluetooth Mouse Filter Driver;c:\windows\system32\DRIVERS\pelbtm.sys [2007-09-20 16384]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2011-11-30 89152]
R3 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE [2011-11-30 175168]
R3 RMWPService;RMWPService;c:\program files (x86)\Reference Manager 12\WebPublisher\thirdparty\Apache2\bin\RMWP_Apache_Admin.exe [2004-01-29 20537]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-02-27 1255736]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [x]
S0 DzHDD64;DzHDD64;c:\windows\System32\DRIVERS\DzHDD64.sys [2011-11-30 31344]
S0 iaNvStor;Intel® Turbo Memory Controller;c:\windows\system32\DRIVERS\iaNvStor.sys [2009-08-21 344600]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys [2011-03-29 23664]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys [2010-09-07 15472]
S1 pelmoubt;Mouse Suite Bluetooth Driver;c:\windows\system32\DRIVERS\pelmoubt.sys [2009-04-23 22016]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-04-25 203776]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-08-07 1166848]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-03-07 69976]
S2 ATService;AuthenTec Fingerprint Service;c:\windows\system32\ATService.exe [2010-10-21 2715456]
S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-06-03 134928]
S2 dtsvc;Data Transfer Service;c:\windows\system32\DTS.exe [2010-10-21 117760]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-05-20 13592]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [2012-01-16 43584]
S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [2012-01-16 62016]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2011-07-12 133992]
S2 PelService;Session Launcher Service;c:\program files\Lenovo\Lenovo Mouse Suite\PelService.exe [2009-11-13 228864]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [2011-07-12 145256]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2011-07-12 142696]
S2 TVicPort64;TVicPort64; [x]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2010-02-04 2058776]
S3 5U875UVC;Integrated Camera;c:\windows\system32\DRIVERS\RCUVCMNP.sys [2009-10-23 220032]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-04-25 8013312]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-04-25 287232]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2011-08-07 299008]
S3 ATSwpWDF;AuthenTec TruePrint USB Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [2010-10-21 735616]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [2009-06-30 292864]
S3 DozeSvc;Lenovo Doze Mode Service;c:\program files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2011-11-30 478056]
S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y62x64.sys [2010-04-07 290008]
S3 GenericMount;Generic Mount Driver;c:\windows\system32\DRIVERS\GenericMount.sys [2009-09-22 54320]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-06-23 56344]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [2010-08-25 10611552]
S3 LenovoRd;LenovoRd;c:\windows\system32\Drivers\LenovoRd.sys [2009-05-11 118016]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [2009-06-17 74256]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [2009-06-17 13328]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2012-01-18 351136]
S3 LVUVC64;Logitech QuickCam Pro 9000(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2011-08-03 8604672]
S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys [2009-07-02 41536]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 72276111
*Deregistered* - 72276111
*Deregistered* - aswMBR
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-159135561-1085475936-622671684-4151Core.job
- c:\users\wu.VETMED\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-25 03:47]
.
2012-07-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-159135561-1085475936-622671684-4151UA.job
- c:\users\wu.VETMED\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-25 03:47]
.
2012-07-14 c:\windows\Tasks\SDMsgUpdate (SD).job
- c:\progra~2\SMARTD~1\Messages\SDNotify.exe [2011-06-16 16:21]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-07 00:15 135408 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\wu\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\wu\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\wu\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\wu\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FingerPrintSoftware"="c:\program files\Lenovo Fingerprint Software\fpapp.exe \s" [X]
"FingerPrintSoftwareSplashScreen"="c:\program files\Lenovo Fingerprint Software\SplashScreen.exe \s" [X]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"TpShocks"="TpShocks.exe" [2011-03-29 380776]
"picon"="c:\program files (x86)\Common Files\Intel\Privacy Icon\PIconStartup.exe" [2010-02-04 111640]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768]
"AcWin7Hlpr"="c:\program files (x86)\Lenovo\Access Connections\AcTBenabler.exe" [2012-04-20 33344]
"IaNvSrv"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe" [2009-10-06 33304]
"Mouse Suite 98 Daemon"="ICO.EXE" [2007-09-17 92160]
"Daemon for Mouse Suite"="c:\program files\Lenovo\Lenovo Mouse Suite\ICO.EXE" [2007-09-17 92160]
"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2012-01-16 44096]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 415256]
"ResetACGauge"="c:\program files (x86)\Lenovo\Access Connections\smbhlpr.exe" [2012-04-20 154688]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com.tw/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.0.1
Handler: ncbi8 - {2B576DD3-0B3E-4718-BCBF-B15E4FB8009D} - c:\program files (x86)\Invitrogen\Vector NTI Advance 10\Ncbi.dll
DPF: {2B38E40E-977D-4767-919C-2AA29C041618} - hxxps://ebank.bot.com.tw/NNBank/NN/FCardS.CAB
DPF: {A6616B31-4860-41E2-98E3-CA7649AF172F} - file:///F:/launch.ocx
DPF: {F9A2A26C-07E3-4B16-8787-6F6051304730} - hxxps://efinance.tcb-bank.com.tw/ActiveX/EATM.cab
FF - ProfilePath - c:\users\wu\AppData\Roaming\Mozilla\Firefox\Profiles\zrsq7ouv.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.tw/
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-07-14 22:59:53
ComboFix-quarantined-files.txt 2012-07-15 02:59
.
Pre-Run: 43,689,807,872 bytes free
Post-Run: 43,488,796,672 bytes free
.
- - End Of File - - C837A0980FB54AAE2897C481752FD520

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:02 AM

Posted 14 July 2012 - 10:45 PM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

eMule
Java™ 6 Update 31
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.



Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:02 AM

Posted 17 July 2012 - 12:42 AM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 microwu

microwu
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:02 AM

Posted 17 July 2012 - 09:39 AM

Hi Gringo,

My computer is running normally after these procedures.
Here's the results from MBAM:


Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.17.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
wu :: THINKPAD-WU [administrator]

7/17/2012 10:22:15 AM
mbam-log-2012-07-17 (10-22-15).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 256227
Time elapsed: 2 minute(s), 56 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

-----------And from HijackThis:--------------

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:30:08 AM, on 7/17/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal

Running processes:
C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Digital Line Detect\DLG.exe
C:\Users\wu\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\MagicDisc\MagicDisc.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - (no file)
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [RotateImage] C:\Program Files (x86)\RotateImage\RCIMGDIR.exe
O4 - HKLM\..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - Startup: Dropbox.lnk = wu.VETMED\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files (x86)\Digital Line Detect\DLG.exe
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {2B38E40E-977D-4767-919C-2AA29C041618} (BOT Class) - https://ebank.bot.com.tw/NNBank/NN/FCardS.CAB
O16 - DPF: {A6616B31-4860-41E2-98E3-CA7649AF172F} - file:///F:/launch.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F9A2A26C-07E3-4B16-8787-6F6051304730} (TCB EATM Object) - https://efinance.tcb-bank.com.tw/ActiveX/EATM.cab
O18 - Protocol: ncbi8 - {2B576DD3-0B3E-4718-BCBF-B15E4FB8009D} - C:\Program Files (x86)\Invitrogen\Vector NTI Advance 10\Ncbi.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AcPrfMgrSvc - Lenovo - C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
O23 - Service: AcSvc - Lenovo - C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
O23 - Service: AD Monitor (ADMonitor) - Unknown owner - C:\Windows\system32\ADMonitor.exe (file missing)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service (AMPPALR3) - Intel Corporation - C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
O23 - Service: AuthenTec Fingerprint Service (ATService) - Unknown owner - C:\Windows\system32\ATService.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service (BTHSSecurityMgr) - Intel® Corporation - C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
O23 - Service: Crypkey License - Unknown owner - crypserv.exe (file missing)
O23 - Service: Lenovo Doze Mode Service (DozeSvc) - Lenovo. - C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE
O23 - Service: Data Transfer Service (dtsvc) - Unknown owner - C:\Windows\system32\DTS.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\Windows\system32\ibmpmsvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: Lenovo Camera Mute (LENOVO.CAMMUTE) - Lenovo Group Limited - C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
O23 - Service: Lenovo Microphone Mute (LENOVO.MICMUTE) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
O23 - Service: Lenovo Keyboard Noise Reduction (LENOVO.TPKNRSVC) - Lenovo Group Limited - C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
O23 - Service: Lenovo Auto Scroll (Lenovo.VIRTSCRLSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\AMT\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Session Launcher Service (PelService) - Unknown owner - C:\Program Files\Lenovo\Lenovo Mouse Suite\PelService.exe
O23 - Service: Power Manager DBC Service - Lenovo - C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Cisco EnergyWise Enabler (PwmEWSvc) - Lenovo Group Limited - C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: RMWPService - Apache Software Foundation - C:\Program Files (x86)\Reference Manager 12\WebPublisher\thirdparty\Apache2\bin\RMWP_Apache_Admin.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Secunia CSI Agent - Unknown owner - C:\CSI\csia.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: Stuffit Archive Name Service - Smith Micro Software, Inc. - C:\Program Files (x86)\Smith Micro\StuffIt 2010\ArcNameService.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Unknown owner - C:\Windows\System32\TPHDEXLG64.exe (file missing)
O23 - Service: Lenovo Hotkey Client Loader (TPHKLOAD) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
O23 - Service: On Screen Display (TPHKSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 14954 bytes




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users