Jump to content


Photo
- - - - -

Malwarebytes successfully blocking Outlook access to potentially malicious website

malwarebytes outlook

  • This topic is locked This topic is locked
50 replies to this topic

#1 gtdowd

gtdowd

    New Member

  • Members
  • Pip
  • 32 posts

Posted 19 June 2012 - 07:30 AM

I am getting a pop up about once every 15-30 seconds reporting that Malwarebytes is blocking access to a potentially malicious website 208.73.210.155, Type: Outgoing, Process: Outlook.exe

I have run virus scan and come up with nothing.

Any thoughts?

#2 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,392 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 19 June 2012 - 08:55 AM

Hello gtdowd and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:
  • If you are a paying customer, you have the privilege to contact the help desk at support@malwarebytes.org or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

Please follow the instructions here and post the log files:
http://forums.malwar...?showtopic=9573
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#3 gtdowd

gtdowd

    New Member

  • Members
  • Pip
  • 32 posts

Posted 19 June 2012 - 09:55 AM

thanks very much, logs below.....

#4 gtdowd

gtdowd

    New Member

  • Members
  • Pip
  • 32 posts

Posted 19 June 2012 - 09:55 AM

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by X220 at 8:04:12 on 2012-06-19
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8075.5915 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\WUDFHost.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Windows\system32\CxAudMsg64.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files (x86)\Sierra Wireless Inc\Gobi\QDLService\GobiQDLService.exe
C:\Windows\system32\IProsetMonitor.exe
C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Windows\SysWOW64\PGPserv.exe
C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\SysWOW64\SAsrv.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\UI0Detect.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
C:\Windows\system32\Dwm.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
C:\Windows\System32\TpShocks.exe
C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Dexpot\dexpot.exe
C:\Program Files (x86)\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Quicken\bagent.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
C:\Windows\system32\rundll32.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files (x86)\ThinkPad\Tablet Shortcut\TSMResident.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe
C:\Program Files (x86)\Dexpot\Dexpot64.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SRORest.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Lenovo\System Update\SUService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files (x86)\ThinkPad\Tablet Shortcut\ASR\ASRSVC.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe
C:\PROGRA~1\Lenovo\HOTKEY\tpnumlk.exe
C:\Program Files (x86)\ThinkPad\Tablet Shortcut\TSMService.exe
C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
C:\Windows\system32\rundll32.exe
C:\PROGRA~1\Lenovo\Zoom\TPSCREX.EXE
C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE
C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2012\avgcfgex.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\igfxsrvc.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: WeCareReminder Class: {d824f0de-3d60-4f57-9eb1-66033ecd8abb} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
uRun: [Dexpot] C:\Program Files (x86)\Dexpot\dexpot.exe
uRun: [Sidebar] C:\Program Files (x86)\Windows Sidebar\sidebar.exe /autoRun
uRun: [QuickenScheduledUpdates] C:\Program Files (x86)\Quicken\bagent.exe
mRun: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
mRun: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
mRun: [IMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
mRun: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [TSMResident] "C:\Program Files (x86)\ThinkPad\Tablet Shortcut\TSMRESIDENT.EXE" /r
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\Users\X220\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\PICTUR~1.LNK - C:\Program Files (x86)\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\ThinkPad\Bluetooth Software\BTTray.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
LSP: C:\Windows\system32\PGPlsp.dll
Trusted Zone: intuit.com\ttlc
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {A6616B31-4860-41E2-98E3-CA7649AF172F} - file:///D:/launch.ocx
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: Interfaces\{2FBF9ABD-C455-4E88-AB46-4924300BBCC5} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{2FBF9ABD-C455-4E88-AB46-4924300BBCC5}\0557D607B696E65374 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{2FBF9ABD-C455-4E88-AB46-4924300BBCC5}\3416279626F657 : DhcpNameServer = 207.87.178.40 207.87.178.41 4.2.2.2
TCP: Interfaces\{2FBF9ABD-C455-4E88-AB46-4924300BBCC5}\34C6561627023507F64702664643 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{469A349C-5B6D-4F1A-8E18-175B08EF668D} : NameServer = 209.183.33.23 209.183.35.23
TCP: Interfaces\{C0F41CFF-96F9-46C4-B079-0BDBA30F2C78} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{DCFCB76C-CB1B-42C3-B199-54156D512045} : NameServer = 172.16.145.103 172.16.145.103
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
LSA: Notification Packages = scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO-X64: AVG Do Not Track - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: WeCareReminder Class: {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll
BHO-X64: WeCareReminder - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: SmartSelect - No File
TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
mRun-x64: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
mRun-x64: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
mRun-x64: [IMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
mRun-x64: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun-x64: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
mRun-x64: [TSMResident] "C:\Program Files (x86)\ThinkPad\Tablet Shortcut\TSMRESIDENT.EXE" /r
mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\X220\AppData\Roaming\Mozilla\Firefox\Profiles\pvclcagu.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&q=
FF - prefs.js: network.proxy.type - 4
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\npsitesafety.dll
FF - plugin: c:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\X220\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Users\X220\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\X220\AppData\Roaming\Mozilla\Firefox\Profiles\pvclcagu.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\plugins\np-mswmp.dll
FF - plugin: C:\Users\X220\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\X220\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Users\X220\AppData\Roaming\Mozilla\plugins\npicaN.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\system32\DRIVERS\avgidsha.sys --> C:\Windows\system32\DRIVERS\avgidsha.sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R0 DzHDD64;DzHDD64;C:\Windows\system32\DRIVERS\DzHDD64.sys --> C:\Windows\system32\DRIVERS\DzHDD64.sys [?]
R0 pgpfs;PGP File Sharing;C:\Windows\system32\Drivers\PGPfsfd.sys --> C:\Windows\system32\Drivers\PGPfsfd.sys [?]
R0 Pgpwdefs;Pgpwdefs;C:\Windows\system32\DRIVERS\Pgpwdefs.sys --> C:\Windows\system32\DRIVERS\Pgpwdefs.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R0 TPDIGIMN;TPDIGIMN;C:\Windows\system32\DRIVERS\ApsHM64.sys --> C:\Windows\system32\DRIVERS\ApsHM64.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 lenovo.smi;Lenovo System Interface Driver;C:\Windows\system32\DRIVERS\smiifx64.sys --> C:\Windows\system32\DRIVERS\smiifx64.sys [?]
R1 PHCORE;PHCORE;C:\Program Files\Lenovo\RapidBoot\PHCORE64.sys [2011-7-8 32104]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
R2 CxAudMsg;Conexant Audio Message Service;C:\Windows\system32\CxAudMsg64.exe --> C:\Windows\system32\CxAudMsg64.exe [?]
R2 GobiQDLService;Sierra Wireless QDL Service;C:\Program Files (x86)\Sierra Wireless Inc\Gobi\QDLService\GobiQDLService.exe [2011-9-1 316784]
R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\system32\IProsetMonitor.exe --> C:\Windows\system32\IProsetMonitor.exe [?]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-8-25 13672]
R2 jhi_service;Intel® Identity Protection Technology Host Interface Service;C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2011-2-7 210896]
R2 LENOVO.CAMMUTE;Lenovo Camera Mute;C:\Program Files\Lenovo\Communications Utility\CamMute.exe [2011-12-10 41320]
R2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe [2011-12-10 59240]
R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe [2011-12-10 133992]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-5-18 654408]
R2 risdxc;risdxc;C:\Windows\system32\DRIVERS\risdxc64.sys --> C:\Windows\system32\DRIVERS\risdxc64.sys [?]
R2 SAService;Conexant SmartAudio service;C:\Windows\System32\SASrv.exe [2011-12-10 446592]
R2 smihlp;SMI Helper Driver (smihlp);C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [2011-5-30 13128]
R2 SROSVC;Screen Reading Optimizer Service Program;C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe [2011-12-10 446800]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-12-10 2656280]
R2 vpnagent;Cisco AnyConnect VPN Agent;C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2009-10-9 493248]
R2 vToolbarUpdater11.1.0;vToolbarUpdater11.1.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe [2012-6-12 935480]
R3 5U877;USB Video Device;C:\Windows\system32\DRIVERS\5U877.sys --> C:\Windows\system32\DRIVERS\5U877.sys [?]
R3 ASRSVC;ASR Service;C:\Program Files (x86)\ThinkPad\Tablet Shortcut\ASR\ASRSVC.exe [2011-12-10 79136]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\avgidsdrivera.sys --> C:\Windows\system32\DRIVERS\avgidsdrivera.sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\avgidsfiltera.sys --> C:\Windows\system32\DRIVERS\avgidsfiltera.sys [?]
R3 DozeSvc;Lenovo Doze Mode Service;C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2012-2-14 478056]
R3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;C:\Windows\system32\DRIVERS\e1c62x64.sys --> C:\Windows\system32\DRIVERS\e1c62x64.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 iwdbus;IWD Bus Enumerator;C:\Windows\system32\DRIVERS\iwdbus.sys --> C:\Windows\system32\DRIVERS\iwdbus.sys [?]
R3 LENOVO.MICMUTE;Lenovo Microphone Mute;C:\Program Files\Lenovo\HOTKEY\micmute.exe [2011-12-10 101736]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 swg3kmbb01;Sierra Wireless QMI USB-NDIS 6.20 miniport for Lenovo;C:\Windows\system32\DRIVERS\swg3kmbb01.sys --> C:\Windows\system32\DRIVERS\swg3kmbb01.sys [?]
R3 swg3knmea01;Sierra Wireless QMI NMEA Communication - Lenovo;C:\Windows\system32\DRIVERS\swg3knmea01.sys --> C:\Windows\system32\DRIVERS\swg3knmea01.sys [?]
R3 swg3kser01;Sierra Wireless QMI USB Device for Legacy Serial Communication - Lenovo;C:\Windows\system32\DRIVERS\swg3kser01.sys --> C:\Windows\system32\DRIVERS\swg3kser01.sys [?]
R3 swibus01;Sierra Wireless Bus Enumerator 01;C:\Windows\system32\DRIVERS\swibus01.sys --> C:\Windows\system32\DRIVERS\swibus01.sys [?]
R3 swibusflt01;Sierra Wireless Bus Enumerator Filter 01;C:\Windows\system32\DRIVERS\swibusflt01.sys --> C:\Windows\system32\DRIVERS\swibusflt01.sys [?]
R3 TabletSVC;TABLET Service;C:\Program Files (x86)\ThinkPad\Tablet Shortcut\TSMService.exe [2011-12-10 83440]
R3 TPHKLOAD;Lenovo Hotkey Client Loader;C:\Program Files\Lenovo\HOTKEY\tphkload.exe [2011-12-10 145256]
R3 TPHKSVC;On Screen Display;C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe [2011-12-10 142696]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S0 Soluto;Soluto;C:\Windows\system32\DRIVERS\Soluto.sys --> C:\Windows\system32\DRIVERS\Soluto.sys [?]
S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-4-30 5106744]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 HyperW7Svc;HyperW7 Service;C:\Program Files\Lenovo\RapidBoot\HyperW7Svc64.exe [2011-7-8 144232]
S2 SolutoService;Soluto PCGenome Core Service;C:\Program Files\Soluto\SolutoService.exe [2012-4-24 584224]
S3 BTWAMPFL;BTWAMPFL;C:\Windows\system32\DRIVERS\btwampfl.sys --> C:\Windows\system32\DRIVERS\btwampfl.sys [?]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
S3 GTNDIS62;GT62 UHS IP NDIS;C:\Windows\system32\DRIVERS\gtuhs62.sys --> C:\Windows\system32\DRIVERS\gtuhs62.sys [?]
S3 GTUHSBUS;GT UHS BUS;C:\Windows\system32\DRIVERS\gtuhsbus.sys --> C:\Windows\system32\DRIVERS\gtuhsbus.sys [?]
S3 GTUHSSER;GT UHS SER;C:\Windows\system32\DRIVERS\gtuhsser.sys --> C:\Windows\system32\DRIVERS\gtuhsser.sys [?]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\system32\drivers\intelaud.sys --> C:\Windows\system32\drivers\intelaud.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-5 113120]
S3 PACSPTISVR-Sound_Organizer;PACSPTISVR-Sound_Organizer;C:\Program Files (x86)\Sony\Sound Organizer\Sony.Earth\PACSPTISVR.exe [2011-6-23 157544]
S3 Power Manager DBC Service;Power Manager DBC Service;C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe [2011-12-10 89152]
S3 PwmEWSvc;Cisco EnergyWise Enabler;C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.exe [2011-12-10 175168]
S3 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 61976]
S4 RsFx0105;RsFx0105 Driver;C:\Windows\system32\DRIVERS\RsFx0105.sys --> C:\Windows\system32\DRIVERS\RsFx0105.sys [?]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-9-22 431464]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-06-18 13:15:08 -------- d-sh--w- C:\$RECYCLE.BIN
2012-06-18 12:34:56 98816 ----a-w- C:\Windows\sed.exe
2012-06-18 12:34:56 518144 ----a-w- C:\Windows\SWREG.exe
2012-06-18 12:34:56 256000 ----a-w- C:\Windows\PEV.exe
2012-06-18 12:34:56 208896 ----a-w- C:\Windows\MBR.exe
2012-06-14 00:11:59 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2012-06-14 00:11:59 366592 ----a-w- C:\Windows\System32\qdvd.dll
2012-06-09 15:40:17 770384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-09 15:40:17 421200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-09 00:12:30 -------- d-----w- C:\Users\X220\AppData\Local\{809704FA-C931-478D-B31C-D950B2CC53D3}
2012-06-09 00:12:19 -------- d-----w- C:\Users\X220\AppData\Local\{0748966C-BB0A-4F50-B83C-758ADED73862}
2012-06-08 23:32:37 -------- d-----w- C:\Users\X220\AppData\Local\Macromedia
2012-06-02 14:48:22 55280 ------w- C:\Windows\System32\drivers\PxHlpa64.sys
2012-06-02 14:48:22 10224 ------w- C:\Windows\System32\drivers\cdralw2k.sys
2012-06-02 14:48:22 10224 ------w- C:\Windows\System32\drivers\cdr4_xp.sys
2012-06-02 14:48:22 -------- d-----w- C:\Program Files (x86)\Common Files\PX Storage Engine
2012-05-30 02:24:24 -------- d-----w- C:\Program Files (x86)\Scratch
2012-05-20 20:25:57 -------- d-----w- C:\Users\X220\AppData\Roaming\Avery
2012-05-20 20:23:38 -------- d-----w- C:\Program Files (x86)\Avery Dennison
.
==================== Find3M ====================
.
2012-06-08 23:32:29 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-08 23:32:29 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-05-15 01:32:33 3146752 ----a-w- C:\Windows\System32\win32k.sys
2012-05-09 12:23:10 8769696 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll
2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-04-24 22:13:24 54728 ----a-w- C:\Windows\System32\drivers\Soluto.sys
2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll
2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-04-19 09:50:26 28480 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
2012-04-07 12:31:40 3216384 ----a-w- C:\Windows\System32\msi.dll
2012-04-07 11:26:29 2342400 ----a-w- C:\Windows\SysWow64\msi.dll
2012-04-04 20:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-03-30 11:35:47 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
.
============= FINISH: 8:04:24.31 ===============

#5 gtdowd

gtdowd

    New Member

  • Members
  • Pip
  • 32 posts

Posted 19 June 2012 - 09:56 AM

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 12/9/2011 7:12:28 AM
System Uptime: 6/19/2012 6:25:53 AM (2 hours ago)
.
Motherboard: LENOVO | | 4294CTO
Processor: Intel® Core™ i7-2640M CPU @ 2.80GHz | CPU | 2801/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 477 GiB total, 162.466 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Intel® Centrino® Advanced-N + WiMAX 6250
Device ID: USB\VID_8086&PID_0187\6&3E6B990&0&3
Manufacturer:
Name: Intel® Centrino® Advanced-N + WiMAX 6250
PNP Device ID: USB\VID_8086&PID_0187\6&3E6B990&0&3
Service:
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64
PNP Device ID: ROOT\NET\0000
Service: vpnva
.
==== System Restore Points ===================
.
RP148: 6/2/2012 9:48:25 AM - Installed Sound Organizer.
RP149: 6/2/2012 12:52:57 PM - Installed Sound Organizer.
RP150: 6/4/2012 9:18:29 PM - Installed AVG 2012
RP151: 6/5/2012 6:29:24 AM - Windows Update
RP152: 6/12/2012 9:17:23 AM - Scheduled Checkpoint
RP153: 6/13/2012 6:28:25 PM - Windows Update
RP154: 6/13/2012 7:12:00 PM - Windows Update
RP155: 6/18/2012 7:34:59 AM - ComboFix created restore point
.
==== Installed Programs ======================
.
.
Update for Microsoft Office 2007 (KB2508958)
µTorrent
Adobe Acrobat 9 Pro - English, Français, Deutsch
Adobe Acrobat 9.5.1 - CPSID_83708
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Dreamweaver CS3
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Help Viewer CS3
Adobe PDF Library Files
Adobe Setup
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Apple Application Support
Apple Software Update
ASPCA Reminder by We-Care.com v5.0.5.1
Batman - Arkham City
BlackBerry Desktop Software 6.1
Brother MFL-Pro Suite MFC-790CW
Burn.Now 4.5
Call of Duty: Modern Warfare 3
Call of Duty: Modern Warfare 3 - Multiplayer
Cisco AnyConnect VPN Client
Citrix XenApp Web Plugin
ClipCase
Corel Burn.Now Lenovo Edition
Corel DVD MovieFactory 7
Corel DVD MovieFactory Lenovo Edition
Corel WinDVD
CQGNet
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DesignPro 5
Dexpot
Direct DiscRecorder
DivXLand Media Subtitler
Dual-Core Optimizer
Duplicate Cleaner 2.1b
Family Tree Maker 2011
FileZilla Client 3.5.3
FrontLook Screen Capture 1.0
GetFLV 9.1.0.0
GIMP 2.6.11
Google SketchUp 8
Google Talk Plugin
HandBrake 0.9.6
IC-R2 Programmer
Integrated Camera Driver Installer Package Ver.1.1.0.1147
Integrated Camera TWAIN
Intel PROSet Wireless
Intel® Control Center
Intel® Identity Protection Technology 1.0.74.0
Intel® Management Engine Components
Intel® Processor Graphics
Intel® WiDi
iSEEK AnswerWorks English Runtime
Java Auto Updater
Java™ 6 Update 31
Junk Mail filter update
LEGO MINDSTORMS NXT - English Language Pack
LEGO MINDSTORMS NXT Migration Package
LEGO MINDSTORMS NXT Software v2.0
Lenovo Patch Utility
Lenovo Screen Reading Optimizer
LiveZilla
Malwarebytes Anti-Malware version 1.61.0.1400
Mesh Runtime
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Application Error Reporting
Microsoft Camera Codec Pack
Microsoft CCR and DSS Runtime 4 Beta 2
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Outlook 2010
Microsoft Office Outlook MUI (English) 2007
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2007
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing (English) 2010
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Standard 2007
Microsoft Office Word MUI (English) 2007
Microsoft Outlook 2010
Microsoft Primary Interoperability Assemblies 2005
Microsoft Robotics Developer Studio 4 Beta 2
Microsoft Server Speech Recognition Language - Kinect (en-US)
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2008 Browser
Microsoft SQL Server 2008 R2 Management Objects
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server System CLR Types
Microsoft Visual C# 2010 Express - ENU
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
Microsoft WSE 3.0 Runtime
Microsoft XNA Framework Redistributable 4.0
Mozilla Firefox 13.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nikon Message Center 2
Nikon Movie Editor
NVIDIA GAME System Software 2.8.1
Objection Series 3.4
Picture Control Utility
Pidgin
Quicken 2012
Quicken WillMaker Plus 2012
QuickTime
RICOH_Media_Driver_v2.14.18.01
Scratch
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visual C# 2010 Express - ENU (KB2251489)
Sierra Wireless QMI Lenovo Driver Package
Skype Click to Call
Skype™ 5.8
Sony DVD Architect Studio 4.5
Sony Picture Utility
Sony Sound Forge Audio Studio 9.0
Sound Organizer
Steam
System Update
ThinkPad Power Manager
ThinkPad Tablet Button Driver
ThinkPad Tablet Shortcut Menu
ThinkPad UltraNav Utility
TreeSize Free V2.5
TurboTax 2011
TurboTax 2011 wiliper
TurboTax 2011 WinPerFedFormset
TurboTax 2011 WinPerReleaseEngine
TurboTax 2011 WinPerTaxSupport
TurboTax 2011 wrapper
Unity Web Player
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687267) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Vegas Movie Studio Platinum 9.0
VirtualDJ Home FREE
Visual Studio 2008 x64 Redistributables
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
VLC media player 2.0.0
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Encoder 9 Series
Windows Media Player Firefox Plugin
Word 2007 Content Control Toolkit
XAMPP 1.7.7
.
==== Event Viewer Messages From Past Week ========
.
6/19/2012 6:29:04 AM, Error: NetBT [4307] - Initialization failed because the transport refused to open initial addresses.
6/19/2012 6:26:36 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom
6/18/2012 8:14:40 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgtdia cdrom
6/18/2012 7:53:14 AM, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: The specified module could not be found.
6/18/2012 7:51:39 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
6/18/2012 7:41:18 AM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
6/13/2012 6:47:17 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.
6/12/2012 10:33:52 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the jhi_service service.
6/12/2012 10:33:52 AM, Error: Service Control Manager [7000] - The Intel® Identity Protection Technology Host Interface Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================

#6 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,392 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 19 June 2012 - 10:35 AM

Step 1

Please uninstall µTorrent, because of our policy:
http://forums.malwar...showtopic=97700


Step 2

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.


Step 3

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.


In your next reply, post the following log files:

  • TDSSKiller log
  • Malwarebytes' Anti-Malware log
  • a new fresh DDS log file

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#7 gtdowd

gtdowd

    New Member

  • Members
  • Pip
  • 32 posts

Posted 19 June 2012 - 12:43 PM

1. µTorrent uninstalled as requested.
2. TDSSKiller log, Malwarebytes' Anti-Malware log and a new fresh DDS log file posted below
Thanks,
G

#8 gtdowd

gtdowd

    New Member

  • Members
  • Pip
  • 32 posts

Posted 19 June 2012 - 12:43 PM

12:23:47.0444 3516 TDSS rootkit removing tool 2.7.40.0 Jun 15 2012 15:13:31
12:23:47.0460 3516 ============================================================
12:23:47.0460 3516 Current date / time: 2012/06/19 12:23:47.0460
12:23:47.0460 3516 SystemInfo:
12:23:47.0460 3516
12:23:47.0460 3516 OS Version: 6.1.7601 ServicePack: 1.0
12:23:47.0460 3516 Product type: Workstation
12:23:47.0460 3516 ComputerName: X220-PC
12:23:47.0460 3516 UserName: X220
12:23:47.0460 3516 Windows directory: C:\Windows
12:23:47.0460 3516 System windows directory: C:\Windows
12:23:47.0460 3516 Running under WOW64
12:23:47.0460 3516 Processor architecture: Intel x64
12:23:47.0460 3516 Number of processors: 4
12:23:47.0460 3516 Page size: 0x1000
12:23:47.0460 3516 Boot type: Normal boot
12:23:47.0460 3516 ============================================================
12:23:47.0616 3516 Drive \Device\Harddisk0\DR0 - Size: 0x773C256000 (476.94 Gb), SectorSize: 0x200, Cylinders: 0xF334, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:23:47.0616 3516 ============================================================
12:23:47.0616 3516 \Device\Harddisk0\DR0:
12:23:47.0616 3516 MBR partitions:
12:23:47.0616 3516 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
12:23:47.0616 3516 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3B9AE000
12:23:47.0616 3516 ============================================================
12:23:47.0616 3516 C: <-> \Device\Harddisk0\DR0\Partition1
12:23:47.0616 3516 ============================================================
12:23:47.0616 3516 Initialize success
12:23:47.0616 3516 ============================================================
12:24:01.0780 5508 ============================================================
12:24:01.0780 5508 Scan started
12:24:01.0780 5508 Mode: Manual; SigCheck; TDLFS;
12:24:01.0780 5508 ============================================================
12:24:01.0843 5508 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
12:24:01.0874 5508 1394ohci - ok
12:24:01.0890 5508 5U877 (f4af97702bad85bfef64b9a557f11b6f) C:\Windows\system32\DRIVERS\5U877.sys
12:24:01.0905 5508 5U877 - ok
12:24:01.0921 5508 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
12:24:01.0921 5508 ACPI - ok
12:24:01.0936 5508 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
12:24:01.0952 5508 AcpiPmi - ok
12:24:01.0968 5508 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
12:24:01.0983 5508 adp94xx - ok
12:24:01.0983 5508 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
12:24:01.0999 5508 adpahci - ok
12:24:01.0999 5508 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
12:24:02.0014 5508 adpu320 - ok
12:24:02.0014 5508 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
12:24:02.0046 5508 AeLookupSvc - ok
12:24:02.0061 5508 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
12:24:02.0077 5508 AFD - ok
12:24:02.0077 5508 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
12:24:02.0092 5508 agp440 - ok
12:24:02.0092 5508 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
12:24:02.0092 5508 ALG - ok
12:24:02.0108 5508 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
12:24:02.0108 5508 aliide - ok
12:24:02.0124 5508 ALSysIO - ok
12:24:02.0124 5508 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
12:24:02.0124 5508 amdide - ok
12:24:02.0139 5508 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
12:24:02.0139 5508 AmdK8 - ok
12:24:02.0155 5508 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
12:24:02.0155 5508 AmdPPM - ok
12:24:02.0170 5508 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
12:24:02.0170 5508 amdsata - ok
12:24:02.0170 5508 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
12:24:02.0186 5508 amdsbs - ok
12:24:02.0186 5508 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
12:24:02.0202 5508 amdxata - ok
12:24:02.0202 5508 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
12:24:02.0233 5508 AppID - ok
12:24:02.0248 5508 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
12:24:02.0280 5508 AppIDSvc - ok
12:24:02.0280 5508 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
12:24:02.0311 5508 Appinfo - ok
12:24:02.0326 5508 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
12:24:02.0326 5508 Apple Mobile Device - ok
12:24:02.0342 5508 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
12:24:02.0342 5508 AppMgmt - ok
12:24:02.0342 5508 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
12:24:02.0358 5508 arc - ok
12:24:02.0358 5508 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
12:24:02.0373 5508 arcsas - ok
12:24:02.0373 5508 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
12:24:02.0389 5508 aspnet_state - ok
12:24:02.0389 5508 ASRSVC (eae432a64924ce4e5afb128b92e4c78a) C:\Program Files (x86)\ThinkPad\Tablet Shortcut\ASR\ASRSVC.exe
12:24:02.0404 5508 ASRSVC - ok
12:24:02.0404 5508 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
12:24:02.0420 5508 AsyncMac - ok
12:24:02.0436 5508 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
12:24:02.0436 5508 atapi - ok
12:24:02.0451 5508 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
12:24:02.0482 5508 AudioEndpointBuilder - ok
12:24:02.0498 5508 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
12:24:02.0529 5508 AudioSrv - ok
12:24:02.0592 5508 AVGIDSAgent (ba60fd7a64b9759a14c0fba4a9ed4c7b) C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
12:24:02.0654 5508 AVGIDSAgent - ok
12:24:02.0670 5508 AVGIDSDriver (1b2e9fcdc26dc7c81d4131430e2dc936) C:\Windows\system32\DRIVERS\avgidsdrivera.sys
12:24:02.0685 5508 AVGIDSDriver - ok
12:24:02.0685 5508 AVGIDSFilter (0f293406f64b48d5d2f0d3a1117f3a83) C:\Windows\system32\DRIVERS\avgidsfiltera.sys
12:24:02.0701 5508 AVGIDSFilter - ok
12:24:02.0701 5508 AVGIDSHA (cffc3a4a638f462e0561cb368b9a7a3a) C:\Windows\system32\DRIVERS\avgidsha.sys
12:24:02.0716 5508 AVGIDSHA - ok
12:24:02.0716 5508 Avgldx64 (59955b4c288dd2a8b9fd2cd5158355c5) C:\Windows\system32\DRIVERS\avgldx64.sys
12:24:02.0732 5508 Avgldx64 - ok
12:24:02.0732 5508 Avgmfx64 (a6aec362aae5e2dda7445e7690cb0f33) C:\Windows\system32\DRIVERS\avgmfx64.sys
12:24:02.0732 5508 Avgmfx64 - ok
12:24:02.0748 5508 Avgrkx64 (645c7f0a0e39758a0024a9b1748273c0) C:\Windows\system32\DRIVERS\avgrkx64.sys
12:24:02.0748 5508 Avgrkx64 - ok
12:24:02.0763 5508 Avgtdia (1bee674ad792b1c63bb0dac5fa724b23) C:\Windows\system32\DRIVERS\avgtdia.sys
12:24:02.0763 5508 Avgtdia - ok
12:24:02.0779 5508 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
12:24:02.0779 5508 avgwd - ok
12:24:02.0794 5508 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
12:24:02.0810 5508 AxInstSV - ok
12:24:02.0826 5508 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
12:24:02.0826 5508 b06bdrv - ok
12:24:02.0841 5508 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
12:24:02.0857 5508 b57nd60a - ok
12:24:02.0857 5508 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
12:24:02.0872 5508 BDESVC - ok
12:24:02.0872 5508 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
12:24:02.0888 5508 Beep - ok
12:24:02.0904 5508 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
12:24:02.0935 5508 BFE - ok
12:24:02.0950 5508 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
12:24:02.0982 5508 BITS - ok
12:24:02.0982 5508 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
12:24:02.0997 5508 blbdrive - ok
12:24:03.0013 5508 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
12:24:03.0028 5508 Bonjour Service - ok
12:24:03.0028 5508 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
12:24:03.0028 5508 bowser - ok
12:24:03.0028 5508 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
12:24:03.0044 5508 BrFiltLo - ok
12:24:03.0044 5508 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
12:24:03.0060 5508 BrFiltUp - ok
12:24:03.0060 5508 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
12:24:03.0091 5508 BridgeMP - ok
12:24:03.0091 5508 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
12:24:03.0106 5508 Browser - ok
12:24:03.0122 5508 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
12:24:03.0138 5508 Brserid - ok
12:24:03.0138 5508 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
12:24:03.0138 5508 BrSerWdm - ok
12:24:03.0153 5508 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
12:24:03.0153 5508 BrUsbMdm - ok
12:24:03.0153 5508 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
12:24:03.0169 5508 BrUsbSer - ok
12:24:03.0169 5508 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\DRIVERS\BthEnum.sys
12:24:03.0184 5508 BthEnum - ok
12:24:03.0184 5508 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
12:24:03.0184 5508 BTHMODEM - ok
12:24:03.0200 5508 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
12:24:03.0200 5508 BthPan - ok
12:24:03.0216 5508 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\system32\Drivers\BTHport.sys
12:24:03.0231 5508 BTHPORT - ok
12:24:03.0231 5508 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
12:24:03.0262 5508 bthserv - ok
12:24:03.0262 5508 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\system32\Drivers\BTHUSB.sys
12:24:03.0262 5508 BTHUSB - ok
12:24:03.0278 5508 BTWAMPFL (f8cfafbd5bf8b3ddb0d3c2943a5af8ce) C:\Windows\system32\DRIVERS\btwampfl.sys
12:24:03.0294 5508 BTWAMPFL - ok
12:24:03.0294 5508 btwaudio (24bff9d75310f3059ee44f38bf0de0b2) C:\Windows\system32\drivers\btwaudio.sys
12:24:03.0309 5508 btwaudio - ok
12:24:03.0309 5508 btwavdt (858b305ade425732cff9ded182f94fb8) C:\Windows\system32\drivers\btwavdt.sys
12:24:03.0309 5508 btwavdt - ok
12:24:03.0340 5508 btwdins (6ef8cc2f2fda2098089a33f43f4e019d) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
12:24:03.0356 5508 btwdins - ok
12:24:03.0356 5508 btwl2cap (b9354f9f111c64f2495b60f1e24cb453) C:\Windows\system32\DRIVERS\btwl2cap.sys
12:24:03.0372 5508 btwl2cap - ok
12:24:03.0372 5508 btwrchid (3bd876387d6c538690300f9ec198856b) C:\Windows\system32\DRIVERS\btwrchid.sys
12:24:03.0372 5508 btwrchid - ok
12:24:03.0372 5508 catchme - ok
12:24:03.0387 5508 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
12:24:03.0403 5508 cdfs - ok
12:24:03.0403 5508 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
12:24:03.0418 5508 cdrom - ok
12:24:03.0418 5508 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
12:24:03.0450 5508 CertPropSvc - ok
12:24:03.0450 5508 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
12:24:03.0465 5508 circlass - ok
12:24:03.0465 5508 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
12:24:03.0481 5508 CLFS - ok
12:24:03.0481 5508 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:24:03.0496 5508 clr_optimization_v2.0.50727_32 - ok
12:24:03.0496 5508 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
12:24:03.0496 5508 clr_optimization_v2.0.50727_64 - ok
12:24:03.0512 5508 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:24:03.0528 5508 clr_optimization_v4.0.30319_32 - ok
12:24:03.0528 5508 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
12:24:03.0528 5508 clr_optimization_v4.0.30319_64 - ok
12:24:03.0543 5508 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
12:24:03.0543 5508 CmBatt - ok
12:24:03.0543 5508 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
12:24:03.0559 5508 cmdide - ok
12:24:03.0559 5508 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
12:24:03.0574 5508 CNG - ok
12:24:03.0621 5508 CnxtHdAudService (8de541b4cfa281a204baa3ea2109809e) C:\Windows\system32\drivers\CHDRT64.sys
12:24:03.0637 5508 CnxtHdAudService - ok
12:24:03.0652 5508 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
12:24:03.0668 5508 Compbatt - ok
12:24:03.0668 5508 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
12:24:03.0668 5508 CompositeBus - ok
12:24:03.0684 5508 COMSysApp - ok
12:24:03.0684 5508 cpuz135 - ok
12:24:03.0684 5508 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
12:24:03.0684 5508 crcdisk - ok
12:24:03.0699 5508 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
12:24:03.0699 5508 CryptSvc - ok
12:24:03.0715 5508 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
12:24:03.0730 5508 CSC - ok
12:24:03.0746 5508 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
12:24:03.0762 5508 CscService - ok
12:24:03.0762 5508 CxAudMsg (9d0d050170d47e778b624a28c90f23de) C:\Windows\system32\CxAudMsg64.exe
12:24:03.0777 5508 CxAudMsg - ok
12:24:03.0777 5508 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
12:24:03.0808 5508 DcomLaunch - ok
12:24:03.0824 5508 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
12:24:03.0840 5508 defragsvc - ok
12:24:03.0855 5508 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
12:24:03.0871 5508 DfsC - ok
12:24:03.0886 5508 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
12:24:03.0918 5508 Dhcp - ok
12:24:03.0918 5508 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
12:24:03.0933 5508 discache - ok
12:24:03.0949 5508 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
12:24:03.0949 5508 Disk - ok
12:24:03.0949 5508 dmvsc (5db085a8a6600be6401f2b24eecb5415) C:\Windows\system32\drivers\dmvsc.sys
12:24:03.0964 5508 dmvsc - ok
12:24:03.0964 5508 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
12:24:03.0980 5508 Dnscache - ok
12:24:03.0980 5508 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
12:24:04.0011 5508 dot3svc - ok
12:24:04.0027 5508 DozeSvc (277247b79da2230d0c3aeb83e6cd8ca7) C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE
12:24:04.0027 5508 DozeSvc - ok
12:24:04.0042 5508 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
12:24:04.0058 5508 DPS - ok
12:24:04.0058 5508 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
12:24:04.0074 5508 drmkaud - ok
12:24:04.0089 5508 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
12:24:04.0105 5508 DXGKrnl - ok
12:24:04.0120 5508 DzHDD64 (ce4cffd9f64b86bceb1c343fc9924d72) C:\Windows\system32\DRIVERS\DzHDD64.sys
12:24:04.0120 5508 DzHDD64 - ok
12:24:04.0136 5508 e1cexpress (5db7ceb8fb44abf01614e33bad2056e0) C:\Windows\system32\DRIVERS\e1c62x64.sys
12:24:04.0136 5508 e1cexpress - ok
12:24:04.0152 5508 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
12:24:04.0167 5508 EapHost - ok
12:24:04.0230 5508 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
12:24:04.0261 5508 ebdrv - ok
12:24:04.0276 5508 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
12:24:04.0292 5508 EFS - ok
12:24:04.0308 5508 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
12:24:04.0323 5508 ehRecvr - ok
12:24:04.0323 5508 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
12:24:04.0323 5508 ehSched - ok
12:24:04.0339 5508 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
12:24:04.0354 5508 elxstor - ok
12:24:04.0354 5508 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
12:24:04.0370 5508 ErrDev - ok
12:24:04.0386 5508 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
12:24:04.0401 5508 EventSystem - ok
12:24:04.0432 5508 EvtEng (e3a96d5ae6e5c7b5472011ba77353368) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
12:24:04.0464 5508 EvtEng - ok
12:24:04.0479 5508 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
12:24:04.0510 5508 exfat - ok
12:24:04.0510 5508 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
12:24:04.0542 5508 fastfat - ok
12:24:04.0557 5508 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
12:24:04.0573 5508 Fax - ok
12:24:04.0573 5508 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
12:24:04.0573 5508 fdc - ok
12:24:04.0588 5508 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
12:24:04.0604 5508 fdPHost - ok
12:24:04.0604 5508 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
12:24:04.0635 5508 FDResPub - ok
12:24:04.0635 5508 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
12:24:04.0635 5508 FileInfo - ok
12:24:04.0651 5508 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
12:24:04.0666 5508 Filetrace - ok
12:24:04.0682 5508 FLEXnet Licensing Service (f76d04f7413b07daa029f6520b64b4e8) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
12:24:04.0698 5508 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
12:24:04.0698 5508 FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
12:24:04.0698 5508 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
12:24:04.0713 5508 flpydisk - ok
12:24:04.0713 5508 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
12:24:04.0729 5508 FltMgr - ok
12:24:04.0744 5508 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
12:24:04.0760 5508 FontCache - ok
12:24:04.0776 5508 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
12:24:04.0776 5508 FontCache3.0.0.0 - ok
12:24:04.0791 5508 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
12:24:04.0791 5508 FsDepends - ok
12:24:04.0791 5508 fssfltr (07da62c960ddccc2d35836aeab4fc578) C:\Windows\system32\DRIVERS\fssfltr.sys
12:24:04.0807 5508 fssfltr - ok
12:24:04.0854 5508 fsssvc (28ddeeec44e988657b732cf404d504cb) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
12:24:04.0885 5508 fsssvc - ok
12:24:04.0900 5508 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
12:24:04.0900 5508 Fs_Rec - ok
12:24:04.0916 5508 FTDIBUS (fa169871d8fadcc6539c4e8726610286) C:\Windows\system32\drivers\ftdibus.sys
12:24:04.0916 5508 FTDIBUS - ok
12:24:04.0932 5508 FTSER2K (24237091348d1efb5635a1cf9649e311) C:\Windows\system32\drivers\ftser2k.sys
12:24:04.0932 5508 FTSER2K - ok
12:24:04.0932 5508 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
12:24:04.0947 5508 fvevol - ok
12:24:04.0947 5508 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
12:24:04.0963 5508 gagp30kx - ok
12:24:04.0963 5508 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
12:24:04.0978 5508 GEARAspiWDM - ok
12:24:04.0978 5508 GobiQDLService (aaadf12839fc55cf25af36b0ae53e826) C:\Program Files (x86)\Sierra Wireless Inc\Gobi\QDLService\GobiQDLService.exe
12:24:04.0994 5508 GobiQDLService - ok
12:24:05.0010 5508 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
12:24:05.0041 5508 gpsvc - ok
12:24:05.0041 5508 GTNDIS62 (0c87727e542c36126757fe44dc72ab7a) C:\Windows\system32\DRIVERS\gtuhs62.sys
12:24:05.0056 5508 GTNDIS62 - ok
12:24:05.0056 5508 GTUHSBUS (676958753641db62a9cd7a98da93a114) C:\Windows\system32\DRIVERS\gtuhsbus.sys
12:24:05.0072 5508 GTUHSBUS - ok
12:24:05.0072 5508 GTUHSSER (2060fc25845fa8f841f005494f86afd9) C:\Windows\system32\DRIVERS\gtuhsser.sys
12:24:05.0072 5508 GTUHSSER - ok
12:24:05.0072 5508 HBtnKey (943350b87bb0339bf61343e8ac3ef25e) C:\Windows\system32\DRIVERS\wstbtndb.sys
12:24:05.0088 5508 HBtnKey - ok
12:24:05.0088 5508 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
12:24:05.0103 5508 hcw85cir - ok
12:24:05.0103 5508 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
12:24:05.0119 5508 HdAudAddService - ok
12:24:05.0119 5508 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
12:24:05.0134 5508 HDAudBus - ok
12:24:05.0134 5508 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
12:24:05.0150 5508 HidBatt - ok
12:24:05.0150 5508 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
12:24:05.0150 5508 HidBth - ok
12:24:05.0166 5508 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
12:24:05.0166 5508 HidIr - ok
12:24:05.0166 5508 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
12:24:05.0197 5508 hidserv - ok
12:24:05.0197 5508 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
12:24:05.0212 5508 HidUsb - ok
12:24:05.0212 5508 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
12:24:05.0228 5508 hkmsvc - ok
12:24:05.0244 5508 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
12:24:05.0244 5508 HomeGroupListener - ok
12:24:05.0259 5508 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
12:24:05.0259 5508 HomeGroupProvider - ok
12:24:05.0275 5508 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
12:24:05.0275 5508 HpSAMD - ok
12:24:05.0290 5508 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
12:24:05.0322 5508 HTTP - ok
12:24:05.0322 5508 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
12:24:05.0322 5508 hwpolicy - ok
12:24:05.0337 5508 HyperW7Svc (e935c8099f9196bf19224d9ee4808612) C:\Program Files\Lenovo\RapidBoot\HyperW7Svc64.exe
12:24:05.0337 5508 HyperW7Svc - ok
12:24:05.0353 5508 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
12:24:05.0353 5508 i8042prt - ok
12:24:05.0368 5508 iaStor (d7921d5a870b11cc1adab198a519d50a) C:\Windows\system32\DRIVERS\iaStor.sys
12:24:05.0368 5508 iaStor - ok
12:24:05.0384 5508 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
12:24:05.0400 5508 iaStorV - ok
12:24:05.0400 5508 IBMPMDRV (2151176db657aeff9b873d23380c3f5b) C:\Windows\system32\DRIVERS\ibmpmdrv.sys
12:24:05.0415 5508 IBMPMDRV - ok
12:24:05.0415 5508 IBMPMSVC (c76a67aed080538d420550c903696788) C:\Windows\system32\ibmpmsvc.exe
12:24:05.0415 5508 IBMPMSVC - ok
12:24:05.0431 5508 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
12:24:05.0431 5508 IDriverT ( UnsignedFile.Multi.Generic ) - warning
12:24:05.0431 5508 IDriverT - detected UnsignedFile.Multi.Generic (1)
12:24:05.0446 5508 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
12:24:05.0462 5508 idsvc - ok
12:24:05.0696 5508 igfx (978d876a581d57e0de6437674eb0014d) C:\Windows\system32\DRIVERS\igdkmd64.sys
12:24:05.0836 5508 igfx - ok
12:24:05.0852 5508 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
12:24:05.0852 5508 iirsp - ok
12:24:05.0868 5508 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
12:24:05.0899 5508 IKEEXT - ok
12:24:05.0899 5508 intaud_WaveExtensible (caddf0927dac63edae48f5c35a61d87d) C:\Windows\system32\drivers\intelaud.sys
12:24:05.0930 5508 intaud_WaveExtensible - ok
12:24:05.0930 5508 IntcDAud (ae594cc17c33ac146739494615e14851) C:\Windows\system32\DRIVERS\IntcDAud.sys
12:24:05.0946 5508 IntcDAud - ok
12:24:05.0946 5508 Intel® PROSet Monitoring Service (28d387eefad7cc3a0beb9c3262e83add) C:\Windows\system32\IProsetMonitor.exe
12:24:05.0961 5508 Intel® PROSet Monitoring Service - ok
12:24:05.0961 5508 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
12:24:05.0977 5508 intelide - ok
12:24:05.0977 5508 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
12:24:05.0992 5508 intelppm - ok
12:24:05.0992 5508 IntuitUpdateServiceV4 (1663a135865f0ba6e853353e98e67f2a) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
12:24:05.0992 5508 IntuitUpdateServiceV4 - ok
12:24:06.0008 5508 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
12:24:06.0039 5508 IPBusEnum - ok
12:24:06.0039 5508 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:24:06.0055 5508 IpFilterDriver - ok
12:24:06.0070 5508 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
12:24:06.0102 5508 iphlpsvc - ok
12:24:06.0102 5508 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
12:24:06.0117 5508 IPMIDRV - ok
12:24:06.0117 5508 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
12:24:06.0148 5508 IPNAT - ok
12:24:06.0164 5508 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
12:24:06.0180 5508 iPod Service - ok
12:24:06.0195 5508 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
12:24:06.0211 5508 IRENUM - ok
12:24:06.0211 5508 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
12:24:06.0211 5508 isapnp - ok
12:24:06.0226 5508 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
12:24:06.0242 5508 iScsiPrt - ok
12:24:06.0242 5508 iwdbus (716f66336f10885d935b08174dc54242) C:\Windows\system32\DRIVERS\iwdbus.sys
12:24:06.0242 5508 iwdbus - ok
12:24:06.0258 5508 jhi_service (6faf199fdffdd2376973143c3e012765) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
12:24:06.0273 5508 jhi_service - ok
12:24:06.0273 5508 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
12:24:06.0273 5508 kbdclass - ok
12:24:06.0289 5508 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
12:24:06.0289 5508 kbdhid - ok
12:24:06.0289 5508 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:24:06.0304 5508 KeyIso - ok
12:24:06.0304 5508 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
12:24:06.0320 5508 KSecDD - ok
12:24:06.0320 5508 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
12:24:06.0336 5508 KSecPkg - ok
12:24:06.0336 5508 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
12:24:06.0367 5508 ksthunk - ok
12:24:06.0367 5508 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
12:24:06.0398 5508 KtmRm - ok
12:24:06.0398 5508 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
12:24:06.0429 5508 LanmanServer - ok
12:24:06.0445 5508 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
12:24:06.0460 5508 LanmanWorkstation - ok
12:24:06.0460 5508 LENOVO.CAMMUTE (56b74943929bc575914631edc0e72220) C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
12:24:06.0476 5508 LENOVO.CAMMUTE - ok
12:24:06.0476 5508 LENOVO.MICMUTE (340288b3b2edc8afd5ff127df85142a7) C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
12:24:06.0492 5508 LENOVO.MICMUTE - ok
12:24:06.0492 5508 lenovo.smi (2b9d8555dc004e240082d18e7725ce20) C:\Windows\system32\DRIVERS\smiifx64.sys
12:24:06.0507 5508 lenovo.smi - ok
12:24:06.0507 5508 LENOVO.TPKNRSVC (f9b51b2a5da1222a910021c71e9ea559) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
12:24:06.0507 5508 LENOVO.TPKNRSVC - ok
12:24:06.0507 5508 Lenovo.VIRTSCRLSVC (f7de50781dc4d162c1005eb30d98f931) C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
12:24:06.0523 5508 Lenovo.VIRTSCRLSVC - ok
12:24:06.0523 5508 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
12:24:06.0554 5508 lltdio - ok
12:24:06.0554 5508 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
12:24:06.0601 5508 lltdsvc - ok
12:24:06.0601 5508 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
12:24:06.0632 5508 lmhosts - ok
12:24:06.0648 5508 LMS (97f9eaac985a663394cd8f54dcd3e73a) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
12:24:06.0663 5508 LMS - ok
12:24:06.0663 5508 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
12:24:06.0679 5508 LSI_FC - ok
12:24:06.0679 5508 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
12:24:06.0679 5508 LSI_SAS - ok
12:24:06.0694 5508 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
12:24:06.0694 5508 LSI_SAS2 - ok
12:24:06.0694 5508 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
12:24:06.0710 5508 LSI_SCSI - ok
12:24:06.0710 5508 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
12:24:06.0741 5508 luafv - ok
12:24:06.0741 5508 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
12:24:06.0741 5508 MBAMProtector - ok
12:24:06.0757 5508 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
12:24:06.0772 5508 MBAMService - ok
12:24:06.0772 5508 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
12:24:06.0788 5508 Mcx2Svc - ok
12:24:06.0788 5508 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
12:24:06.0804 5508 megasas - ok
12:24:06.0804 5508 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
12:24:06.0819 5508 MegaSR - ok
12:24:06.0819 5508 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
12:24:06.0819 5508 MEIx64 - ok
12:24:06.0835 5508 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
12:24:06.0850 5508 MMCSS - ok
12:24:06.0850 5508 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
12:24:06.0882 5508 Modem - ok
12:24:06.0882 5508 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
12:24:06.0897 5508 monitor - ok
12:24:06.0897 5508 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
12:24:06.0897 5508 mouclass - ok
12:24:06.0897 5508 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
12:24:06.0913 5508 mouhid - ok
12:24:06.0913 5508 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
12:24:06.0928 5508 mountmgr - ok
12:24:06.0928 5508 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
12:24:06.0928 5508 MozillaMaintenance - ok
12:24:06.0944 5508 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
12:24:06.0944 5508 mpio - ok
12:24:06.0960 5508 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
12:24:06.0975 5508 mpsdrv - ok
12:24:06.0991 5508 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
12:24:07.0022 5508 MpsSvc - ok
12:24:07.0038 5508 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
12:24:07.0053 5508 MRxDAV - ok
12:24:07.0053 5508 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
12:24:07.0069 5508 mrxsmb - ok
12:24:07.0069 5508 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:24:07.0084 5508 mrxsmb10 - ok
12:24:07.0084 5508 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:24:07.0100 5508 mrxsmb20 - ok
12:24:07.0100 5508 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
12:24:07.0100 5508 msahci - ok
12:24:07.0100 5508 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
12:24:07.0116 5508 msdsm - ok
12:24:07.0116 5508 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
12:24:07.0131 5508 MSDTC - ok
12:24:07.0131 5508 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
12:24:07.0162 5508 Msfs - ok
12:24:07.0162 5508 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
12:24:07.0178 5508 mshidkmdf - ok
12:24:07.0178 5508 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
12:24:07.0194 5508 msisadrv - ok
12:24:07.0194 5508 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
12:24:07.0225 5508 MSiSCSI - ok
12:24:07.0225 5508 msiserver - ok
12:24:07.0225 5508 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
12:24:07.0240 5508 MSKSSRV - ok
12:24:07.0256 5508 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
12:24:07.0272 5508 MSPCLOCK - ok
12:24:07.0272 5508 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
12:24:07.0303 5508 MSPQM - ok
12:24:07.0303 5508 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
12:24:07.0318 5508 MsRPC - ok
12:24:07.0318 5508 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
12:24:07.0334 5508 mssmbios - ok
12:24:07.0334 5508 MSSQL$SQLEXPRESS - ok
12:24:07.0334 5508 MSSQLServerADHelper100 (7a2a8c975356858eb38466a6b1592e8d) c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
12:24:07.0350 5508 MSSQLServerADHelper100 - ok
12:24:07.0350 5508 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
12:24:07.0365 5508 MSTEE - ok
12:24:07.0381 5508 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
12:24:07.0381 5508 MTConfig - ok
12:24:07.0381 5508 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
12:24:07.0396 5508 Mup - ok
12:24:07.0396 5508 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
12:24:07.0428 5508 napagent - ok
12:24:07.0443 5508 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
12:24:07.0459 5508 NativeWifiP - ok
12:24:07.0474 5508 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys
12:24:07.0490 5508 NDIS - ok
12:24:07.0506 5508 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
12:24:07.0521 5508 NdisCap - ok
12:24:07.0521 5508 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
12:24:07.0552 5508 NdisTapi - ok
12:24:07.0552 5508 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
12:24:07.0568 5508 Ndisuio - ok
12:24:07.0568 5508 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
12:24:07.0599 5508 NdisWan - ok
12:24:07.0599 5508 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
12:24:07.0615 5508 NDProxy - ok
12:24:07.0630 5508 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
12:24:07.0646 5508 NetBIOS - ok
12:24:07.0646 5508 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
12:24:07.0677 5508 NetBT - ok
12:24:07.0677 5508 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:24:07.0693 5508 Netlogon - ok
12:24:07.0693 5508 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
12:24:07.0724 5508 Netman - ok
12:24:07.0724 5508 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:24:07.0740 5508 NetMsmqActivator - ok
12:24:07.0740 5508 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:24:07.0740 5508 NetPipeActivator - ok
12:24:07.0755 5508 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
12:24:07.0786 5508 netprofm - ok
12:24:07.0786 5508 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:24:07.0786 5508 NetTcpActivator - ok
12:24:07.0786 5508 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:24:07.0802 5508 NetTcpPortSharing - ok
12:24:07.0989 5508 NETwNs64 (50ad7f7040c22bb7caa59a0880875a21) C:\Windows\system32\DRIVERS\NETwNs64.sys
12:24:08.0083 5508 NETwNs64 - ok
12:24:08.0083 5508 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
12:24:08.0098 5508 nfrd960 - ok
12:24:08.0114 5508 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
12:24:08.0130 5508 NlaSvc - ok
12:24:08.0130 5508 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
12:24:08.0161 5508 Npfs - ok
12:24:08.0161 5508 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
12:24:08.0176 5508 nsi - ok
12:24:08.0192 5508 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
12:24:08.0208 5508 nsiproxy - ok
12:24:08.0239 5508 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
12:24:08.0270 5508 Ntfs - ok
12:24:08.0286 5508 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
12:24:08.0317 5508 Null - ok
12:24:08.0317 5508 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
12:24:08.0332 5508 nvraid - ok
12:24:08.0332 5508 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
12:24:08.0332 5508 nvstor - ok
12:24:08.0348 5508 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
12:24:08.0348 5508 nv_agp - ok
12:24:08.0364 5508 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
12:24:08.0379 5508 odserv - ok
12:24:08.0379 5508 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
12:24:08.0379 5508 ohci1394 - ok
12:24:08.0395 5508 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:24:08.0395 5508 ose - ok
12:24:08.0488 5508 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
12:24:08.0566 5508 osppsvc - ok
12:24:08.0582 5508 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
12:24:08.0598 5508 p2pimsvc - ok
12:24:08.0598 5508 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
12:24:08.0613 5508 p2psvc - ok
12:24:08.0613 5508 PACSPTISVR-Sound_Organizer (b16d1f626e7fdca1a475b44f238fee86) C:\Program Files (x86)\Sony\Sound Organizer\Sony.Earth\PACSPTISVR.exe
12:24:08.0629 5508 PACSPTISVR-Sound_Organizer - ok
12:24:08.0629 5508 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
12:24:08.0644 5508 Parport - ok
12:24:08.0644 5508 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
12:24:08.0660 5508 partmgr - ok
12:24:08.0660 5508 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
12:24:08.0676 5508 PcaSvc - ok
12:24:08.0676 5508 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
12:24:08.0691 5508 pci - ok
12:24:08.0691 5508 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
12:24:08.0707 5508 pciide - ok
12:24:08.0707 5508 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
12:24:08.0722 5508 pcmcia - ok
12:24:08.0722 5508 PCTINDIS5X64 - ok
12:24:08.0722 5508 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
12:24:08.0722 5508 pcw - ok
12:24:08.0738 5508 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
12:24:08.0769 5508 PEAUTH - ok
12:24:08.0800 5508 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
12:24:08.0816 5508 PeerDistSvc - ok
12:24:08.0832 5508 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
12:24:08.0832 5508 PerfHost - ok
12:24:08.0847 5508 PGPdisk (c800d99511087d6821339ff7055a1b5f) C:\Windows\system32\drivers\PGPdisk.sys
12:24:08.0863 5508 PGPdisk - ok
12:24:08.0863 5508 pgpfs (6a9fa3651b87e5860f65a32607019733) C:\Windows\system32\Drivers\PGPfsfd.sys
12:24:08.0878 5508 pgpfs - ok
12:24:08.0878 5508 PGPsdkDriver (712ab96c92bf4cbc5bde678c4de826d9) C:\Windows\system32\Drivers\PGPsdk.sys
12:24:08.0894 5508 PGPsdkDriver - ok
12:24:08.0894 5508 PGPserv (aca441c95d2eacda3aff2b1f07479ba4) C:\Windows\SysWOW64\PGPserv.exe
12:24:08.0894 5508 PGPserv - ok
12:24:08.0910 5508 PGPwded (01628719a59482be172b1fbade2609f5) C:\Windows\system32\drivers\PGPwded.sys
12:24:08.0925 5508 PGPwded - ok
12:24:08.0925 5508 Pgpwdefs (6b771a778884a0a10617468afd462b84) C:\Windows\system32\DRIVERS\Pgpwdefs.sys
12:24:08.0925 5508 Pgpwdefs - ok
12:24:08.0925 5508 PHCORE (52c9f4359af4a25969b882aecc6f3bda) C:\Program Files\Lenovo\RapidBoot\PHCORE64.SYS
12:24:08.0941 5508 PHCORE - ok
12:24:08.0972 5508 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
12:24:09.0003 5508 pla - ok
12:24:09.0019 5508 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
12:24:09.0034 5508 PlugPlay - ok
12:24:09.0034 5508 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
12:24:09.0034 5508 PNRPAutoReg - ok
12:24:09.0050 5508 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
12:24:09.0066 5508 PNRPsvc - ok
12:24:09.0081 5508 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
12:24:09.0097 5508 PolicyAgent - ok
12:24:09.0112 5508 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
12:24:09.0128 5508 Power - ok
12:24:09.0144 5508 Power Manager DBC Service (ebf8a077be308c0c6d55d90f89a43547) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
12:24:09.0144 5508 Power Manager DBC Service - ok
12:24:09.0159 5508 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
12:24:09.0175 5508 PptpMiniport - ok
12:24:09.0175 5508 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
12:24:09.0190 5508 Processor - ok
12:24:09.0190 5508 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
12:24:09.0206 5508 ProfSvc - ok
12:24:09.0206 5508 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:24:09.0222 5508 ProtectedStorage - ok
12:24:09.0222 5508 psadd (4a768fb063a38b0a78ad97617d3a04f5) C:\Windows\system32\DRIVERS\psadd.sys
12:24:09.0222 5508 psadd - ok
12:24:09.0237 5508 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
12:24:09.0253 5508 Psched - ok
12:24:09.0268 5508 PSI_SVC_2 (f036cfb275d0c55f4e45fbbf5f98b3c8) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
12:24:09.0268 5508 PSI_SVC_2 - ok
12:24:09.0268 5508 PwmEWSvc (254de0e4fb8822ca9e5495dcac3bf11c) C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE
12:24:09.0284 5508 PwmEWSvc - ok
12:24:09.0284 5508 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
12:24:09.0284 5508 PxHlpa64 - ok
12:24:09.0331 5508 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
12:24:09.0346 5508 ql2300 - ok
12:24:09.0362 5508 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
12:24:09.0378 5508 ql40xx - ok
12:24:09.0393 5508 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
12:24:09.0393 5508 QWAVE - ok
12:24:09.0409 5508 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
12:24:09.0409 5508 QWAVEdrv - ok
12:24:09.0424 5508 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
12:24:09.0440 5508 RasAcd - ok
12:24:09.0440 5508 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
12:24:09.0471 5508 RasAgileVpn - ok
12:24:09.0471 5508 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
12:24:09.0487 5508 RasAuto - ok
12:24:09.0502 5508 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
12:24:09.0518 5508 Rasl2tp - ok
12:24:09.0534 5508 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
12:24:09.0549 5508 RasMan - ok
12:24:09.0565 5508 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
12:24:09.0580 5508 RasPppoe - ok
12:24:09.0580 5508 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
12:24:09.0612 5508 RasSstp - ok
12:24:09.0612 5508 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
12:24:09.0643 5508 rdbss - ok
12:24:09.0643 5508 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
12:24:09.0658 5508 rdpbus - ok
12:24:09.0658 5508 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
12:24:09.0674 5508 RDPCDD - ok
12:24:09.0690 5508 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
12:24:09.0690 5508 RDPDR - ok
12:24:09.0690 5508 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
12:24:09.0721 5508 RDPENCDD - ok
12:24:09.0721 5508 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
12:24:09.0752 5508 RDPREFMP - ok
12:24:09.0752 5508 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
12:24:09.0768 5508 RDPWD - ok
12:24:09.0768 5508 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
12:24:09.0768 5508 rdyboost - ok
12:24:09.0799 5508 RegSrvc (fd11c1287d38a46fb72353e14d50089c) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
12:24:09.0814 5508 RegSrvc - ok
12:24:09.0814 5508 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
12:24:09.0846 5508 RemoteAccess - ok
12:24:09.0846 5508 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
12:24:09.0877 5508 RemoteRegistry - ok
12:24:09.0877 5508 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
12:24:09.0892 5508 RFCOMM - ok
12:24:09.0892 5508 RimUsb (ad42432d22940b4215177be113e4919c) C:\Windows\system32\Drivers\RimUsb_AMD64.sys
12:24:09.0908 5508 RimUsb - ok
12:24:09.0908 5508 RimVSerPort (4aafffa67ac4dfa3d9985d78573887e2) C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
12:24:09.0908 5508 RimVSerPort - ok
12:24:09.0924 5508 risdxc (5a227511ed22ddfedf7ef7323c8f7d2f) C:\Windows\system32\DRIVERS\risdxc64.sys
12:24:09.0924 5508 risdxc - ok
12:24:09.0924 5508 ROOTMODEM (388d3dd1a6457280f3badba9f3acd6b1) C:\Windows\system32\Drivers\RootMdm.sys
12:24:09.0955 5508 ROOTMODEM - ok
12:24:09.0955 5508 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
12:24:09.0970 5508 RpcEptMapper - ok
12:24:09.0986 5508 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
12:24:09.0986 5508 RpcLocator - ok
12:24:10.0002 5508 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
12:24:10.0017 5508 RpcSs - ok
12:24:10.0033 5508 RsFx0105 (c9fe05a63c500abe3afa5786504c4d36) C:\Windows\system32\DRIVERS\RsFx0105.sys
12:24:10.0048 5508 RsFx0105 - ok
12:24:10.0048 5508 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
12:24:10.0064 5508 rspndr - ok
12:24:10.0064 5508 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
12:24:10.0080 5508 s3cap - ok
12:24:10.0080 5508 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:24:10.0095 5508 SamSs - ok
12:24:10.0095 5508 SAService - ok
12:24:10.0095 5508 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
12:24:10.0111 5508 sbp2port - ok
12:24:10.0111 5508 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
12:24:10.0126 5508 SCardSvr - ok
12:24:10.0142 5508 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
12:24:10.0173 5508 scfilter - ok
12:24:10.0189 5508 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
12:24:10.0236 5508 Schedule - ok
12:24:10.0236 5508 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
12:24:10.0251 5508 SCPolicySvc - ok
12:24:10.0267 5508 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
12:24:10.0282 5508 SDRSVC - ok
12:24:10.0282 5508 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
12:24:10.0314 5508 secdrv - ok
12:24:10.0314 5508 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
12:24:10.0345 5508 seclogon - ok
12:24:10.0345 5508 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
12:24:10.0376 5508 SENS - ok
12:24:10.0376 5508 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
12:24:10.0376 5508 SensrSvc - ok
12:24:10.0392 5508 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
12:24:10.0392 5508 Serenum - ok
12:24:10.0407 5508 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
12:24:10.0407 5508 Serial - ok
12:24:10.0407 5508 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
12:24:10.0423 5508 sermouse - ok
12:24:10.0438 5508 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
12:24:10.0454 5508 SessionEnv - ok
12:24:10.0454 5508 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
12:24:10.0470 5508 sffdisk - ok
12:24:10.0470 5508 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
12:24:10.0485 5508 sffp_mmc - ok
12:24:10.0485 5508 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
12:24:10.0501 5508 sffp_sd - ok
12:24:10.0501 5508 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
12:24:10.0501 5508 sfloppy - ok
12:24:10.0516 5508 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
12:24:10.0548 5508 SharedAccess - ok
12:24:10.0548 5508 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
12:24:10.0579 5508 ShellHWDetection - ok
12:24:10.0579 5508 Shockprf (c3f190562fe82efda7ccef305ebad3e3) C:\Windows\system32\DRIVERS\Apsx64.sys
12:24:10.0594 5508 Shockprf - ok
12:24:10.0594 5508 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
12:24:10.0610 5508 SiSRaid2 - ok
12:24:10.0610 5508 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
12:24:10.0610 5508 SiSRaid4 - ok
12:24:10.0626 5508 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files (x86)\Skype\Updater\Updater.exe
12:24:10.0626 5508 SkypeUpdate - ok
12:24:10.0626 5508 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
12:24:10.0657 5508 Smb - ok
12:24:10.0657 5508 smihlp (3bc2844af786ca422cc31d505acfa9f2) C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys
12:24:10.0672 5508 smihlp - ok
12:24:10.0672 5508 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
12:24:10.0688 5508 SNMPTRAP - ok
12:24:10.0688 5508 Soluto (f9369327409492097b0bb7ce86bd29de) C:\Windows\system32\DRIVERS\Soluto.sys
12:24:10.0688 5508 Soluto - ok
12:24:10.0704 5508 SolutoService (ed8397986be35c11bfb321636d6991ee) C:\Program Files\Soluto\SolutoService.exe
12:24:10.0719 5508 SolutoService - ok
12:24:10.0719 5508 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
12:24:10.0735 5508 spldr - ok
12:24:10.0735 5508 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
12:24:10.0766 5508 Spooler - ok
12:24:10.0844 5508 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
12:24:10.0891 5508 sppsvc - ok
12:24:10.0906 5508 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
12:24:10.0938 5508 sppuinotify - ok
12:24:10.0938 5508 SQLAgent$SQLEXPRESS (45e65fb17a4cd5facbd3ca16c8334c82) c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE
12:24:10.0953 5508 SQLAgent$SQLEXPRESS - ok
12:24:10.0969 5508 SQLBrowser (10d936dced9eacd1a1b3fcdda6d7a4eb) c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
12:24:10.0969 5508 SQLBrowser - ok
12:24:10.0984 5508 SQLWriter (f92e5f93be572b512da3c016b675ede0) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
12:24:10.0984 5508 SQLWriter - ok
12:24:11.0000 5508 SROSVC (d2aeeb5c15b4b256dc4ec2ce8219b090) C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe
12:24:11.0000 5508 SROSVC - ok
12:24:11.0031 5508 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
12:24:11.0047 5508 srv - ok
12:24:11.0062 5508 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
12:24:11.0062 5508 srv2 - ok
12:24:11.0078 5508 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
12:24:11.0078 5508 srvnet - ok
12:24:11.0094 5508 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
12:24:11.0109 5508 SSDPSRV - ok
12:24:11.0125 5508 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
12:24:11.0140 5508 SstpSvc - ok
12:24:11.0156 5508 Steam Client Service - ok
12:24:11.0156 5508 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
12:24:11.0156 5508 stexstor - ok
12:24:11.0156 5508 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
12:24:11.0172 5508 StillCam - ok
12:24:11.0187 5508 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
12:24:11.0203 5508 stisvc - ok
12:24:11.0203 5508 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
12:24:11.0218 5508 storflt - ok
12:24:11.0218 5508 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
12:24:11.0234 5508 StorSvc - ok
12:24:11.0234 5508 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
12:24:11.0234 5508 storvsc - ok
12:24:11.0250 5508 SUService (6ea2f517373771cac5188e82617c9c0b) C:\Program Files (x86)\Lenovo\System Update\SUService.exe
12:24:11.0250 5508 SUService ( UnsignedFile.Multi.Generic ) - warning
12:24:11.0250 5508 SUService - detected UnsignedFile.Multi.Generic (1)
12:24:11.0250 5508 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
12:24:11.0265 5508 swenum - ok
12:24:11.0265 5508 swg3kmbb01 (21da79f3200d22ddfcbf6369fab4ced0) C:\Windows\system32\DRIVERS\swg3kmbb01.sys
12:24:11.0281 5508 swg3kmbb01 - ok
12:24:11.0296 5508 swg3knmea01 (c9aadba1eaf597d7ec02a529cc64234a) C:\Windows\system32\DRIVERS\swg3knmea01.sys
12:24:11.0296 5508 swg3knmea01 - ok
12:24:11.0296 5508 swg3kser01 (c9aadba1eaf597d7ec02a529cc64234a) C:\Windows\system32\DRIVERS\swg3kser01.sys
12:24:11.0312 5508 swg3kser01 - ok
12:24:11.0312 5508 swibus01 (3911adb9a2e6e34e583c93a440343114) C:\Windows\system32\DRIVERS\swibus01.sys
12:24:11.0328 5508 swibus01 - ok
12:24:11.0328 5508 swibusflt01 (3911adb9a2e6e34e583c93a440343114) C:\Windows\system32\DRIVERS\swibusflt01.sys
12:24:11.0328 5508 swibusflt01 - ok
12:24:11.0343 5508 swmsflt (179de6936fbb0702f89535b27e311b1f) C:\Windows\System32\drivers\swmsflt.sys
12:24:11.0343 5508 swmsflt - ok
12:24:11.0359 5508 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
12:24:11.0390 5508 swprv - ok
12:24:11.0390 5508 SynTP (772493a8945495f1a287bf6c4ca25b48) C:\Windows\system32\DRIVERS\SynTP.sys
12:24:11.0406 5508 SynTP - ok
12:24:11.0437 5508 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
12:24:11.0468 5508 SysMain - ok
12:24:11.0484 5508 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
12:24:11.0499 5508 TabletInputService - ok
12:24:11.0515 5508 TabletSVC (9b2825b463529d7646690af4e590a787) C:\Program Files (x86)\ThinkPad\Tablet Shortcut\TSMService.exe
12:24:11.0515 5508 TabletSVC - ok
12:24:11.0530 5508 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
12:24:11.0546 5508 TapiSrv - ok
12:24:11.0546 5508 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
12:24:11.0577 5508 TBS - ok
12:24:11.0624 5508 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
12:24:11.0640 5508 Tcpip - ok
12:24:11.0702 5508 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
12:24:11.0733 5508 TCPIP6 - ok
12:24:11.0749 5508 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
12:24:11.0780 5508 tcpipreg - ok
12:24:11.0780 5508 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
12:24:11.0780 5508 TDPIPE - ok
12:24:11.0796 5508 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
12:24:11.0796 5508 TDTCP - ok
12:24:11.0796 5508 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
12:24:11.0827 5508 tdx - ok
12:24:11.0827 5508 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
12:24:11.0842 5508 TermDD - ok
12:24:11.0858 5508 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
12:24:11.0874 5508 TermService - ok
12:24:11.0889 5508 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
12:24:11.0889 5508 Themes - ok
12:24:11.0905 5508 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
12:24:11.0920 5508 THREADORDER - ok
12:24:11.0920 5508 TPDIGIMN (1bb77eccbfa3675b1ee8d6d6d37a1e1e) C:\Windows\system32\DRIVERS\ApsHM64.sys
12:24:11.0936 5508 TPDIGIMN - ok
12:24:11.0936 5508 TPHDEXLGSVC (88f81d810ff16ac65b02643daf308d4f) C:\Windows\system32\TPHDEXLG64.exe
12:24:11.0936 5508 TPHDEXLGSVC - ok
12:24:11.0952 5508 TPHKLOAD (83415782d47f8064fcafea308abb2246) C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
12:24:11.0952 5508 TPHKLOAD - ok
12:24:11.0952 5508 TPHKSVC (c04bb65441913ab621c58a8bd3169b23) C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
12:24:11.0967 5508 TPHKSVC - ok
12:24:11.0967 5508 TPM (dbcc20c02e8a3e43b03c304a4e40a84f) C:\Windows\system32\drivers\tpm.sys
12:24:11.0983 5508 TPM - ok
12:24:11.0983 5508 TPPWRIF (7165b5a9b4867f64a6d6935f57d4196b) C:\Windows\system32\drivers\Tppwr64v.sys
12:24:11.0983 5508 TPPWRIF - ok
12:24:11.0998 5508 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
12:24:12.0014 5508 TrkWks - ok
12:24:12.0030 5508 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
12:24:12.0045 5508 TrustedInstaller - ok
12:24:12.0045 5508 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
12:24:12.0076 5508 tssecsrv - ok
12:24:12.0076 5508 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
12:24:12.0092 5508 TsUsbFlt - ok
12:24:12.0092 5508 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
12:24:12.0092 5508 TsUsbGD - ok
12:24:12.0108 5508 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
12:24:12.0123 5508 tunnel - ok
12:24:12.0123 5508 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
12:24:12.0139 5508 uagp35 - ok
12:24:12.0139 5508 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
12:24:12.0170 5508 udfs - ok
12:24:12.0170 5508 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
12:24:12.0186 5508 UI0Detect - ok
12:24:12.0186 5508 UleadBurningHelper (be788a747457e6916586c410ec0111e7) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
12:24:12.0201 5508 UleadBurningHelper ( UnsignedFile.Multi.Generic ) - warning
12:24:12.0201 5508 UleadBurningHelper - detected UnsignedFile.Multi.Generic (1)
12:24:12.0201 5508 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
12:24:12.0201 5508 uliagpkx - ok
12:24:12.0217 5508 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
12:24:12.0217 5508 umbus - ok
12:24:12.0217 5508 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
12:24:12.0232 5508 UmPass - ok
12:24:12.0232 5508 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
12:24:12.0248 5508 UmRdpService - ok
12:24:12.0295 5508 UNS (a69cd6bdb82872999d2e46f9324ada83) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
12:24:12.0326 5508 UNS - ok
12:24:12.0357 5508 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
12:24:12.0388 5508 upnphost - ok
12:24:12.0388 5508 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
12:24:12.0404 5508 USBAAPL64 - ok
12:24:12.0404 5508 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
12:24:12.0420 5508 usbaudio - ok
12:24:12.0420 5508 usbccgp (19ad7990c0b67e48dac5b26f99628223) C:\Windows\system32\DRIVERS\usbccgp.sys
12:24:12.0435 5508 usbccgp - ok
12:24:12.0435 5508 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
12:24:12.0451 5508 usbcir - ok
12:24:12.0451 5508 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
12:24:12.0451 5508 usbehci - ok
12:24:12.0466 5508 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
12:24:12.0482 5508 usbhub - ok
12:24:12.0482 5508 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\drivers\usbohci.sys
12:24:12.0482 5508 usbohci - ok
12:24:12.0482 5508 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
12:24:12.0498 5508 usbprint - ok
12:24:12.0498 5508 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:24:12.0513 5508 USBSTOR - ok
12:24:12.0513 5508 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\drivers\usbuhci.sys
12:24:12.0529 5508 usbuhci - ok
12:24:12.0529 5508 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
12:24:12.0544 5508 usbvideo - ok
12:24:12.0544 5508 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
12:24:12.0576 5508 UxSms - ok
12:24:12.0576 5508 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:24:12.0576 5508 VaultSvc - ok
12:24:12.0591 5508 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
12:24:12.0591 5508 vdrvroot - ok
12:24:12.0607 5508 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
12:24:12.0638 5508 vds - ok
12:24:12.0638 5508 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
12:24:12.0638 5508 vga - ok
12:24:12.0654 5508 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
12:24:12.0669 5508 VgaSave - ok
12:24:12.0685 5508 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
12:24:12.0685 5508 vhdmp - ok
12:24:12.0685 5508 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
12:24:12.0700 5508 viaide - ok
12:24:12.0700 5508 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
12:24:12.0716 5508 vmbus - ok
12:24:12.0716 5508 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
12:24:12.0716 5508 VMBusHID - ok
12:24:12.0732 5508 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
12:24:12.0732 5508 volmgr - ok
12:24:12.0747 5508 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
12:24:12.0747 5508 volmgrx - ok
12:24:12.0763 5508 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
12:24:12.0763 5508 volsnap - ok
12:24:12.0778 5508 vpnagent (e4d2305ebb9de0871a1e13294d0f349b) C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
12:24:12.0794 5508 vpnagent - ok
12:24:12.0794 5508 vpnva (0e4df91e83da5739ffb18535d4db10aa) C:\Windows\system32\DRIVERS\vpnva64.sys
12:24:12.0794 5508 vpnva - ok
12:24:12.0810 5508 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
12:24:12.0810 5508 vsmraid - ok
12:24:12.0856 5508 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
12:24:12.0888 5508 VSS - ok
12:24:12.0903 5508 vToolbarUpdater11.1.0 (5fa45791413acce628d5361458f32dde) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe
12:24:12.0934 5508 vToolbarUpdater11.1.0 - ok
12:24:12.0950 5508 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
12:24:12.0950 5508 vwifibus - ok
12:24:12.0966 5508 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
12:24:12.0966 5508 vwififlt - ok
12:24:12.0966 5508 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
12:24:12.0981 5508 vwifimp - ok
12:24:12.0997 5508 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
12:24:13.0012 5508 W32Time - ok
12:24:13.0028 5508 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
12:24:13.0028 5508 WacomPen - ok
12:24:13.0028 5508 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
12:24:13.0059 5508 WANARP - ok
12:24:13.0059 5508 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
12:24:13.0090 5508 Wanarpv6 - ok
12:24:13.0106 5508 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
12:24:13.0137 5508 WatAdminSvc - ok
12:24:13.0168 5508 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
12:24:13.0184 5508 wbengine - ok
12:24:13.0215 5508 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
12:24:13.0231 5508 WbioSrvc - ok
12:24:13.0231 5508 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
12:24:13.0246 5508 wcncsvc - ok
12:24:13.0246 5508 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
12:24:13.0262 5508 WcsPlugInService - ok
12:24:13.0262 5508 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
12:24:13.0278 5508 Wd - ok
12:24:13.0278 5508 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam64.sys
12:24:13.0278 5508 WDC_SAM - ok
12:24:13.0293 5508 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
12:24:13.0309 5508 Wdf01000 - ok
12:24:13.0324 5508 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
12:24:13.0340 5508 WdiServiceHost - ok
12:24:13.0340 5508 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
12:24:13.0356 5508 WdiSystemHost - ok
12:24:13.0356 5508 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
12:24:13.0371 5508 WebClient - ok
12:24:13.0387 5508 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
12:24:13.0402 5508 Wecsvc - ok
12:24:13.0418 5508 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
12:24:13.0434 5508 wercplsupport - ok
12:24:13.0434 5508 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
12:24:13.0465 5508 WerSvc - ok
12:24:13.0465 5508 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
12:24:13.0496 5508 WfpLwf - ok
12:24:13.0496 5508 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
12:24:13.0512 5508 WIMMount - ok
12:24:13.0512 5508 WinDefend - ok
12:24:13.0512 5508 WinHttpAutoProxySvc - ok
12:24:13.0527 5508 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
12:24:13.0543 5508 Winmgmt - ok
12:24:13.0590 5508 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
12:24:13.0636 5508 WinRM - ok
12:24:13.0652 5508 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUSB.sys
12:24:13.0668 5508 WinUsb - ok
12:24:13.0683 5508 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
12:24:13.0714 5508 Wlansvc - ok
12:24:13.0714 5508 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
12:24:13.0714 5508 wlcrasvc - ok
12:24:13.0777 5508 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
12:24:13.0808 5508 wlidsvc - ok
12:24:13.0824 5508 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
12:24:13.0824 5508 WmiAcpi - ok
12:24:13.0839 5508 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
12:24:13.0855 5508 wmiApSrv - ok
12:24:13.0855 5508 WMPNetworkSvc - ok
12:24:13.0855 5508 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
12:24:13.0870 5508 WPCSvc - ok
12:24:13.0870 5508 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
12:24:13.0886 5508 WPDBusEnum - ok
12:24:13.0886 5508 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
12:24:13.0917 5508 ws2ifsl - ok
12:24:13.0917 5508 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
12:24:13.0933 5508 wscsvc - ok
12:24:13.0933 5508 WSearch - ok
12:24:13.0980 5508 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
12:24:14.0026 5508 wuauserv - ok
12:24:14.0042 5508 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
12:24:14.0073 5508 WudfPf - ok
12:24:14.0073 5508 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
12:24:14.0104 5508 WUDFRd - ok
12:24:14.0104 5508 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
12:24:14.0120 5508 wudfsvc - ok
12:24:14.0136 5508 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
12:24:14.0151 5508 WwanSvc - ok
12:24:14.0167 5508 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
12:24:14.0260 5508 \Device\Harddisk0\DR0 - ok
12:24:14.0260 5508 Boot (0x1200) (cafb111438c2ef59231837af5fd3593b) \Device\Harddisk0\DR0\Partition0
12:24:14.0260 5508 \Device\Harddisk0\DR0\Partition0 - ok
12:24:14.0260 5508 Boot (0x1200) (3dc3f048ad58dfb25af1aea4f6b04d74) \Device\Harddisk0\DR0\Partition1
12:24:14.0260 5508 \Device\Harddisk0\DR0\Partition1 - ok
12:24:14.0260 5508 ============================================================
12:24:14.0260 5508 Scan finished
12:24:14.0260 5508 ============================================================
12:24:14.0276 3104 Detected object count: 4
12:24:14.0276 3104 Actual detected object count: 4
12:24:39.0969 3104 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
12:24:39.0969 3104 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:24:39.0969 3104 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
12:24:39.0969 3104 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:24:39.0969 3104 SUService ( UnsignedFile.Multi.Generic ) - skipped by user
12:24:39.0969 3104 SUService ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:24:39.0969 3104 UleadBurningHelper ( UnsignedFile.Multi.Generic ) - skipped by user
12:24:39.0969 3104 UleadBurningHelper ( UnsignedFile.Multi.Generic ) - User select action: Skip

#9 gtdowd

gtdowd

    New Member

  • Members
  • Pip
  • 32 posts

Posted 19 June 2012 - 12:44 PM

Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.19.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
X220 :: X220-PC [administrator]

Protection: Enabled

6/19/2012 12:38:35 PM
mbam-log-2012-06-19 (12-38-35).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 218268
Time elapsed: 43 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#10 gtdowd

gtdowd

    New Member

  • Members
  • Pip
  • 32 posts

Posted 19 June 2012 - 12:44 PM

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by X220 at 12:40:50 on 2012-06-19
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8075.6015 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Windows\system32\CxAudMsg64.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files (x86)\Sierra Wireless Inc\Gobi\QDLService\GobiQDLService.exe
C:\Windows\system32\IProsetMonitor.exe
C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Windows\SysWOW64\PGPserv.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\SysWOW64\SAsrv.exe
C:\Program Files\Soluto\SolutoService.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\UI0Detect.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe
C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
C:\Program Files\Soluto\soluto.exe
C:\Windows\system32\Dwm.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
C:\Windows\System32\TpShocks.exe
C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Dexpot\dexpot.exe
C:\Program Files (x86)\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Quicken\bagent.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
C:\Windows\system32\rundll32.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
C:\Windows\system32\igfxext.exe
C:\Program Files (x86)\ThinkPad\Tablet Shortcut\TSMResident.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files (x86)\Dexpot\Dexpot64.exe
C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Windows\system32\SearchIndexer.exe
C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SRORest.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Lenovo\System Update\SUService.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files (x86)\ThinkPad\Tablet Shortcut\ASR\ASRSVC.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe
C:\PROGRA~1\Lenovo\HOTKEY\tpnumlk.exe
C:\Program Files (x86)\ThinkPad\Tablet Shortcut\TSMService.exe
C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
C:\Windows\system32\rundll32.exe
C:\PROGRA~1\Lenovo\Zoom\TPSCREX.EXE
C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE
C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Core Temp\Core Temp.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: WeCareReminder Class: {d824f0de-3d60-4f57-9eb1-66033ecd8abb} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
uRun: [Dexpot] C:\Program Files (x86)\Dexpot\dexpot.exe
uRun: [Sidebar] C:\Program Files (x86)\Windows Sidebar\sidebar.exe /autoRun
uRun: [QuickenScheduledUpdates] C:\Program Files (x86)\Quicken\bagent.exe
mRun: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
mRun: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
mRun: [IMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
mRun: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [TSMResident] "C:\Program Files (x86)\ThinkPad\Tablet Shortcut\TSMRESIDENT.EXE" /r
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\Users\X220\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\PICTUR~1.LNK - C:\Program Files (x86)\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\ThinkPad\Bluetooth Software\BTTray.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
LSP: C:\Windows\system32\PGPlsp.dll
Trusted Zone: intuit.com\ttlc
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {A6616B31-4860-41E2-98E3-CA7649AF172F} - file:///D:/launch.ocx
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{2FBF9ABD-C455-4E88-AB46-4924300BBCC5} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{2FBF9ABD-C455-4E88-AB46-4924300BBCC5}\0557D607B696E6 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{2FBF9ABD-C455-4E88-AB46-4924300BBCC5}\0557D607B696E65374 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{2FBF9ABD-C455-4E88-AB46-4924300BBCC5}\3416279626F657 : DhcpNameServer = 207.87.178.40 207.87.178.41 4.2.2.2
TCP: Interfaces\{469A349C-5B6D-4F1A-8E18-175B08EF668D} : NameServer = 209.183.33.23 209.183.35.23
TCP: Interfaces\{C0F41CFF-96F9-46C4-B079-0BDBA30F2C78} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{DCFCB76C-CB1B-42C3-B199-54156D512045} : NameServer = 172.16.145.103 172.16.145.103
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
LSA: Notification Packages = scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO-X64: AVG Do Not Track - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: WeCareReminder Class: {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll
BHO-X64: WeCareReminder - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: SmartSelect - No File
TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
mRun-x64: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
mRun-x64: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
mRun-x64: [IMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
mRun-x64: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun-x64: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
mRun-x64: [TSMResident] "C:\Program Files (x86)\ThinkPad\Tablet Shortcut\TSMRESIDENT.EXE" /r
mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\X220\AppData\Roaming\Mozilla\Firefox\Profiles\pvclcagu.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&q=
FF - prefs.js: network.proxy.type - 4
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\npsitesafety.dll
FF - plugin: c:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\X220\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Users\X220\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\X220\AppData\Roaming\Mozilla\Firefox\Profiles\pvclcagu.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\plugins\np-mswmp.dll
FF - plugin: C:\Users\X220\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\X220\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Users\X220\AppData\Roaming\Mozilla\plugins\npicaN.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\system32\DRIVERS\avgidsha.sys --> C:\Windows\system32\DRIVERS\avgidsha.sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R0 DzHDD64;DzHDD64;C:\Windows\system32\DRIVERS\DzHDD64.sys --> C:\Windows\system32\DRIVERS\DzHDD64.sys [?]
R0 pgpfs;PGP File Sharing;C:\Windows\system32\Drivers\PGPfsfd.sys --> C:\Windows\system32\Drivers\PGPfsfd.sys [?]
R0 Pgpwdefs;Pgpwdefs;C:\Windows\system32\DRIVERS\Pgpwdefs.sys --> C:\Windows\system32\DRIVERS\Pgpwdefs.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R0 Soluto;Soluto;C:\Windows\system32\DRIVERS\Soluto.sys --> C:\Windows\system32\DRIVERS\Soluto.sys [?]
R0 TPDIGIMN;TPDIGIMN;C:\Windows\system32\DRIVERS\ApsHM64.sys --> C:\Windows\system32\DRIVERS\ApsHM64.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 lenovo.smi;Lenovo System Interface Driver;C:\Windows\system32\DRIVERS\smiifx64.sys --> C:\Windows\system32\DRIVERS\smiifx64.sys [?]
R1 PHCORE;PHCORE;C:\Program Files\Lenovo\RapidBoot\PHCORE64.sys [2011-7-8 32104]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-4-30 5106744]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
R2 CxAudMsg;Conexant Audio Message Service;C:\Windows\system32\CxAudMsg64.exe --> C:\Windows\system32\CxAudMsg64.exe [?]
R2 GobiQDLService;Sierra Wireless QDL Service;C:\Program Files (x86)\Sierra Wireless Inc\Gobi\QDLService\GobiQDLService.exe [2011-9-1 316784]
R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\system32\IProsetMonitor.exe --> C:\Windows\system32\IProsetMonitor.exe [?]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-8-25 13672]
R2 jhi_service;Intel® Identity Protection Technology Host Interface Service;C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2011-2-7 210896]
R2 LENOVO.CAMMUTE;Lenovo Camera Mute;C:\Program Files\Lenovo\Communications Utility\CamMute.exe [2011-12-10 41320]
R2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe [2011-12-10 59240]
R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe [2011-12-10 133992]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-5-18 654408]
R2 risdxc;risdxc;C:\Windows\system32\DRIVERS\risdxc64.sys --> C:\Windows\system32\DRIVERS\risdxc64.sys [?]
R2 SAService;Conexant SmartAudio service;C:\Windows\System32\SASrv.exe [2011-12-10 446592]
R2 smihlp;SMI Helper Driver (smihlp);C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [2011-5-30 13128]
R2 SolutoService;Soluto PCGenome Core Service;C:\Program Files\Soluto\SolutoService.exe [2012-4-24 584224]
R2 SROSVC;Screen Reading Optimizer Service Program;C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe [2011-12-10 446800]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-12-10 2656280]
R2 vpnagent;Cisco AnyConnect VPN Agent;C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2009-10-9 493248]
R2 vToolbarUpdater11.1.0;vToolbarUpdater11.1.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe [2012-6-12 935480]
R3 5U877;USB Video Device;C:\Windows\system32\DRIVERS\5U877.sys --> C:\Windows\system32\DRIVERS\5U877.sys [?]
R3 ASRSVC;ASR Service;C:\Program Files (x86)\ThinkPad\Tablet Shortcut\ASR\ASRSVC.exe [2011-12-10 79136]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\avgidsdrivera.sys --> C:\Windows\system32\DRIVERS\avgidsdrivera.sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\avgidsfiltera.sys --> C:\Windows\system32\DRIVERS\avgidsfiltera.sys [?]
R3 DozeSvc;Lenovo Doze Mode Service;C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2012-2-14 478056]
R3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;C:\Windows\system32\DRIVERS\e1c62x64.sys --> C:\Windows\system32\DRIVERS\e1c62x64.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 iwdbus;IWD Bus Enumerator;C:\Windows\system32\DRIVERS\iwdbus.sys --> C:\Windows\system32\DRIVERS\iwdbus.sys [?]
R3 LENOVO.MICMUTE;Lenovo Microphone Mute;C:\Program Files\Lenovo\HOTKEY\micmute.exe [2011-12-10 101736]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]
R3 swg3kmbb01;Sierra Wireless QMI USB-NDIS 6.20 miniport for Lenovo;C:\Windows\system32\DRIVERS\swg3kmbb01.sys --> C:\Windows\system32\DRIVERS\swg3kmbb01.sys [?]
R3 swg3knmea01;Sierra Wireless QMI NMEA Communication - Lenovo;C:\Windows\system32\DRIVERS\swg3knmea01.sys --> C:\Windows\system32\DRIVERS\swg3knmea01.sys [?]
R3 swg3kser01;Sierra Wireless QMI USB Device for Legacy Serial Communication - Lenovo;C:\Windows\system32\DRIVERS\swg3kser01.sys --> C:\Windows\system32\DRIVERS\swg3kser01.sys [?]
R3 swibus01;Sierra Wireless Bus Enumerator 01;C:\Windows\system32\DRIVERS\swibus01.sys --> C:\Windows\system32\DRIVERS\swibus01.sys [?]
R3 swibusflt01;Sierra Wireless Bus Enumerator Filter 01;C:\Windows\system32\DRIVERS\swibusflt01.sys --> C:\Windows\system32\DRIVERS\swibusflt01.sys [?]
R3 TabletSVC;TABLET Service;C:\Program Files (x86)\ThinkPad\Tablet Shortcut\TSMService.exe [2011-12-10 83440]
R3 TPHKLOAD;Lenovo Hotkey Client Loader;C:\Program Files\Lenovo\HOTKEY\tphkload.exe [2011-12-10 145256]
R3 TPHKSVC;On Screen Display;C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe [2011-12-10 142696]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 HyperW7Svc;HyperW7 Service;C:\Program Files\Lenovo\RapidBoot\HyperW7Svc64.exe [2011-7-8 144232]
S3 BTWAMPFL;BTWAMPFL;C:\Windows\system32\DRIVERS\btwampfl.sys --> C:\Windows\system32\DRIVERS\btwampfl.sys [?]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
S3 GTNDIS62;GT62 UHS IP NDIS;C:\Windows\system32\DRIVERS\gtuhs62.sys --> C:\Windows\system32\DRIVERS\gtuhs62.sys [?]
S3 GTUHSBUS;GT UHS BUS;C:\Windows\system32\DRIVERS\gtuhsbus.sys --> C:\Windows\system32\DRIVERS\gtuhsbus.sys [?]
S3 GTUHSSER;GT UHS SER;C:\Windows\system32\DRIVERS\gtuhsser.sys --> C:\Windows\system32\DRIVERS\gtuhsser.sys [?]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\system32\drivers\intelaud.sys --> C:\Windows\system32\drivers\intelaud.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-5 113120]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 PACSPTISVR-Sound_Organizer;PACSPTISVR-Sound_Organizer;C:\Program Files (x86)\Sony\Sound Organizer\Sony.Earth\PACSPTISVR.exe [2011-6-23 157544]
S3 Power Manager DBC Service;Power Manager DBC Service;C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe [2011-12-10 89152]
S3 PwmEWSvc;Cisco EnergyWise Enabler;C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.exe [2011-12-10 175168]
S3 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 61976]
S4 RsFx0105;RsFx0105 Driver;C:\Windows\system32\DRIVERS\RsFx0105.sys --> C:\Windows\system32\DRIVERS\RsFx0105.sys [?]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-9-22 431464]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-06-18 13:15:08 -------- d-sh--w- C:\$RECYCLE.BIN
2012-06-18 12:34:56 98816 ----a-w- C:\Windows\sed.exe
2012-06-18 12:34:56 518144 ----a-w- C:\Windows\SWREG.exe
2012-06-18 12:34:56 256000 ----a-w- C:\Windows\PEV.exe
2012-06-18 12:34:56 208896 ----a-w- C:\Windows\MBR.exe
2012-06-14 00:11:59 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2012-06-14 00:11:59 366592 ----a-w- C:\Windows\System32\qdvd.dll
2012-06-09 15:40:17 770384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-09 15:40:17 421200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-09 00:12:30 -------- d-----w- C:\Users\X220\AppData\Local\{809704FA-C931-478D-B31C-D950B2CC53D3}
2012-06-09 00:12:19 -------- d-----w- C:\Users\X220\AppData\Local\{0748966C-BB0A-4F50-B83C-758ADED73862}
2012-06-08 23:32:37 -------- d-----w- C:\Users\X220\AppData\Local\Macromedia
2012-06-02 14:48:22 55280 ------w- C:\Windows\System32\drivers\PxHlpa64.sys
2012-06-02 14:48:22 10224 ------w- C:\Windows\System32\drivers\cdralw2k.sys
2012-06-02 14:48:22 10224 ------w- C:\Windows\System32\drivers\cdr4_xp.sys
2012-06-02 14:48:22 -------- d-----w- C:\Program Files (x86)\Common Files\PX Storage Engine
2012-05-30 02:24:24 -------- d-----w- C:\Program Files (x86)\Scratch
2012-05-20 20:25:57 -------- d-----w- C:\Users\X220\AppData\Roaming\Avery
2012-05-20 20:23:38 -------- d-----w- C:\Program Files (x86)\Avery Dennison
.
==================== Find3M ====================
.
2012-06-08 23:32:29 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-08 23:32:29 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-05-15 01:32:33 3146752 ----a-w- C:\Windows\System32\win32k.sys
2012-05-09 12:23:10 8769696 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll
2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-04-24 22:13:24 54728 ----a-w- C:\Windows\System32\drivers\Soluto.sys
2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll
2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-04-19 09:50:26 28480 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
2012-04-07 12:31:40 3216384 ----a-w- C:\Windows\System32\msi.dll
2012-04-07 11:26:29 2342400 ----a-w- C:\Windows\SysWow64\msi.dll
2012-04-04 20:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-03-30 11:35:47 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
.
============= FINISH: 12:41:06.87 ===============

#11 gtdowd

gtdowd

    New Member

  • Members
  • Pip
  • 32 posts

Posted 19 June 2012 - 12:45 PM

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 12/9/2011 7:12:28 AM
System Uptime: 6/19/2012 12:21:16 PM (0 hours ago)
.
Motherboard: LENOVO | | 4294CTO
Processor: Intel® Core™ i7-2640M CPU @ 2.80GHz | CPU | 2801/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 477 GiB total, 162.248 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Intel® Centrino® Advanced-N + WiMAX 6250
Device ID: USB\VID_8086&PID_0187\6&3E6B990&0&3
Manufacturer:
Name: Intel® Centrino® Advanced-N + WiMAX 6250
PNP Device ID: USB\VID_8086&PID_0187\6&3E6B990&0&3
Service:
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64
PNP Device ID: ROOT\NET\0000
Service: vpnva
.
==== System Restore Points ===================
.
RP148: 6/2/2012 9:48:25 AM - Installed Sound Organizer.
RP149: 6/2/2012 12:52:57 PM - Installed Sound Organizer.
RP150: 6/4/2012 9:18:29 PM - Installed AVG 2012
RP151: 6/5/2012 6:29:24 AM - Windows Update
RP152: 6/12/2012 9:17:23 AM - Scheduled Checkpoint
RP153: 6/13/2012 6:28:25 PM - Windows Update
RP154: 6/13/2012 7:12:00 PM - Windows Update
RP155: 6/18/2012 7:34:59 AM - ComboFix created restore point
.
==== Installed Programs ======================
.
.
Update for Microsoft Office 2007 (KB2508958)
Adobe Acrobat 9 Pro - English, Français, Deutsch
Adobe Acrobat 9.5.1 - CPSID_83708
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Dreamweaver CS3
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Help Viewer CS3
Adobe PDF Library Files
Adobe Setup
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Apple Application Support
Apple Software Update
ASPCA Reminder by We-Care.com v5.0.5.1
Batman - Arkham City
BlackBerry Desktop Software 6.1
Brother MFL-Pro Suite MFC-790CW
Burn.Now 4.5
Call of Duty: Modern Warfare 3
Call of Duty: Modern Warfare 3 - Multiplayer
Cisco AnyConnect VPN Client
Citrix XenApp Web Plugin
ClipCase
Corel Burn.Now Lenovo Edition
Corel DVD MovieFactory 7
Corel DVD MovieFactory Lenovo Edition
Corel WinDVD
CQGNet
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DesignPro 5
Dexpot
Direct DiscRecorder
DivXLand Media Subtitler
Dual-Core Optimizer
Duplicate Cleaner 2.1b
Family Tree Maker 2011
FileZilla Client 3.5.3
FrontLook Screen Capture 1.0
GetFLV 9.1.0.0
GIMP 2.6.11
Google SketchUp 8
Google Talk Plugin
HandBrake 0.9.6
IC-R2 Programmer
Integrated Camera Driver Installer Package Ver.1.1.0.1147
Integrated Camera TWAIN
Intel PROSet Wireless
Intel® Control Center
Intel® Identity Protection Technology 1.0.74.0
Intel® Management Engine Components
Intel® Processor Graphics
Intel® WiDi
iSEEK AnswerWorks English Runtime
Java Auto Updater
Java™ 6 Update 31
Junk Mail filter update
LEGO MINDSTORMS NXT - English Language Pack
LEGO MINDSTORMS NXT Migration Package
LEGO MINDSTORMS NXT Software v2.0
Lenovo Patch Utility
Lenovo Screen Reading Optimizer
LiveZilla
Malwarebytes Anti-Malware version 1.61.0.1400
Mesh Runtime
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Application Error Reporting
Microsoft Camera Codec Pack
Microsoft CCR and DSS Runtime 4 Beta 2
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Outlook 2010
Microsoft Office Outlook MUI (English) 2007
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2007
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing (English) 2010
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Standard 2007
Microsoft Office Word MUI (English) 2007
Microsoft Outlook 2010
Microsoft Primary Interoperability Assemblies 2005
Microsoft Robotics Developer Studio 4 Beta 2
Microsoft Server Speech Recognition Language - Kinect (en-US)
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2008 Browser
Microsoft SQL Server 2008 R2 Management Objects
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server System CLR Types
Microsoft Visual C# 2010 Express - ENU
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
Microsoft WSE 3.0 Runtime
Microsoft XNA Framework Redistributable 4.0
Mozilla Firefox 13.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nikon Message Center 2
Nikon Movie Editor
NVIDIA GAME System Software 2.8.1
Objection Series 3.4
Picture Control Utility
Pidgin
Quicken 2012
Quicken WillMaker Plus 2012
QuickTime
RICOH_Media_Driver_v2.14.18.01
Scratch
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visual C# 2010 Express - ENU (KB2251489)
Sierra Wireless QMI Lenovo Driver Package
Skype Click to Call
Skype™ 5.8
Sony DVD Architect Studio 4.5
Sony Picture Utility
Sony Sound Forge Audio Studio 9.0
Sound Organizer
Steam
System Update
ThinkPad Power Manager
ThinkPad Tablet Button Driver
ThinkPad Tablet Shortcut Menu
ThinkPad UltraNav Utility
TreeSize Free V2.5
TurboTax 2011
TurboTax 2011 wiliper
TurboTax 2011 WinPerFedFormset
TurboTax 2011 WinPerReleaseEngine
TurboTax 2011 WinPerTaxSupport
TurboTax 2011 wrapper
Unity Web Player
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687267) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Vegas Movie Studio Platinum 9.0
VirtualDJ Home FREE
Visual Studio 2008 x64 Redistributables
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
VLC media player 2.0.0
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Encoder 9 Series
Windows Media Player Firefox Plugin
Word 2007 Content Control Toolkit
XAMPP 1.7.7
.
==== Event Viewer Messages From Past Week ========
.
6/19/2012 6:29:04 AM, Error: NetBT [4307] - Initialization failed because the transport refused to open initial addresses.
6/19/2012 12:21:59 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom
6/18/2012 8:14:40 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgtdia cdrom
6/18/2012 7:53:14 AM, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: The specified module could not be found.
6/18/2012 7:51:39 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
6/18/2012 7:41:18 AM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
6/13/2012 6:47:17 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.
6/12/2012 10:33:52 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the jhi_service service.
6/12/2012 10:33:52 AM, Error: Service Control Manager [7000] - The Intel® Identity Protection Technology Host Interface Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================

#12 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,392 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 19 June 2012 - 02:17 PM

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#13 gtdowd

gtdowd

    New Member

  • Members
  • Pip
  • 32 posts

Posted 19 June 2012 - 03:41 PM

ComboFix 12-06-16.02 - X220 06/19/2012 15:30:23.2.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8075.5699 [GMT -5:00]
Running from: c:\temp\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-05-19 to 2012-06-19 )))))))))))))))))))))))))))))))
.
.
2012-06-19 20:33 . 2012-06-19 20:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-14 00:11 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-06-14 00:11 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-06-09 15:40 . 2012-06-09 15:40 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-09 15:40 . 2012-06-09 15:40 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-08 23:32 . 2012-06-08 23:32 -------- d-----w- c:\users\X220\AppData\Local\Macromedia
2012-06-02 14:48 . 2012-06-02 14:48 -------- d-----w- c:\program files (x86)\Common Files\PX Storage Engine
2012-06-02 14:48 . 2012-06-02 14:48 55280 ------w- c:\windows\system32\drivers\PxHlpa64.sys
2012-06-02 14:48 . 2012-06-02 14:48 10224 ------w- c:\windows\system32\drivers\cdralw2k.sys
2012-06-02 14:48 . 2012-06-02 14:48 10224 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2012-05-30 02:24 . 2012-05-30 02:24 -------- d-----w- c:\program files (x86)\Scratch
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-08 23:32 . 2012-04-03 12:25 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-08 23:32 . 2011-12-11 02:41 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-09 12:23 . 2012-05-09 12:23 8769696 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-24 22:13 . 2011-12-11 12:19 54728 ----a-w- c:\windows\system32\drivers\Soluto.sys
2012-04-19 09:50 . 2012-04-19 09:50 28480 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2012-04-04 20:56 . 2012-05-18 11:45 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-30 11:35 . 2012-05-09 11:58 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-06-18_12.53.57 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2012-06-17 12:49 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-06-19 13:07 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-06-19 13:07 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-06-17 12:49 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-19 13:07 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-06-17 12:49 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 05:10 . 2012-06-19 17:24 28566 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-12-09 15:08 . 2012-06-19 18:01 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-12-09 15:08 . 2012-06-18 12:35 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-12-09 15:08 . 2012-06-19 18:01 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-12-09 15:08 . 2012-06-18 12:35 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-06-18 12:35 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-19 18:01 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-12-09 13:22 . 2012-06-19 17:24 4354 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-883609196-808434145-3285787096-1000_UserData.bin
- 2012-06-18 12:52 . 2012-06-18 12:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-19 20:34 . 2012-06-19 20:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-19 20:34 . 2012-06-19 20:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-06-18 12:52 . 2012-06-18 12:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-12-10 13:41 . 2012-06-19 20:24 339764 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-07-14 02:36 . 2012-06-19 17:26 729436 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-06-18 12:21 729436 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-06-19 17:26 147958 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-06-18 12:21 147958 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2012-06-18 12:52 357852 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-06-19 20:33 357852 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-12-11 12:20 . 2012-06-19 20:33 7769040 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2011-12-11 12:20 . 2012-06-18 12:52 7769040 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2011-12-10 12:17 . 2012-06-09 00:33 4743065 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-883609196-808434145-3285787096-1000-12288.dat
+ 2011-12-10 12:17 . 2012-06-19 20:33 4743065 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-883609196-808434145-3285787096-1000-12288.dat
+ 2012-06-18 17:20 . 2012-06-18 17:20 2871808 c:\windows\Installer\e21159.msi
+ 2011-12-10 12:17 . 2012-06-19 20:33 15291180 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-883609196-808434145-3285787096-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-06-12 19:41 2068536 ----a-w- c:\program files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll" [2012-06-12 2068536]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IconOverlayHandlerAccessible]
@="{3DBF5F01-3287-46EB-82CF-45AA5C241162}"
[HKEY_CLASSES_ROOT\CLSID\{3DBF5F01-3287-46EB-82CF-45AA5C241162}]
2010-02-16 04:25 613496 ----a-w- c:\windows\SysWOW64\PGPfsshl.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dexpot"="c:\program files (x86)\Dexpot\dexpot.exe" [2012-06-08 1310720]
"Sidebar"="c:\program files (x86)\Windows Sidebar\sidebar.exe" [2010-11-21 1174016]
"QuickenScheduledUpdates"="c:\program files (x86)\Quicken\bagent.exe" [2012-04-18 74840]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2011-12-01 1631808]
"RotateImage"="c:\program files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe" [2008-10-30 55808]
"IMSS"="c:\program files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" [2011-01-17 112152]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"ROC_roc_dec12"="c:\program files (x86)\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-18 928096]
"BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]
"TSMResident"="c:\program files (x86)\ThinkPad\Tablet Shortcut\TSMRESIDENT.EXE" [2011-06-30 484856]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-06-12 1104440]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\users\X220\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Picture Motion Browser Media Check Tool.lnk - c:\program files (x86)\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2011-12-20 380928]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2011-10-17 1213216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SolutoService]
@="Service"
.
R1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HyperW7Svc;HyperW7 Service;c:\program files\Lenovo\RapidBoot\HyperW7Svc64.exe [2011-07-08 144232]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-08-25 13672]
R2 jhi_service;Intel® Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2011-02-07 210896]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
R2 SROSVC;Screen Reading Optimizer Service Program;c:\program files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe [2011-09-02 446800]
R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-01-17 2656280]
R3 ALSysIO;ALSysIO;c:\users\X220\AppData\Local\Temp\ALSysIO64.sys [x]
R3 ASRSVC;ASR Service;c:\program files (x86)\ThinkPad\Tablet Shortcut\ASR\ASRSVC.exe [2010-10-28 79136]
R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 DozeSvc;Lenovo Doze Mode Service;c:\program files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2011-12-01 478056]
R3 GTNDIS62;GT62 UHS IP NDIS;c:\windows\system32\DRIVERS\gtuhs62.sys [x]
R3 GTUHSBUS;GT UHS BUS;c:\windows\system32\DRIVERS\gtuhsbus.sys [x]
R3 GTUHSSER;GT UHS SER;c:\windows\system32\DRIVERS\gtuhsser.sys [x]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [x]
R3 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2011-07-12 101736]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-18 113120]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 PACSPTISVR-Sound_Organizer;PACSPTISVR-Sound_Organizer;c:\program files (x86)\Sony\Sound Organizer\Sony.Earth\PACSPTISVR.exe [2011-06-23 157544]
R3 PCTINDIS5X64;PCTINDIS5X64 NDIS Protocol Driver;c:\windows\system32\PCTINDIS5X64.SYS [x]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2011-12-01 89152]
R3 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE [2011-12-01 175168]
R3 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 TabletSVC;TABLET Service;c:\program files (x86)\ThinkPad\Tablet Shortcut\TSMService.exe [2011-06-30 83440]
R3 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [2011-07-12 145256]
R3 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2011-07-12 142696]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]
R4 RsFx0105;RsFx0105 Driver;c:\windows\system32\DRIVERS\RsFx0105.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-09-23 431464]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S0 DzHDD64;DzHDD64;c:\windows\System32\DRIVERS\DzHDD64.sys [x]
S0 pgpfs;PGP File Sharing;c:\windows\System32\Drivers\PGPfsfd.sys [x]
S0 Pgpwdefs;Pgpwdefs;c:\windows\system32\DRIVERS\Pgpwdefs.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 Soluto;Soluto;c:\windows\system32\DRIVERS\Soluto.sys [x]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys [x]
S1 PHCORE;PHCORE;c:\program files\Lenovo\RapidBoot\PHCORE64.SYS [2011-07-08 32104]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2012-04-30 5106744]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg64.exe [x]
S2 GobiQDLService;Sierra Wireless QDL Service;c:\program files (x86)\Sierra Wireless Inc\Gobi\QDLService\GobiQDLService.exe [2011-09-01 316784]
S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [x]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [2011-05-31 41320]
S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [2011-05-31 59240]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2011-07-12 133992]
S2 risdxc;risdxc;c:\windows\system32\DRIVERS\risdxc64.sys [x]
S2 smihlp;SMI Helper Driver (smihlp);c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [2011-05-31 13128]
S2 SolutoService;Soluto PCGenome Core Service;c:\program files\Soluto\SolutoService.exe [2012-04-24 584224]
S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2009-10-09 493248]
S2 vToolbarUpdater11.1.0;vToolbarUpdater11.1.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe [2012-06-12 935480]
S3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys [x]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [x]
S3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [x]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
S3 swg3kmbb01;Sierra Wireless QMI USB-NDIS 6.20 miniport for Lenovo;c:\windows\system32\DRIVERS\swg3kmbb01.sys [x]
S3 swg3knmea01;Sierra Wireless QMI NMEA Communication - Lenovo;c:\windows\system32\DRIVERS\swg3knmea01.sys [x]
S3 swg3kser01;Sierra Wireless QMI USB Device for Legacy Serial Communication - Lenovo;c:\windows\system32\DRIVERS\swg3kser01.sys [x]
S3 swibus01;Sierra Wireless Bus Enumerator 01;c:\windows\system32\DRIVERS\swibus01.sys [x]
S3 swibusflt01;Sierra Wireless Bus Enumerator Filter 01;c:\windows\system32\DRIVERS\swibusflt01.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-883609196-808434145-3285787096-1000Core.job
- c:\users\X220\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-24 19:23]
.
2012-06-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-883609196-808434145-3285787096-1000UA.job
- c:\users\X220\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-24 19:23]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IconOverlayHandlerAccessible]
@="{3DBF5F01-3287-46EB-82CF-45AA5C241162}"
[HKEY_CLASSES_ROOT\CLSID\{3DBF5F01-3287-46EB-82CF-45AA5C241162}]
2010-02-16 04:25 538744 ----a-w- c:\windows\System32\PGPfsshl.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ForteConfig"="c:\program files\Conexant\ForteConfig\fmapp.exe" [2010-10-26 49056]
"TpShocks"="TpShocks.exe" [2011-03-29 380776]
"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2011-05-31 40808]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-12-14 316032]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-10-04 167704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-10-04 416024]
"PSQLLauncher"="c:\program files\ThinkVantage Fingerprint Software\launcher.exe" [2011-07-14 85832]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
LSP: c:\windows\system32\PGPlsp.dll
Trusted Zone: intuit.com\ttlc
TCP: Interfaces\{469A349C-5B6D-4F1A-8E18-175B08EF668D}: NameServer = 209.183.33.23 209.183.35.23
TCP: Interfaces\{DCFCB76C-CB1B-42C3-B199-54156D512045}: NameServer = 172.16.145.103 172.16.145.103
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll
DPF: {A6616B31-4860-41E2-98E3-CA7649AF172F} - file:///D:/launch.ocx
FF - ProfilePath - c:\users\X220\AppData\Roaming\Mozilla\Firefox\Profiles\pvclcagu.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&q=
FF - prefs.js: network.proxy.type - 4
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{95B7759C-8C7F-4BF1-B163-73684A933233}"=hex:51,66,7a,6c,4c,1d,38,12,f2,76,a4,
91,4d,c2,9f,0e,ce,75,30,28,4f,cd,76,27
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"=hex:51,66,7a,6c,4c,1d,38,12,57,36,90,
43,f7,9e,4b,04,e0,be,4b,59,e7,b4,e8,87
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,38,12,7c,f0,b1,
38,5c,21,3d,0e,d9,78,0d,25,e1,c9,8c,d4
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AE7CD045-E861-484F-8273-0445EE161910}"=hex:51,66,7a,6c,4c,1d,38,12,2b,d3,6f,
aa,53,a6,21,0d,fd,65,47,05,eb,48,5d,04
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}"=hex:51,66,7a,6c,4c,1d,38,12,b0,f3,37,
dc,52,73,39,0a,e1,a7,25,43,3b,93,ce,af
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{F4971EE7-DAA0-4053-9964-665D8EE6A077}"=hex:51,66,7a,6c,4c,1d,38,12,89,1d,84,
f0,92,94,3d,05,e6,72,25,1d,8b,b8,e4,63
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:29,52,d8,8c,63,26,cd,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SysWOW64\PGPserv.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\windows\SysWOW64\SAsrv.exe
c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Lenovo\System Update\SUService.exe
.
**************************************************************************
.
Completion time: 2012-06-19 15:36:56 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-19 20:36
ComboFix2.txt 2012-06-18 13:11
.
Pre-Run: 174,167,048,192 bytes free
Post-Run: 173,848,752,128 bytes free
.
- - End Of File - - 44DAD3DBB8EAA83E8CDDA73986764793

#14 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,392 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 19 June 2012 - 05:01 PM

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

FireFox::
FF - ProfilePath - c:\users\X220\AppData\Roaming\Mozilla\Firefox\Profiles\pvclcagu.default\
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&q=
FF - prefs.js: network.proxy.type - 4

JavaClearCache::

Save this as CFScript.txt, in the same location as ComboFix.exe

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#15 gtdowd

gtdowd

    New Member

  • Members
  • Pip
  • 32 posts

Posted 19 June 2012 - 07:50 PM

ComboFix 12-06-19.03 - X220 06/19/2012 18:22:42.3.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8075.6013 [GMT -5:00]
Running from: c:\temp\ComboFix.exe
Command switches used :: c:\temp\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-05-19 to 2012-06-19 )))))))))))))))))))))))))))))))
.
.
2012-06-19 23:36 . 2012-06-19 23:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-14 00:11 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-06-14 00:11 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-06-09 15:40 . 2012-06-09 15:40 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-09 15:40 . 2012-06-09 15:40 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-08 23:32 . 2012-06-08 23:32 -------- d-----w- c:\users\X220\AppData\Local\Macromedia
2012-06-02 14:48 . 2012-06-02 14:48 -------- d-----w- c:\program files (x86)\Common Files\PX Storage Engine
2012-06-02 14:48 . 2012-06-02 14:48 55280 ------w- c:\windows\system32\drivers\PxHlpa64.sys
2012-06-02 14:48 . 2012-06-02 14:48 10224 ------w- c:\windows\system32\drivers\cdralw2k.sys
2012-06-02 14:48 . 2012-06-02 14:48 10224 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2012-05-30 02:24 . 2012-05-30 02:24 -------- d-----w- c:\program files (x86)\Scratch
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-08 23:32 . 2012-04-03 12:25 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-08 23:32 . 2011-12-11 02:41 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-09 12:23 . 2012-05-09 12:23 8769696 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-24 22:13 . 2011-12-11 12:19 54728 ----a-w- c:\windows\system32\drivers\Soluto.sys
2012-04-19 09:50 . 2012-04-19 09:50 28480 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2012-04-04 20:56 . 2012-05-18 11:45 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-30 11:35 . 2012-05-09 11:58 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-06-18_12.53.57 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2012-06-17 12:49 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-06-19 13:07 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-06-19 13:07 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-06-17 12:49 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-19 13:07 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-06-17 12:49 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 05:10 . 2012-06-19 23:20 28582 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-12-09 15:08 . 2012-06-19 23:21 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-12-09 15:08 . 2012-06-18 12:35 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-12-09 15:08 . 2012-06-19 23:21 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-12-09 15:08 . 2012-06-18 12:35 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-06-18 12:35 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-19 23:21 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-12-09 13:22 . 2012-06-19 23:20 4534 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-883609196-808434145-3285787096-1000_UserData.bin
- 2012-06-18 12:52 . 2012-06-18 12:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-19 23:17 . 2012-06-19 23:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-19 23:17 . 2012-06-19 23:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-06-18 12:52 . 2012-06-18 12:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-12-10 13:41 . 2012-06-19 23:13 340004 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-07-14 02:36 . 2012-06-19 23:24 729436 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-06-18 12:21 729436 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-06-19 23:24 147958 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-06-18 12:21 147958 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2012-06-18 12:52 357852 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-06-19 23:17 357852 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-12-11 12:20 . 2012-06-19 23:17 7769040 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2011-12-11 12:20 . 2012-06-18 12:52 7769040 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-12-10 12:17 . 2012-06-19 20:33 4743065 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-883609196-808434145-3285787096-1000-12288.dat
- 2011-12-10 12:17 . 2012-06-09 00:33 4743065 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-883609196-808434145-3285787096-1000-12288.dat
+ 2012-06-18 17:20 . 2012-06-18 17:20 2871808 c:\windows\Installer\e21159.msi
+ 2011-12-10 12:17 . 2012-06-19 23:17 15291180 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-883609196-808434145-3285787096-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-06-12 19:41 2068536 ----a-w- c:\program files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll" [2012-06-12 2068536]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IconOverlayHandlerAccessible]
@="{3DBF5F01-3287-46EB-82CF-45AA5C241162}"
[HKEY_CLASSES_ROOT\CLSID\{3DBF5F01-3287-46EB-82CF-45AA5C241162}]
2010-02-16 04:25 613496 ----a-w- c:\windows\SysWOW64\PGPfsshl.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dexpot"="c:\program files (x86)\Dexpot\dexpot.exe" [2012-06-08 1310720]
"Sidebar"="c:\program files (x86)\Windows Sidebar\sidebar.exe" [2010-11-21 1174016]
"QuickenScheduledUpdates"="c:\program files (x86)\Quicken\bagent.exe" [2012-04-18 74840]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2011-12-01 1631808]
"RotateImage"="c:\program files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe" [2008-10-30 55808]
"IMSS"="c:\program files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" [2011-01-17 112152]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"ROC_roc_dec12"="c:\program files (x86)\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-18 928096]
"BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]
"TSMResident"="c:\program files (x86)\ThinkPad\Tablet Shortcut\TSMRESIDENT.EXE" [2011-06-30 484856]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-06-12 1104440]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\users\X220\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Picture Motion Browser Media Check Tool.lnk - c:\program files (x86)\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2011-12-20 380928]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2011-10-17 1213216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SolutoService]
@="Service"
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2012-04-30 5106744]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HyperW7Svc;HyperW7 Service;c:\program files\Lenovo\RapidBoot\HyperW7Svc64.exe [2011-07-08 144232]
R3 ALSysIO;ALSysIO;c:\users\X220\AppData\Local\Temp\ALSysIO64.sys [x]
R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 GTNDIS62;GT62 UHS IP NDIS;c:\windows\system32\DRIVERS\gtuhs62.sys [x]
R3 GTUHSBUS;GT UHS BUS;c:\windows\system32\DRIVERS\gtuhsbus.sys [x]
R3 GTUHSSER;GT UHS SER;c:\windows\system32\DRIVERS\gtuhsser.sys [x]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-18 113120]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 PACSPTISVR-Sound_Organizer;PACSPTISVR-Sound_Organizer;c:\program files (x86)\Sony\Sound Organizer\Sony.Earth\PACSPTISVR.exe [2011-06-23 157544]
R3 PCTINDIS5X64;PCTINDIS5X64 NDIS Protocol Driver;c:\windows\system32\PCTINDIS5X64.SYS [x]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2011-12-01 89152]
R3 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE [2011-12-01 175168]
R3 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]
R4 RsFx0105;RsFx0105 Driver;c:\windows\system32\DRIVERS\RsFx0105.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-09-23 431464]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S0 DzHDD64;DzHDD64;c:\windows\System32\DRIVERS\DzHDD64.sys [x]
S0 pgpfs;PGP File Sharing;c:\windows\System32\Drivers\PGPfsfd.sys [x]
S0 Pgpwdefs;Pgpwdefs;c:\windows\system32\DRIVERS\Pgpwdefs.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 Soluto;Soluto;c:\windows\system32\DRIVERS\Soluto.sys [x]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys [x]
S1 PHCORE;PHCORE;c:\program files\Lenovo\RapidBoot\PHCORE64.SYS [2011-07-08 32104]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg64.exe [x]
S2 GobiQDLService;Sierra Wireless QDL Service;c:\program files (x86)\Sierra Wireless Inc\Gobi\QDLService\GobiQDLService.exe [2011-09-01 316784]
S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [x]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-08-25 13672]
S2 jhi_service;Intel® Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2011-02-07 210896]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [2011-05-31 41320]
S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [2011-05-31 59240]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2011-07-12 133992]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 risdxc;risdxc;c:\windows\system32\DRIVERS\risdxc64.sys [x]
S2 smihlp;SMI Helper Driver (smihlp);c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [2011-05-31 13128]
S2 SolutoService;Soluto PCGenome Core Service;c:\program files\Soluto\SolutoService.exe [2012-04-24 584224]
S2 SROSVC;Screen Reading Optimizer Service Program;c:\program files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe [2011-09-02 446800]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-01-17 2656280]
S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2009-10-09 493248]
S2 vToolbarUpdater11.1.0;vToolbarUpdater11.1.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe [2012-06-12 935480]
S3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys [x]
S3 ASRSVC;ASR Service;c:\program files (x86)\ThinkPad\Tablet Shortcut\ASR\ASRSVC.exe [2010-10-28 79136]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [x]
S3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]
S3 DozeSvc;Lenovo Doze Mode Service;c:\program files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2011-12-01 478056]
S3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [x]
S3 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2011-07-12 101736]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
S3 swg3kmbb01;Sierra Wireless QMI USB-NDIS 6.20 miniport for Lenovo;c:\windows\system32\DRIVERS\swg3kmbb01.sys [x]
S3 swg3knmea01;Sierra Wireless QMI NMEA Communication - Lenovo;c:\windows\system32\DRIVERS\swg3knmea01.sys [x]
S3 swg3kser01;Sierra Wireless QMI USB Device for Legacy Serial Communication - Lenovo;c:\windows\system32\DRIVERS\swg3kser01.sys [x]
S3 swibus01;Sierra Wireless Bus Enumerator 01;c:\windows\system32\DRIVERS\swibus01.sys [x]
S3 swibusflt01;Sierra Wireless Bus Enumerator Filter 01;c:\windows\system32\DRIVERS\swibusflt01.sys [x]
S3 TabletSVC;TABLET Service;c:\program files (x86)\ThinkPad\Tablet Shortcut\TSMService.exe [2011-06-30 83440]
S3 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [2011-07-12 145256]
S3 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2011-07-12 142696]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-883609196-808434145-3285787096-1000Core.job
- c:\users\X220\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-24 19:23]
.
2012-06-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-883609196-808434145-3285787096-1000UA.job
- c:\users\X220\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-24 19:23]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IconOverlayHandlerAccessible]
@="{3DBF5F01-3287-46EB-82CF-45AA5C241162}"
[HKEY_CLASSES_ROOT\CLSID\{3DBF5F01-3287-46EB-82CF-45AA5C241162}]
2010-02-16 04:25 538744 ----a-w- c:\windows\System32\PGPfsshl.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ForteConfig"="c:\program files\Conexant\ForteConfig\fmapp.exe" [2010-10-26 49056]
"TpShocks"="TpShocks.exe" [2011-03-29 380776]
"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2011-05-31 40808]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-12-14 316032]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-10-04 167704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-10-04 416024]
"PSQLLauncher"="c:\program files\ThinkVantage Fingerprint Software\launcher.exe" [2011-07-14 85832]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
LSP: c:\windows\system32\PGPlsp.dll
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{469A349C-5B6D-4F1A-8E18-175B08EF668D}: NameServer = 209.183.33.23 209.183.35.23
TCP: Interfaces\{DCFCB76C-CB1B-42C3-B199-54156D512045}: NameServer = 172.16.145.103 172.16.145.103
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll
DPF: {A6616B31-4860-41E2-98E3-CA7649AF172F} - file:///D:/launch.ocx
FF - ProfilePath - c:\users\X220\AppData\Roaming\Mozilla\Firefox\Profiles\pvclcagu.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{95B7759C-8C7F-4BF1-B163-73684A933233}"=hex:51,66,7a,6c,4c,1d,38,12,f2,76,a4,
91,4d,c2,9f,0e,ce,75,30,28,4f,cd,76,27
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"=hex:51,66,7a,6c,4c,1d,38,12,57,36,90,
43,f7,9e,4b,04,e0,be,4b,59,e7,b4,e8,87
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,38,12,7c,f0,b1,
38,5c,21,3d,0e,d9,78,0d,25,e1,c9,8c,d4
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AE7CD045-E861-484F-8273-0445EE161910}"=hex:51,66,7a,6c,4c,1d,38,12,2b,d3,6f,
aa,53,a6,21,0d,fd,65,47,05,eb,48,5d,04
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}"=hex:51,66,7a,6c,4c,1d,38,12,b0,f3,37,
dc,52,73,39,0a,e1,a7,25,43,3b,93,ce,af
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{F4971EE7-DAA0-4053-9964-665D8EE6A077}"=hex:51,66,7a,6c,4c,1d,38,12,89,1d,84,
f0,92,94,3d,05,e6,72,25,1d,8b,b8,e4,63
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:29,52,d8,8c,63,26,cd,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-06-19 19:21:37
ComboFix-quarantined-files.txt 2012-06-20 00:21
ComboFix2.txt 2012-06-19 20:36
ComboFix3.txt 2012-06-18 13:11
.
Pre-Run: 173,952,671,744 bytes free
Post-Run: 173,648,621,568 bytes free
.
- - End Of File - - D914E8AB3180CAA53DB97E68B52EEEE2

#16 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,392 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 20 June 2012 - 05:31 AM

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#17 gtdowd

gtdowd

    New Member

  • Members
  • Pip
  • 32 posts

Posted 20 June 2012 - 07:11 AM

should i leave the two bottom boxes unchecked as shown below? Please advise and then I will promptly send logs. thanks

#18 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,392 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 20 June 2012 - 07:12 AM

Tick them too.
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#19 gtdowd

gtdowd

    New Member

  • Members
  • Pip
  • 32 posts

Posted 20 June 2012 - 07:14 AM

....

#20 gtdowd

gtdowd

    New Member

  • Members
  • Pip
  • 32 posts

Posted 20 June 2012 - 07:19 AM

I have not log.txt in the location you sepcify?

in C/ProgramFiles(x86)/ESET/ESET Online Scanner/ I have only 2 files as below

OnlineScanner.ocx
OnlineScannerUninstaller.exe




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users