Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

click.get-amazing-results redirect virus


  • This topic is locked This topic is locked
28 replies to this topic

#1 Tricknasty118

Tricknasty118

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:30 PM

Posted 06 September 2012 - 11:45 PM

Hello,

I need some assistance removing the click.get-amazing-results redirect virus. I removed the click-get answers fast virus a little while back and now I am having issues with this redirect which I am assuming is the same thing. I think I need to run a TDSS but I havnt been successful with my other attempts.

Any help is greatly appreciated.

Thanks.

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:30 PM

Posted 07 September 2012 - 01:01 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.


Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Tricknasty118

Tricknasty118
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:30 PM

Posted 08 September 2012 - 01:50 PM

Thanks for the help,

I am also being redirected to click.gethotresults . com

Here are the results for Security Check


Results of screen317's Security Check version 0.99.50
Windows 7 x86 (UAC is enabled)
Out of date service pack!!
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Windows Firewall Disabled!
Symantec Endpoint Protection
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
SUPERAntiSpyware
CCleaner
Java™ 6 Update 31
Java version out of Date!
Adobe Flash Player 11.3.300.271
Adobe Reader X 10.1.2 Adobe Reader out of Date!
Google Chrome 21.0.1180.83
Google Chrome 21.0.1180.89
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````


Here are the DDS Results

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_31
Run by barnesdb at 14:12:51 on 2012-09-08
Microsoft Windows 7 Enterprise 6.1.7600.0.1252.1.1033.18.2996.1750 [GMT -4:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Symantec Endpoint Protection *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\WUDFHost.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\ThinkPad\Tablet Shortcut\ASR\ASRSVC.exe
C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Program Files\LENOVO\HOTKEY\CAMMUTE.exe
C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\ThinkPad\Tablet Shortcut\TSMService.exe
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Program Files\Xythos\Drive\XfsSvcCon.exe
C:\Windows\system32\CCM\CcmExec.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k HPService
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Lenovo\System Update\SUService.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k WbioSvcGroup
C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Windows\System32\TpShocks.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE
C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\ThinkPad\Tablet Shortcut\TSMResident.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\FreeAlarmClock\FreeAlarmClock.exe
C:\Program Files\Conexant\SAII\SmartAudio.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Xythos\Drive\Xythos.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\SCHTASK.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
uRun: [AdobeBridge]
uRun: [CAHeadless] c:\program files\adobe\elements organizer 8.0\caheadless\ElementsAutoAnalyzer.exe
uRun: [KiesPDLR] c:\program files\samsung\kies\external\firmwareupdate\KiesPDLR.exe
uRun: [FreeAC] c:\program files\freealarmclock\FreeAlarmClock.exe -autorun
uRun: [PeerBlock] c:\program files\peerblock\peerblock.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [TpShocks] TpShocks.exe
mRun: [PWMTRV] rundll32 c:\progra~1\thinkpad\utilit~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
mRun: [LPManager] c:\progra~1\thinkv~1\prdctr\LPMGR.exe
mRun: [LPMailChecker] c:\progra~1\thinkv~1\prdctr\LPMLCHK.exe
mRun: [PSQLLauncher] "c:\program files\thinkvantage fingerprint software\launcher.exe" /startup
mRun: [IMSS] "c:\program files\intel\intel® management engine components\imss\PIconStartup.exe"
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [LENTBCTL] "c:\program files\thinkpad\tablet shortcut\LENTBCTL.EXE" /r
mRun: [TSMResident] "c:\program files\thinkpad\tablet shortcut\TSMRESIDENT.EXE" /r
mRun: [TabletButton] "c:\program files\thinkpad\tablet shortcut\TabletButton.EXE" /STARTUP
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SmartAudio] c:\program files\conexant\saii\SAIICpl.exe /t
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\users\barnesdb\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\thinkpad\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\xythos~1.lnk - c:\windows\installer\{6c9b50d4-9fd1-4083-9ab8-c381a631faba}\main.ico
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: DisableCAD = 1 (0x1)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~1\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 10.5.0.10 10.110.0.10
TCP: Interfaces\{1183AD8C-BD6A-4E14-896E-0924FD07396B} : DhcpNameServer = 10.5.0.10 10.110.0.10
TCP: Interfaces\{1183AD8C-BD6A-4E14-896E-0924FD07396B}\0443030335F614675632 : DhcpNameServer = 10.5.0.10 10.110.0.10
TCP: Interfaces\{1183AD8C-BD6A-4E14-896E-0924FD07396B}\4527562656C6C616A7C4169627 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{1183AD8C-BD6A-4E14-896E-0924FD07396B}\554456C6028456C607 : DhcpNameServer = 128.175.13.16 128.175.13.17
TCP: Interfaces\{1183AD8C-BD6A-4E14-896E-0924FD07396B}\D416272796F6474704075726C69636 : DhcpNameServer = 116.236.159.8
TCP: Interfaces\{1183AD8C-BD6A-4E14-896E-0924FD07396B}\D416272796F647470434F6E666562756E63656 : DhcpNameServer = 116.236.159.8
TCP: Interfaces\{1183AD8C-BD6A-4E14-896E-0924FD07396B}\D416272796F647470454875636574796675602C4F657E67656 : DhcpNameServer = 116.236.159.8
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
Notify: psfus - c:\program files\thinkvantage fingerprint software\psqlpwd.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Notification Packages = scecli c:\program files\thinkvantage fingerprint software\psqlpwd.dll
.
============= SERVICES / DRIVERS ===============
.
R0 DozeHDD;DozeHDD;c:\windows\system32\drivers\DOZEHDD.SYS [2010-3-23 25968]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2009-10-9 20520]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2012-5-1 13680]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R1 TDFSD;TDFSD;c:\program files\xythos\drive\tdfsd.sys [2009-3-31 1326272]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2012-7-11 116608]
R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files\adobe\elements organizer 8.0\PhotoshopElementsFileAgent.exe [2009-9-6 169312]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\intel\bluetoothhs\BTHSAmpPalService.exe [2011-10-19 510464]
R2 ASRSVC;ASR Service;c:\program files\thinkpad\tablet shortcut\asr\ASRSVC.exe [2010-4-13 79136]
R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\intel\bluetoothhs\BTHSSecurityMgr.exe [2011-10-20 103184]
R2 DozeSvc;Lenovo Doze Mode Service;c:\program files\thinkpad\utilities\DOZESVC.EXE [2012-5-1 292200]
R2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992]
R2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\lenovo\hotkey\cammute.exe [2010-4-14 54632]
R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\lenovo\virtscrl\lvvsst.exe [2012-5-1 127336]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032]
R2 smihlp;SMI Helper Driver (smihlp);c:\program files\thinkvantage fingerprint software\smihlp.sys [2009-3-13 12560]
R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2009-10-26 2477304]
R2 TabletSVC;TABLET Service;c:\program files\thinkpad\tablet shortcut\TSMService.exe [2010-4-13 71016]
R2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\lenovo\hotkey\tphkload.exe [2012-5-1 131432]
R2 TPHKSVC;On Screen Display;c:\program files\lenovo\hotkey\TPHKSVC.exe [2012-5-1 142696]
R2 UNS;Intel® Management & Security Application User Notification Service;c:\program files\intel\intel® management engine components\uns\UNS.exe [2010-3-23 2320920]
R2 XyService;XD Filesystem;c:\program files\xythos\drive\XfsSvcCon.exe [2009-3-31 90112]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\drivers\AmpPal.sys [2011-10-19 140800]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k6232.sys [2010-3-9 214696]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-8-9 106656]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-4-13 125696]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2010-4-13 209920]
R3 NETwNs32;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETwNs32.sys [2011-10-31 7522304]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
R3 wisdpen;Wacom Penabled MiniDriver;c:\windows\system32\drivers\wisdpen.sys [2010-4-13 36648]
S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-8-3 250568]
S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\drivers\AmpPal.sys [2011-10-19 140800]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2010-3-23 29472]
S3 MP4ConverterAudio;MP4ConverterAudio;c:\windows\system32\drivers\MP4ConverterAudio.sys [2012-3-22 23608]
S3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETw5s32.sys [2010-3-23 6755840]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-3-8 66664]
S3 pbfilter;pbfilter;c:\program files\peerblock\pbfilter.sys [2012-9-5 20080]
S3 pmxdrv;pmxdrv;c:\windows\system32\drivers\pmxdrv.sys [2010-3-31 816792]
S3 Power Manager DBC Service;Power Manager DBC Service;c:\program files\thinkpad\utilities\PWMDBSVC.exe [2010-3-23 89152]
S3 PowerLabUSB;ADInstruments PowerLab driver;c:\windows\system32\drivers\plusb2_0_3_NTx86.sys [2008-3-18 17232]
S3 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files\thinkpad\utilities\PWMEWSVC.exe [2012-5-1 175168]
S3 rimspci;rimspci;c:\windows\system32\drivers\rimspe86.sys [2010-3-8 48640]
S3 rixdpcie;rixdpcie;c:\windows\system32\drivers\rixdpe86.sys [2010-3-8 38912]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-3-9 1343400]
S4 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\lenovo\hotkey\micmute.exe [2012-5-1 101736]
.
=============== Created Last 30 ================
.
2012-09-07 00:42:46 -------- d-----w- c:\users\barnesdb\appdata\roaming\SUPERAntiSpyware.com
2012-09-07 00:42:38 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-09-07 00:42:38 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-09-06 23:37:45 -------- d-sh--w- C:\$RECYCLE.BIN
2012-09-06 23:22:08 -------- d-s---w- C:\ComboFix
2012-09-05 22:33:34 -------- d-----w- c:\program files\PeerBlock
2012-09-04 00:54:03 316928 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\hpfpp092.dll
2012-09-04 00:51:13 -------- d-----w- c:\program files\common files\HP
2012-09-04 00:51:09 -------- d-----w- c:\program files\common files\Hewlett-Packard
2012-09-04 00:50:07 -------- d-----w- c:\windows\hpoj4500g510n-z
2012-09-04 00:48:21 122880 ----a-w- c:\windows\system32\hpf3l092.dll
2012-09-04 00:47:35 -------- d-----w- c:\program files\HP
2012-09-04 00:46:10 716288 ----a-w- c:\windows\system32\hpwwiax9.dll
2012-09-04 00:46:10 452408 ----a-w- c:\windows\system32\hpzids01.dll
2012-09-04 00:46:09 593920 ----a-w- c:\windows\system32\hpwtscl5.dll
2012-09-04 00:46:09 315392 ----a-w- c:\windows\system32\hpwvst01.dll
2012-09-04 00:46:08 372736 ----a-w- c:\windows\system32\hppldcoi.dll
2012-08-31 04:31:19 49664 ----a-w- c:\windows\system32\CamCodec.dll
2012-08-31 04:31:19 -------- d-----w- c:\program files\CamStudio 2.6b
2012-08-28 19:05:07 -------- d-----w- c:\program files\Audacity
2012-08-28 18:34:19 -------- d-----w- c:\users\barnesdb\appdata\roaming\Chrome
2012-08-20 03:41:01 -------- d-----w- c:\program files\FreeAlarmClock
2012-08-16 05:53:27 -------- d-----w- c:\program files\MiPony
2012-08-15 22:03:52 393216 ----a-w- c:\windows\system32\drivers\bthport.sys
2012-08-15 16:53:21 -------- d-----w- c:\program files\CCleaner
2012-08-15 14:32:57 492032 ----a-w- c:\windows\system32\win32spl.dll
2012-08-15 14:32:57 316928 ----a-w- c:\windows\system32\spoolsv.exe
2012-08-15 14:32:35 41472 ----a-w- c:\windows\system32\browcli.dll
2012-08-15 14:32:34 102912 ----a-w- c:\windows\system32\browser.dll
2012-08-15 14:32:19 768512 ----a-w- c:\windows\system32\localspl.dll
2012-08-15 02:23:01 -------- d-----w- c:\users\barnesdb\appdata\roaming\Pamela
2012-08-15 02:22:59 176128 ----a-w- c:\windows\system32\RemoteControl.dll
2012-08-13 20:26:38 -------- d-----w- c:\users\barnesdb\appdata\local\Google
2012-08-13 17:36:14 -------- d-----w- c:\users\barnesdb\appdata\local\temp
2012-08-13 16:45:37 208896 ----a-w- c:\windows\MBR.exe
2012-08-13 16:45:36 98816 ----a-w- c:\windows\sed.exe
2012-08-13 16:45:36 518144 ----a-w- c:\windows\SWREG.exe
2012-08-13 16:45:36 256000 ----a-w- c:\windows\PEV.exe
2012-08-12 03:31:38 -------- d-----w- c:\program files\Enigma Software Group
2012-08-12 03:30:23 -------- d-----w- c:\windows\CC1F6DA021D2425AB1B65B164A598450.TMP
2012-08-12 03:30:19 -------- d-----w- c:\program files\common files\Wise Installation Wizard
2012-08-11 20:00:19 -------- d-----w- c:\users\barnesdb\appdata\roaming\Malwarebytes
2012-08-11 20:00:07 -------- d-----w- c:\programdata\Malwarebytes
2012-08-11 04:56:30 -------- d-----w- c:\users\barnesdb\appdata\roaming\Update
2012-08-11 04:56:23 -------- d-----w- c:\users\barnesdb\appdata\roaming\PCDr
.
==================== Find3M ====================
.
2012-08-29 04:38:58 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-29 04:38:57 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-18 17:10:29 2344448 ----a-w- c:\windows\system32\win32k.sys
2012-06-27 06:03:21 981504 ----a-w- c:\windows\system32\wininet.dll
2012-06-27 06:01:19 44544 ----a-w- c:\windows\system32\licmgr10.dll
2012-06-27 04:53:25 386048 ----a-w- c:\windows\system32\html.iec
2012-06-27 04:19:51 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-26 20:03:06 4659712 ----a-w- c:\windows\system32\Redemption.dll
2012-06-26 20:02:40 90112 ----a-w- c:\windows\MAMCityDownload.ocx
2012-06-26 20:02:40 330240 ----a-w- c:\windows\MASetupCaller.dll
2012-06-26 20:02:40 30568 ----a-w- c:\windows\MusiccityDownload.exe
2012-06-26 20:02:38 45320 ----a-w- c:\windows\system32\MAMACExtract.dll
2012-06-26 20:02:36 821824 ----a-w- c:\windows\system32\dgderapi.dll
.
============= FINISH: 14:15:13.23 ===============


And the DDS attach results,

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Enterprise
Boot Device: \Device\HarddiskVolume2
Install Date: 2/11/2011 4:42:05 PM
System Uptime: 9/7/2012 8:35:28 PM (18 hours ago)
.
Motherboard: LENOVO | | 3093A88
Processor: Intel® Core™ i7 CPU L 620 @ 2.00GHz | None | 1980/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 280 GiB total, 130.422 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP246: 8/31/2012 12:46:08 AM - Installed VodBurner
RP247: 9/4/2012 1:43:29 PM - Removed VodBurner
RP248: 9/4/2012 1:44:26 PM - Removed VodBurner
RP249: 9/6/2012 3:34:48 AM - ComboFix created restore point
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
32 Bit HP CIO Components Installer
4500_G510nz_Help_Web
4500G510nz_Software_Min
4500G510nz_web
Access Help
ADInstruments LabTutor
Adobe Acrobat 9 Pro
Adobe Acrobat 9.4.3 - CPSID_83708
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Contribute CS4
Adobe CS4 American English Speech Analysis Models
Adobe CS4 French Speech Analysis Models
Adobe CS4 German Speech Analysis Models
Adobe CS4 International English Speech Analysis Models
Adobe CS4 Italian Speech Analysis Models
Adobe CS4 Japanese Speech Analysis Models
Adobe CS4 Korean Speech Analysis Models
Adobe CS4 Spanish Speech Analysis Models
Adobe CSI CS4
Adobe Default Language CS4
Adobe Dynamiclink Support
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Linguistics CS4
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe PDistiller
Adobe Photoshop Elements 8.0
Adobe Premiere Elements 8.0
Adobe Premiere Elements 8.0 Templates
Adobe Reader X (10.1.2)
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Shockwave Player 11.6
Adobe Soundbooth CS4
Adobe Soundbooth CS4 Codecs
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe XMP Panels CS4
AIM for Windows
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Audacity 2.0.2
BufferChm
Burn.Now 4.5
CamStudio OSS Desktop Recorder
Canon RAW Codec
CCleaner
Conexant 20585 SmartAudio HD
Configuration Manager Client
Connect
Corel Burn.Now Lenovo Edition
Download Updater (AOL LLC)
FLV Player
Free Alarm Clock 2.7.0
GameXN GO
Garmin Communicator Plugin
Garmin USB Drivers
Google Chrome
GraphPad Prism 5 (Trial)
Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)
HP Officejet 4500 G510n-z
iCloud
ImageJ 1.45s
Integrated Camera Driver Installer Package Ver.1.1.0.48
Intel PROSet Wireless
Intel® Control Center
Intel® Graphics Media Accelerator Driver
Intel® Management Engine Components
Intel® Network Connections Drivers
Intel® PROSet/Wireless WiFi Software
InterVideo WinDVD 8
iTunes
Java Auto Updater
Java™ 6 Update 31
kuler
Lenovo Auto Scroll Utility
Lenovo Patch Utility
Lenovo System Interface Driver
LiveUpdate 3.3 (Symantec Corporation)
Microsoft .NET Framework 4 Client Profile
Microsoft Expression Blend 3
Microsoft Expression Blend 3 SDK
Microsoft Expression Design 3
Microsoft Expression Encoder 3
Microsoft Expression Studio 3
Microsoft Expression Web 3
Microsoft Expression Web 3 SP1
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
Microsoft Silverlight
Microsoft Silverlight 3 SDK
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MiPony 2.0.0
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MyFreeCodec
Network
NVIDIA Drivers
NVIDIA nView Desktop Manager
OGA Notifier 2.0.0048.0
On Screen Display
Pamela Pro 4.8
PeerBlock 1.1 (r518)
Pharos
Photoshop Camera Raw
Productivity Center Supplement for ThinkPad
QuickTime
RealPlayer
RealUpgrade 1.0
Recuva
Rescue and Recovery
RICOH R5U230 Media Driver ver.2.06.02.02
Samsung Kies
Scan
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Expression Design 3 (KB2667727)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596666) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Skype Click to Call
Skype™ 5.10
SmartSound Quicktracks for Premiere Elements 8.0
Sony ICS Converter
Sony Player Plug-in for Windows Media Player
Suite Shared Configuration CS4
SUPERAntiSpyware
swMSM
Symantec Endpoint Protection
Synaptics Pointing Device Driver
System Update
ThinkPad Bluetooth with Enhanced Data Rate Software
ThinkPad FullScreen Magnifier
ThinkPad Hotkey Features Integration Setup
ThinkPad Modem Adapter
ThinkPad Power Management Driver
ThinkPad Power Manager
ThinkPad Tablet Button Driver
ThinkPad Tablet Shortcut Menu
ThinkPad UltraNav Utility
ThinkVantage Active Protection System
ThinkVantage Fingerprint Software
ThinkVantage Productivity Center
Toolbox
Touch Driver
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687400) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Visual Studio Tools for the Office system 3.0 Runtime
VLC media player 1.1.7
WebReg
WIMGAPI
Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405)
Windows Driver Package - Broadcom Bluetooth (09/11/2009 6.2.0.9407)
Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
Windows iLivid Toolbar
WinRAR 4.00 (32-bit)
WPF Toolkit June 2009 (Version 3.5.40619.1)
Xythos Drive
.
==== Event Viewer Messages From Past Week ========
.
9/7/2012 5:23:14 PM, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.2. The computer with the IP address 192.168.1.1 did not allow the name to be claimed by this computer.
9/6/2012 8:15:12 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom
9/6/2012 8:14:11 PM, Error: Service Control Manager [7023] - The Offline Files service terminated with the following error: The system cannot find the path specified.
9/6/2012 7:36:49 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {1CCB96F4-B8AD-4B43-9688-B273F58E0910} and APPID {AD65A69D-3831-40D7-9629-9B0B50A93843} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
9/6/2012 7:28:47 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
9/6/2012 7:05:30 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
9/6/2012 7:04:45 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service LiveUpdate with arguments "" in order to run the server: {03E0E6C2-363B-11D3-B536-00902771A435}
9/6/2012 7:00:30 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
9/6/2012 6:56:52 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
9/6/2012 6:56:51 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
9/6/2012 6:56:45 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
9/6/2012 6:56:36 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\IWMSSvc.dll Error Code: 21
9/6/2012 6:56:33 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
9/6/2012 6:56:22 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom discache eeCtrl lenovo.smi SPBBCDrv spldr SRTSP SRTSPX SYMTDI SysPlant TDFSD TPPWRIF Wanarpv6
9/6/2012 6:56:19 PM, Error: Service Control Manager [7001] - The XD Filesystem service depends on the TDFSD service which failed to start because of the following error: A device attached to the system is not functioning.
9/6/2012 5:03:39 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Symantec AntiVirus service.
9/6/2012 5:03:09 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the CcmExec service.
9/6/2012 5:02:39 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the iphlpsvc service.
9/6/2012 5:02:09 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WSearch service.
9/6/2012 5:01:39 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the UNS service.
9/6/2012 5:01:09 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HPSLPSVC service.
9/6/2012 5:00:39 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMService service.
9/6/2012 5:00:09 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SUService service.
9/6/2012 4:59:39 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WMPNetworkSvc service.
9/6/2012 4:59:09 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the upnphost service.
9/6/2012 4:58:39 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the FDResPub service.
9/6/2012 3:04:12 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the BFE service.
9/6/2012 11:54:46 PM, Error: BROWSER [8009] - The browser was unable to promote itself to master browser. The computer that currently believes it is the master browser is PHILLIP-NB.
9/6/2012 11:33:43 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom discache eeCtrl lenovo.smi SASDIFSV SASKUTIL SPBBCDrv spldr SRTSP SRTSPX SYMTDI SysPlant TDFSD TPPWRIF Wanarpv6
9/5/2012 5:31:15 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the EFS service.
9/4/2012 10:21:49 AM, Error: BROWSER [8020] - The browser was unable to promote itself to master browser. The computer that currently believes it is the master browser is unknown.
9/4/2012 1:33:14 PM, Error: NetBT [4311] - Initialization failed because the driver device could not be created. Use the string "0024D7217589" to identify the interface for which initialization failed. It represents the MAC address of the failed interface or the Globally Unique Interface Identifier (GUID) if NetBT was unable to map from GUID to MAC address. If neither the MAC address nor the GUID were available, the string represents a cluster device name.
9/3/2012 7:26:40 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
9/3/2012 5:04:44 PM, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.2.6. The computer with the IP address 192.168.2.5 did not allow the name to be claimed by this computer.
9/3/2012 4:59:33 PM, Error: BROWSER [8019] - The browser was unable to promote itself to master browser. The browser will continue to attempt to promote itself to the master browser, but will no longer log any events in the event log in Event Viewer.
9/3/2012 2:27:10 PM, Error: BROWSER [8009] - The browser was unable to promote itself to master browser. The computer that currently believes it is the master browser is CRAIGPC.
9/3/2012 1:16:57 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.
9/1/2012 9:45:40 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
9/1/2012 9:45:40 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the DozeSvc service.
.
==== End Of File ===========================


Thanks.

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:30 PM

Posted 08 September 2012 - 02:25 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Tricknasty118

Tricknasty118
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:30 PM

Posted 10 September 2012 - 05:35 PM

Hello,

Thank you for you help,

Computer Status

After running Combofix I am still getting redirected to click.gethotresults and click.get-amazing-results, although it seems to be much less frequent then before.

I also seem to have a surprising amount of search result pages that I click on fail to load, 403 or not exist, but if I try to click the same link a few times it will work.

Here is the log from Combofix

ComboFix 12-09-09.02 - barnesdb 09/10/2012 1:17.5.4 - x86
Microsoft Windows 7 Enterprise 6.1.7600.0.1252.1.1033.18.2996.1589 [GMT -4:00]
Running from: c:\users\barnesdb\Desktop\ComboFix.exe
AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Symantec Endpoint Protection *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\users\barnesdb\AppData\Local\temp\99cab429-f99d-4f69-9d04-113ad532bd0f\CliSecureRT.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-08-10 to 2012-09-10 )))))))))))))))))))))))))))))))
.
.
2012-09-10 05:28 . 2012-09-10 05:28 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2012-09-10 05:28 . 2012-09-10 05:28 -------- d-----w- c:\users\user\AppData\Local\temp
2012-09-10 05:28 . 2012-09-10 05:28 -------- d-----w- c:\users\TEMP\AppData\Local\temp
2012-09-10 05:28 . 2012-09-10 05:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-10 05:28 . 2012-09-10 05:28 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-09-07 00:42 . 2012-09-07 00:42 -------- d-----w- c:\users\barnesdb\AppData\Roaming\SUPERAntiSpyware.com
2012-09-07 00:42 . 2012-09-07 00:42 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-09-07 00:42 . 2012-09-07 00:42 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-09-05 22:33 . 2012-09-06 23:13 -------- d-----w- c:\program files\PeerBlock
2012-09-04 00:56 . 2012-09-04 00:56 -------- d-----w- c:\users\barnesdb\AppData\Roaming\HP
2012-09-04 00:54 . 2009-06-09 05:43 316928 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpfpp092.dll
2012-09-04 00:51 . 2012-09-04 00:51 -------- d-----w- c:\program files\Common Files\HP
2012-09-04 00:51 . 2012-09-04 00:51 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2012-09-04 00:50 . 2012-09-04 00:50 -------- d-----w- c:\windows\hpoj4500g510n-z
2012-09-04 00:48 . 2009-06-09 05:43 122880 ----a-w- c:\windows\system32\hpf3l092.dll
2012-09-04 00:47 . 2012-09-04 00:49 -------- d-----w- c:\program files\HP
2012-09-04 00:46 . 2012-09-04 00:46 -------- d-----w- c:\programdata\HP
2012-09-04 00:46 . 2009-08-17 18:26 716288 ----a-w- c:\windows\system32\hpwwiax9.dll
2012-09-04 00:46 . 2009-08-17 18:26 452408 ----a-w- c:\windows\system32\hpzids01.dll
2012-09-04 00:46 . 2009-08-17 18:26 593920 ----a-w- c:\windows\system32\hpwtscl5.dll
2012-09-04 00:46 . 2009-08-17 18:26 315392 ----a-w- c:\windows\system32\hpwvst01.dll
2012-09-04 00:46 . 2009-08-17 18:34 372736 ----a-w- c:\windows\system32\hppldcoi.dll
2012-08-31 04:31 . 2012-08-31 04:31 -------- d-----w- c:\program files\CamStudio 2.6b
2012-08-31 04:31 . 2010-10-24 04:56 49664 ----a-w- c:\windows\system32\CamCodec.dll
2012-08-28 19:07 . 2012-08-30 17:14 -------- d-----w- c:\users\barnesdb\AppData\Roaming\Audacity
2012-08-28 19:05 . 2012-08-28 19:05 -------- d-----w- c:\program files\Audacity
2012-08-28 18:34 . 2012-08-28 18:34 -------- d-----w- c:\users\barnesdb\AppData\Roaming\Chrome
2012-08-20 03:41 . 2012-08-20 03:41 -------- d-----w- c:\program files\FreeAlarmClock
2012-08-16 05:53 . 2012-08-16 05:53 -------- d-----w- c:\program files\MiPony
2012-08-15 22:03 . 2012-07-06 19:31 393216 ----a-w- c:\windows\system32\drivers\bthport.sys
2012-08-15 16:53 . 2012-08-15 16:53 -------- d-----w- c:\program files\CCleaner
2012-08-15 14:32 . 2012-02-11 05:44 492032 ----a-w- c:\windows\system32\win32spl.dll
2012-08-15 14:32 . 2012-02-11 05:41 316928 ----a-w- c:\windows\system32\spoolsv.exe
2012-08-15 14:32 . 2012-07-04 21:23 41472 ----a-w- c:\windows\system32\browcli.dll
2012-08-15 14:32 . 2012-07-04 21:23 102912 ----a-w- c:\windows\system32\browser.dll
2012-08-15 14:32 . 2012-05-14 04:37 768512 ----a-w- c:\windows\system32\localspl.dll
2012-08-15 02:23 . 2012-08-15 16:34 -------- d-----w- c:\users\barnesdb\AppData\Roaming\Pamela
2012-08-15 02:22 . 2012-08-15 02:22 176128 ----a-w- c:\windows\system32\RemoteControl.dll
2012-08-13 20:26 . 2012-08-13 20:27 -------- d-----w- c:\users\barnesdb\AppData\Local\Google
2012-08-13 17:36 . 2012-09-10 05:28 -------- d-----w- c:\users\barnesdb\AppData\Local\temp
2012-08-12 03:31 . 2012-08-12 03:31 -------- d-----w- c:\program files\Enigma Software Group
2012-08-12 03:30 . 2012-08-12 03:46 -------- d-----w- c:\windows\CC1F6DA021D2425AB1B65B164A598450.TMP
2012-08-12 03:30 . 2012-08-12 03:30 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2012-08-11 20:00 . 2012-08-11 20:00 -------- d-----w- c:\users\barnesdb\AppData\Roaming\Malwarebytes
2012-08-11 20:00 . 2012-08-11 20:00 -------- d-----w- c:\programdata\Malwarebytes
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-29 04:38 . 2012-08-03 14:55 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-29 04:38 . 2012-01-25 15:02 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-26 20:03 . 2011-05-27 21:24 4659712 ----a-w- c:\windows\system32\Redemption.dll
2012-06-26 20:02 . 2012-06-26 20:02 90112 ----a-w- c:\windows\MAMCityDownload.ocx
2012-06-26 20:02 . 2012-06-26 20:02 330240 ----a-w- c:\windows\MASetupCaller.dll
2012-06-26 20:02 . 2012-06-26 20:02 30568 ----a-w- c:\windows\MusiccityDownload.exe
2012-06-26 20:02 . 2012-06-26 20:02 45320 ----a-w- c:\windows\system32\MAMACExtract.dll
2012-06-26 20:02 . 2011-08-23 06:10 821824 ----a-w- c:\windows\system32\dgderapi.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeBridge"="" [BU]
"CAHeadless"="c:\program files\Adobe\Elements Organizer 8.0\CAHeadless\ElementsAutoAnalyzer.exe" [2009-09-06 615808]
"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-07-02 21432]
"FreeAC"="c:\program files\FreeAlarmClock\FreeAlarmClock.exe" [2012-04-25 1328976]
"PeerBlock"="c:\program files\PeerBlock\peerblock.exe" [2010-11-07 1866864]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-09-06 4780928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2009-12-03 1657448]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-12-03 13838952]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2009-10-26 115560]
"TpShocks"="TpShocks.exe" [2009-12-11 337256]
"PWMTRV"="c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2012-01-23 1322048]
"LPManager"="c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe" [2009-07-23 185688]
"LPMailChecker"="c:\progra~1\THINKV~1\PrdCtr\LPMLCHK.exe" [2009-07-23 124248]
"PSQLLauncher"="c:\program files\ThinkVantage Fingerprint Software\launcher.exe" [2009-11-02 55048]
"IMSS"="c:\program files\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" [2009-10-01 111640]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-12-03 1594664]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-24 202256]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2011-01-31 38840]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2010-09-22 640440]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"LENTBCTL"="c:\program files\ThinkPad\Tablet Shortcut\LENTBCTL.EXE" [2009-12-18 1230184]
"TSMResident"="c:\program files\ThinkPad\Tablet Shortcut\TSMRESIDENT.EXE" [2009-12-18 472424]
"TabletButton"="c:\program files\ThinkPad\Tablet Shortcut\TabletButton.EXE" [2009-12-18 58728]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-12-31 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-12-31 175640]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-12-31 166936]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-17 307768]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\users\barnesdb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2009-10-2 795936]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2010-3-23 50688]
Xythos Drive.lnk - c:\windows\Installer\{6C9B50D4-9FD1-4083-9AB8-C381A631FABA}\main.ico [2010-3-31 4710]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2012-07-10 22:53 549760 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2009-11-02 19:40 100104 ----a-w- c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-11-02 04:25 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GameXN GO]
2012-03-12 04:56 348440 ----a-w- c:\programdata\GameXN\GameXNGO.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-12-08 06:36 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPreload]
2012-07-02 21:12 975288 ----a-w- c:\program files\Samsung\Kies\Kies.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent]
2012-07-02 21:12 3524536 ----a-w- c:\program files\Samsung\Kies\KiesTrayAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pamela.exe]
2012-08-15 02:22 12119552 ----a-w- c:\program files\Pamela\Pamela.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2012-09-06 20:05 4780928 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 MP4ConverterAudio;MP4ConverterAudio;c:\windows\system32\drivers\MP4ConverterAudio.sys [x]
R3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [x]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [x]
R3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [x]
R3 pmxdrv;pmxdrv;c:\windows\system32\drivers\pmxdrv.sys [x]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.EXE [x]
R3 PowerLabUSB;ADInstruments PowerLab driver;c:\windows\system32\DRIVERS\plusb2_0_3_NTx86.sys [x]
R3 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files\ThinkPad\Utilities\PWMEWSVC.EXE [x]
R3 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe86.sys [x]
R3 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe86.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [x]
S0 DozeHDD;DozeHDD;c:\windows\System32\DRIVERS\DozeHDD.sys [x]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM86.sys [x]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiif32.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [x]
S1 TDFSD;TDFSD;c:\program files\Xythos\Drive\tdfsd.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]
S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
S2 ASRSVC;ASR Service;c:\program files\ThinkPad\Tablet Shortcut\ASR\ASRSVC.exe [x]
S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
S2 DozeSvc;Lenovo Doze Mode Service;c:\program files\ThinkPad\Utilities\DOZESVC.EXE [x]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [x]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\LENOVO\HOTKEY\CAMMUTE.exe [x]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [x]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [x]
S2 smihlp;SMI Helper Driver (smihlp);c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [x]
S2 TabletSVC;TABLET Service;c:\program files\ThinkPad\Tablet Shortcut\TSMService.exe [x]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [x]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [x]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 XyService;XD Filesystem;c:\program files\Xythos\Drive\XfsSvcCon.exe svcmanager [x]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [x]
S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k6232.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 NETwNs32;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETwNs32.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 wisdpen;Wacom Penabled MiniDriver;c:\windows\system32\DRIVERS\wisdpen.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mchInjDrv
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HsfXAudioService REG_MULTI_SZ HsfXAudioService
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-03 04:38]
.
2012-09-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1264701200-2902819742-3281919569-1004Core.job
- c:\users\barnesdb\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-13 20:26]
.
2012-09-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1264701200-2902819742-3281919569-1004UA.job
- c:\users\barnesdb\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-13 20:26]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(732)
c:\windows\SYSTEM32\SYSFER.DLL
c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\program files\ThinkVantage Fingerprint Software\infql2.dll
.
- - - - - - - > 'Explorer.exe'(8068)
c:\windows\SYSTEM32\SYSFER.DLL
c:\program files\ThinkPad\Bluetooth Software\btmmhook.dll
c:\program files\ThinkPad\Utilities\PWMTR32V.DLL
c:\progra~1\ThinkPad\UTILIT~1\US\PWMRT32V.DLL
c:\progra~1\ThinkPad\UTILIT~1\PWMIF32V.DLL
.
Completion time: 2012-09-10 01:29:59
ComboFix-quarantined-files.txt 2012-09-10 05:29
ComboFix2.txt 2012-09-06 07:53
ComboFix3.txt 2012-08-13 17:36
.
Pre-Run: 142,783,074,304 bytes free
Post-Run: 142,719,795,200 bytes free
.
- - End Of File - - E07E9F426619E3DECB3B7DA1EECE182B

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:30 PM

Posted 10 September 2012 - 08:25 PM

Greetings Tricknasty118

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:30 PM

Posted 13 September 2012 - 07:41 AM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 Tricknasty118

Tricknasty118
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:30 PM

Posted 13 September 2012 - 01:10 PM

Hello,

Sorry I have been busy lately thanks for the reminder,

I am still getting occasional redirects to click.gethotresults, my computer also seems slower but I am not sure.

Logs are below, thank you for your help.

aswMBR Log

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-13 02:49:28
-----------------------------
02:49:28.570 OS Version: Windows 6.1.7600
02:49:28.570 Number of processors: 4 586 0x2505
02:49:28.572 ComputerName: 146611--R94LVHA UserName: barnesdb
02:49:29.941 Initialize success
02:51:36.613 AVAST engine defs: 12091201
02:52:01.216 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
02:52:01.220 Disk 0 Vendor: HITACHI_ FC4Z Size: 305245MB BusType: 3
02:52:01.234 Disk 0 MBR read successfully
02:52:01.238 Disk 0 MBR scan
02:52:01.260 Disk 0 unknown MBR code
02:52:01.279 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 18178 MB offset 2048
02:52:01.301 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 287065 MB offset 37230592
02:52:01.313 Disk 0 scanning sectors +625139712
02:52:01.380 Disk 0 scanning C:\Windows\system32\drivers
02:52:19.199 Service scanning
02:52:51.991 Service SysPlant C:\Windows\SYSTEM32\Drivers\SysPlant.sys **LOCKED** 32
02:52:53.114 Service Teefer2 C:\Windows\system32\DRIVERS\teefer2.sys **LOCKED** 32
02:52:59.516 Service WPS C:\Windows\system32\drivers\wpsdrvnt.sys **LOCKED** 32
02:52:59.591 Service WpsHelper C:\Windows\system32\drivers\WpsHelper.sys **LOCKED** 32
02:53:00.998 Modules scanning
02:53:15.794 Disk 0 trace - called modules:
02:53:15.817 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll iaStor.sys
02:53:15.826 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x885df030]
02:53:15.834 3 CLASSPNP.SYS[8bdbe59e] -> nt!IofCallDriver -> [0x86a5e8c0]
02:53:15.840 5 ACPI.sys[8b6453b2] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x85cbe028]
02:53:17.372 AVAST engine scan C:\Windows
02:53:35.451 AVAST engine scan C:\Windows\system32
02:59:24.281 AVAST engine scan C:\Windows\system32\drivers
02:59:46.448 AVAST engine scan C:\Users\barnesdb
03:17:00.259 AVAST engine scan C:\ProgramData
03:22:06.155 Scan finished successfully
03:28:15.397 Disk 0 MBR has been saved successfully to "C:\Users\barnesdb\Desktop\MBR.dat"
03:28:15.409 The log file has been saved successfully to "C:\Users\barnesdb\Desktop\aswMBR.txt"


TDSS Log


02:46:30.0334 5952 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
02:46:30.0603 5952 ============================================================
02:46:30.0603 5952 Current date / time: 2012/09/13 02:46:30.0603
02:46:30.0603 5952 SystemInfo:
02:46:30.0603 5952
02:46:30.0603 5952 OS Version: 6.1.7600 ServicePack: 0.0
02:46:30.0603 5952 Product type: Workstation
02:46:30.0603 5952 ComputerName: 146611--R94LVHA
02:46:30.0603 5952 UserName: barnesdb
02:46:30.0603 5952 Windows directory: C:\Windows
02:46:30.0603 5952 System windows directory: C:\Windows
02:46:30.0604 5952 Processor architecture: Intel x86
02:46:30.0604 5952 Number of processors: 4
02:46:30.0604 5952 Page size: 0x1000
02:46:30.0604 5952 Boot type: Normal boot
02:46:30.0604 5952 ============================================================
02:46:31.0391 5952 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0xA181, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050
02:46:31.0394 5952 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
02:46:31.0410 5952 ============================================================
02:46:31.0410 5952 \Device\Harddisk0\DR0:
02:46:31.0410 5952 MBR partitions:
02:46:31.0410 5952 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2381800, BlocksNum 0x230AC800
02:46:31.0410 5952 \Device\Harddisk1\DR1:
02:46:31.0411 5952 MBR partitions:
02:46:31.0411 5952 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A385421
02:46:31.0411 5952 ============================================================
02:46:31.0451 5952 C: <-> \Device\Harddisk0\DR0\Partition1
02:46:31.0479 5952 G: <-> \Device\Harddisk1\DR1\Partition1
02:46:31.0479 5952 ============================================================
02:46:31.0479 5952 Initialize success
02:46:31.0479 5952 ============================================================
02:46:39.0498 4568 ============================================================
02:46:39.0498 4568 Scan started
02:46:39.0498 4568 Mode: Manual;
02:46:39.0498 4568 ============================================================
02:46:42.0178 4568 ================ Scan system memory ========================
02:46:42.0178 4568 System memory - ok
02:46:42.0178 4568 ================ Scan services =============================
02:46:42.0267 4568 [ 01E81C84AD1D0ACC61CF3CFD06632210 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
02:46:42.0269 4568 !SASCORE - ok
02:46:42.0487 4568 [ 6D2ACA41739BFE8CB86EE8E85F29697D ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
02:46:42.0502 4568 1394ohci - ok
02:46:42.0516 4568 5U877 - ok
02:46:42.0547 4568 [ F0E07D144C8685B8774BC32FC8DA4DF0 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
02:46:42.0553 4568 ACPI - ok
02:46:42.0581 4568 [ 98D81CA942D19F7D9153B095162AC013 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
02:46:42.0589 4568 AcpiPmi - ok
02:46:42.0661 4568 [ 4451CC2275B04043EC2BCC757AF97291 ] AdobeActiveFileMonitor8.0 C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
02:46:42.0664 4568 AdobeActiveFileMonitor8.0 - ok
02:46:42.0762 4568 [ 62B7936F9036DD6ED36E6A7EFA805DC0 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
02:46:42.0763 4568 AdobeARMservice - ok
02:46:42.0847 4568 [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
02:46:42.0852 4568 AdobeFlashPlayerUpdateSvc - ok
02:46:42.0902 4568 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
02:46:42.0923 4568 adp94xx - ok
02:46:42.0942 4568 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
02:46:42.0992 4568 adpahci - ok
02:46:43.0040 4568 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
02:46:43.0054 4568 adpu320 - ok
02:46:43.0086 4568 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
02:46:43.0088 4568 AeLookupSvc - ok
02:46:43.0144 4568 [ 0DB7A48388D54D154EBEC120461A0FCD ] AFD C:\Windows\system32\drivers\afd.sys
02:46:43.0150 4568 AFD - ok
02:46:43.0199 4568 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
02:46:43.0244 4568 agp440 - ok
02:46:43.0293 4568 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
02:46:43.0342 4568 aic78xx - ok
02:46:43.0383 4568 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
02:46:43.0399 4568 ALG - ok
02:46:43.0444 4568 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
02:46:43.0485 4568 aliide - ok
02:46:43.0520 4568 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\DRIVERS\amdagp.sys
02:46:43.0573 4568 amdagp - ok
02:46:43.0621 4568 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\DRIVERS\amdide.sys
02:46:43.0633 4568 amdide - ok
02:46:43.0680 4568 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
02:46:43.0690 4568 AmdK8 - ok
02:46:43.0715 4568 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
02:46:43.0725 4568 AmdPPM - ok
02:46:43.0778 4568 [ 19CE906B4CDC11FC4FEF5745F33A63B6 ] amdsata C:\Windows\system32\drivers\amdsata.sys
02:46:43.0789 4568 amdsata - ok
02:46:43.0827 4568 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
02:46:43.0867 4568 amdsbs - ok
02:46:43.0901 4568 [ 869E67D66BE326A5A9159FBA8746FA70 ] amdxata C:\Windows\system32\drivers\amdxata.sys
02:46:43.0902 4568 amdxata - ok
02:46:43.0940 4568 [ 32688C76A8D5BA7465F89E1E1D216F37 ] AMPPAL C:\Windows\system32\DRIVERS\AMPPAL.sys
02:46:43.0943 4568 AMPPAL - ok
02:46:43.0950 4568 [ 32688C76A8D5BA7465F89E1E1D216F37 ] AMPPALP C:\Windows\system32\DRIVERS\amppal.sys
02:46:43.0952 4568 AMPPALP - ok
02:46:44.0018 4568 [ 4D008DEF94D9C1D16A0F9BC5AEF0BFE4 ] AMPPALR3 C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
02:46:44.0022 4568 AMPPALR3 - ok
02:46:44.0049 4568 [ FEB834C02CE1E84B6A38F953CA067706 ] AppID C:\Windows\system32\drivers\appid.sys
02:46:44.0061 4568 AppID - ok
02:46:44.0097 4568 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
02:46:44.0109 4568 AppIDSvc - ok
02:46:44.0128 4568 [ 7DEAD9E3F65DCB2794F2711003BBF650 ] Appinfo C:\Windows\System32\appinfo.dll
02:46:44.0130 4568 Appinfo - ok
02:46:44.0181 4568 [ 3DEBBECF665DCDDE3A95D9B902010817 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
02:46:44.0183 4568 Apple Mobile Device - ok
02:46:44.0211 4568 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll
02:46:44.0226 4568 AppMgmt - ok
02:46:44.0270 4568 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
02:46:44.0306 4568 arc - ok
02:46:44.0342 4568 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
02:46:44.0374 4568 arcsas - ok
02:46:44.0452 4568 [ EAE432A64924CE4E5AFB128B92E4C78A ] ASRSVC C:\Program Files\ThinkPad\Tablet Shortcut\ASR\ASRSVC.exe
02:46:44.0453 4568 ASRSVC - ok
02:46:44.0488 4568 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
02:46:44.0489 4568 AsyncMac - ok
02:46:44.0516 4568 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\DRIVERS\atapi.sys
02:46:44.0546 4568 atapi - ok
02:46:44.0596 4568 [ 510C873BFA135AA829F4180352772734 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
02:46:44.0605 4568 AudioEndpointBuilder - ok
02:46:44.0619 4568 [ 510C873BFA135AA829F4180352772734 ] Audiosrv C:\Windows\System32\Audiosrv.dll
02:46:44.0623 4568 Audiosrv - ok
02:46:44.0662 4568 [ DD6A431B43E34B91A767D1CE33728175 ] AxInstSV C:\Windows\System32\AxInstSV.dll
02:46:44.0674 4568 AxInstSV - ok
02:46:44.0722 4568 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
02:46:44.0743 4568 b06bdrv - ok
02:46:44.0774 4568 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
02:46:44.0789 4568 b57nd60x - ok
02:46:44.0817 4568 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
02:46:44.0829 4568 BDESVC - ok
02:46:44.0840 4568 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
02:46:44.0841 4568 Beep - ok
02:46:44.0868 4568 [ 85AC71C045CEB054ED48A7841AAE0C11 ] BFE C:\Windows\System32\bfe.dll
02:46:44.0877 4568 BFE - ok
02:46:44.0919 4568 [ 53F476476F55A27F580661BDE09C4EC4 ] BITS C:\Windows\system32\qmgr.dll
02:46:44.0931 4568 BITS - ok
02:46:44.0953 4568 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
02:46:44.0955 4568 blbdrive - ok
02:46:44.0996 4568 [ 9A5C671B7FBAE4865149BB11F59B91B2 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
02:46:44.0999 4568 bowser - ok
02:46:45.0029 4568 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
02:46:45.0038 4568 BrFiltLo - ok
02:46:45.0062 4568 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
02:46:45.0069 4568 BrFiltUp - ok
02:46:45.0112 4568 [ 77361D72A04F18809D0EFB6CCEB74D4B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
02:46:45.0123 4568 BridgeMP - ok
02:46:45.0154 4568 [ A0E691DC6589D4D2CBE373171D1A49E5 ] Browser C:\Windows\System32\browser.dll
02:46:45.0157 4568 Browser - ok
02:46:45.0195 4568 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
02:46:45.0324 4568 Brserid - ok
02:46:45.0349 4568 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
02:46:45.0359 4568 BrSerWdm - ok
02:46:45.0386 4568 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
02:46:45.0394 4568 BrUsbMdm - ok
02:46:45.0400 4568 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
02:46:45.0409 4568 BrUsbSer - ok
02:46:45.0451 4568 [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
02:46:45.0461 4568 BthEnum - ok
02:46:45.0486 4568 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
02:46:45.0497 4568 BTHMODEM - ok
02:46:45.0508 4568 [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
02:46:45.0534 4568 BthPan - ok
02:46:45.0605 4568 [ 04CEDA17A195924070B01174CB1F9AF8 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
02:46:45.0625 4568 BTHPORT - ok
02:46:45.0667 4568 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
02:46:45.0678 4568 bthserv - ok
02:46:45.0731 4568 [ 3268D864BCFEBC31C885A2EAF6C18CEE ] BTHSSecurityMgr C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
02:46:45.0732 4568 BTHSSecurityMgr - ok
02:46:45.0758 4568 [ 80E6384BEEC03B8BD45EDEA29802D657 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
02:46:45.0770 4568 BTHUSB - ok
02:46:45.0823 4568 [ 7E826BE3B3558208D5C9B00034E51BE5 ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
02:46:45.0945 4568 btwaudio - ok
02:46:45.0997 4568 [ AF9148C3E844131AC954CB53FF43D971 ] btwavdt C:\Windows\system32\drivers\btwavdt.sys
02:46:46.0009 4568 btwavdt - ok
02:46:46.0076 4568 [ 0E3EE2BC0EC56BFE869FCDE3E5806684 ] btwdins C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
02:46:46.0081 4568 btwdins - ok
02:46:46.0118 4568 [ AAFD7CB76BA61FBB08E302DA208C974A ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
02:46:46.0152 4568 btwl2cap - ok
02:46:46.0171 4568 [ 480B3D195854B2E55299CDDDDC50BCF9 ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
02:46:46.0215 4568 btwrchid - ok
02:46:46.0334 4568 catchme - ok
02:46:46.0380 4568 [ 27D036FB3D22CA8A6662FE960D1A937D ] ccEvtMgr C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
02:46:46.0382 4568 ccEvtMgr - ok
02:46:46.0446 4568 [ 15434423B77F80036C71205A240C1507 ] CcmExec C:\Windows\system32\CCM\CcmExec.exe
02:46:46.0452 4568 CcmExec - ok
02:46:46.0464 4568 [ 27D036FB3D22CA8A6662FE960D1A937D ] ccSetMgr C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
02:46:46.0465 4568 ccSetMgr - ok
02:46:46.0490 4568 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
02:46:46.0501 4568 cdfs - ok
02:46:46.0540 4568 [ BA6E70AA0E6091BC39DE29477D866A77 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
02:46:46.0552 4568 cdrom - ok
02:46:46.0584 4568 [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] CertPropSvc C:\Windows\System32\certprop.dll
02:46:46.0594 4568 CertPropSvc - ok
02:46:46.0613 4568 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
02:46:46.0623 4568 circlass - ok
02:46:46.0641 4568 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
02:46:46.0645 4568 CLFS - ok
02:46:46.0702 4568 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
02:46:46.0762 4568 clr_optimization_v2.0.50727_32 - ok
02:46:46.0824 4568 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
02:46:46.0858 4568 clr_optimization_v4.0.30319_32 - ok
02:46:46.0877 4568 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
02:46:46.0878 4568 CmBatt - ok
02:46:46.0904 4568 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
02:46:46.0913 4568 cmdide - ok
02:46:46.0959 4568 [ DB5E008B3744DD60C8498CBBF2A1CFA6 ] CNG C:\Windows\system32\Drivers\cng.sys
02:46:46.0966 4568 CNG - ok
02:46:46.0997 4568 [ A0CDCA3E0936081C796B3A2059CDC940 ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT32.sys
02:46:47.0007 4568 CnxtHdAudService - ok
02:46:47.0037 4568 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
02:46:47.0038 4568 Compbatt - ok
02:46:47.0082 4568 [ F1724BA27E97D627F808FB0BA77A28A6 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
02:46:47.0084 4568 CompositeBus - ok
02:46:47.0097 4568 COMSysApp - ok
02:46:47.0124 4568 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
02:46:47.0154 4568 crcdisk - ok
02:46:47.0199 4568 [ 520A108A2657F4BCA7FCED9CA7D885DE ] CryptSvc C:\Windows\system32\cryptsvc.dll
02:46:47.0202 4568 CryptSvc - ok
02:46:47.0234 4568 [ 27C9490BDD0AE48911AB8CF1932591ED ] CSC C:\Windows\system32\drivers\csc.sys
02:46:47.0241 4568 CSC - ok
02:46:47.0274 4568 [ 56FB5F222EA30D3D3FC459879772CB73 ] CscService C:\Windows\System32\cscsvc.dll
02:46:47.0284 4568 CscService - ok
02:46:47.0323 4568 [ B82CD39E336973359D7C9BF911E8E84F ] DcomLaunch C:\Windows\system32\rpcss.dll
02:46:47.0334 4568 DcomLaunch - ok
02:46:47.0407 4568 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
02:46:47.0423 4568 defragsvc - ok
02:46:47.0480 4568 [ 83D1ECEA8FAAE75604C0FA49AC7AD996 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
02:46:47.0482 4568 DfsC - ok
02:46:47.0550 4568 [ C56495FBD770712367CAD35E5DE72DA6 ] Dhcp C:\Windows\system32\dhcpcore.dll
02:46:47.0555 4568 Dhcp - ok
02:46:47.0584 4568 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
02:46:47.0585 4568 discache - ok
02:46:47.0610 4568 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
02:46:47.0613 4568 Disk - ok
02:46:47.0634 4568 [ B15BE77A2BACF9C3177D27518AFE26A9 ] Dnscache C:\Windows\System32\dnsrslvr.dll
02:46:47.0638 4568 Dnscache - ok
02:46:47.0679 4568 [ 4408C85C21EEA48EB0CE486BAEEF0502 ] dot3svc C:\Windows\System32\dot3svc.dll
02:46:47.0695 4568 dot3svc - ok
02:46:47.0773 4568 [ B5E479EB83707DD698F66953E922042C ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
02:46:47.0786 4568 Dot4 - ok
02:46:47.0827 4568 [ C25FEA07A8E7767E8B89AB96A3B96519 ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys
02:46:47.0836 4568 Dot4Print - ok
02:46:47.0880 4568 [ CF491FF38D62143203C065260567E2F7 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
02:46:47.0890 4568 dot4usb - ok
02:46:47.0922 4568 [ 6D279BB0DE1D8E34F454E1B353F4D738 ] DozeHDD C:\Windows\system32\DRIVERS\DozeHDD.sys
02:46:47.0923 4568 DozeHDD - ok
02:46:47.0995 4568 [ 01E2180C3D72CB0ADCC43FB83D18942A ] DozeSvc C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE
02:46:47.0997 4568 DozeSvc - ok
02:46:48.0042 4568 [ 7FA81C6E11CAA594ADB52084DA73A1E5 ] DPS C:\Windows\system32\dps.dll
02:46:48.0045 4568 DPS - ok
02:46:48.0080 4568 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
02:46:48.0267 4568 drmkaud - ok
02:46:48.0319 4568 [ 1679A4669326CB1A67CC95658D273234 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
02:46:48.0333 4568 DXGKrnl - ok
02:46:48.0358 4568 [ A13F07A0422E4A04E7FF6F6F3B05E729 ] e1kexpress C:\Windows\system32\DRIVERS\e1k6232.sys
02:46:48.0362 4568 e1kexpress - ok
02:46:48.0430 4568 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
02:46:48.0433 4568 EapHost - ok
02:46:48.0537 4568 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
02:46:48.0602 4568 ebdrv - ok
02:46:48.0676 4568 [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
02:46:48.0697 4568 eeCtrl - ok
02:46:48.0729 4568 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] EFS C:\Windows\System32\lsass.exe
02:46:48.0731 4568 EFS - ok
02:46:48.0801 4568 [ 1697C39978CD69F6FBC15302EDCECE1F ] ehRecvr C:\Windows\ehome\ehRecvr.exe
02:46:48.0995 4568 ehRecvr - ok
02:46:49.0011 4568 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
02:46:49.0051 4568 ehSched - ok
02:46:49.0078 4568 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
02:46:49.0098 4568 elxstor - ok
02:46:49.0169 4568 [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
02:46:49.0172 4568 EraserUtilRebootDrv - ok
02:46:49.0192 4568 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
02:46:49.0200 4568 ErrDev - ok
02:46:49.0238 4568 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
02:46:49.0243 4568 EventSystem - ok
02:46:49.0319 4568 [ 67FAAD0A3C1257646E2B6C5027DB6193 ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
02:46:49.0326 4568 EvtEng - ok
02:46:49.0347 4568 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
02:46:49.0360 4568 exfat - ok
02:46:49.0378 4568 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
02:46:49.0391 4568 fastfat - ok
02:46:49.0428 4568 [ F7EA23CC5E6BF2181F3F399D54F6EFC1 ] Fax C:\Windows\system32\fxssvc.exe
02:46:49.0438 4568 Fax - ok
02:46:49.0466 4568 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
02:46:49.0478 4568 fdc - ok
02:46:49.0503 4568 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
02:46:49.0525 4568 fdPHost - ok
02:46:49.0555 4568 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
02:46:49.0557 4568 FDResPub - ok
02:46:49.0583 4568 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
02:46:49.0585 4568 FileInfo - ok
02:46:49.0605 4568 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
02:46:49.0615 4568 Filetrace - ok
02:46:49.0672 4568 [ 73081CF28F0AE20A52CA4F67CEE6E6B0 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
02:46:49.0718 4568 FLEXnet Licensing Service - ok
02:46:49.0749 4568 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
02:46:49.0859 4568 flpydisk - ok
02:46:49.0902 4568 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
02:46:49.0907 4568 FltMgr - ok
02:46:49.0961 4568 [ 7FE4995528A7529A761875151EE3D512 ] FontCache C:\Windows\system32\FntCache.dll
02:46:49.0977 4568 FontCache - ok
02:46:50.0015 4568 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
02:46:50.0016 4568 FontCache3.0.0.0 - ok
02:46:50.0051 4568 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
02:46:50.0091 4568 FsDepends - ok
02:46:50.0128 4568 [ 500A9814FD9446A8126858A5A7F7D273 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
02:46:50.0128 4568 Fs_Rec - ok
02:46:50.0148 4568 [ DAFBD9FE39197495AED6D51F3B85B5D2 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
02:46:50.0151 4568 fvevol - ok
02:46:50.0195 4568 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
02:46:50.0206 4568 gagp30kx - ok
02:46:50.0234 4568 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
02:46:50.0268 4568 GEARAspiWDM - ok
02:46:50.0320 4568 [ 8BA3C04702BF8F927AB36AE8313CA4EE ] gpsvc C:\Windows\System32\gpsvc.dll
02:46:50.0332 4568 gpsvc - ok
02:46:50.0365 4568 [ 72E296127300412D1D472F6471C69AB2 ] HBtnKey C:\Windows\system32\DRIVERS\tkbtnpn.sys
02:46:50.0396 4568 HBtnKey - ok
02:46:50.0423 4568 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
02:46:50.0433 4568 hcw85cir - ok
02:46:50.0456 4568 [ 3530CAD25DEBA7DC7DE8BB51632CBC5F ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
02:46:50.0474 4568 HdAudAddService - ok
02:46:50.0494 4568 [ 717A2207FD6F13AD3E664C7D5A43C7BF ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
02:46:50.0497 4568 HDAudBus - ok
02:46:50.0510 4568 [ A88485DC6A7136C10D9A6C7E38FDFE3C ] HECI C:\Windows\system32\DRIVERS\HECI.sys
02:46:50.0512 4568 HECI - ok
02:46:50.0527 4568 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
02:46:50.0537 4568 HidBatt - ok
02:46:50.0564 4568 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
02:46:50.0575 4568 HidBth - ok
02:46:50.0598 4568 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
02:46:50.0608 4568 HidIr - ok
02:46:50.0627 4568 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\System32\hidserv.dll
02:46:50.0630 4568 hidserv - ok
02:46:50.0663 4568 [ 25072FB35AC90B25F9E4E3BACF774102 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
02:46:50.0672 4568 HidUsb - ok
02:46:50.0689 4568 [ 741C2A45CA8407E374AABA3E330B7872 ] hkmsvc C:\Windows\system32\kmsvc.dll
02:46:50.0700 4568 hkmsvc - ok
02:46:50.0714 4568 [ A768CA158BB06782A2835B907F4873C3 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
02:46:50.0719 4568 HomeGroupListener - ok
02:46:50.0747 4568 [ FB08DEC5EF43D0C66D83B8E9694E7549 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
02:46:50.0752 4568 HomeGroupProvider - ok
02:46:50.0770 4568 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
02:46:50.0815 4568 HpSAMD - ok
02:46:50.0949 4568 [ 7F437A78C5B0105B67B830D00AD719F8 ] HPSLPSVC C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
02:46:50.0962 4568 HPSLPSVC - ok
02:46:51.0005 4568 [ 210388FD8225B02BD83D77628AAE64A9 ] HsfXAudioService C:\Windows\system32\XAudio32.dll
02:46:51.0015 4568 HsfXAudioService - ok
02:46:51.0057 4568 [ C761B4A8391F5E47F7C51A691CE773F4 ] HSF_DPV C:\Windows\system32\DRIVERS\HSX_DPV.sys
02:46:51.0076 4568 HSF_DPV - ok
02:46:51.0096 4568 [ 50B42EF358A2E5363BE6B77138A22391 ] HSXHWAZL C:\Windows\system32\DRIVERS\HSXHWAZL.sys
02:46:51.0101 4568 HSXHWAZL - ok
02:46:51.0139 4568 [ C531C7FD9E8B62021112787C4E2C5A5A ] HTTP C:\Windows\system32\drivers\HTTP.sys
02:46:51.0148 4568 HTTP - ok
02:46:51.0160 4568 [ 8305F33CDE89AD6C7A0763ED0B5A8D42 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
02:46:51.0161 4568 hwpolicy - ok
02:46:51.0189 4568 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
02:46:51.0192 4568 i8042prt - ok
02:46:51.0220 4568 [ 39F7C9AEEE865FE8E98CF3EDD2B4BB4A ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
02:46:51.0224 4568 iaStor - ok
02:46:51.0255 4568 [ 71F1A494FEDF4B33C02C4A6A28D6D9E9 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
02:46:51.0274 4568 iaStorV - ok
02:46:51.0305 4568 [ 4817B7C1B4530AE23EABF6B759D766A5 ] IBMPMDRV C:\Windows\system32\DRIVERS\ibmpmdrv.sys
02:46:51.0307 4568 IBMPMDRV - ok
02:46:51.0315 4568 [ B1EA8FF2601A72BC6A177463FA70B8B3 ] IBMPMSVC C:\Windows\system32\ibmpmsvc.exe
02:46:51.0316 4568 IBMPMSVC - ok
02:46:51.0361 4568 [ D0FAD0D98D723A3D32F9EF5A2CDE201D ] IDMWFP C:\Windows\system32\DRIVERS\idmwfp.sys
02:46:51.0364 4568 IDMWFP - ok
02:46:51.0416 4568 [ 5AF815EB5BC9802E5A064E2BA62BFC0C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
02:46:51.0492 4568 idsvc - ok
02:46:51.0707 4568 [ A6763CB82AD8D49061A1A52714718FBD ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
02:46:51.0830 4568 igfx - ok
02:46:51.0872 4568 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
02:46:51.0882 4568 iirsp - ok
02:46:51.0928 4568 [ FAC0EE6562B121B1399D6E855583F7A5 ] IKEEXT C:\Windows\System32\ikeext.dll
02:46:51.0941 4568 IKEEXT - ok
02:46:51.0984 4568 [ 2DB41BA61D5E44D0667CF126D35DCF34 ] Impcd C:\Windows\system32\DRIVERS\Impcd.sys
02:46:51.0987 4568 Impcd - ok
02:46:52.0015 4568 [ 29061F25ABB6E60A5B49FBEED7A5698A ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
02:46:52.0020 4568 IntcDAud - ok
02:46:52.0042 4568 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\DRIVERS\intelide.sys
02:46:52.0052 4568 intelide - ok
02:46:52.0071 4568 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
02:46:52.0073 4568 intelppm - ok
02:46:52.0086 4568 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
02:46:52.0128 4568 IPBusEnum - ok
02:46:52.0168 4568 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
02:46:52.0179 4568 IpFilterDriver - ok
02:46:52.0217 4568 [ 477397B432A256A50EE7E4339EB9EA14 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
02:46:52.0228 4568 iphlpsvc - ok
02:46:52.0243 4568 [ E4454B6C37D7FFD5649611F6496308A7 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
02:46:52.0253 4568 IPMIDRV - ok
02:46:52.0265 4568 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
02:46:52.0278 4568 IPNAT - ok
02:46:52.0336 4568 [ 178FE38B7740F598391EB2F51AE4CCAC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
02:46:52.0361 4568 iPod Service - ok
02:46:52.0390 4568 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
02:46:52.0399 4568 IRENUM - ok
02:46:52.0417 4568 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
02:46:52.0428 4568 isapnp - ok
02:46:52.0449 4568 [ ED46C223AE46C6866AB77CDC41C404B7 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
02:46:52.0492 4568 iScsiPrt - ok
02:46:52.0534 4568 [ 213822072085B5BBAD9AF30AB577D817 ] IviRegMgr C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
02:46:52.0535 4568 IviRegMgr - ok
02:46:52.0573 4568 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
02:46:52.0575 4568 kbdclass - ok
02:46:52.0609 4568 [ 3D9F0EBF350EDCFD6498057301455964 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
02:46:52.0610 4568 kbdhid - ok
02:46:52.0621 4568 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] KeyIso C:\Windows\system32\lsass.exe
02:46:52.0622 4568 KeyIso - ok
02:46:52.0662 4568 [ 52FC17C8589F11747D01D3CF592673D0 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
02:46:52.0665 4568 KSecDD - ok
02:46:52.0702 4568 [ 3E5474B03568CFAB834DA3C38E8C9EFA ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
02:46:52.0705 4568 KSecPkg - ok
02:46:52.0731 4568 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
02:46:52.0750 4568 KtmRm - ok
02:46:52.0801 4568 [ 8F6BF790D3168224C16F2AF68A84438C ] LanmanServer C:\Windows\System32\srvsvc.dll
02:46:52.0807 4568 LanmanServer - ok
02:46:52.0829 4568 [ B9891F885DCF1F0513A51CB58493CB1F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
02:46:52.0834 4568 LanmanWorkstation - ok
02:46:52.0913 4568 [ A4AEFD644CADE44F99CEAFA49004426C ] LENOVO.CAMMUTE C:\Program Files\LENOVO\HOTKEY\CAMMUTE.exe
02:46:52.0914 4568 LENOVO.CAMMUTE - ok
02:46:52.0950 4568 [ 340288B3B2EDC8AFD5FF127DF85142A7 ] LENOVO.MICMUTE C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
02:46:53.0031 4568 LENOVO.MICMUTE - ok
02:46:53.0063 4568 [ 9AAC267A225F3CAEBB9E633F7EB16E4B ] lenovo.smi C:\Windows\system32\DRIVERS\smiif32.sys
02:46:53.0064 4568 lenovo.smi - ok
02:46:53.0077 4568 [ 158B67696EC8602CE71F9AA4F14AA96F ] Lenovo.VIRTSCRLSVC C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
02:46:53.0078 4568 Lenovo.VIRTSCRLSVC - ok
02:46:53.0200 4568 [ E553C4B4B7B4B86CD71A2DFEE1B58131 ] LiveUpdate C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
02:46:53.0298 4568 LiveUpdate - ok
02:46:53.0341 4568 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
02:46:53.0343 4568 lltdio - ok
02:46:53.0371 4568 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
02:46:53.0386 4568 lltdsvc - ok
02:46:53.0402 4568 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
02:46:53.0405 4568 lmhosts - ok
02:46:53.0453 4568 [ 1C05C59D588A94867671FD07B7062CAF ] LMS C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
02:46:53.0455 4568 LMS - ok
02:46:53.0495 4568 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
02:46:53.0546 4568 LSI_FC - ok
02:46:53.0580 4568 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
02:46:53.0591 4568 LSI_SAS - ok
02:46:53.0621 4568 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
02:46:53.0631 4568 LSI_SAS2 - ok
02:46:53.0669 4568 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
02:46:53.0711 4568 LSI_SCSI - ok
02:46:53.0737 4568 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
02:46:53.0740 4568 luafv - ok
02:46:53.0760 4568 [ E2B0887816ED336685954E3D8FDAA51D ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
02:46:53.0880 4568 Mcx2Svc - ok
02:46:53.0947 4568 [ 7CF1B716372B89568AE4C0FE769F5869 ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
02:46:53.0949 4568 MDM - ok
02:46:53.0981 4568 [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys
02:46:53.0981 4568 mdmxsdk - ok
02:46:54.0000 4568 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
02:46:54.0040 4568 megasas - ok
02:46:54.0076 4568 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
02:46:54.0122 4568 MegaSR - ok
02:46:54.0192 4568 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
02:46:54.0289 4568 Microsoft Office Groove Audit Service - ok
02:46:54.0317 4568 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
02:46:54.0320 4568 MMCSS - ok
02:46:54.0339 4568 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
02:46:54.0341 4568 Modem - ok
02:46:54.0368 4568 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
02:46:54.0369 4568 monitor - ok
02:46:54.0400 4568 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
02:46:54.0402 4568 mouclass - ok
02:46:54.0431 4568 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
02:46:54.0431 4568 mouhid - ok
02:46:54.0446 4568 [ 921C18727C5920D6C0300736646931C2 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
02:46:54.0448 4568 mountmgr - ok
02:46:54.0498 4568 [ EE87C7A7A0EBEDF713A152CA0D0462D6 ] MP4ConverterAudio C:\Windows\system32\drivers\MP4ConverterAudio.sys
02:46:54.0509 4568 MP4ConverterAudio - ok
02:46:54.0528 4568 [ 2AF5997438C55FB79D33D015C30E1974 ] mpio C:\Windows\system32\DRIVERS\mpio.sys
02:46:54.0561 4568 mpio - ok
02:46:54.0584 4568 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
02:46:54.0586 4568 mpsdrv - ok
02:46:54.0618 4568 [ 5CD996CECF45CBC3E8D109C86B82D69E ] MpsSvc C:\Windows\system32\mpssvc.dll
02:46:54.0630 4568 MpsSvc - ok
02:46:54.0655 4568 [ B1BE47008D20E43DA3ADC37C24CDB89D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
02:46:54.0814 4568 MRxDAV - ok
02:46:54.0876 4568 [ CA7570E42522E24324A12161DB14EC02 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
02:46:54.0879 4568 mrxsmb - ok
02:46:54.0940 4568 [ F965C3AB2B2AE5C378F4562486E35051 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
02:46:54.0944 4568 mrxsmb10 - ok
02:46:54.0964 4568 [ 25C38264A3C72594DD21D355D70D7A5D ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
02:46:54.0967 4568 mrxsmb20 - ok
02:46:54.0990 4568 [ 4326D168944123F38DD3B2D9C37A0B12 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
02:46:55.0023 4568 msahci - ok
02:46:55.0051 4568 [ 455029C7174A2DBB03DBA8A0D8BDDD9A ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
02:46:55.0098 4568 msdsm - ok
02:46:55.0126 4568 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
02:46:55.0160 4568 MSDTC - ok
02:46:55.0191 4568 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
02:46:55.0192 4568 Msfs - ok
02:46:55.0199 4568 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
02:46:55.0206 4568 mshidkmdf - ok
02:46:55.0221 4568 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
02:46:55.0222 4568 msisadrv - ok
02:46:55.0261 4568 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
02:46:55.0274 4568 MSiSCSI - ok
02:46:55.0279 4568 msiserver - ok
02:46:55.0303 4568 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
02:46:55.0311 4568 MSKSSRV - ok
02:46:55.0334 4568 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
02:46:55.0336 4568 MSPCLOCK - ok
02:46:55.0347 4568 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
02:46:55.0348 4568 MSPQM - ok
02:46:55.0364 4568 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
02:46:55.0368 4568 MsRPC - ok
02:46:55.0392 4568 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
02:46:55.0393 4568 mssmbios - ok
02:46:55.0408 4568 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
02:46:55.0416 4568 MSTEE - ok
02:46:55.0445 4568 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
02:46:55.0445 4568 MTConfig - ok
02:46:55.0471 4568 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
02:46:55.0473 4568 Mup - ok
02:46:55.0501 4568 [ 80284F1985C70C86F0B5F86DA2DFE1DF ] napagent C:\Windows\system32\qagentRT.dll
02:46:55.0540 4568 napagent - ok
02:46:55.0579 4568 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
02:46:55.0584 4568 NativeWifiP - ok
02:46:55.0681 4568 [ 8E4C77AD9BB279900C00F870CC0C674B ] NAVENG C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20120912.021\NAVENG.SYS
02:46:55.0684 4568 NAVENG - ok
02:46:55.0740 4568 [ 826F699B69E88A3920C70F344DD42D88 ] NAVEX15 C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20120912.021\NAVEX15.SYS
02:46:55.0770 4568 NAVEX15 - ok
02:46:55.0817 4568 [ 23759D175A0A9BAAF04D05047BC135A8 ] NDIS C:\Windows\system32\drivers\ndis.sys
02:46:55.0830 4568 NDIS - ok
02:46:55.0853 4568 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
02:46:55.0863 4568 NdisCap - ok
02:46:55.0884 4568 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
02:46:55.0885 4568 NdisTapi - ok
02:46:55.0903 4568 [ B30AE7F2B6D7E343B0DF32E6C08FCE75 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
02:46:55.0906 4568 Ndisuio - ok
02:46:55.0921 4568 [ 267C415EADCBE53C9CA873DEE39CF3A4 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
02:46:55.0924 4568 NdisWan - ok
02:46:55.0964 4568 [ AF7E7C63DCEF3F8772726F86039D6EB4 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
02:46:55.0966 4568 NDProxy - ok
02:46:55.0996 4568 [ 69C503C004F49AEE8B8E3067CC047BA7 ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
02:46:55.0998 4568 Net Driver HPZ12 - ok
02:46:56.0037 4568 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
02:46:56.0039 4568 NetBIOS - ok
02:46:56.0058 4568 [ DD52A733BF4CA5AF84562A5E2F963B91 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
02:46:56.0062 4568 NetBT - ok
02:46:56.0097 4568 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] Netlogon C:\Windows\system32\lsass.exe
02:46:56.0098 4568 Netlogon - ok
02:46:56.0131 4568 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
02:46:56.0138 4568 Netman - ok
02:46:56.0160 4568 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
02:46:56.0168 4568 netprofm - ok
02:46:56.0198 4568 [ FE2AA5A684B0DD9B1FAE57B7817C198B ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
02:46:56.0212 4568 NetTcpPortSharing - ok
02:46:56.0393 4568 [ 5B2DFA9C5C02DDF2A113CC0F551B59DF ] NETw5s32 C:\Windows\system32\DRIVERS\NETw5s32.sys
02:46:56.0521 4568 NETw5s32 - ok
02:46:56.0721 4568 [ 6DE8D8D6E23F42D819EAE39FA3F6F31D ] NETwNs32 C:\Windows\system32\DRIVERS\NETwNs32.sys
02:46:56.0850 4568 NETwNs32 - ok
02:46:56.0889 4568 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
02:46:56.0925 4568 nfrd960 - ok
02:46:56.0959 4568 [ 2226496E34BD40734946A054B1CD657F ] NlaSvc C:\Windows\System32\nlasvc.dll
02:46:56.0966 4568 NlaSvc - ok
02:46:56.0989 4568 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
02:46:56.0991 4568 Npfs - ok
02:46:57.0002 4568 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
02:46:57.0005 4568 nsi - ok
02:46:57.0015 4568 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
02:46:57.0016 4568 nsiproxy - ok
02:46:57.0076 4568 [ 187002CE05693C306F43C873F821381F ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
02:46:57.0099 4568 Ntfs - ok
02:46:57.0115 4568 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
02:46:57.0116 4568 Null - ok
02:46:57.0146 4568 [ 8571011B62CE0207FA1DC95D88308F1D ] NVHDA C:\Windows\system32\drivers\nvhda32v.sys
02:46:57.0173 4568 NVHDA - ok
02:46:57.0410 4568 [ 6672D9A10FB3E42623F2BCFF38BB31D9 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
02:46:57.0655 4568 nvlddmkm - ok
02:46:57.0704 4568 [ F1B0BED906F97E16F6D0C3629D2F21C6 ] nvraid C:\Windows\system32\drivers\nvraid.sys
02:46:57.0717 4568 nvraid - ok
02:46:57.0749 4568 [ 4520B63899E867F354EE012D34E11536 ] nvstor C:\Windows\system32\drivers\nvstor.sys
02:46:57.0792 4568 nvstor - ok
02:46:57.0836 4568 [ 3BC0F816D8B1958146D962A1101B8713 ] nvsvc C:\Windows\system32\nvvsvc.exe
02:46:57.0840 4568 nvsvc - ok
02:46:57.0875 4568 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
02:46:57.0905 4568 nv_agp - ok
02:46:57.0973 4568 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
02:46:58.0045 4568 odserv - ok
02:46:58.0073 4568 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
02:46:58.0083 4568 ohci1394 - ok
02:46:58.0114 4568 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
02:46:58.0196 4568 ose - ok
02:46:58.0227 4568 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
02:46:58.0233 4568 p2pimsvc - ok
02:46:58.0263 4568 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
02:46:58.0271 4568 p2psvc - ok
02:46:58.0295 4568 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
02:46:58.0306 4568 Parport - ok
02:46:58.0326 4568 [ 66D3415C159741ADE7038A277EFFF99F ] partmgr C:\Windows\system32\drivers\partmgr.sys
02:46:58.0328 4568 partmgr - ok
02:46:58.0347 4568 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
02:46:58.0356 4568 Parvdm - ok
02:46:58.0414 4568 [ 2F6E885C432927A186C2E352C8A1CBF4 ] pbfilter C:\Program Files\PeerBlock\pbfilter.sys
02:46:58.0416 4568 pbfilter - ok
02:46:58.0437 4568 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
02:46:58.0442 4568 PcaSvc - ok
02:46:58.0460 4568 [ C858CB77C577780ECC456A892E7E7D0F ] pci C:\Windows\system32\DRIVERS\pci.sys
02:46:58.0464 4568 pci - ok
02:46:58.0485 4568 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\DRIVERS\pciide.sys
02:46:58.0494 4568 pciide - ok
02:46:58.0511 4568 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
02:46:58.0548 4568 pcmcia - ok
02:46:58.0584 4568 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
02:46:58.0587 4568 pcw - ok
02:46:58.0615 4568 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
02:46:58.0627 4568 PEAUTH - ok
02:46:58.0672 4568 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
02:46:58.0706 4568 PeerDistSvc - ok
02:46:58.0800 4568 pgfilter - ok
02:46:58.0855 4568 [ 7957D9A927D1493E9F35A91724FE0F82 ] Pharos Systems ComTaskMaster C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe
02:46:58.0858 4568 Pharos Systems ComTaskMaster - ok
02:46:58.0909 4568 [ 9C1BFF7910C89A1D12E57343475840CB ] pla C:\Windows\system32\pla.dll
02:46:58.0947 4568 pla - ok
02:46:59.0008 4568 [ 71DEF5EC79774C798342D0EA16E41780 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
02:46:59.0016 4568 PlugPlay - ok
02:46:59.0045 4568 [ 12B4549D515CB26BB8D375038017CA65 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
02:46:59.0048 4568 Pml Driver HPZ12 - ok
02:46:59.0099 4568 [ B4079D61B5C6B4919BDE17C38202E236 ] pmxdrv C:\Windows\system32\drivers\pmxdrv.sys
02:46:59.0144 4568 pmxdrv - ok
02:46:59.0178 4568 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
02:46:59.0189 4568 PNRPAutoReg - ok
02:46:59.0202 4568 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
02:46:59.0205 4568 PNRPsvc - ok
02:46:59.0233 4568 [ 48E1B75C6DC0232FD92BAAE4BD344721 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
02:46:59.0240 4568 PolicyAgent - ok
02:46:59.0262 4568 [ DBFF83F709A91049621C1D35DD45C92C ] Power C:\Windows\system32\umpo.dll
02:46:59.0266 4568 Power - ok
02:46:59.0322 4568 [ 6F51482ADCED13CEBFE0F1054F2116F2 ] Power Manager DBC Service C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
02:46:59.0378 4568 Power Manager DBC Service - ok
02:46:59.0450 4568 [ 297575437C7B8C9D684AD58EC97844CA ] PowerLabUSB C:\Windows\system32\DRIVERS\plusb2_0_3_NTx86.sys
02:46:59.0478 4568 PowerLabUSB - ok
02:46:59.0543 4568 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
02:46:59.0546 4568 PptpMiniport - ok
02:46:59.0623 4568 [ 2A3E82AEAF8A4A1ED7BD22F6A2424A35 ] prepdrvr C:\Windows\system32\CCM\prepdrv.sys
02:46:59.0636 4568 prepdrvr - ok
02:46:59.0659 4568 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
02:46:59.0670 4568 Processor - ok
02:46:59.0718 4568 [ AEA3BDBDBA667AA6F678CB38907E4F5E ] ProfSvc C:\Windows\system32\profsvc.dll
02:46:59.0724 4568 ProfSvc - ok
02:46:59.0738 4568 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] ProtectedStorage C:\Windows\system32\lsass.exe
02:46:59.0740 4568 ProtectedStorage - ok
02:46:59.0767 4568 [ 80DDC44934305224AEBFC37A264803C2 ] psadd C:\Windows\system32\DRIVERS\psadd.sys
02:46:59.0770 4568 psadd - ok
02:46:59.0793 4568 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
02:46:59.0795 4568 Psched - ok
02:46:59.0820 4568 [ AF8B60D65F8B39C4FAC6BE8641923F37 ] PwmEWSvc C:\Program Files\ThinkPad\Utilities\PWMEWSVC.EXE
02:46:59.0862 4568 PwmEWSvc - ok
02:46:59.0888 4568 [ 153D02480A0A2F45785522E814C634B6 ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys
02:46:59.0890 4568 PxHelp20 - ok
02:46:59.0946 4568 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
02:46:59.0985 4568 ql2300 - ok
02:47:00.0007 4568 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
02:47:00.0116 4568 ql40xx - ok
02:47:00.0149 4568 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
02:47:00.0169 4568 QWAVE - ok
02:47:00.0185 4568 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
02:47:00.0194 4568 QWAVEdrv - ok
02:47:00.0219 4568 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
02:47:00.0227 4568 RasAcd - ok
02:47:00.0264 4568 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
02:47:00.0266 4568 RasAgileVpn - ok
02:47:00.0281 4568 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
02:47:00.0293 4568 RasAuto - ok
02:47:00.0304 4568 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
02:47:00.0307 4568 Rasl2tp - ok
02:47:00.0326 4568 [ 0CE66EC736B7FC526D78F7624C7D2A94 ] RasMan C:\Windows\System32\rasmans.dll
02:47:00.0332 4568 RasMan - ok
02:47:00.0343 4568 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
02:47:00.0346 4568 RasPppoe - ok
02:47:00.0360 4568 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
02:47:00.0362 4568 RasSstp - ok
02:47:00.0375 4568 [ 835D7E81BF517A3B72384BDCC85E1CE6 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
02:47:00.0380 4568 rdbss - ok
02:47:00.0394 4568 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
02:47:00.0394 4568 rdpbus - ok
02:47:00.0403 4568 [ 1E016846895B15A99F9A176A05029075 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
02:47:00.0404 4568 RDPCDD - ok
02:47:00.0426 4568 [ C5FF95883FFEF704D50C40D21CFB3AB5 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
02:47:00.0438 4568 RDPDR - ok
02:47:00.0457 4568 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
02:47:00.0458 4568 RDPENCDD - ok
02:47:00.0483 4568 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
02:47:00.0484 4568 RDPREFMP - ok
02:47:00.0514 4568 [ C5B8D47A4688DE9D335204EA757C2240 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
02:47:00.0528 4568 RDPWD - ok
02:47:00.0557 4568 [ 4EA225BF1CF05E158853F30A99CA29A7 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
02:47:00.0561 4568 rdyboost - ok
02:47:00.0575 4568 [ 001B4278407F4303EFC902A2B16F2453 ] regi C:\Windows\system32\drivers\regi.sys
02:47:00.0576 4568 regi - ok
02:47:00.0618 4568 [ 640B77265CE0225ECE46512813F293EA ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
02:47:00.0622 4568 RegSrvc - ok
02:47:00.0642 4568 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
02:47:00.0654 4568 RemoteAccess - ok
02:47:00.0685 4568 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
02:47:00.0698 4568 RemoteRegistry - ok
02:47:00.0721 4568 [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
02:47:00.0733 4568 RFCOMM - ok
02:47:00.0760 4568 [ E891F07815AF88075705EF6A248711F6 ] rimspci C:\Windows\system32\DRIVERS\rimspe86.sys
02:47:00.0770 4568 rimspci - ok
02:47:00.0798 4568 [ 6A60626412129C713CC30C81870A8095 ] rixdpcie C:\Windows\system32\DRIVERS\rixdpe86.sys
02:47:00.0809 4568 rixdpcie - ok
02:47:00.0820 4568 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
02:47:00.0824 4568 RpcEptMapper - ok
02:47:00.0831 4568 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
02:47:00.0846 4568 RpcLocator - ok
02:47:00.0865 4568 [ B82CD39E336973359D7C9BF911E8E84F ] RpcSs C:\Windows\system32\rpcss.dll
02:47:00.0870 4568 RpcSs - ok
02:47:00.0895 4568 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
02:47:00.0898 4568 rspndr - ok
02:47:00.0921 4568 [ 5423D8437051E89DD34749F242C98648 ] s3cap C:\Windows\system32\DRIVERS\vms3cap.sys
02:47:00.0929 4568 s3cap - ok
02:47:00.0946 4568 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] SamSs C:\Windows\system32\lsass.exe
02:47:00.0948 4568 SamSs - ok
02:47:01.0008 4568 [ 39763504067962108505BFF25F024345 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
02:47:01.0009 4568 SASDIFSV - ok
02:47:01.0026 4568 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
02:47:01.0056 4568 SASKUTIL - ok
02:47:01.0091 4568 [ 34EE0C44B724E3E4CE2EFF29126DE5B5 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
02:47:01.0124 4568 sbp2port - ok
02:47:01.0160 4568 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
02:47:01.0174 4568 SCardSvr - ok
02:47:01.0188 4568 [ A95C54B2AC3CC9C73FCDF9E51A1D6B51 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
02:47:01.0198 4568 scfilter - ok
02:47:01.0236 4568 [ DF1E5C82E4D09CF8105CC644980C4803 ] Schedule C:\Windows\system32\schedsvc.dll
02:47:01.0251 4568 Schedule - ok
02:47:01.0276 4568 [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] SCPolicySvc C:\Windows\System32\certprop.dll
02:47:01.0277 4568 SCPolicySvc - ok
02:47:01.0304 4568 [ 7B48CFF3A475FE849DEA65EC4D35C425 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
02:47:01.0316 4568 sdbus - ok
02:47:01.0329 4568 [ 5FD90ABDBFAEE85986802622CBB03446 ] SDRSVC C:\Windows\System32\SDRSVC.dll
02:47:01.0343 4568 SDRSVC - ok
02:47:01.0371 4568 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
02:47:01.0372 4568 secdrv - ok
02:47:01.0381 4568 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
02:47:01.0385 4568 seclogon - ok
02:47:01.0406 4568 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\system32\sens.dll
02:47:01.0409 4568 SENS - ok
02:47:01.0426 4568 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
02:47:01.0438 4568 SensrSvc - ok
02:47:01.0443 4568 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
02:47:01.0444 4568 Serenum - ok
02:47:01.0465 4568 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
02:47:01.0468 4568 Serial - ok
02:47:01.0481 4568 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
02:47:01.0490 4568 sermouse - ok
02:47:01.0514 4568 [ 8F55CE568C543D5ADF45C409D16718FC ] SessionEnv C:\Windows\system32\sessenv.dll
02:47:01.0548 4568 SessionEnv - ok
02:47:01.0574 4568 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
02:47:01.0583 4568 sffdisk - ok
02:47:01.0603 4568 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
02:47:01.0612 4568 sffp_mmc - ok
02:47:01.0632 4568 [ 4F1E5B0FE7C8050668DBFADE8999AEFB ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
02:47:01.0641 4568 sffp_sd - ok
02:47:01.0666 4568 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
02:47:01.0675 4568 sfloppy - ok
02:47:01.0727 4568 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
02:47:01.0752 4568 SharedAccess - ok
02:47:01.0780 4568 [ CD2E48FA5B29EE2B3B5858056D246EF2 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
02:47:01.0788 4568 ShellHWDetection - ok
02:47:01.0814 4568 [ 486A1BD22DD66D0A8542EBB0CD792BDB ] Shockprf C:\Windows\system32\DRIVERS\Apsx86.sys
02:47:01.0817 4568 Shockprf - ok
02:47:01.0840 4568 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\DRIVERS\sisagp.sys
02:47:01.0867 4568 sisagp - ok
02:47:01.0895 4568 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
02:47:01.0932 4568 SiSRaid2 - ok
02:47:01.0954 4568 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
02:47:01.0987 4568 SiSRaid4 - ok
02:47:02.0094 4568 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
02:47:02.0098 4568 SkypeUpdate - ok
02:47:02.0138 4568 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
02:47:02.0149 4568 Smb - ok
02:47:02.0213 4568 [ A58C1A086D9C09C6572C948F22CC0E94 ] SmcService C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
02:47:02.0227 4568 SmcService - ok
02:47:02.0258 4568 [ 0B9C01236D25BDCB37AA79DC59DFB7D3 ] smihlp C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys
02:47:02.0283 4568 smihlp - ok
02:47:02.0287 4568 smstsmgr - ok
02:47:02.0336 4568 [ D2C222441255131E29DE351475F98F6D ] SNAC C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
02:47:02.0433 4568 SNAC - ok
02:47:02.0476 4568 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
02:47:02.0493 4568 SNMPTRAP - ok
02:47:02.0537 4568 [ E621BB5839CF45FA477F48092EDD2B40 ] SPBBCDrv C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
02:47:02.0544 4568 SPBBCDrv - ok
02:47:02.0558 4568 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
02:47:02.0559 4568 spldr - ok
02:47:02.0598 4568 [ E17323B0AA9FB3FF9945731D736EDA2F ] Spooler C:\Windows\System32\spoolsv.exe
02:47:02.0602 4568 Spooler - ok
02:47:02.0676 4568 [ 4C287F9069FEDBD791178876EE9DE536 ] sppsvc C:\Windows\system32\sppsvc.exe
02:47:02.0732 4568 sppsvc - ok
02:47:02.0745 4568 [ D8E3E19EEBDAB49DD4A8D3062EAD4EC7 ] sppuinotify C:\Windows\system32\sppuinotify.dll
02:47:02.0776 4568 sppuinotify - ok
02:47:02.0818 4568 [ 2ABF82C8452AB0B9FFC74A2D5DA91989 ] SRTSP C:\Windows\system32\Drivers\SRTSP.SYS
02:47:02.0824 4568 SRTSP - ok
02:47:02.0847 4568 [ E2F9E5887BEA5BD8784D337E06EDA31B ] SRTSPL C:\Windows\system32\Drivers\SRTSPL.SYS
02:47:02.0889 4568 SRTSPL - ok
02:47:02.0926 4568 [ 3B974C158FABD910186F98DF8D3E23F3 ] SRTSPX C:\Windows\system32\Drivers\SRTSPX.SYS
02:47:02.0929 4568 SRTSPX - ok
02:47:02.0974 4568 [ C4A027B8C0BD3FC0699F41FA5E9E0C87 ] srv C:\Windows\system32\DRIVERS\srv.sys
02:47:02.0981 4568 srv - ok
02:47:03.0000 4568 [ 414BB592CAD8A79649D01F9D94318FB3 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
02:47:03.0006 4568 srv2 - ok
02:47:03.0048 4568 [ E00FDFAFF025E94F9821153750C35A6D ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL3.SYS
02:47:03.0064 4568 SrvHsfHDA - ok
02:47:03.0100 4568 [ CEB4E3B6890E1E42DCA6694D9E59E1A0 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV3.SYS
02:47:03.0131 4568 SrvHsfV92 - ok
02:47:03.0158 4568 [ BC0C7EA89194C299F051C24119000E17 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
02:47:03.0184 4568 SrvHsfWinac - ok
02:47:03.0226 4568 [ FF207D67700AA18242AAF985D3E7D8F4 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
02:47:03.0229 4568 srvnet - ok
02:47:03.0249 4568 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
02:47:03.0255 4568 SSDPSRV - ok
02:47:03.0266 4568 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
02:47:03.0270 4568 SstpSvc - ok
02:47:03.0289 4568 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
02:47:03.0317 4568 stexstor - ok
02:47:03.0352 4568 [ A22825E7BB7018E8AF3E229A5AF17221 ] StiSvc C:\Windows\System32\wiaservc.dll
02:47:03.0364 4568 StiSvc - ok
02:47:03.0380 4568 [ 957E346CA948668F2496A6CCF6FF82CC ] storflt C:\Windows\system32\DRIVERS\vmstorfl.sys
02:47:03.0383 4568 storflt - ok
02:47:03.0396 4568 [ 0BF669F0A910BEDA4A32258D363AF2A5 ] StorSvc C:\Windows\system32\storsvc.dll
02:47:03.0407 4568 StorSvc - ok
02:47:03.0429 4568 [ D5751969DC3E4B88BF482AC8EC9FE019 ] storvsc C:\Windows\system32\DRIVERS\storvsc.sys
02:47:03.0460 4568 storvsc - ok
02:47:03.0568 4568 [ 59B5A060A31BD4BAB030C4FCD1048292 ] SUService C:\Program Files\Lenovo\System Update\SUService.exe
02:47:03.0568 4568 SUService - ok
02:47:03.0594 4568 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
02:47:03.0594 4568 swenum - ok
02:47:03.0625 4568 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
02:47:03.0635 4568 swprv - ok
02:47:03.0730 4568 [ BA2FB8F8AB24D0279CAA98A4C118150E ] Symantec AntiVirus C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
02:47:03.0748 4568 Symantec AntiVirus - ok
02:47:03.0785 4568 [ A54FF04BD6E75DC4D8CB6F3E352635E0 ] SymEvent C:\Windows\system32\Drivers\SYMEVENT.SYS
02:47:03.0824 4568 SymEvent - ok
02:47:03.0864 4568 [ 394B2368212114D538316812AF60FDDD ] SYMREDRV C:\Windows\System32\Drivers\SYMREDRV.SYS
02:47:03.0865 4568 SYMREDRV - ok
02:47:03.0909 4568 [ D46676BB414C7531BDFFE637A33F5033 ] SYMTDI C:\Windows\System32\Drivers\SYMTDI.SYS
02:47:03.0913 4568 SYMTDI - ok
02:47:03.0969 4568 [ 0953D53A2D272DE4C4BE1E6C6A2C90D4 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
02:47:03.0975 4568 SynTP - ok
02:47:04.0031 4568 [ 04105C8DA62353589C29BDAEB8D88BD8 ] SysMain C:\Windows\system32\sysmain.dll
02:47:04.0055 4568 SysMain - ok
02:47:04.0085 4568 [ 1295B1DA3E2A2C24C7D176F6E97AFBD1 ] SysPlant C:\Windows\SYSTEM32\Drivers\SysPlant.sys
02:47:04.0088 4568 SysPlant - ok
02:47:04.0099 4568 [ FCFB6C552FBC0DA299799CBD50AD9FD4 ] TabletInputService C:\Windows\System32\TabSvc.dll
02:47:04.0103 4568 TabletInputService - ok
02:47:04.0136 4568 [ DDFF0E8855943F9E5BBCD250B21EB46F ] TabletSVC C:\Program Files\ThinkPad\Tablet Shortcut\TSMService.exe
02:47:04.0137 4568 TabletSVC - ok
02:47:04.0154 4568 [ 2F46B0C70A4ADC8C90CF825DA3B4FEAF ] TapiSrv C:\Windows\System32\tapisrv.dll
02:47:04.0161 4568 TapiSrv - ok
02:47:04.0174 4568 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
02:47:04.0179 4568 TBS - ok
02:47:04.0224 4568 [ 55E9965552741F3850CB22CBBA9671ED ] Tcpip C:\Windows\system32\drivers\tcpip.sys
02:47:04.0248 4568 Tcpip - ok
02:47:04.0289 4568 [ 55E9965552741F3850CB22CBBA9671ED ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
02:47:04.0299 4568 TCPIP6 - ok
02:47:04.0323 4568 [ E64444523ADD154F86567C469BC0B17F ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
02:47:04.0325 4568 tcpipreg - ok
02:47:04.0399 4568 [ A33510A9B4F6E72C80D7812EFFD301C2 ] TDFSD C:\Program Files\Xythos\Drive\tdfsd.sys
02:47:04.0423 4568 TDFSD - ok
02:47:04.0439 4568 [ 1875C1490D99E70E449E3AFAE9FCBADF ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
02:47:04.0448 4568 TDPIPE - ok
02:47:04.0487 4568 [ 7156308896D34EA75A582F9A09E50C17 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
02:47:04.0496 4568 TDTCP - ok
02:47:04.0513 4568 [ CB39E896A2A83702D1737BFD402B3542 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
02:47:04.0516 4568 tdx - ok
02:47:04.0552 4568 [ 1DE2E1357552A79F39BFF003A11C533E ] Teefer2 C:\Windows\system32\DRIVERS\teefer2.sys
02:47:04.0554 4568 Teefer2 - ok
02:47:04.0576 4568 [ C36F41EE20E6999DBF4B0425963268A5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
02:47:04.0579 4568 TermDD - ok
02:47:04.0623 4568 [ A01E50A04D7B1960B33E92B9080E6A94 ] TermService C:\Windows\System32\termsrv.dll
02:47:04.0648 4568 TermService - ok
02:47:04.0662 4568 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
02:47:04.0666 4568 Themes - ok
02:47:04.0745 4568 [ 8EB3B845A55AFE8367C99C1B499340DF ] ThinkVantage Registry Monitor Service C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
02:47:04.0753 4568 ThinkVantage Registry Monitor Service - ok
02:47:04.0776 4568 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
02:47:04.0778 4568 THREADORDER - ok
02:47:04.0786 4568 [ 20A439D6475D6FE1909159C0143D0466 ] TPDIGIMN C:\Windows\system32\DRIVERS\ApsHM86.sys
02:47:04.0787 4568 TPDIGIMN - ok
02:47:04.0809 4568 [ 3775E4AA5F72264DBAB7A578DD913ECF ] TPHDEXLGSVC C:\Windows\system32\TPHDEXLG.exe
02:47:04.0848 4568 TPHDEXLGSVC - ok
02:47:04.0918 4568 [ 9CD364ECB3A10B24C7CAC8FF89993A67 ] TPHKLOAD C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
02:47:04.0919 4568 TPHKLOAD - ok
02:47:04.0958 4568 [ C04BB65441913AB621C58A8BD3169B23 ] TPHKSVC C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
02:47:04.0959 4568 TPHKSVC - ok
02:47:04.0985 4568 [ 5AD05191DC8B444A7BA4D79B76C42A30 ] TPM C:\Windows\system32\drivers\tpm.sys
02:47:04.0987 4568 TPM - ok
02:47:05.0021 4568 [ C16EC6A5390904D3971179553852025B ] TPPWRIF C:\Windows\system32\drivers\Tppwr32v.sys
02:47:05.0022 4568 TPPWRIF - ok
02:47:05.0034 4568 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
02:47:05.0038 4568 TrkWks - ok
02:47:05.0096 4568 [ 41A4C781D2286208D397D72099304133 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
02:47:05.0100 4568 TrustedInstaller - ok
02:47:05.0115 4568 [ 98AE6FA07D12CB4EC5CF4A9BFA5F4242 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
02:47:05.0126 4568 tssecsrv - ok
02:47:05.0147 4568 [ 3E461D890A97F9D4C168F5FDA36E1D00 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
02:47:05.0150 4568 tunnel - ok
02:47:05.0234 4568 [ 4E7F50B0735A9CC58997CC2C92E41290 ] TVT Backup Service C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
02:47:05.0332 4568 TVT Backup Service - ok
02:47:05.0363 4568 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
02:47:05.0392 4568 uagp35 - ok
02:47:05.0430 4568 [ 09CC3E16F8E5EE7168E01CF8FCBE061A ] udfs C:\Windows\system32\DRIVERS\udfs.sys
02:47:05.0446 4568 udfs - ok
02:47:05.0469 4568 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
02:47:05.0487 4568 UI0Detect - ok
02:47:05.0546 4568 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
02:47:05.0591 4568 uliagpkx - ok
02:47:05.0631 4568 [ 049B3A50B3D646BAEEEE9EEC9B0668DC ] umbus C:\Windows\system32\DRIVERS\umbus.sys
02:47:05.0633 4568 umbus - ok
02:47:05.0653 4568 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
02:47:05.0662 4568 UmPass - ok
02:47:05.0697 4568 [ 8ECACA5454844F66386F7BE4AE0D7CD1 ] UmRdpService C:\Windows\System32\umrdp.dll
02:47:05.0782 4568 UmRdpService - ok
02:47:05.0880 4568 [ CCC28FA0DFDFDB161624F1C63296418C ] UNS C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
02:47:05.0897 4568 UNS - ok
02:47:05.0923 4568 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
02:47:05.0930 4568 upnphost - ok
02:47:05.0992 4568 [ 83CAFCB53201BBAC04D822F32438E244 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
02:47:06.0002 4568 USBAAPL - ok
02:47:06.0043 4568 [ 5C233AEFB566EE78C1EFBC0493FB066A ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
02:47:06.0046 4568 usbccgp - ok
02:47:06.0060 4568 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
02:47:06.0072 4568 usbcir - ok
02:47:06.0084 4568 [ 5B71019A6ACA0116FD21B368F19C0B91 ] usbehci C:\Windows\system32\drivers\usbehci.sys
02:47:06.0086 4568 usbehci - ok
02:47:06.0108 4568 [ 5823D3965C2A4F6F785ED1A3B403F3B8 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
02:47:06.0113 4568 usbhub - ok
02:47:06.0132 4568 [ E753ED6C49DA13967EBABF9EA616454A ] usbohci C:\Windows\system32\drivers\usbohci.sys
02:47:06.0141 4568 usbohci - ok
02:47:06.0165 4568 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
02:47:06.0174 4568 usbprint - ok
02:47:06.0226 4568 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
02:47:06.0236 4568 usbscan - ok
02:47:06.0276 4568 [ 1C4287739A93594E57E2A9E6A3ED7353 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
02:47:06.0279 4568 USBSTOR - ok
02:47:06.0292 4568 [ 6A30928A469CE802600E1EA8C0F2F53F ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
02:47:06.0302 4568 usbuhci - ok
02:47:06.0355 4568 [ B5F6A992D996282B7FAE7048E50AF83A ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
02:47:06.0359 4568 usbvideo - ok
02:47:06.0378 4568 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
02:47:06.0381 4568 UxSms - ok
02:47:06.0388 4568 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] VaultSvc C:\Windows\system32\lsass.exe
02:47:06.0390 4568 VaultSvc - ok
02:47:06.0419 4568 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
02:47:06.0422 4568 vdrvroot - ok
02:47:06.0450 4568 [ 8C4E7C49D3641BC9E299E466A7F8867D ] vds C:\Windows\System32\vds.exe
02:47:06.0491 4568 vds - ok
02:47:06.0519 4568 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
02:47:06.0529 4568 vga - ok
02:47:06.0545 4568 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
02:47:06.0546 4568 VgaSave - ok
02:47:06.0572 4568 [ 3BE6E1F3A4F1AFEC8CEE0D7883F93583 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
02:47:06.0611 4568 vhdmp - ok
02:47:06.0657 4568 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\DRIVERS\viaagp.sys
02:47:06.0668 4568 viaagp - ok
02:47:06.0684 4568 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
02:47:06.0694 4568 ViaC7 - ok
02:47:06.0719 4568 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\DRIVERS\viaide.sys
02:47:06.0751 4568 viaide - ok
02:47:06.0778 4568 [ 379B349F65F453D2A6E75EA6B7448E49 ] vmbus C:\Windows\system32\DRIVERS\vmbus.sys
02:47:06.0794 4568 vmbus - ok
02:47:06.0809 4568 [ EC2BBAB4B84D0738C6C83D2234DC36FE ] VMBusHID C:\Windows\system32\DRIVERS\VMBusHID.sys
02:47:06.0819 4568 VMBusHID - ok
02:47:06.0835 4568 [ 384E5A2AA49934295171E499F86BA6F3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
02:47:06.0838 4568 volmgr - ok
02:47:06.0868 4568 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
02:47:06.0873 4568 volmgrx - ok
02:47:06.0885 4568 [ 58DF9D2481A56EDDE167E51B334D44FD ] volsnap C:\Windows\system32\DRIVERS\volsnap.sys
02:47:06.0891 4568 volsnap - ok
02:47:06.0919 4568 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
02:47:06.0949 4568 vsmraid - ok
02:47:06.0992 4568 [ 7EA2BCD94D9CFAF4C556F5CC94532A6C ] VSS C:\Windows\system32\vssvc.exe
02:47:07.0013 4568 VSS - ok
02:47:07.0035 4568 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
02:47:07.0035 4568 vwifibus - ok
02:47:07.0065 4568 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
02:47:07.0067 4568 vwififlt - ok
02:47:07.0089 4568 [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
02:47:07.0090 4568 vwifimp - ok
02:47:07.0122 4568 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
02:47:07.0141 4568 W32Time - ok
02:47:07.0171 4568 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
02:47:07.0181 4568 WacomPen - ok
02:47:07.0205 4568 [ 692A712062146E96D28BA0B7D75DE31B ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
02:47:07.0208 4568 WANARP - ok
02:47:07.0212 4568 [ 692A712062146E96D28BA0B7D75DE31B ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
02:47:07.0213 4568 Wanarpv6 - ok
02:47:07.0281 4568 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
02:47:07.0342 4568 WatAdminSvc - ok
02:47:07.0391 4568 [ 7790B77FE1E5EE47DCC66247095BB4C9 ] wbengine C:\Windows\system32\wbengine.exe
02:47:07.0435 4568 wbengine - ok
02:47:07.0452 4568 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
02:47:07.0458 4568 WbioSrvc - ok
02:47:07.0502 4568 [ 6D9B75275C3E3A5F51AEF81AFFADB2B6 ] wcncsvc C:\Windows\System32\wcncsvc.dll
02:47:07.0547 4568 wcncsvc - ok
02:47:07.0570 4568 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
02:47:07.0583 4568 WcsPlugInService - ok
02:47:07.0626 4568 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
02:47:07.0666 4568 Wd - ok
02:47:07.0709 4568 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
02:47:07.0718 4568 Wdf01000 - ok
02:47:07.0733 4568 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
02:47:07.0737 4568 WdiServiceHost - ok
02:47:07.0742 4568 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
02:47:07.0745 4568 WdiSystemHost - ok
02:47:07.0794 4568 [ BB5EC38F8D4600119B4720BC5D4211F1 ] WebClient C:\Windows\System32\webclnt.dll
02:47:07.0813 4568 WebClient - ok
02:47:07.0826 4568 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
02:47:07.0842 4568 Wecsvc - ok
02:47:07.0857 4568 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
02:47:07.0861 4568 wercplsupport - ok
02:47:07.0885 4568 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
02:47:07.0898 4568 WerSvc - ok
02:47:07.0919 4568 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
02:47:07.0920 4568 WfpLwf - ok
02:47:07.0935 4568 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
02:47:07.0945 4568 WIMMount - ok
02:47:07.0976 4568 [ 253A9C2DF9A2A7B3B23146014959F2CD ] winachsf C:\Windows\system32\DRIVERS\HSX_CNXT.sys
02:47:07.0988 4568 winachsf - ok
02:47:08.0034 4568 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
02:47:08.0060 4568 WinDefend - ok
02:47:08.0068 4568 WinHttpAutoProxySvc - ok
02:47:08.0106 4568 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
02:47:08.0109 4568 Winmgmt - ok
02:47:08.0159 4568 [ C4F5D3901D1B41D602DDC196E0B95B51 ] WinRM C:\Windows\system32\WsmSvc.dll
02:47:08.0195 4568 WinRM - ok
02:47:08.0236 4568 [ 30FC6E5448D0CBAAA95280EEEF7FEDAE ] WinUsb C:\Windows\system32\DRIVERS\WinUSB.sys
02:47:08.0252 4568 WinUsb - ok
02:47:08.0321 4568 [ E50CC36F4A4A5900389227DA67FCD26B ] wisdpen C:\Windows\system32\DRIVERS\wisdpen.sys
02:47:08.0323 4568 wisdpen - ok
02:47:08.0383 4568 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
02:47:08.0401 4568 Wlansvc - ok
02:47:08.0413 4568 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
02:47:08.0414 4568 WmiAcpi - ok
02:47:08.0440 4568 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
02:47:08.0442 4568 wmiApSrv - ok
02:47:08.0501 4568 [ 77FBD400984CF72BA0FC4B3489D65F74 ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
02:47:08.0510 4568 WMPNetworkSvc - ok
02:47:08.0528 4568 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
02:47:08.0538 4568 WPCSvc - ok
02:47:08.0554 4568 [ B7F658A2EBC07129538AD9AB35212637 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
02:47:08.0559 4568 WPDBusEnum - ok
02:47:08.0588 4568 [ C1620EBB375D3B02E31FD311C44FEDEB ] WPS C:\Windows\system32\drivers\wpsdrvnt.sys
02:47:08.0589 4568 WPS - ok
02:47:08.0614 4568 [ FF983A25AE6F7D3F87F26BF51F02A201 ] WpsHelper C:\Windows\system32\drivers\WpsHelper.sys
02:47:08.0618 4568 WpsHelper - ok
02:47:08.0641 4568 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
02:47:08.0642 4568 ws2ifsl - ok
02:47:08.0687 4568 [ A661A76333057B383A06E65F0073222F ] wscsvc C:\Windows\system32\wscsvc.dll
02:47:08.0692 4568 wscsvc - ok
02:47:08.0696 4568 WSearch - ok
02:47:08.0774 4568 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
02:47:08.0810 4568 wuauserv - ok
02:47:08.0830 4568 [ 6F9B6C0C93232CFF47D0F72D6DB1D21E ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
02:47:08.0833 4568 WudfPf - ok
02:47:08.0845 4568 [ F91FF1E51FCA30B3C3981DB7D5924252 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
02:47:08.0849 4568 WUDFRd - ok
02:47:08.0877 4568 [ DDEE3682FE97037C45F4D7AB467CB8B6 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
02:47:08.0881 4568 wudfsvc - ok
02:47:08.0903 4568 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
02:47:08.0999 4568 WwanSvc - ok
02:47:09.0045 4568 [ 894F963BE999BA9DB5AAC3AED55B115D ] XAudio C:\Windows\system32\DRIVERS\XAudio32.sys
02:47:09.0046 4568 XAudio - ok
02:47:09.0071 4568 [ DE657DF82A5D3DD26E1B2E540A1E79A0 ] XyService C:\Program Files\Xythos\Drive\XfsSvcCon.exe
02:47:09.0072 4568 XyService - ok
02:47:09.0097 4568 ================ Scan global ===============================
02:47:09.0119 4568 [ 9A595DF601070DA78C40481120DD2C06 ] C:\Windows\system32\basesrv.dll
02:47:09.0157 4568 [ 008F51AE989C3DF1CBAF8B39DC423CCC ] C:\Windows\system32\winsrv.dll
02:47:09.0170 4568 [ 008F51AE989C3DF1CBAF8B39DC423CCC ] C:\Windows\system32\winsrv.dll
02:47:09.0196 4568 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
02:47:09.0213 4568 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
02:47:09.0217 4568 [Global] - ok
02:47:09.0217 4568 ================ Scan MBR ==================================
02:47:09.0233 4568 [ CCBA61D4DB57E464EBB550D6961C6871 ] \Device\Harddisk0\DR0
02:47:09.0612 4568 \Device\Harddisk0\DR0 - ok
02:47:09.0627 4568 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
02:47:09.0633 4568 \Device\Harddisk1\DR1 - ok
02:47:09.0634 4568 ================ Scan VBR ==================================
02:47:09.0637 4568 [ FB571D9B5205A0C0068855641DD37F9E ] \Device\Harddisk0\DR0\Partition1
02:47:09.0638 4568 \Device\Harddisk0\DR0\Partition1 - ok
02:47:09.0642 4568 [ F10983253405711A70082F0ADA15AC7E ] \Device\Harddisk1\DR1\Partition1
02:47:09.0644 4568 \Device\Harddisk1\DR1\Partition1 - ok
02:47:09.0645 4568 ============================================================
02:47:09.0645 4568 Scan finished
02:47:09.0645 4568 ============================================================
02:47:09.0658 5104 Detected object count: 0
02:47:09.0658 5104 Actual detected object count: 0
02:48:36.0803 3040 Deinitialize success

Thank you!

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:30 PM

Posted 13 September 2012 - 01:19 PM

Hello

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 Tricknasty118

Tricknasty118
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:30 PM

Posted 13 September 2012 - 01:50 PM

Hello,

I don't know if its relevant but chrome seems to be opening slowly lately.

Also still redirecting to a few different click get answers fast/gethotresults sites.

Here is the log.

adw Cleaner Log [s1]

# AdwCleaner v2.001 - Logfile created 09/13/2012 at 14:37:18
# Updated 09/09/2012 by Xplode
# Operating system : Windows 7 Enterprise (32 bits)
# User : barnesdb - 146611--R94LVHA
# Boot Mode : Normal
# Running from : C:\Users\barnesdb\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnu.xpt
File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.xpt
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\SearchResults.xml
File Deleted : C:\user.js
Folder Deleted : C:\Program Files\Common Files\Software Update Utility
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\Windows iLivid Toolbar
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\Users\Administrator\AppData\LocalLow\Searchqutoolbar
Folder Deleted : C:\Users\barnesdb\AppData\Local\Conduit
Folder Deleted : C:\Users\barnesdb\AppData\Local\Ilivid Player
Folder Deleted : C:\Users\barnesdb\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\barnesdb\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\barnesdb\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\barnesdb\AppData\LocalLow\searchquband
Folder Deleted : C:\Users\barnesdb\AppData\LocalLow\Searchqutoolbar
Folder Deleted : C:\Users\barnesdb\AppData\Roaming\Babylon

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\searchqutoolbar
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2786678
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3072253
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu 406 MediaBar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7600.16385

Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://search.babylon.com/?affID=112842&tt=2912_8&babsrc=NT_ss&mntrId=1a633eaa0000000000000024d7217589 --> hxxp://www.google.com

-\\ Google Chrome v21.0.1180.89

File : C:\Users\barnesdb\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [6333 octets] - [13/09/2012 14:35:57]
AdwCleaner[S1].txt - [6263 octets] - [13/09/2012 14:37:18]

########## EOF - C:\AdwCleaner[S1].txt - [6323 octets] ##########

Thank you,

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:30 PM

Posted 13 September 2012 - 03:22 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:30 PM

Posted 16 September 2012 - 12:01 PM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Tricknasty118

Tricknasty118
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:30 PM

Posted 16 September 2012 - 05:02 PM

OTL log


OTL logfile created on: 9/14/2012 6:47:56 PM - Run 2
OTL by OldTimer - Version 3.2.61.3 Folder = C:\Users\barnesdb\Desktop
Enterprise Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.93 Gb Total Physical Memory | 1.20 Gb Available Physical Memory | 41.17% Memory free
5.85 Gb Paging File | 3.38 Gb Available in Paging File | 57.82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 280.34 Gb Total Space | 146.29 Gb Free Space | 52.18% Space Free | Partition Type: NTFS

Computer Name: 146611--R94LVHA | User Name: barnesdb | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\barnesdb\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
PRC - C:\Users\barnesdb\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\7.9_0\plugin\ClickClean.exe ()
PRC - C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\Lenovo\System Update\SUService.exe (Lenovo Group Limited)
PRC - C:\Program Files\FreeAlarmClock\FreeAlarmClock.exe (Comfort Software Group)
PRC - C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE (Lenovo.)
PRC - C:\Program Files\ThinkPad\Utilities\SCHTASK.EXE (Lenovo Group Limited)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe (Lenovo Group Limited)
PRC - C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation)
PRC - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation)
PRC - C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Intel® Corporation)
PRC - C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe (Lenovo Group Limited)
PRC - C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\ZOOM\TpScrex.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\HOTKEY\tphkload.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Program Files\Internet Download Manager\IEMonitor.exe (Tonec Inc.)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\CONEXANT\SAII\SmartAudio.exe (Conexant Systems, Inc)
PRC - C:\Program Files\PharosSystems\Core\CTskMstr.exe (Pharos Systems International)
PRC - C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics Incorporated)
PRC - C:\Program Files\Lenovo\HOTKEY\cammute.exe (Lenovo Group Limited)
PRC - C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe (UPEK Inc.)
PRC - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
PRC - C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
PRC - C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe (Intel Corporation)
PRC - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)
PRC - C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE (Lenovo Group Limited)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\audiodg.exe (Microsoft Corporation)
PRC - C:\Program Files\Xythos\Drive\Xythos.exe (Xythos Software, Inc.)
PRC - C:\Program Files\Xythos\Drive\XfsSvcCon.exe (Xythos Software, Inc.)
PRC - C:\Windows\System32\CCM\CcmExec.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)


========== Modules (No Company Name) ==========

MOD - C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll ()
MOD - C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll ()
MOD - C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL ()
MOD - C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll ()
MOD - C:\Users\barnesdb\AppData\Local\Google\Chrome\Application\21.0.1180.89\ppgooglenaclpluginchrome.dll ()
MOD - C:\Users\barnesdb\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll ()
MOD - C:\Users\barnesdb\AppData\Local\Google\Chrome\Application\21.0.1180.89\pdf.dll ()
MOD - C:\Users\barnesdb\AppData\Local\Google\Chrome\Application\21.0.1180.89\libglesv2.dll ()
MOD - C:\Users\barnesdb\AppData\Local\Google\Chrome\Application\21.0.1180.89\libegl.dll ()
MOD - C:\Users\barnesdb\AppData\Local\Google\Chrome\Application\21.0.1180.89\avutil-51.dll ()
MOD - C:\Users\barnesdb\AppData\Local\Google\Chrome\Application\21.0.1180.89\avformat-54.dll ()
MOD - C:\Users\barnesdb\AppData\Local\Google\Chrome\Application\21.0.1180.89\avcodec-54.dll ()
MOD - C:\Users\barnesdb\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\7.9_0\plugin\ClickClean.exe ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\961b28b18dc304d4434ca9938abd1d60\WindowsFormsIntegration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\3eaec5bc57c67c3b24ca2bb281ca249d\Microsoft.VisualBasic.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\SmartAudio\7710c52e482087cb663529956bc5b7f3\SmartAudio.ni.exe ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\517358eb2fd962a942dd1ea6afc5b93e\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\009c50fb69919b90fb233cb4c35d0ad7\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ebefde27b0ef7f39bb49c493b34a602c\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\e9d0ba41128f363f2390c7e630129c2b\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\1435db5dea878f59191dc112a40e2185\CustomMarshalers.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Interop.CxHDAudioAP#\91f8661a7c08b925613a029f64eae4ea\Interop.CxHDAudioAPILib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\fc626095c194be137bceb219934b06a7\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0c00b1a8336dd4c1bd1ebce7780f20b4\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b68fdf2c95b93fc5006a092c11eed07c\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5c85c9c42e1b8a8760de82ecb4c7d582\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb079eab134fd1a752ad91db13274110\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\2ebb3c259eab50af565e3a8dba6ad20e\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5858678a79aae31262b0214424245d06\mscorlib.ni.dll ()
MOD - C:\Program Files\ThinkPad\Utilities\US\PWMRT32V.DLL ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()
MOD - C:\Windows\System32\nvShell.dll ()
MOD - C:\Program Files\ThinkPad\Bluetooth Software\BTKeyInd.dll ()
MOD - C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll ()


========== Services (SafeList) ==========

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
SRV - (SUService) -- C:\Program Files\Lenovo\System Update\SUService.exe (Lenovo Group Limited)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Flexera Software, Inc.)
SRV - (DozeSvc) -- C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE (Lenovo.)
SRV - (PwmEWSvc) -- C:\Program Files\ThinkPad\Utilities\PWMEWSVC.exe (Lenovo Group Limited)
SRV - (Power Manager DBC Service) -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe (Lenovo)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation)
SRV - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation)
SRV - (BTHSSecurityMgr) -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Intel® Corporation)
SRV - (AMPPALR3) -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel Corporation)
SRV - (Lenovo.VIRTSCRLSVC) -- C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe (Lenovo Group Limited)
SRV - (TPHKLOAD) -- C:\Program Files\Lenovo\HOTKEY\tphkload.exe (Lenovo Group Limited)
SRV - (LENOVO.MICMUTE) -- C:\Program Files\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited)
SRV - (TPHKSVC) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (Pharos Systems ComTaskMaster) -- C:\Program Files\PharosSystems\Core\CTskMstr.exe (Pharos Systems International)
SRV - (LENOVO.CAMMUTE) -- C:\Program Files\Lenovo\HOTKEY\cammute.exe (Lenovo Group Limited)
SRV - (SmcService) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation)
SRV - (SNAC) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE (Symantec Corporation)
SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (Symantec AntiVirus) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
SRV - (btwdins) -- C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (UNS) -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (ThinkVantage Registry Monitor Service) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)
SRV - (AdobeActiveFileMonitor8.0) -- C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (HsfXAudioService) -- C:\Windows\System32\XAudio32.dll (Conexant Systems, Inc.)
SRV - (XyService) -- C:\Program Files\Xythos\Drive\XfsSvcCon.exe (Xythos Software, Inc.)
SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE (Symantec Corporation)
SRV - (CcmExec) -- C:\Windows\System32\CCM\CcmExec.exe (Microsoft Corporation)
SRV - (smstsmgr) -- C:\Windows\System32\CCM\TSManager.exe (Microsoft Corporation)
SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)


========== Driver Services (SafeList) ==========

DRV - (pgfilter) -- C:\Program Files\PeerGuardian2\pgfilter.sys File not found
DRV - (catchme) -- C:\Users\barnesdb\AppData\Local\Temp\catchme.sys File not found
DRV - (5U877) -- system32\DRIVERS\5U877.sys File not found
DRV - (NAVEX15) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20120914.002\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20120914.002\NAVENG.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (IDMWFP) -- C:\Windows\System32\drivers\idmwfp.sys (Tonec Inc.)
DRV - (MP4ConverterAudio) -- C:\Windows\System32\drivers\MP4ConverterAudio.sys (Windows ® Win 7 DDK provider)
DRV - (DozeHDD) -- C:\Windows\System32\drivers\DOZEHDD.SYS (Lenovo.)
DRV - (TPPWRIF) -- C:\Windows\System32\drivers\TPPWR32V.SYS (Lenovo Group Limited)
DRV - (psadd) -- C:\Windows\System32\drivers\psadd.sys (Lenovo Information Product(ShenZhen China) Inc.)
DRV - (NETwNs32) -- C:\Windows\System32\drivers\NETwNs32.sys (Intel Corporation)
DRV - (AMPPALP) -- C:\Windows\System32\drivers\AmpPal.sys (Windows ® Win 7 DDK provider)
DRV - (AMPPAL) -- C:\Windows\System32\drivers\AmpPal.sys (Windows ® Win 7 DDK provider)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (WpsHelper) -- C:\Windows\System32\drivers\wpshelper.sys (Symantec Corporation)
DRV - (lenovo.smi) -- C:\Windows\System32\drivers\smiif32.sys (Lenovo Group Limited)
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (pmxdrv) -- C:\Windows\System32\drivers\pmxdrv.sys ()
DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.)
DRV - (NETw5s32) -- C:\Windows\System32\drivers\NETw5s32.sys (Intel Corporation)
DRV - (e1kexpress) -- C:\Windows\System32\drivers\e1k6232.sys (Intel Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (IntcDAud) -- C:\Windows\System32\drivers\IntcDAud.sys (Intel® Corporation)
DRV - (rimspci) -- C:\Windows\System32\drivers\rimspe86.sys (REDC)
DRV - (WPS) -- C:\Windows\System32\drivers\WPSDRVnt.sys (Symantec Corporation)
DRV - (SRTSPL) -- C:\Windows\System32\drivers\srtspl.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\System32\drivers\srtsp.sys (Symantec Corporation)
DRV - (SysPlant) -- C:\Windows\System32\drivers\SysPlant.sys (Symantec Corporation)
DRV - (Teefer2) -- C:\Windows\System32\drivers\Teefer2.sys (Symantec Corporation)
DRV - (SRTSPX) -- C:\Windows\System32\drivers\srtspx.sys (Symantec Corporation)
DRV - (SPBBCDrv) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (SYMTDI) -- C:\Windows\System32\drivers\symtdi.sys (Symantec Corporation)
DRV - (SYMREDRV) -- C:\Windows\System32\drivers\symredrv.sys (Symantec Corporation)
DRV - (Impcd) -- C:\Windows\System32\drivers\Impcd.sys (Intel Corporation)
DRV - (Shockprf) -- C:\Windows\System32\drivers\ApsX86.sys (Lenovo.)
DRV - (TPDIGIMN) -- C:\Windows\System32\drivers\ApsHM86.sys (Lenovo.)
DRV - (rixdpcie) -- C:\Windows\System32\drivers\rixdpe86.sys (REDC)
DRV - (HECI) -- C:\Windows\System32\drivers\HECI.sys (Intel Corporation)
DRV - (wisdpen) -- C:\Windows\System32\drivers\wisdpen.sys (Wacom Technology)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio32.sys (Conexant Systems, Inc.)
DRV - (TDFSD) -- C:\Program Files\Xythos\Drive\tdfsd.sys ()
DRV - (smihlp) -- C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys (UPEK Inc.)
DRV - (PowerLabUSB) -- C:\Windows\System32\drivers\plusb2_0_3_NTx86.sys (ADInstruments)
DRV - (prepdrvr) -- C:\Windows\System32\CCM\PrepDrv.sys (Microsoft Corporation)
DRV - (regi) -- C:\Windows\System32\drivers\regi.sys (InterVideo)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-1264701200-2902819742-3281919569-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1264701200-2902819742-3281919569-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1264701200-2902819742-3281919569-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2E 3B AB 63 E8 CA CA 01 [binary data]
IE - HKU\S-1-5-21-1264701200-2902819742-3281919569-1004\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1264701200-2902819742-3281919569-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1264701200-2902819742-3281919569-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.732: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.732: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=1.0.0.0: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.732: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.7: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\@xythos.com/Xythos Drive: C:\Program Files\Xythos\Drive\NPItEm.dll (Xythos Software, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\barnesdb\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\barnesdb\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\barnesdb\AppData\Roaming\IDM\idmmzcc5 [2012/09/11 20:16:07 | 000,000,000 | ---D | M]

[2012/09/08 22:13:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2008/09/10 01:09:32 | 000,079,216 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npContribute.dll
[2012/04/10 12:25:37 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

========== Chrome ==========

CHR - homepage: http://google.com/ig
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms},
CHR - homepage: http://google.com/ig
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\barnesdb\AppData\Local\Google\Chrome\Application\21.0.1180.77\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\barnesdb\AppData\Local\Google\Chrome\Application\21.0.1180.89\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_270.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\barnesdb\AppData\Local\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\barnesdb\AppData\Local\Google\Chrome\Application\21.0.1180.89\pdf.dll
CHR - plugin: Skype Click to Call (Enabled) = C:\Users\barnesdb\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.10.0.9560_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files\Garmin GPS Plugin\npGarmin.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Xythos Drive (Enabled) = C:\Program Files\Xythos\Drive\NPItEm.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\barnesdb\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw_1165635.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: BIODIGITAL HUMAN = C:\Users\barnesdb\AppData\Local\Google\Chrome\User Data\Default\Extensions\agoenciogemlojlhccbcpcfflicgnaak\0.9.5_0\
CHR - Extension: Google Drive = C:\Users\barnesdb\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: YouTube = C:\Users\barnesdb\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Image Downloader = C:\Users\barnesdb\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnpniohnfphhjihaiiggeabnkjhpaldj\1.3_0\
CHR - Extension: Google Search = C:\Users\barnesdb\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google Tasks (by Google) = C:\Users\barnesdb\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmglolhoplikcoamfgjgammjbgchgjdd\1.0_0\
CHR - Extension: Google Calendar = C:\Users\barnesdb\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.3_0\
CHR - Extension: Chain Reaction = C:\Users\barnesdb\AppData\Local\Google\Chrome\User Data\Default\Extensions\gemgfpodpjapjhfohdlibagceiknakpa\1.2_0\
CHR - Extension: Click&Clean = C:\Users\barnesdb\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\7.9_0\
CHR - Extension: AdBlock = C:\Users\barnesdb\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.43_0\
CHR - Extension: Google Calendar (by Google) = C:\Users\barnesdb\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbgaklkmjakoegficnlkhebmhkjfich\1.2_0\
CHR - Extension: Command & Conquer Tiberium Alliances = C:\Users\barnesdb\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgaeopgjojikeoiidmfaejkifhgjoooe\1.0.6_0\
CHR - Extension: Gestures for Chrome™ = C:\Users\barnesdb\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpkfjicglakibpenojifdiepckckakgk\1.12.1_0\
CHR - Extension: Chromium Wheel Smooth Scroller = C:\Users\barnesdb\AppData\Local\Google\Chrome\User Data\Default\Extensions\khpcanbeojalbkpgpmjpdkjnkfcgfkhb\1.0.33_0\
CHR - Extension: FVD Video Downloader = C:\Users\barnesdb\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfmhcpmkbdkbgbmkjoiopeeegenkdikp\1.3.0_0\
CHR - Extension: Google Dictionary (by Google) = C:\Users\barnesdb\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja\3.0.15_0\
CHR - Extension: Google Mail Checker = C:\Users\barnesdb\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff\4.3.4_0\
CHR - Extension: Google Chrome to Phone Extension = C:\Users\barnesdb\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco\2.3.1_0\
CHR - Extension: Gmail = C:\Users\barnesdb\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/09/06 19:37:42 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O3 - HKU\S-1-5-21-1264701200-2902819742-3281919569-1004\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [IMSS] C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe ()
O4 - HKLM..\Run: [LENTBCTL] C:\Program Files\ThinkPad\Tablet Shortcut\LENTBCTL.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [LPMailChecker] C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Windows\System32\nwiz.exe ()
O4 - HKLM..\Run: [PSQLLauncher] C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe (UPEK Inc.)
O4 - HKLM..\Run: [PWMTRV] C:\Program Files\ThinkPad\Utilities\PWMTR32V.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4 - HKLM..\Run: [TabletButton] C:\Program Files\ThinkPad\Tablet Shortcut\TabletButton.EXE (Lenovo Group Limited )
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-1264701200-2902819742-3281919569-1004..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-21-1264701200-2902819742-3281919569-1004..\Run: [CAHeadless] C:\Program Files\Adobe\Elements Organizer 8.0\CAHeadless\ElementsAutoAnalyzer.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-21-1264701200-2902819742-3281919569-1004..\Run: [FreeAC] C:\Program Files\FreeAlarmClock\FreeAlarmClock.exe (Comfort Software Group)
O4 - HKU\S-1-5-21-1264701200-2902819742-3281919569-1004..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKU\S-1-5-21-1264701200-2902819742-3281919569-1004..\Run: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe (PeerBlock, LLC)
O4 - HKU\S-1-5-21-1264701200-2902819742-3281919569-1004..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1264701200-2902819742-3281919569-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1264701200-2902819742-3281919569-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1264701200-2902819742-3281919569-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{806D7C4A-E926-4BDF-9534-02F52712D791}: DhcpNameServer = 192.168.1.254 75.75.75.75 75.75.76.76
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\psfus: DllName - (C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll) - C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (UPEK Inc.)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/09/14 01:08:28 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Users\barnesdb\Desktop\OTL.exe
[2012/09/13 00:10:04 | 000,000,000 | ---D | C] -- C:\Users\barnesdb\Desktop\Internet Stuff
[2012/09/12 05:05:29 | 000,490,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2012/09/11 22:44:03 | 000,000,000 | ---D | C] -- C:\Users\barnesdb\AppData\Roaming\Media Player Classic
[2012/09/11 22:42:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
[2012/09/11 22:42:09 | 000,839,680 | ---- | C] (http://www.mp3dev.org/) -- C:\Windows\System32\lameACM.acm
[2012/09/11 22:42:07 | 000,151,552 | ---- | C] (fccHandler) -- C:\Windows\System32\ac3acm.acm
[2012/09/11 22:41:57 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack
[2012/09/11 20:57:38 | 000,000,000 | ---D | C] -- C:\Users\barnesdb\AppData\Roaming\GRETECH
[2012/09/11 20:23:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOM Player
[2012/09/11 20:23:34 | 000,000,000 | ---D | C] -- C:\Program Files\GRETECH
[2012/09/11 20:16:06 | 000,000,000 | ---D | C] -- C:\Users\barnesdb\AppData\Roaming\IDM
[2012/09/11 20:16:06 | 000,000,000 | ---D | C] -- C:\Users\barnesdb\AppData\Roaming\DMCache
[2012/09/11 20:15:59 | 000,000,000 | ---D | C] -- C:\Users\barnesdb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
[2012/09/11 20:15:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
[2012/09/11 20:15:48 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Download Manager
[2012/09/10 01:29:22 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/09/10 01:16:09 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/09/06 20:42:46 | 000,000,000 | ---D | C] -- C:\Users\barnesdb\AppData\Roaming\SUPERAntiSpyware.com
[2012/09/06 20:42:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/09/06 20:42:38 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/09/06 20:42:38 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/09/06 03:53:43 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/09/05 18:33:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PeerBlock
[2012/09/05 18:33:34 | 000,000,000 | ---D | C] -- C:\Program Files\PeerBlock
[2012/09/05 08:35:02 | 000,097,632 | ---- | C] (Tonec Inc.) -- C:\Windows\System32\drivers\idmwfp.sys
[2012/09/04 13:46:54 | 000,000,000 | ---D | C] -- C:\Users\barnesdb\Desktop\Self
[2012/09/04 13:41:24 | 000,000,000 | ---D | C] -- C:\Users\barnesdb\Desktop\Programs
[2012/09/03 20:56:43 | 000,000,000 | ---D | C] -- C:\Users\barnesdb\AppData\Roaming\HP
[2012/09/03 20:52:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2012/09/03 20:51:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\HP
[2012/09/03 20:51:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Hewlett-Packard
[2012/09/03 20:50:07 | 000,000,000 | ---D | C] -- C:\Windows\hpoj4500g510n-z
[2012/09/03 20:48:21 | 000,122,880 | ---- | C] (Hewlett-Packard Company) -- C:\Windows\System32\hpf3l092.dll
[2012/09/03 20:47:35 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2012/09/03 20:46:17 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2012/09/03 20:46:10 | 000,716,288 | ---- | C] (Hewlett-Packard) -- C:\Windows\System32\hpwwiax9.dll
[2012/09/03 20:46:10 | 000,452,408 | ---- | C] (Hewlett-Packard) -- C:\Windows\System32\hpzids01.dll
[2012/09/03 20:46:09 | 000,593,920 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\System32\hpwtscl5.dll
[2012/09/03 20:46:09 | 000,315,392 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\System32\hpwvst01.dll
[2012/09/03 20:46:08 | 000,372,736 | ---- | C] (Hewlett-Packard) -- C:\Windows\System32\hppldcoi.dll
[2012/08/31 00:52:30 | 000,000,000 | ---D | C] -- C:\Users\barnesdb\Documents\VodBurner
[2012/08/31 00:31:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CamStudio
[2012/08/31 00:31:19 | 000,049,664 | ---- | C] (CamStudio Group) -- C:\Windows\System32\CamCodec.dll
[2012/08/31 00:31:19 | 000,000,000 | ---D | C] -- C:\Program Files\CamStudio 2.6b
[2012/08/28 15:07:03 | 000,000,000 | ---D | C] -- C:\Users\barnesdb\AppData\Roaming\Audacity
[2012/08/28 15:05:07 | 000,000,000 | ---D | C] -- C:\Program Files\Audacity
[2012/08/28 14:34:19 | 000,000,000 | ---D | C] -- C:\Users\barnesdb\AppData\Roaming\Chrome
[2012/08/27 16:06:26 | 000,000,000 | ---D | C] -- C:\Users\barnesdb\Desktop\UDEL
[2012/08/19 23:41:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Alarm Clock
[2012/08/19 23:41:01 | 000,000,000 | ---D | C] -- C:\Program Files\FreeAlarmClock
[2012/08/16 01:53:27 | 000,000,000 | ---D | C] -- C:\Users\barnesdb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MiPony
[2012/08/16 01:53:27 | 000,000,000 | ---D | C] -- C:\Program Files\MiPony
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/09/14 18:43:01 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1264701200-2902819742-3281919569-1004UA.job
[2012/09/14 18:27:54 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1264701200-2902819742-3281919569-1004Core.job
[2012/09/14 18:17:43 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/09/14 18:17:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/09/14 13:59:19 | 000,089,269 | ---- | M] () -- C:\Users\barnesdb\Desktop\488236_10151215973766350_1440505583_n.jpg
[2012/09/14 11:46:45 | 000,016,512 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/14 11:46:45 | 000,016,512 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/14 11:41:52 | 000,000,299 | ---- | M] () -- C:\Windows\SMSCFG.ini
[2012/09/14 11:41:47 | 000,638,586 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/09/14 11:41:47 | 000,111,556 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/09/14 11:38:36 | 2355,892,224 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/14 01:08:29 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\barnesdb\Desktop\OTL.exe
[2012/09/08 14:02:21 | 000,000,000 | ---- | M] () -- C:\Users\barnesdb\defogger_reenable
[2012/09/06 19:37:42 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/09/03 20:56:41 | 000,143,025 | ---- | M] () -- C:\Windows\hpwins28.dat
[2012/09/01 02:40:04 | 000,002,475 | ---- | M] () -- C:\Users\barnesdb\Desktop\Google Chrome.lnk
[2012/08/29 00:38:58 | 000,696,520 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/08/29 00:38:57 | 000,073,416 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/08/17 14:00:00 | 000,112,640 | ---- | M] () -- C:\Windows\System32\ff_vfw.dll
[2012/08/16 01:53:27 | 000,000,965 | ---- | M] () -- C:\Users\barnesdb\Application Data\Microsoft\Internet Explorer\Quick Launch\MiPony.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/09/14 13:59:19 | 000,089,269 | ---- | C] () -- C:\Users\barnesdb\Desktop\488236_10151215973766350_1440505583_n.jpg
[2012/09/11 22:42:09 | 000,216,064 | ---- | C] ( ) -- C:\Windows\System32\lagarith.dll
[2012/09/11 22:42:09 | 000,000,415 | ---- | C] () -- C:\Windows\System32\lame_acm.xml
[2012/09/11 22:42:08 | 000,243,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2012/09/11 22:42:06 | 000,178,688 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2012/09/11 22:42:01 | 000,112,640 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2012/09/08 14:02:21 | 000,000,000 | ---- | C] () -- C:\Users\barnesdb\defogger_reenable
[2012/09/03 20:46:29 | 000,143,025 | ---- | C] () -- C:\Windows\hpwins28.dat
[2012/09/03 20:46:29 | 000,000,418 | ---- | C] () -- C:\Windows\hpwmdl28.dat
[2012/08/28 15:05:26 | 000,000,981 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
[2012/08/16 01:53:27 | 000,000,965 | ---- | C] () -- C:\Users\barnesdb\Application Data\Microsoft\Internet Explorer\Quick Launch\MiPony.lnk
[2012/08/14 01:39:09 | 000,000,017 | ---- | C] () -- C:\Users\barnesdb\AppData\Local\resmon.resmoncfg
[2012/08/13 12:45:37 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/08/13 12:45:36 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/08/13 12:45:36 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/08/13 12:45:36 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/08/13 12:45:36 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/06/26 16:02:40 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012/03/22 23:08:37 | 000,081,920 | ---- | C] () -- C:\Windows\System32\dsp_trc.dll
[2011/11/30 19:34:47 | 000,000,016 | -H-- | C] () -- C:\ProgramData\obtf504
[2011/06/02 23:47:55 | 000,000,481 | ---- | C] () -- C:\Windows\eReg.dat
[2011/04/27 14:19:30 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011/04/27 14:19:30 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011/04/27 14:19:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011/04/27 14:19:30 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2011/02/11 23:17:42 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

< End of report >

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:30 PM

Posted 16 September 2012 - 05:36 PM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
    O4 - HKU\S-1-5-21-1264701200-2902819742-3281919569-1004..\Run: [AdobeBridge] File not found
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 Tricknasty118

Tricknasty118
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:30 PM

Posted 16 September 2012 - 06:31 PM

Hello,

Thank you for the continuing help

I ran the fix and tried Google a few times. I got click.get-amazing-results still on the redirect.

Here is the OTL custom fix Log

========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1264701200-2902819742-3281919569-1004\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge deleted successfully.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\barnesdb\Desktop\cmd.bat deleted successfully.
C:\Users\barnesdb\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: Administrator
->Java cache emptied: 0 bytes

User: All Users

User: barnesdb
->Java cache emptied: 12349334 bytes

User: Default
->Java cache emptied: 0 bytes

User: Default User
->Java cache emptied: 0 bytes

User: Public

User: TEMP
->Java cache emptied: 0 bytes

User: user

Total Java Files Cleaned = 12.00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 753 bytes

User: All Users

User: barnesdb
->Flash cache emptied: 3798 bytes

User: Default
->Flash cache emptied: 753 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: TEMP
->Flash cache emptied: 753 bytes

User: user

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.61.3 log created on 09162012_192634




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users