Jump to content

Malwarebytes successfully blocking Outlook access to potentially malicious website


Recommended Posts

I am getting a pop up about once every 15-30 seconds reporting that Malwarebytes is blocking access to a potentially malicious website 208.73.210.155, Type: Outgoing, Process: Outlook.exe

I have run virus scan and come up with nothing.

Any thoughts?

Link to post
Share on other sites

  • Replies 50
  • Created
  • Last Reply

Top Posters In This Topic

Hello gtdowd and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at support@malwarebytes.org or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

Please follow the instructions here and post the log files:

http://forums.malwarebytes.org/index.php?showtopic=9573

Link to post
Share on other sites

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31

Run by X220 at 8:04:12 on 2012-06-19

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8075.5915 [GMT -5:00]

.

AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\ibmpmsvc.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\WUDFHost.exe

C:\Windows\SYSTEM32\WISPTIS.EXE

C:\Windows\system32\WUDFHost.exe

C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe

C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\conhost.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe

C:\Windows\system32\CxAudMsg64.exe

C:\Program Files\Intel\WiFi\bin\EvtEng.exe

C:\Program Files (x86)\Sierra Wireless Inc\Gobi\QDLService\GobiQDLService.exe

C:\Windows\system32\IProsetMonitor.exe

C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe

C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe

C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe

C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe

c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe

C:\Windows\SysWOW64\PGPserv.exe

C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

C:\Windows\SysWOW64\SAsrv.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\UI0Detect.exe

C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\taskhost.exe

C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe

C:\Windows\system32\Dwm.exe

C:\Windows\SYSTEM32\WISPTIS.EXE

C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\CONEXANT\ForteConfig\fmapp.exe

C:\Windows\System32\TpShocks.exe

C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\System32\igfxpers.exe

C:\Program Files (x86)\Dexpot\dexpot.exe

C:\Program Files (x86)\Windows Sidebar\sidebar.exe

C:\Program Files (x86)\Quicken\bagent.exe

C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe

C:\Program Files (x86)\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe

C:\Windows\system32\rundll32.exe

C:\Program Files (x86)\AVG\AVG2012\avgtray.exe

C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe

C:\Program Files (x86)\ThinkPad\Tablet Shortcut\TSMResident.exe

C:\Program Files (x86)\AVG Secure Search\vprot.exe

C:\Windows\system32\igfxext.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe

C:\Program Files (x86)\Dexpot\Dexpot64.exe

C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE

C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SRORest.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\SysWOW64\RunDll32.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files (x86)\Lenovo\System Update\SUService.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE

C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe

C:\Program Files (x86)\ThinkPad\Tablet Shortcut\ASR\ASRSVC.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe

C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe

C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe

C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe

C:\PROGRA~1\Lenovo\HOTKEY\tpnumlk.exe

C:\Program Files (x86)\ThinkPad\Tablet Shortcut\TSMService.exe

C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe

C:\Windows\system32\rundll32.exe

C:\PROGRA~1\Lenovo\Zoom\TPSCREX.EXE

C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE

C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\AVG\AVG2012\avgcfgex.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\igfxsrvc.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = about:blank

uInternet Settings,ProxyOverride = *.local

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

BHO: WeCareReminder Class: {d824f0de-3d60-4f57-9eb1-66033ecd8abb} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

uRun: [Dexpot] C:\Program Files (x86)\Dexpot\dexpot.exe

uRun: [sidebar] C:\Program Files (x86)\Windows Sidebar\sidebar.exe /autoRun

uRun: [QuickenScheduledUpdates] C:\Program Files (x86)\Quicken\bagent.exe

mRun: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor

mRun: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe

mRun: [iMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"

mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"

mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe

mRun: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12

mRun: [brMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN

mRun: [TSMResident] "C:\Program Files (x86)\ThinkPad\Tablet Shortcut\TSMRESIDENT.EXE" /r

mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

StartupFolder: C:\Users\X220\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\PICTUR~1.LNK - C:\Program Files (x86)\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\ThinkPad\Bluetooth Software\BTTray.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Append to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert link target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert link target to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

LSP: C:\Windows\system32\PGPlsp.dll

Trusted Zone: intuit.com\ttlc

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {A6616B31-4860-41E2-98E3-CA7649AF172F} - file:///D:/launch.ocx

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

TCP: Interfaces\{2FBF9ABD-C455-4E88-AB46-4924300BBCC5} : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{2FBF9ABD-C455-4E88-AB46-4924300BBCC5}\0557D607B696E65374 : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{2FBF9ABD-C455-4E88-AB46-4924300BBCC5}\3416279626F657 : DhcpNameServer = 207.87.178.40 207.87.178.41 4.2.2.2

TCP: Interfaces\{2FBF9ABD-C455-4E88-AB46-4924300BBCC5}\34C6561627023507F64702664643 : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{469A349C-5B6D-4F1A-8E18-175B08EF668D} : NameServer = 209.183.33.23 209.183.35.23

TCP: Interfaces\{C0F41CFF-96F9-46C4-B079-0BDBA30F2C78} : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{DCFCB76C-CB1B-42C3-B199-54156D512045} : NameServer = 172.16.145.103 172.16.145.103

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

LSA: Notification Packages = scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll

BHO-X64: AVG Do Not Track - No File

BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll

BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File

BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll

BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO-X64: SkypeIEPluginBHO - No File

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: WeCareReminder Class: {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll

BHO-X64: WeCareReminder - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO-X64: SmartSelect - No File

TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll

TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

mRun-x64: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor

mRun-x64: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe

mRun-x64: [iMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"

mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"

mRun-x64: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe

mRun-x64: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12

mRun-x64: [brMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN

mRun-x64: [TSMResident] "C:\Program Files (x86)\ThinkPad\Tablet Shortcut\TSMRESIDENT.EXE" /r

mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\X220\AppData\Roaming\Mozilla\Firefox\Profiles\pvclcagu.default\

FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)

FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&q=

FF - prefs.js: network.proxy.type - 4

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\npsitesafety.dll

FF - plugin: c:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\X220\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll

FF - plugin: C:\Users\X220\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll

FF - plugin: C:\Users\X220\AppData\Roaming\Mozilla\Firefox\Profiles\pvclcagu.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\plugins\np-mswmp.dll

FF - plugin: C:\Users\X220\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll

FF - plugin: C:\Users\X220\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: C:\Users\X220\AppData\Roaming\Mozilla\plugins\npicaN.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSHA;AVGIDSHA;C:\Windows\system32\DRIVERS\avgidsha.sys --> C:\Windows\system32\DRIVERS\avgidsha.sys [?]

R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]

R0 DzHDD64;DzHDD64;C:\Windows\system32\DRIVERS\DzHDD64.sys --> C:\Windows\system32\DRIVERS\DzHDD64.sys [?]

R0 pgpfs;PGP File Sharing;C:\Windows\system32\Drivers\PGPfsfd.sys --> C:\Windows\system32\Drivers\PGPfsfd.sys [?]

R0 Pgpwdefs;Pgpwdefs;C:\Windows\system32\DRIVERS\Pgpwdefs.sys --> C:\Windows\system32\DRIVERS\Pgpwdefs.sys [?]

R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]

R0 TPDIGIMN;TPDIGIMN;C:\Windows\system32\DRIVERS\ApsHM64.sys --> C:\Windows\system32\DRIVERS\ApsHM64.sys [?]

R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]

R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]

R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]

R1 lenovo.smi;Lenovo System Interface Driver;C:\Windows\system32\DRIVERS\smiifx64.sys --> C:\Windows\system32\DRIVERS\smiifx64.sys [?]

R1 PHCORE;PHCORE;C:\Program Files\Lenovo\RapidBoot\PHCORE64.sys [2011-7-8 32104]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]

R2 CxAudMsg;Conexant Audio Message Service;C:\Windows\system32\CxAudMsg64.exe --> C:\Windows\system32\CxAudMsg64.exe [?]

R2 GobiQDLService;Sierra Wireless QDL Service;C:\Program Files (x86)\Sierra Wireless Inc\Gobi\QDLService\GobiQDLService.exe [2011-9-1 316784]

R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\system32\IProsetMonitor.exe --> C:\Windows\system32\IProsetMonitor.exe [?]

R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-8-25 13672]

R2 jhi_service;Intel® Identity Protection Technology Host Interface Service;C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2011-2-7 210896]

R2 LENOVO.CAMMUTE;Lenovo Camera Mute;C:\Program Files\Lenovo\Communications Utility\CamMute.exe [2011-12-10 41320]

R2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe [2011-12-10 59240]

R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe [2011-12-10 133992]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-5-18 654408]

R2 risdxc;risdxc;C:\Windows\system32\DRIVERS\risdxc64.sys --> C:\Windows\system32\DRIVERS\risdxc64.sys [?]

R2 SAService;Conexant SmartAudio service;C:\Windows\System32\SASrv.exe [2011-12-10 446592]

R2 smihlp;SMI Helper Driver (smihlp);C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [2011-5-30 13128]

R2 SROSVC;Screen Reading Optimizer Service Program;C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe [2011-12-10 446800]

R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-12-10 2656280]

R2 vpnagent;Cisco AnyConnect VPN Agent;C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2009-10-9 493248]

R2 vToolbarUpdater11.1.0;vToolbarUpdater11.1.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe [2012-6-12 935480]

R3 5U877;USB Video Device;C:\Windows\system32\DRIVERS\5U877.sys --> C:\Windows\system32\DRIVERS\5U877.sys [?]

R3 ASRSVC;ASR Service;C:\Program Files (x86)\ThinkPad\Tablet Shortcut\ASR\ASRSVC.exe [2011-12-10 79136]

R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\avgidsdrivera.sys --> C:\Windows\system32\DRIVERS\avgidsdrivera.sys [?]

R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\avgidsfiltera.sys --> C:\Windows\system32\DRIVERS\avgidsfiltera.sys [?]

R3 DozeSvc;Lenovo Doze Mode Service;C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2012-2-14 478056]

R3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;C:\Windows\system32\DRIVERS\e1c62x64.sys --> C:\Windows\system32\DRIVERS\e1c62x64.sys [?]

R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]

R3 iwdbus;IWD Bus Enumerator;C:\Windows\system32\DRIVERS\iwdbus.sys --> C:\Windows\system32\DRIVERS\iwdbus.sys [?]

R3 LENOVO.MICMUTE;Lenovo Microphone Mute;C:\Program Files\Lenovo\HOTKEY\micmute.exe [2011-12-10 101736]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]

R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

R3 swg3kmbb01;Sierra Wireless QMI USB-NDIS 6.20 miniport for Lenovo;C:\Windows\system32\DRIVERS\swg3kmbb01.sys --> C:\Windows\system32\DRIVERS\swg3kmbb01.sys [?]

R3 swg3knmea01;Sierra Wireless QMI NMEA Communication - Lenovo;C:\Windows\system32\DRIVERS\swg3knmea01.sys --> C:\Windows\system32\DRIVERS\swg3knmea01.sys [?]

R3 swg3kser01;Sierra Wireless QMI USB Device for Legacy Serial Communication - Lenovo;C:\Windows\system32\DRIVERS\swg3kser01.sys --> C:\Windows\system32\DRIVERS\swg3kser01.sys [?]

R3 swibus01;Sierra Wireless Bus Enumerator 01;C:\Windows\system32\DRIVERS\swibus01.sys --> C:\Windows\system32\DRIVERS\swibus01.sys [?]

R3 swibusflt01;Sierra Wireless Bus Enumerator Filter 01;C:\Windows\system32\DRIVERS\swibusflt01.sys --> C:\Windows\system32\DRIVERS\swibusflt01.sys [?]

R3 TabletSVC;TABLET Service;C:\Program Files (x86)\ThinkPad\Tablet Shortcut\TSMService.exe [2011-12-10 83440]

R3 TPHKLOAD;Lenovo Hotkey Client Loader;C:\Program Files\Lenovo\HOTKEY\tphkload.exe [2011-12-10 145256]

R3 TPHKSVC;On Screen Display;C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe [2011-12-10 142696]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]

S0 Soluto;Soluto;C:\Windows\system32\DRIVERS\Soluto.sys --> C:\Windows\system32\DRIVERS\Soluto.sys [?]

S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-4-30 5106744]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 HyperW7Svc;HyperW7 Service;C:\Program Files\Lenovo\RapidBoot\HyperW7Svc64.exe [2011-7-8 144232]

S2 SolutoService;Soluto PCGenome Core Service;C:\Program Files\Soluto\SolutoService.exe [2012-4-24 584224]

S3 BTWAMPFL;BTWAMPFL;C:\Windows\system32\DRIVERS\btwampfl.sys --> C:\Windows\system32\DRIVERS\btwampfl.sys [?]

S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]

S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]

S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]

S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]

S3 GTNDIS62;GT62 UHS IP NDIS;C:\Windows\system32\DRIVERS\gtuhs62.sys --> C:\Windows\system32\DRIVERS\gtuhs62.sys [?]

S3 GTUHSBUS;GT UHS BUS;C:\Windows\system32\DRIVERS\gtuhsbus.sys --> C:\Windows\system32\DRIVERS\gtuhsbus.sys [?]

S3 GTUHSSER;GT UHS SER;C:\Windows\system32\DRIVERS\gtuhsser.sys --> C:\Windows\system32\DRIVERS\gtuhsser.sys [?]

S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\system32\drivers\intelaud.sys --> C:\Windows\system32\drivers\intelaud.sys [?]

S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-5 113120]

S3 PACSPTISVR-Sound_Organizer;PACSPTISVR-Sound_Organizer;C:\Program Files (x86)\Sony\Sound Organizer\Sony.Earth\PACSPTISVR.exe [2011-6-23 157544]

S3 Power Manager DBC Service;Power Manager DBC Service;C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe [2011-12-10 89152]

S3 PwmEWSvc;Cisco EnergyWise Enabler;C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.exe [2011-12-10 175168]

S3 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856]

S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]

S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 61976]

S4 RsFx0105;RsFx0105 Driver;C:\Windows\system32\DRIVERS\RsFx0105.sys --> C:\Windows\system32\DRIVERS\RsFx0105.sys [?]

S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-9-22 431464]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2012-06-18 13:15:08 -------- d-sh--w- C:\$RECYCLE.BIN

2012-06-18 12:34:56 98816 ----a-w- C:\Windows\sed.exe

2012-06-18 12:34:56 518144 ----a-w- C:\Windows\SWREG.exe

2012-06-18 12:34:56 256000 ----a-w- C:\Windows\PEV.exe

2012-06-18 12:34:56 208896 ----a-w- C:\Windows\MBR.exe

2012-06-14 00:11:59 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll

2012-06-14 00:11:59 366592 ----a-w- C:\Windows\System32\qdvd.dll

2012-06-09 15:40:17 770384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll

2012-06-09 15:40:17 421200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll

2012-06-09 00:12:30 -------- d-----w- C:\Users\X220\AppData\Local\{809704FA-C931-478D-B31C-D950B2CC53D3}

2012-06-09 00:12:19 -------- d-----w- C:\Users\X220\AppData\Local\{0748966C-BB0A-4F50-B83C-758ADED73862}

2012-06-08 23:32:37 -------- d-----w- C:\Users\X220\AppData\Local\Macromedia

2012-06-02 14:48:22 55280 ------w- C:\Windows\System32\drivers\PxHlpa64.sys

2012-06-02 14:48:22 10224 ------w- C:\Windows\System32\drivers\cdralw2k.sys

2012-06-02 14:48:22 10224 ------w- C:\Windows\System32\drivers\cdr4_xp.sys

2012-06-02 14:48:22 -------- d-----w- C:\Program Files (x86)\Common Files\PX Storage Engine

2012-05-30 02:24:24 -------- d-----w- C:\Program Files (x86)\Scratch

2012-05-20 20:25:57 -------- d-----w- C:\Users\X220\AppData\Roaming\Avery

2012-05-20 20:23:38 -------- d-----w- C:\Program Files (x86)\Avery Dennison

.

==================== Find3M ====================

.

2012-06-08 23:32:29 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-06-08 23:32:29 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll

2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-05-15 01:32:33 3146752 ----a-w- C:\Windows\System32\win32k.sys

2012-05-09 12:23:10 8769696 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe

2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll

2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys

2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll

2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll

2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe

2012-04-24 22:13:24 54728 ----a-w- C:\Windows\System32\drivers\Soluto.sys

2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll

2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll

2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll

2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll

2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll

2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll

2012-04-19 09:50:26 28480 ----a-w- C:\Windows\System32\drivers\avgidsha.sys

2012-04-07 12:31:40 3216384 ----a-w- C:\Windows\System32\msi.dll

2012-04-07 11:26:29 2342400 ----a-w- C:\Windows\SysWow64\msi.dll

2012-04-04 20:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-03-30 11:35:47 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys

.

============= FINISH: 8:04:24.31 ===============

Link to post
Share on other sites

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 12/9/2011 7:12:28 AM

System Uptime: 6/19/2012 6:25:53 AM (2 hours ago)

.

Motherboard: LENOVO | | 4294CTO

Processor: Intel® Core i7-2640M CPU @ 2.80GHz | CPU | 2801/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 477 GiB total, 162.466 GiB free.

.

==== Disabled Device Manager Items =============

.

Class GUID:

Description: Intel® Centrino® Advanced-N + WiMAX 6250

Device ID: USB\VID_8086&PID_0187\6&3E6B990&0&3

Manufacturer:

Name: Intel® Centrino® Advanced-N + WiMAX 6250

PNP Device ID: USB\VID_8086&PID_0187\6&3E6B990&0&3

Service:

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64

Device ID: ROOT\NET\0000

Manufacturer: Cisco Systems

Name: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64

PNP Device ID: ROOT\NET\0000

Service: vpnva

.

==== System Restore Points ===================

.

RP148: 6/2/2012 9:48:25 AM - Installed Sound Organizer.

RP149: 6/2/2012 12:52:57 PM - Installed Sound Organizer.

RP150: 6/4/2012 9:18:29 PM - Installed AVG 2012

RP151: 6/5/2012 6:29:24 AM - Windows Update

RP152: 6/12/2012 9:17:23 AM - Scheduled Checkpoint

RP153: 6/13/2012 6:28:25 PM - Windows Update

RP154: 6/13/2012 7:12:00 PM - Windows Update

RP155: 6/18/2012 7:34:59 AM - ComboFix created restore point

.

==== Installed Programs ======================

.

.

Update for Microsoft Office 2007 (KB2508958)

µTorrent

Adobe Acrobat 9 Pro - English, Français, Deutsch

Adobe Acrobat 9.5.1 - CPSID_83708

Adobe Anchor Service CS3

Adobe Asset Services CS3

Adobe Bridge CS3

Adobe Bridge Start Meeting

Adobe Camera Raw 4.0

Adobe CMaps

Adobe Default Language CS3

Adobe Device Central CS3

Adobe Dreamweaver CS3

Adobe ExtendScript Toolkit 2

Adobe Extension Manager CS3

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Help Viewer CS3

Adobe PDF Library Files

Adobe Setup

Adobe Type Support

Adobe Update Manager CS3

Adobe Version Cue CS3 Client

Apple Application Support

Apple Software Update

ASPCA Reminder by We-Care.com v5.0.5.1

Batman - Arkham City

BlackBerry Desktop Software 6.1

Brother MFL-Pro Suite MFC-790CW

Burn.Now 4.5

Call of Duty: Modern Warfare 3

Call of Duty: Modern Warfare 3 - Multiplayer

Cisco AnyConnect VPN Client

Citrix XenApp Web Plugin

ClipCase

Corel Burn.Now Lenovo Edition

Corel DVD MovieFactory 7

Corel DVD MovieFactory Lenovo Edition

Corel WinDVD

CQGNet

D3DX10

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

DesignPro 5

Dexpot

Direct DiscRecorder

DivXLand Media Subtitler

Dual-Core Optimizer

Duplicate Cleaner 2.1b

Family Tree Maker 2011

FileZilla Client 3.5.3

FrontLook Screen Capture 1.0

GetFLV 9.1.0.0

GIMP 2.6.11

Google SketchUp 8

Google Talk Plugin

HandBrake 0.9.6

IC-R2 Programmer

Integrated Camera Driver Installer Package Ver.1.1.0.1147

Integrated Camera TWAIN

Intel PROSet Wireless

Intel® Control Center

Intel® Identity Protection Technology 1.0.74.0

Intel® Management Engine Components

Intel® Processor Graphics

Intel® WiDi

iSEEK AnswerWorks English Runtime

Java Auto Updater

Java 6 Update 31

Junk Mail filter update

LEGO MINDSTORMS NXT - English Language Pack

LEGO MINDSTORMS NXT Migration Package

LEGO MINDSTORMS NXT Software v2.0

Lenovo Patch Utility

Lenovo Screen Reading Optimizer

LiveZilla

Malwarebytes Anti-Malware version 1.61.0.1400

Mesh Runtime

Microsoft .NET Framework 4 Multi-Targeting Pack

Microsoft Application Error Reporting

Microsoft Camera Codec Pack

Microsoft CCR and DSS Runtime 4 Beta 2

Microsoft Games for Windows - LIVE Redistributable

Microsoft Games for Windows Marketplace

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Outlook 2010

Microsoft Office Outlook MUI (English) 2007

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2007

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing (English) 2010

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Standard 2007

Microsoft Office Word MUI (English) 2007

Microsoft Outlook 2010

Microsoft Primary Interoperability Assemblies 2005

Microsoft Robotics Developer Studio 4 Beta 2

Microsoft Server Speech Recognition Language - Kinect (en-US)

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft SQL Server 2008 Browser

Microsoft SQL Server 2008 R2 Management Objects

Microsoft SQL Server Compact 3.5 SP2 ENU

Microsoft SQL Server System CLR Types

Microsoft Visual C# 2010 Express - ENU

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools

Microsoft WSE 3.0 Runtime

Microsoft XNA Framework Redistributable 4.0

Mozilla Firefox 13.0.1 (x86 en-US)

Mozilla Maintenance Service

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Nikon Message Center 2

Nikon Movie Editor

NVIDIA GAME System Software 2.8.1

Objection Series 3.4

Picture Control Utility

Pidgin

Quicken 2012

Quicken WillMaker Plus 2012

QuickTime

RICOH_Media_Driver_v2.14.18.01

Scratch

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Extended (KB2416472)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition

Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)

Security Update for Microsoft Visual C# 2010 Express - ENU (KB2251489)

Sierra Wireless QMI Lenovo Driver Package

Skype Click to Call

Skype™ 5.8

Sony DVD Architect Studio 4.5

Sony Picture Utility

Sony Sound Forge Audio Studio 9.0

Sound Organizer

Steam

System Update

ThinkPad Power Manager

ThinkPad Tablet Button Driver

ThinkPad Tablet Shortcut Menu

ThinkPad UltraNav Utility

TreeSize Free V2.5

TurboTax 2011

TurboTax 2011 wiliper

TurboTax 2011 WinPerFedFormset

TurboTax 2011 WinPerReleaseEngine

TurboTax 2011 WinPerTaxSupport

TurboTax 2011 wrapper

Unity Web Player

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687267) 32-Bit Edition

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition

Vegas Movie Studio Platinum 9.0

VirtualDJ Home FREE

Visual Studio 2008 x64 Redistributables

Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU

VLC media player 2.0.0

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Windows Media Encoder 9 Series

Windows Media Player Firefox Plugin

Word 2007 Content Control Toolkit

XAMPP 1.7.7

.

==== Event Viewer Messages From Past Week ========

.

6/19/2012 6:29:04 AM, Error: NetBT [4307] - Initialization failed because the transport refused to open initial addresses.

6/19/2012 6:26:36 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom

6/18/2012 8:14:40 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgtdia cdrom

6/18/2012 7:53:14 AM, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: The specified module could not be found.

6/18/2012 7:51:39 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

6/18/2012 7:41:18 AM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

6/13/2012 6:47:17 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.

6/12/2012 10:33:52 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the jhi_service service.

6/12/2012 10:33:52 AM, Error: Service Control Manager [7000] - The Intel® Identity Protection Technology Host Interface Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

.

==== End Of File ===========================

Link to post
Share on other sites

Step 1

Please uninstall µTorrent, because of our policy:

http://forums.malwarebytes.org/index.php?showtopic=97700

Step 2

Download the latest version of TDSSKiller from here and save it to your Desktop.

  1. Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    tdss_1.jpg
  2. Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
    tdss_2.jpg
  3. Click the Start Scan button.
    tdss_3.jpg
  4. If a suspicious object is detected, the default action will be Skip, click on Continue.
    tdss_4.jpg
  5. If malicious objects are found, they will show in the Scan results and offer three (3) options.
  6. Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    tdss_5.jpg
  7. Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Step 3

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

In your next reply, post the following log files:

  • TDSSKiller log
  • Malwarebytes' Anti-Malware log
  • a new fresh DDS log file

Link to post
Share on other sites

12:23:47.0444 3516 TDSS rootkit removing tool 2.7.40.0 Jun 15 2012 15:13:31

12:23:47.0460 3516 ============================================================

12:23:47.0460 3516 Current date / time: 2012/06/19 12:23:47.0460

12:23:47.0460 3516 SystemInfo:

12:23:47.0460 3516

12:23:47.0460 3516 OS Version: 6.1.7601 ServicePack: 1.0

12:23:47.0460 3516 Product type: Workstation

12:23:47.0460 3516 ComputerName: X220-PC

12:23:47.0460 3516 UserName: X220

12:23:47.0460 3516 Windows directory: C:\Windows

12:23:47.0460 3516 System windows directory: C:\Windows

12:23:47.0460 3516 Running under WOW64

12:23:47.0460 3516 Processor architecture: Intel x64

12:23:47.0460 3516 Number of processors: 4

12:23:47.0460 3516 Page size: 0x1000

12:23:47.0460 3516 Boot type: Normal boot

12:23:47.0460 3516 ============================================================

12:23:47.0616 3516 Drive \Device\Harddisk0\DR0 - Size: 0x773C256000 (476.94 Gb), SectorSize: 0x200, Cylinders: 0xF334, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

12:23:47.0616 3516 ============================================================

12:23:47.0616 3516 \Device\Harddisk0\DR0:

12:23:47.0616 3516 MBR partitions:

12:23:47.0616 3516 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000

12:23:47.0616 3516 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3B9AE000

12:23:47.0616 3516 ============================================================

12:23:47.0616 3516 C: <-> \Device\Harddisk0\DR0\Partition1

12:23:47.0616 3516 ============================================================

12:23:47.0616 3516 Initialize success

12:23:47.0616 3516 ============================================================

12:24:01.0780 5508 ============================================================

12:24:01.0780 5508 Scan started

12:24:01.0780 5508 Mode: Manual; SigCheck; TDLFS;

12:24:01.0780 5508 ============================================================

12:24:01.0843 5508 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

12:24:01.0874 5508 1394ohci - ok

12:24:01.0890 5508 5U877 (f4af97702bad85bfef64b9a557f11b6f) C:\Windows\system32\DRIVERS\5U877.sys

12:24:01.0905 5508 5U877 - ok

12:24:01.0921 5508 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

12:24:01.0921 5508 ACPI - ok

12:24:01.0936 5508 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

12:24:01.0952 5508 AcpiPmi - ok

12:24:01.0968 5508 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys

12:24:01.0983 5508 adp94xx - ok

12:24:01.0983 5508 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys

12:24:01.0999 5508 adpahci - ok

12:24:01.0999 5508 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys

12:24:02.0014 5508 adpu320 - ok

12:24:02.0014 5508 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll

12:24:02.0046 5508 AeLookupSvc - ok

12:24:02.0061 5508 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys

12:24:02.0077 5508 AFD - ok

12:24:02.0077 5508 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

12:24:02.0092 5508 agp440 - ok

12:24:02.0092 5508 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe

12:24:02.0092 5508 ALG - ok

12:24:02.0108 5508 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

12:24:02.0108 5508 aliide - ok

12:24:02.0124 5508 ALSysIO - ok

12:24:02.0124 5508 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

12:24:02.0124 5508 amdide - ok

12:24:02.0139 5508 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys

12:24:02.0139 5508 AmdK8 - ok

12:24:02.0155 5508 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys

12:24:02.0155 5508 AmdPPM - ok

12:24:02.0170 5508 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

12:24:02.0170 5508 amdsata - ok

12:24:02.0170 5508 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys

12:24:02.0186 5508 amdsbs - ok

12:24:02.0186 5508 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

12:24:02.0202 5508 amdxata - ok

12:24:02.0202 5508 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

12:24:02.0233 5508 AppID - ok

12:24:02.0248 5508 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll

12:24:02.0280 5508 AppIDSvc - ok

12:24:02.0280 5508 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll

12:24:02.0311 5508 Appinfo - ok

12:24:02.0326 5508 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

12:24:02.0326 5508 Apple Mobile Device - ok

12:24:02.0342 5508 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll

12:24:02.0342 5508 AppMgmt - ok

12:24:02.0342 5508 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys

12:24:02.0358 5508 arc - ok

12:24:02.0358 5508 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys

12:24:02.0373 5508 arcsas - ok

12:24:02.0373 5508 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe

12:24:02.0389 5508 aspnet_state - ok

12:24:02.0389 5508 ASRSVC (eae432a64924ce4e5afb128b92e4c78a) C:\Program Files (x86)\ThinkPad\Tablet Shortcut\ASR\ASRSVC.exe

12:24:02.0404 5508 ASRSVC - ok

12:24:02.0404 5508 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

12:24:02.0420 5508 AsyncMac - ok

12:24:02.0436 5508 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

12:24:02.0436 5508 atapi - ok

12:24:02.0451 5508 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

12:24:02.0482 5508 AudioEndpointBuilder - ok

12:24:02.0498 5508 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

12:24:02.0529 5508 AudioSrv - ok

12:24:02.0592 5508 AVGIDSAgent (ba60fd7a64b9759a14c0fba4a9ed4c7b) C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe

12:24:02.0654 5508 AVGIDSAgent - ok

12:24:02.0670 5508 AVGIDSDriver (1b2e9fcdc26dc7c81d4131430e2dc936) C:\Windows\system32\DRIVERS\avgidsdrivera.sys

12:24:02.0685 5508 AVGIDSDriver - ok

12:24:02.0685 5508 AVGIDSFilter (0f293406f64b48d5d2f0d3a1117f3a83) C:\Windows\system32\DRIVERS\avgidsfiltera.sys

12:24:02.0701 5508 AVGIDSFilter - ok

12:24:02.0701 5508 AVGIDSHA (cffc3a4a638f462e0561cb368b9a7a3a) C:\Windows\system32\DRIVERS\avgidsha.sys

12:24:02.0716 5508 AVGIDSHA - ok

12:24:02.0716 5508 Avgldx64 (59955b4c288dd2a8b9fd2cd5158355c5) C:\Windows\system32\DRIVERS\avgldx64.sys

12:24:02.0732 5508 Avgldx64 - ok

12:24:02.0732 5508 Avgmfx64 (a6aec362aae5e2dda7445e7690cb0f33) C:\Windows\system32\DRIVERS\avgmfx64.sys

12:24:02.0732 5508 Avgmfx64 - ok

12:24:02.0748 5508 Avgrkx64 (645c7f0a0e39758a0024a9b1748273c0) C:\Windows\system32\DRIVERS\avgrkx64.sys

12:24:02.0748 5508 Avgrkx64 - ok

12:24:02.0763 5508 Avgtdia (1bee674ad792b1c63bb0dac5fa724b23) C:\Windows\system32\DRIVERS\avgtdia.sys

12:24:02.0763 5508 Avgtdia - ok

12:24:02.0779 5508 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe

12:24:02.0779 5508 avgwd - ok

12:24:02.0794 5508 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll

12:24:02.0810 5508 AxInstSV - ok

12:24:02.0826 5508 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys

12:24:02.0826 5508 b06bdrv - ok

12:24:02.0841 5508 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

12:24:02.0857 5508 b57nd60a - ok

12:24:02.0857 5508 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll

12:24:02.0872 5508 BDESVC - ok

12:24:02.0872 5508 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

12:24:02.0888 5508 Beep - ok

12:24:02.0904 5508 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll

12:24:02.0935 5508 BFE - ok

12:24:02.0950 5508 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll

12:24:02.0982 5508 BITS - ok

12:24:02.0982 5508 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

12:24:02.0997 5508 blbdrive - ok

12:24:03.0013 5508 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe

12:24:03.0028 5508 Bonjour Service - ok

12:24:03.0028 5508 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

12:24:03.0028 5508 bowser - ok

12:24:03.0028 5508 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys

12:24:03.0044 5508 BrFiltLo - ok

12:24:03.0044 5508 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys

12:24:03.0060 5508 BrFiltUp - ok

12:24:03.0060 5508 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys

12:24:03.0091 5508 BridgeMP - ok

12:24:03.0091 5508 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll

12:24:03.0106 5508 Browser - ok

12:24:03.0122 5508 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

12:24:03.0138 5508 Brserid - ok

12:24:03.0138 5508 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

12:24:03.0138 5508 BrSerWdm - ok

12:24:03.0153 5508 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

12:24:03.0153 5508 BrUsbMdm - ok

12:24:03.0153 5508 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

12:24:03.0169 5508 BrUsbSer - ok

12:24:03.0169 5508 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\DRIVERS\BthEnum.sys

12:24:03.0184 5508 BthEnum - ok

12:24:03.0184 5508 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys

12:24:03.0184 5508 BTHMODEM - ok

12:24:03.0200 5508 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys

12:24:03.0200 5508 BthPan - ok

12:24:03.0216 5508 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\system32\Drivers\BTHport.sys

12:24:03.0231 5508 BTHPORT - ok

12:24:03.0231 5508 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll

12:24:03.0262 5508 bthserv - ok

12:24:03.0262 5508 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\system32\Drivers\BTHUSB.sys

12:24:03.0262 5508 BTHUSB - ok

12:24:03.0278 5508 BTWAMPFL (f8cfafbd5bf8b3ddb0d3c2943a5af8ce) C:\Windows\system32\DRIVERS\btwampfl.sys

12:24:03.0294 5508 BTWAMPFL - ok

12:24:03.0294 5508 btwaudio (24bff9d75310f3059ee44f38bf0de0b2) C:\Windows\system32\drivers\btwaudio.sys

12:24:03.0309 5508 btwaudio - ok

12:24:03.0309 5508 btwavdt (858b305ade425732cff9ded182f94fb8) C:\Windows\system32\drivers\btwavdt.sys

12:24:03.0309 5508 btwavdt - ok

12:24:03.0340 5508 btwdins (6ef8cc2f2fda2098089a33f43f4e019d) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe

12:24:03.0356 5508 btwdins - ok

12:24:03.0356 5508 btwl2cap (b9354f9f111c64f2495b60f1e24cb453) C:\Windows\system32\DRIVERS\btwl2cap.sys

12:24:03.0372 5508 btwl2cap - ok

12:24:03.0372 5508 btwrchid (3bd876387d6c538690300f9ec198856b) C:\Windows\system32\DRIVERS\btwrchid.sys

12:24:03.0372 5508 btwrchid - ok

12:24:03.0372 5508 catchme - ok

12:24:03.0387 5508 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

12:24:03.0403 5508 cdfs - ok

12:24:03.0403 5508 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys

12:24:03.0418 5508 cdrom - ok

12:24:03.0418 5508 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

12:24:03.0450 5508 CertPropSvc - ok

12:24:03.0450 5508 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys

12:24:03.0465 5508 circlass - ok

12:24:03.0465 5508 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

12:24:03.0481 5508 CLFS - ok

12:24:03.0481 5508 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

12:24:03.0496 5508 clr_optimization_v2.0.50727_32 - ok

12:24:03.0496 5508 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

12:24:03.0496 5508 clr_optimization_v2.0.50727_64 - ok

12:24:03.0512 5508 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

12:24:03.0528 5508 clr_optimization_v4.0.30319_32 - ok

12:24:03.0528 5508 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

12:24:03.0528 5508 clr_optimization_v4.0.30319_64 - ok

12:24:03.0543 5508 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

12:24:03.0543 5508 CmBatt - ok

12:24:03.0543 5508 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

12:24:03.0559 5508 cmdide - ok

12:24:03.0559 5508 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys

12:24:03.0574 5508 CNG - ok

12:24:03.0621 5508 CnxtHdAudService (8de541b4cfa281a204baa3ea2109809e) C:\Windows\system32\drivers\CHDRT64.sys

12:24:03.0637 5508 CnxtHdAudService - ok

12:24:03.0652 5508 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

12:24:03.0668 5508 Compbatt - ok

12:24:03.0668 5508 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys

12:24:03.0668 5508 CompositeBus - ok

12:24:03.0684 5508 COMSysApp - ok

12:24:03.0684 5508 cpuz135 - ok

12:24:03.0684 5508 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys

12:24:03.0684 5508 crcdisk - ok

12:24:03.0699 5508 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll

12:24:03.0699 5508 CryptSvc - ok

12:24:03.0715 5508 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys

12:24:03.0730 5508 CSC - ok

12:24:03.0746 5508 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll

12:24:03.0762 5508 CscService - ok

12:24:03.0762 5508 CxAudMsg (9d0d050170d47e778b624a28c90f23de) C:\Windows\system32\CxAudMsg64.exe

12:24:03.0777 5508 CxAudMsg - ok

12:24:03.0777 5508 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

12:24:03.0808 5508 DcomLaunch - ok

12:24:03.0824 5508 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll

12:24:03.0840 5508 defragsvc - ok

12:24:03.0855 5508 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

12:24:03.0871 5508 DfsC - ok

12:24:03.0886 5508 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll

12:24:03.0918 5508 Dhcp - ok

12:24:03.0918 5508 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

12:24:03.0933 5508 discache - ok

12:24:03.0949 5508 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys

12:24:03.0949 5508 Disk - ok

12:24:03.0949 5508 dmvsc (5db085a8a6600be6401f2b24eecb5415) C:\Windows\system32\drivers\dmvsc.sys

12:24:03.0964 5508 dmvsc - ok

12:24:03.0964 5508 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll

12:24:03.0980 5508 Dnscache - ok

12:24:03.0980 5508 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll

12:24:04.0011 5508 dot3svc - ok

12:24:04.0027 5508 DozeSvc (277247b79da2230d0c3aeb83e6cd8ca7) C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE

12:24:04.0027 5508 DozeSvc - ok

12:24:04.0042 5508 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll

12:24:04.0058 5508 DPS - ok

12:24:04.0058 5508 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

12:24:04.0074 5508 drmkaud - ok

12:24:04.0089 5508 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

12:24:04.0105 5508 DXGKrnl - ok

12:24:04.0120 5508 DzHDD64 (ce4cffd9f64b86bceb1c343fc9924d72) C:\Windows\system32\DRIVERS\DzHDD64.sys

12:24:04.0120 5508 DzHDD64 - ok

12:24:04.0136 5508 e1cexpress (5db7ceb8fb44abf01614e33bad2056e0) C:\Windows\system32\DRIVERS\e1c62x64.sys

12:24:04.0136 5508 e1cexpress - ok

12:24:04.0152 5508 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll

12:24:04.0167 5508 EapHost - ok

12:24:04.0230 5508 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys

12:24:04.0261 5508 ebdrv - ok

12:24:04.0276 5508 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe

12:24:04.0292 5508 EFS - ok

12:24:04.0308 5508 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe

12:24:04.0323 5508 ehRecvr - ok

12:24:04.0323 5508 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe

12:24:04.0323 5508 ehSched - ok

12:24:04.0339 5508 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys

12:24:04.0354 5508 elxstor - ok

12:24:04.0354 5508 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

12:24:04.0370 5508 ErrDev - ok

12:24:04.0386 5508 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll

12:24:04.0401 5508 EventSystem - ok

12:24:04.0432 5508 EvtEng (e3a96d5ae6e5c7b5472011ba77353368) C:\Program Files\Intel\WiFi\bin\EvtEng.exe

12:24:04.0464 5508 EvtEng - ok

12:24:04.0479 5508 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

12:24:04.0510 5508 exfat - ok

12:24:04.0510 5508 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

12:24:04.0542 5508 fastfat - ok

12:24:04.0557 5508 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe

12:24:04.0573 5508 Fax - ok

12:24:04.0573 5508 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys

12:24:04.0573 5508 fdc - ok

12:24:04.0588 5508 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll

12:24:04.0604 5508 fdPHost - ok

12:24:04.0604 5508 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll

12:24:04.0635 5508 FDResPub - ok

12:24:04.0635 5508 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

12:24:04.0635 5508 FileInfo - ok

12:24:04.0651 5508 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

12:24:04.0666 5508 Filetrace - ok

12:24:04.0682 5508 FLEXnet Licensing Service (f76d04f7413b07daa029f6520b64b4e8) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

12:24:04.0698 5508 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning

12:24:04.0698 5508 FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)

12:24:04.0698 5508 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys

12:24:04.0713 5508 flpydisk - ok

12:24:04.0713 5508 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

12:24:04.0729 5508 FltMgr - ok

12:24:04.0744 5508 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll

12:24:04.0760 5508 FontCache - ok

12:24:04.0776 5508 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

12:24:04.0776 5508 FontCache3.0.0.0 - ok

12:24:04.0791 5508 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

12:24:04.0791 5508 FsDepends - ok

12:24:04.0791 5508 fssfltr (07da62c960ddccc2d35836aeab4fc578) C:\Windows\system32\DRIVERS\fssfltr.sys

12:24:04.0807 5508 fssfltr - ok

12:24:04.0854 5508 fsssvc (28ddeeec44e988657b732cf404d504cb) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe

12:24:04.0885 5508 fsssvc - ok

12:24:04.0900 5508 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys

12:24:04.0900 5508 Fs_Rec - ok

12:24:04.0916 5508 FTDIBUS (fa169871d8fadcc6539c4e8726610286) C:\Windows\system32\drivers\ftdibus.sys

12:24:04.0916 5508 FTDIBUS - ok

12:24:04.0932 5508 FTSER2K (24237091348d1efb5635a1cf9649e311) C:\Windows\system32\drivers\ftser2k.sys

12:24:04.0932 5508 FTSER2K - ok

12:24:04.0932 5508 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

12:24:04.0947 5508 fvevol - ok

12:24:04.0947 5508 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys

12:24:04.0963 5508 gagp30kx - ok

12:24:04.0963 5508 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

12:24:04.0978 5508 GEARAspiWDM - ok

12:24:04.0978 5508 GobiQDLService (aaadf12839fc55cf25af36b0ae53e826) C:\Program Files (x86)\Sierra Wireless Inc\Gobi\QDLService\GobiQDLService.exe

12:24:04.0994 5508 GobiQDLService - ok

12:24:05.0010 5508 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll

12:24:05.0041 5508 gpsvc - ok

12:24:05.0041 5508 GTNDIS62 (0c87727e542c36126757fe44dc72ab7a) C:\Windows\system32\DRIVERS\gtuhs62.sys

12:24:05.0056 5508 GTNDIS62 - ok

12:24:05.0056 5508 GTUHSBUS (676958753641db62a9cd7a98da93a114) C:\Windows\system32\DRIVERS\gtuhsbus.sys

12:24:05.0072 5508 GTUHSBUS - ok

12:24:05.0072 5508 GTUHSSER (2060fc25845fa8f841f005494f86afd9) C:\Windows\system32\DRIVERS\gtuhsser.sys

12:24:05.0072 5508 GTUHSSER - ok

12:24:05.0072 5508 HBtnKey (943350b87bb0339bf61343e8ac3ef25e) C:\Windows\system32\DRIVERS\wstbtndb.sys

12:24:05.0088 5508 HBtnKey - ok

12:24:05.0088 5508 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

12:24:05.0103 5508 hcw85cir - ok

12:24:05.0103 5508 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

12:24:05.0119 5508 HdAudAddService - ok

12:24:05.0119 5508 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys

12:24:05.0134 5508 HDAudBus - ok

12:24:05.0134 5508 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys

12:24:05.0150 5508 HidBatt - ok

12:24:05.0150 5508 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys

12:24:05.0150 5508 HidBth - ok

12:24:05.0166 5508 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys

12:24:05.0166 5508 HidIr - ok

12:24:05.0166 5508 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll

12:24:05.0197 5508 hidserv - ok

12:24:05.0197 5508 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys

12:24:05.0212 5508 HidUsb - ok

12:24:05.0212 5508 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll

12:24:05.0228 5508 hkmsvc - ok

12:24:05.0244 5508 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll

12:24:05.0244 5508 HomeGroupListener - ok

12:24:05.0259 5508 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll

12:24:05.0259 5508 HomeGroupProvider - ok

12:24:05.0275 5508 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

12:24:05.0275 5508 HpSAMD - ok

12:24:05.0290 5508 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

12:24:05.0322 5508 HTTP - ok

12:24:05.0322 5508 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

12:24:05.0322 5508 hwpolicy - ok

12:24:05.0337 5508 HyperW7Svc (e935c8099f9196bf19224d9ee4808612) C:\Program Files\Lenovo\RapidBoot\HyperW7Svc64.exe

12:24:05.0337 5508 HyperW7Svc - ok

12:24:05.0353 5508 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys

12:24:05.0353 5508 i8042prt - ok

12:24:05.0368 5508 iaStor (d7921d5a870b11cc1adab198a519d50a) C:\Windows\system32\DRIVERS\iaStor.sys

12:24:05.0368 5508 iaStor - ok

12:24:05.0384 5508 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

12:24:05.0400 5508 iaStorV - ok

12:24:05.0400 5508 IBMPMDRV (2151176db657aeff9b873d23380c3f5b) C:\Windows\system32\DRIVERS\ibmpmdrv.sys

12:24:05.0415 5508 IBMPMDRV - ok

12:24:05.0415 5508 IBMPMSVC (c76a67aed080538d420550c903696788) C:\Windows\system32\ibmpmsvc.exe

12:24:05.0415 5508 IBMPMSVC - ok

12:24:05.0431 5508 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

12:24:05.0431 5508 IDriverT ( UnsignedFile.Multi.Generic ) - warning

12:24:05.0431 5508 IDriverT - detected UnsignedFile.Multi.Generic (1)

12:24:05.0446 5508 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

12:24:05.0462 5508 idsvc - ok

12:24:05.0696 5508 igfx (978d876a581d57e0de6437674eb0014d) C:\Windows\system32\DRIVERS\igdkmd64.sys

12:24:05.0836 5508 igfx - ok

12:24:05.0852 5508 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys

12:24:05.0852 5508 iirsp - ok

12:24:05.0868 5508 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll

12:24:05.0899 5508 IKEEXT - ok

12:24:05.0899 5508 intaud_WaveExtensible (caddf0927dac63edae48f5c35a61d87d) C:\Windows\system32\drivers\intelaud.sys

12:24:05.0930 5508 intaud_WaveExtensible - ok

12:24:05.0930 5508 IntcDAud (ae594cc17c33ac146739494615e14851) C:\Windows\system32\DRIVERS\IntcDAud.sys

12:24:05.0946 5508 IntcDAud - ok

12:24:05.0946 5508 Intel® PROSet Monitoring Service (28d387eefad7cc3a0beb9c3262e83add) C:\Windows\system32\IProsetMonitor.exe

12:24:05.0961 5508 Intel® PROSet Monitoring Service - ok

12:24:05.0961 5508 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

12:24:05.0977 5508 intelide - ok

12:24:05.0977 5508 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

12:24:05.0992 5508 intelppm - ok

12:24:05.0992 5508 IntuitUpdateServiceV4 (1663a135865f0ba6e853353e98e67f2a) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe

12:24:05.0992 5508 IntuitUpdateServiceV4 - ok

12:24:06.0008 5508 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll

12:24:06.0039 5508 IPBusEnum - ok

12:24:06.0039 5508 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

12:24:06.0055 5508 IpFilterDriver - ok

12:24:06.0070 5508 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll

12:24:06.0102 5508 iphlpsvc - ok

12:24:06.0102 5508 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

12:24:06.0117 5508 IPMIDRV - ok

12:24:06.0117 5508 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

12:24:06.0148 5508 IPNAT - ok

12:24:06.0164 5508 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe

12:24:06.0180 5508 iPod Service - ok

12:24:06.0195 5508 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

12:24:06.0211 5508 IRENUM - ok

12:24:06.0211 5508 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

12:24:06.0211 5508 isapnp - ok

12:24:06.0226 5508 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

12:24:06.0242 5508 iScsiPrt - ok

12:24:06.0242 5508 iwdbus (716f66336f10885d935b08174dc54242) C:\Windows\system32\DRIVERS\iwdbus.sys

12:24:06.0242 5508 iwdbus - ok

12:24:06.0258 5508 jhi_service (6faf199fdffdd2376973143c3e012765) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe

12:24:06.0273 5508 jhi_service - ok

12:24:06.0273 5508 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

12:24:06.0273 5508 kbdclass - ok

12:24:06.0289 5508 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys

12:24:06.0289 5508 kbdhid - ok

12:24:06.0289 5508 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

12:24:06.0304 5508 KeyIso - ok

12:24:06.0304 5508 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys

12:24:06.0320 5508 KSecDD - ok

12:24:06.0320 5508 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys

12:24:06.0336 5508 KSecPkg - ok

12:24:06.0336 5508 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

12:24:06.0367 5508 ksthunk - ok

12:24:06.0367 5508 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll

12:24:06.0398 5508 KtmRm - ok

12:24:06.0398 5508 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll

12:24:06.0429 5508 LanmanServer - ok

12:24:06.0445 5508 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll

12:24:06.0460 5508 LanmanWorkstation - ok

12:24:06.0460 5508 LENOVO.CAMMUTE (56b74943929bc575914631edc0e72220) C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe

12:24:06.0476 5508 LENOVO.CAMMUTE - ok

12:24:06.0476 5508 LENOVO.MICMUTE (340288b3b2edc8afd5ff127df85142a7) C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe

12:24:06.0492 5508 LENOVO.MICMUTE - ok

12:24:06.0492 5508 lenovo.smi (2b9d8555dc004e240082d18e7725ce20) C:\Windows\system32\DRIVERS\smiifx64.sys

12:24:06.0507 5508 lenovo.smi - ok

12:24:06.0507 5508 LENOVO.TPKNRSVC (f9b51b2a5da1222a910021c71e9ea559) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe

12:24:06.0507 5508 LENOVO.TPKNRSVC - ok

12:24:06.0507 5508 Lenovo.VIRTSCRLSVC (f7de50781dc4d162c1005eb30d98f931) C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe

12:24:06.0523 5508 Lenovo.VIRTSCRLSVC - ok

12:24:06.0523 5508 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

12:24:06.0554 5508 lltdio - ok

12:24:06.0554 5508 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll

12:24:06.0601 5508 lltdsvc - ok

12:24:06.0601 5508 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll

12:24:06.0632 5508 lmhosts - ok

12:24:06.0648 5508 LMS (97f9eaac985a663394cd8f54dcd3e73a) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

12:24:06.0663 5508 LMS - ok

12:24:06.0663 5508 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys

12:24:06.0679 5508 LSI_FC - ok

12:24:06.0679 5508 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys

12:24:06.0679 5508 LSI_SAS - ok

12:24:06.0694 5508 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys

12:24:06.0694 5508 LSI_SAS2 - ok

12:24:06.0694 5508 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys

12:24:06.0710 5508 LSI_SCSI - ok

12:24:06.0710 5508 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

12:24:06.0741 5508 luafv - ok

12:24:06.0741 5508 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys

12:24:06.0741 5508 MBAMProtector - ok

12:24:06.0757 5508 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

12:24:06.0772 5508 MBAMService - ok

12:24:06.0772 5508 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll

12:24:06.0788 5508 Mcx2Svc - ok

12:24:06.0788 5508 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys

12:24:06.0804 5508 megasas - ok

12:24:06.0804 5508 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys

12:24:06.0819 5508 MegaSR - ok

12:24:06.0819 5508 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys

12:24:06.0819 5508 MEIx64 - ok

12:24:06.0835 5508 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

12:24:06.0850 5508 MMCSS - ok

12:24:06.0850 5508 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

12:24:06.0882 5508 Modem - ok

12:24:06.0882 5508 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

12:24:06.0897 5508 monitor - ok

12:24:06.0897 5508 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

12:24:06.0897 5508 mouclass - ok

12:24:06.0897 5508 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

12:24:06.0913 5508 mouhid - ok

12:24:06.0913 5508 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

12:24:06.0928 5508 mountmgr - ok

12:24:06.0928 5508 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

12:24:06.0928 5508 MozillaMaintenance - ok

12:24:06.0944 5508 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

12:24:06.0944 5508 mpio - ok

12:24:06.0960 5508 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

12:24:06.0975 5508 mpsdrv - ok

12:24:06.0991 5508 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll

12:24:07.0022 5508 MpsSvc - ok

12:24:07.0038 5508 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

12:24:07.0053 5508 MRxDAV - ok

12:24:07.0053 5508 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

12:24:07.0069 5508 mrxsmb - ok

12:24:07.0069 5508 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

12:24:07.0084 5508 mrxsmb10 - ok

12:24:07.0084 5508 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

12:24:07.0100 5508 mrxsmb20 - ok

12:24:07.0100 5508 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

12:24:07.0100 5508 msahci - ok

12:24:07.0100 5508 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

12:24:07.0116 5508 msdsm - ok

12:24:07.0116 5508 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe

12:24:07.0131 5508 MSDTC - ok

12:24:07.0131 5508 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

12:24:07.0162 5508 Msfs - ok

12:24:07.0162 5508 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

12:24:07.0178 5508 mshidkmdf - ok

12:24:07.0178 5508 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

12:24:07.0194 5508 msisadrv - ok

12:24:07.0194 5508 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll

12:24:07.0225 5508 MSiSCSI - ok

12:24:07.0225 5508 msiserver - ok

12:24:07.0225 5508 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

12:24:07.0240 5508 MSKSSRV - ok

12:24:07.0256 5508 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

12:24:07.0272 5508 MSPCLOCK - ok

12:24:07.0272 5508 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

12:24:07.0303 5508 MSPQM - ok

12:24:07.0303 5508 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

12:24:07.0318 5508 MsRPC - ok

12:24:07.0318 5508 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys

12:24:07.0334 5508 mssmbios - ok

12:24:07.0334 5508 MSSQL$SQLEXPRESS - ok

12:24:07.0334 5508 MSSQLServerADHelper100 (7a2a8c975356858eb38466a6b1592e8d) c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE

12:24:07.0350 5508 MSSQLServerADHelper100 - ok

12:24:07.0350 5508 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

12:24:07.0365 5508 MSTEE - ok

12:24:07.0381 5508 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys

12:24:07.0381 5508 MTConfig - ok

12:24:07.0381 5508 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

12:24:07.0396 5508 Mup - ok

12:24:07.0396 5508 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll

12:24:07.0428 5508 napagent - ok

12:24:07.0443 5508 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

12:24:07.0459 5508 NativeWifiP - ok

12:24:07.0474 5508 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys

12:24:07.0490 5508 NDIS - ok

12:24:07.0506 5508 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

12:24:07.0521 5508 NdisCap - ok

12:24:07.0521 5508 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

12:24:07.0552 5508 NdisTapi - ok

12:24:07.0552 5508 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

12:24:07.0568 5508 Ndisuio - ok

12:24:07.0568 5508 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

12:24:07.0599 5508 NdisWan - ok

12:24:07.0599 5508 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

12:24:07.0615 5508 NDProxy - ok

12:24:07.0630 5508 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

12:24:07.0646 5508 NetBIOS - ok

12:24:07.0646 5508 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

12:24:07.0677 5508 NetBT - ok

12:24:07.0677 5508 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

12:24:07.0693 5508 Netlogon - ok

12:24:07.0693 5508 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll

12:24:07.0724 5508 Netman - ok

12:24:07.0724 5508 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

12:24:07.0740 5508 NetMsmqActivator - ok

12:24:07.0740 5508 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

12:24:07.0740 5508 NetPipeActivator - ok

12:24:07.0755 5508 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll

12:24:07.0786 5508 netprofm - ok

12:24:07.0786 5508 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

12:24:07.0786 5508 NetTcpActivator - ok

12:24:07.0786 5508 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

12:24:07.0802 5508 NetTcpPortSharing - ok

12:24:07.0989 5508 NETwNs64 (50ad7f7040c22bb7caa59a0880875a21) C:\Windows\system32\DRIVERS\NETwNs64.sys

12:24:08.0083 5508 NETwNs64 - ok

12:24:08.0083 5508 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys

12:24:08.0098 5508 nfrd960 - ok

12:24:08.0114 5508 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll

12:24:08.0130 5508 NlaSvc - ok

12:24:08.0130 5508 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

12:24:08.0161 5508 Npfs - ok

12:24:08.0161 5508 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll

12:24:08.0176 5508 nsi - ok

12:24:08.0192 5508 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

12:24:08.0208 5508 nsiproxy - ok

12:24:08.0239 5508 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

12:24:08.0270 5508 Ntfs - ok

12:24:08.0286 5508 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

12:24:08.0317 5508 Null - ok

12:24:08.0317 5508 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

12:24:08.0332 5508 nvraid - ok

12:24:08.0332 5508 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

12:24:08.0332 5508 nvstor - ok

12:24:08.0348 5508 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

12:24:08.0348 5508 nv_agp - ok

12:24:08.0364 5508 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

12:24:08.0379 5508 odserv - ok

12:24:08.0379 5508 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

12:24:08.0379 5508 ohci1394 - ok

12:24:08.0395 5508 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

12:24:08.0395 5508 ose - ok

12:24:08.0488 5508 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

12:24:08.0566 5508 osppsvc - ok

12:24:08.0582 5508 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

12:24:08.0598 5508 p2pimsvc - ok

12:24:08.0598 5508 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll

12:24:08.0613 5508 p2psvc - ok

12:24:08.0613 5508 PACSPTISVR-Sound_Organizer (b16d1f626e7fdca1a475b44f238fee86) C:\Program Files (x86)\Sony\Sound Organizer\Sony.Earth\PACSPTISVR.exe

12:24:08.0629 5508 PACSPTISVR-Sound_Organizer - ok

12:24:08.0629 5508 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys

12:24:08.0644 5508 Parport - ok

12:24:08.0644 5508 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys

12:24:08.0660 5508 partmgr - ok

12:24:08.0660 5508 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll

12:24:08.0676 5508 PcaSvc - ok

12:24:08.0676 5508 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

12:24:08.0691 5508 pci - ok

12:24:08.0691 5508 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

12:24:08.0707 5508 pciide - ok

12:24:08.0707 5508 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys

12:24:08.0722 5508 pcmcia - ok

12:24:08.0722 5508 PCTINDIS5X64 - ok

12:24:08.0722 5508 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

12:24:08.0722 5508 pcw - ok

12:24:08.0738 5508 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

12:24:08.0769 5508 PEAUTH - ok

12:24:08.0800 5508 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll

12:24:08.0816 5508 PeerDistSvc - ok

12:24:08.0832 5508 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe

12:24:08.0832 5508 PerfHost - ok

12:24:08.0847 5508 PGPdisk (c800d99511087d6821339ff7055a1b5f) C:\Windows\system32\drivers\PGPdisk.sys

12:24:08.0863 5508 PGPdisk - ok

12:24:08.0863 5508 pgpfs (6a9fa3651b87e5860f65a32607019733) C:\Windows\system32\Drivers\PGPfsfd.sys

12:24:08.0878 5508 pgpfs - ok

12:24:08.0878 5508 PGPsdkDriver (712ab96c92bf4cbc5bde678c4de826d9) C:\Windows\system32\Drivers\PGPsdk.sys

12:24:08.0894 5508 PGPsdkDriver - ok

12:24:08.0894 5508 PGPserv (aca441c95d2eacda3aff2b1f07479ba4) C:\Windows\SysWOW64\PGPserv.exe

12:24:08.0894 5508 PGPserv - ok

12:24:08.0910 5508 PGPwded (01628719a59482be172b1fbade2609f5) C:\Windows\system32\drivers\PGPwded.sys

12:24:08.0925 5508 PGPwded - ok

12:24:08.0925 5508 Pgpwdefs (6b771a778884a0a10617468afd462b84) C:\Windows\system32\DRIVERS\Pgpwdefs.sys

12:24:08.0925 5508 Pgpwdefs - ok

12:24:08.0925 5508 PHCORE (52c9f4359af4a25969b882aecc6f3bda) C:\Program Files\Lenovo\RapidBoot\PHCORE64.SYS

12:24:08.0941 5508 PHCORE - ok

12:24:08.0972 5508 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll

12:24:09.0003 5508 pla - ok

12:24:09.0019 5508 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll

12:24:09.0034 5508 PlugPlay - ok

12:24:09.0034 5508 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll

12:24:09.0034 5508 PNRPAutoReg - ok

12:24:09.0050 5508 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

12:24:09.0066 5508 PNRPsvc - ok

12:24:09.0081 5508 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll

12:24:09.0097 5508 PolicyAgent - ok

12:24:09.0112 5508 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll

12:24:09.0128 5508 Power - ok

12:24:09.0144 5508 Power Manager DBC Service (ebf8a077be308c0c6d55d90f89a43547) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE

12:24:09.0144 5508 Power Manager DBC Service - ok

12:24:09.0159 5508 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

12:24:09.0175 5508 PptpMiniport - ok

12:24:09.0175 5508 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys

12:24:09.0190 5508 Processor - ok

12:24:09.0190 5508 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll

12:24:09.0206 5508 ProfSvc - ok

12:24:09.0206 5508 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

12:24:09.0222 5508 ProtectedStorage - ok

12:24:09.0222 5508 psadd (4a768fb063a38b0a78ad97617d3a04f5) C:\Windows\system32\DRIVERS\psadd.sys

12:24:09.0222 5508 psadd - ok

12:24:09.0237 5508 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

12:24:09.0253 5508 Psched - ok

12:24:09.0268 5508 PSI_SVC_2 (f036cfb275d0c55f4e45fbbf5f98b3c8) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

12:24:09.0268 5508 PSI_SVC_2 - ok

12:24:09.0268 5508 PwmEWSvc (254de0e4fb8822ca9e5495dcac3bf11c) C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE

12:24:09.0284 5508 PwmEWSvc - ok

12:24:09.0284 5508 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys

12:24:09.0284 5508 PxHlpa64 - ok

12:24:09.0331 5508 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys

12:24:09.0346 5508 ql2300 - ok

12:24:09.0362 5508 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys

12:24:09.0378 5508 ql40xx - ok

12:24:09.0393 5508 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll

12:24:09.0393 5508 QWAVE - ok

12:24:09.0409 5508 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

12:24:09.0409 5508 QWAVEdrv - ok

12:24:09.0424 5508 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

12:24:09.0440 5508 RasAcd - ok

12:24:09.0440 5508 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

12:24:09.0471 5508 RasAgileVpn - ok

12:24:09.0471 5508 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll

12:24:09.0487 5508 RasAuto - ok

12:24:09.0502 5508 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

12:24:09.0518 5508 Rasl2tp - ok

12:24:09.0534 5508 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll

12:24:09.0549 5508 RasMan - ok

12:24:09.0565 5508 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

12:24:09.0580 5508 RasPppoe - ok

12:24:09.0580 5508 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

12:24:09.0612 5508 RasSstp - ok

12:24:09.0612 5508 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

12:24:09.0643 5508 rdbss - ok

12:24:09.0643 5508 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

12:24:09.0658 5508 rdpbus - ok

12:24:09.0658 5508 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

12:24:09.0674 5508 RDPCDD - ok

12:24:09.0690 5508 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys

12:24:09.0690 5508 RDPDR - ok

12:24:09.0690 5508 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

12:24:09.0721 5508 RDPENCDD - ok

12:24:09.0721 5508 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

12:24:09.0752 5508 RDPREFMP - ok

12:24:09.0752 5508 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys

12:24:09.0768 5508 RDPWD - ok

12:24:09.0768 5508 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

12:24:09.0768 5508 rdyboost - ok

12:24:09.0799 5508 RegSrvc (fd11c1287d38a46fb72353e14d50089c) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

12:24:09.0814 5508 RegSrvc - ok

12:24:09.0814 5508 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll

12:24:09.0846 5508 RemoteAccess - ok

12:24:09.0846 5508 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll

12:24:09.0877 5508 RemoteRegistry - ok

12:24:09.0877 5508 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys

12:24:09.0892 5508 RFCOMM - ok

12:24:09.0892 5508 RimUsb (ad42432d22940b4215177be113e4919c) C:\Windows\system32\Drivers\RimUsb_AMD64.sys

12:24:09.0908 5508 RimUsb - ok

12:24:09.0908 5508 RimVSerPort (4aafffa67ac4dfa3d9985d78573887e2) C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys

12:24:09.0908 5508 RimVSerPort - ok

12:24:09.0924 5508 risdxc (5a227511ed22ddfedf7ef7323c8f7d2f) C:\Windows\system32\DRIVERS\risdxc64.sys

12:24:09.0924 5508 risdxc - ok

12:24:09.0924 5508 ROOTMODEM (388d3dd1a6457280f3badba9f3acd6b1) C:\Windows\system32\Drivers\RootMdm.sys

12:24:09.0955 5508 ROOTMODEM - ok

12:24:09.0955 5508 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll

12:24:09.0970 5508 RpcEptMapper - ok

12:24:09.0986 5508 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe

12:24:09.0986 5508 RpcLocator - ok

12:24:10.0002 5508 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

12:24:10.0017 5508 RpcSs - ok

12:24:10.0033 5508 RsFx0105 (c9fe05a63c500abe3afa5786504c4d36) C:\Windows\system32\DRIVERS\RsFx0105.sys

12:24:10.0048 5508 RsFx0105 - ok

12:24:10.0048 5508 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

12:24:10.0064 5508 rspndr - ok

12:24:10.0064 5508 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys

12:24:10.0080 5508 s3cap - ok

12:24:10.0080 5508 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

12:24:10.0095 5508 SamSs - ok

12:24:10.0095 5508 SAService - ok

12:24:10.0095 5508 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

12:24:10.0111 5508 sbp2port - ok

12:24:10.0111 5508 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll

12:24:10.0126 5508 SCardSvr - ok

12:24:10.0142 5508 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

12:24:10.0173 5508 scfilter - ok

12:24:10.0189 5508 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll

12:24:10.0236 5508 Schedule - ok

12:24:10.0236 5508 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

12:24:10.0251 5508 SCPolicySvc - ok

12:24:10.0267 5508 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll

12:24:10.0282 5508 SDRSVC - ok

12:24:10.0282 5508 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

12:24:10.0314 5508 secdrv - ok

12:24:10.0314 5508 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll

12:24:10.0345 5508 seclogon - ok

12:24:10.0345 5508 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll

12:24:10.0376 5508 SENS - ok

12:24:10.0376 5508 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll

12:24:10.0376 5508 SensrSvc - ok

12:24:10.0392 5508 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

12:24:10.0392 5508 Serenum - ok

12:24:10.0407 5508 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

12:24:10.0407 5508 Serial - ok

12:24:10.0407 5508 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys

12:24:10.0423 5508 sermouse - ok

12:24:10.0438 5508 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll

12:24:10.0454 5508 SessionEnv - ok

12:24:10.0454 5508 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

12:24:10.0470 5508 sffdisk - ok

12:24:10.0470 5508 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

12:24:10.0485 5508 sffp_mmc - ok

12:24:10.0485 5508 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

12:24:10.0501 5508 sffp_sd - ok

12:24:10.0501 5508 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys

12:24:10.0501 5508 sfloppy - ok

12:24:10.0516 5508 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll

12:24:10.0548 5508 SharedAccess - ok

12:24:10.0548 5508 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll

12:24:10.0579 5508 ShellHWDetection - ok

12:24:10.0579 5508 Shockprf (c3f190562fe82efda7ccef305ebad3e3) C:\Windows\system32\DRIVERS\Apsx64.sys

12:24:10.0594 5508 Shockprf - ok

12:24:10.0594 5508 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys

12:24:10.0610 5508 SiSRaid2 - ok

12:24:10.0610 5508 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys

12:24:10.0610 5508 SiSRaid4 - ok

12:24:10.0626 5508 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files (x86)\Skype\Updater\Updater.exe

12:24:10.0626 5508 SkypeUpdate - ok

12:24:10.0626 5508 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

12:24:10.0657 5508 Smb - ok

12:24:10.0657 5508 smihlp (3bc2844af786ca422cc31d505acfa9f2) C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys

12:24:10.0672 5508 smihlp - ok

12:24:10.0672 5508 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe

12:24:10.0688 5508 SNMPTRAP - ok

12:24:10.0688 5508 Soluto (f9369327409492097b0bb7ce86bd29de) C:\Windows\system32\DRIVERS\Soluto.sys

12:24:10.0688 5508 Soluto - ok

12:24:10.0704 5508 SolutoService (ed8397986be35c11bfb321636d6991ee) C:\Program Files\Soluto\SolutoService.exe

12:24:10.0719 5508 SolutoService - ok

12:24:10.0719 5508 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

12:24:10.0735 5508 spldr - ok

12:24:10.0735 5508 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe

12:24:10.0766 5508 Spooler - ok

12:24:10.0844 5508 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe

12:24:10.0891 5508 sppsvc - ok

12:24:10.0906 5508 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll

12:24:10.0938 5508 sppuinotify - ok

12:24:10.0938 5508 SQLAgent$SQLEXPRESS (45e65fb17a4cd5facbd3ca16c8334c82) c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE

12:24:10.0953 5508 SQLAgent$SQLEXPRESS - ok

12:24:10.0969 5508 SQLBrowser (10d936dced9eacd1a1b3fcdda6d7a4eb) c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe

12:24:10.0969 5508 SQLBrowser - ok

12:24:10.0984 5508 SQLWriter (f92e5f93be572b512da3c016b675ede0) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

12:24:10.0984 5508 SQLWriter - ok

12:24:11.0000 5508 SROSVC (d2aeeb5c15b4b256dc4ec2ce8219b090) C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe

12:24:11.0000 5508 SROSVC - ok

12:24:11.0031 5508 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

12:24:11.0047 5508 srv - ok

12:24:11.0062 5508 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

12:24:11.0062 5508 srv2 - ok

12:24:11.0078 5508 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

12:24:11.0078 5508 srvnet - ok

12:24:11.0094 5508 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll

12:24:11.0109 5508 SSDPSRV - ok

12:24:11.0125 5508 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll

12:24:11.0140 5508 SstpSvc - ok

12:24:11.0156 5508 Steam Client Service - ok

12:24:11.0156 5508 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys

12:24:11.0156 5508 stexstor - ok

12:24:11.0156 5508 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys

12:24:11.0172 5508 StillCam - ok

12:24:11.0187 5508 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll

12:24:11.0203 5508 stisvc - ok

12:24:11.0203 5508 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys

12:24:11.0218 5508 storflt - ok

12:24:11.0218 5508 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll

12:24:11.0234 5508 StorSvc - ok

12:24:11.0234 5508 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys

12:24:11.0234 5508 storvsc - ok

12:24:11.0250 5508 SUService (6ea2f517373771cac5188e82617c9c0b) C:\Program Files (x86)\Lenovo\System Update\SUService.exe

12:24:11.0250 5508 SUService ( UnsignedFile.Multi.Generic ) - warning

12:24:11.0250 5508 SUService - detected UnsignedFile.Multi.Generic (1)

12:24:11.0250 5508 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys

12:24:11.0265 5508 swenum - ok

12:24:11.0265 5508 swg3kmbb01 (21da79f3200d22ddfcbf6369fab4ced0) C:\Windows\system32\DRIVERS\swg3kmbb01.sys

12:24:11.0281 5508 swg3kmbb01 - ok

12:24:11.0296 5508 swg3knmea01 (c9aadba1eaf597d7ec02a529cc64234a) C:\Windows\system32\DRIVERS\swg3knmea01.sys

12:24:11.0296 5508 swg3knmea01 - ok

12:24:11.0296 5508 swg3kser01 (c9aadba1eaf597d7ec02a529cc64234a) C:\Windows\system32\DRIVERS\swg3kser01.sys

12:24:11.0312 5508 swg3kser01 - ok

12:24:11.0312 5508 swibus01 (3911adb9a2e6e34e583c93a440343114) C:\Windows\system32\DRIVERS\swibus01.sys

12:24:11.0328 5508 swibus01 - ok

12:24:11.0328 5508 swibusflt01 (3911adb9a2e6e34e583c93a440343114) C:\Windows\system32\DRIVERS\swibusflt01.sys

12:24:11.0328 5508 swibusflt01 - ok

12:24:11.0343 5508 swmsflt (179de6936fbb0702f89535b27e311b1f) C:\Windows\System32\drivers\swmsflt.sys

12:24:11.0343 5508 swmsflt - ok

12:24:11.0359 5508 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll

12:24:11.0390 5508 swprv - ok

12:24:11.0390 5508 SynTP (772493a8945495f1a287bf6c4ca25b48) C:\Windows\system32\DRIVERS\SynTP.sys

12:24:11.0406 5508 SynTP - ok

12:24:11.0437 5508 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll

12:24:11.0468 5508 SysMain - ok

12:24:11.0484 5508 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll

12:24:11.0499 5508 TabletInputService - ok

12:24:11.0515 5508 TabletSVC (9b2825b463529d7646690af4e590a787) C:\Program Files (x86)\ThinkPad\Tablet Shortcut\TSMService.exe

12:24:11.0515 5508 TabletSVC - ok

12:24:11.0530 5508 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll

12:24:11.0546 5508 TapiSrv - ok

12:24:11.0546 5508 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll

12:24:11.0577 5508 TBS - ok

12:24:11.0624 5508 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys

12:24:11.0640 5508 Tcpip - ok

12:24:11.0702 5508 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys

12:24:11.0733 5508 TCPIP6 - ok

12:24:11.0749 5508 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

12:24:11.0780 5508 tcpipreg - ok

12:24:11.0780 5508 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

12:24:11.0780 5508 TDPIPE - ok

12:24:11.0796 5508 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys

12:24:11.0796 5508 TDTCP - ok

12:24:11.0796 5508 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

12:24:11.0827 5508 tdx - ok

12:24:11.0827 5508 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys

12:24:11.0842 5508 TermDD - ok

12:24:11.0858 5508 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll

12:24:11.0874 5508 TermService - ok

12:24:11.0889 5508 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll

12:24:11.0889 5508 Themes - ok

12:24:11.0905 5508 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

12:24:11.0920 5508 THREADORDER - ok

12:24:11.0920 5508 TPDIGIMN (1bb77eccbfa3675b1ee8d6d6d37a1e1e) C:\Windows\system32\DRIVERS\ApsHM64.sys

12:24:11.0936 5508 TPDIGIMN - ok

12:24:11.0936 5508 TPHDEXLGSVC (88f81d810ff16ac65b02643daf308d4f) C:\Windows\system32\TPHDEXLG64.exe

12:24:11.0936 5508 TPHDEXLGSVC - ok

12:24:11.0952 5508 TPHKLOAD (83415782d47f8064fcafea308abb2246) C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe

12:24:11.0952 5508 TPHKLOAD - ok

12:24:11.0952 5508 TPHKSVC (c04bb65441913ab621c58a8bd3169b23) C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe

12:24:11.0967 5508 TPHKSVC - ok

12:24:11.0967 5508 TPM (dbcc20c02e8a3e43b03c304a4e40a84f) C:\Windows\system32\drivers\tpm.sys

12:24:11.0983 5508 TPM - ok

12:24:11.0983 5508 TPPWRIF (7165b5a9b4867f64a6d6935f57d4196b) C:\Windows\system32\drivers\Tppwr64v.sys

12:24:11.0983 5508 TPPWRIF - ok

12:24:11.0998 5508 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll

12:24:12.0014 5508 TrkWks - ok

12:24:12.0030 5508 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe

12:24:12.0045 5508 TrustedInstaller - ok

12:24:12.0045 5508 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

12:24:12.0076 5508 tssecsrv - ok

12:24:12.0076 5508 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

12:24:12.0092 5508 TsUsbFlt - ok

12:24:12.0092 5508 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys

12:24:12.0092 5508 TsUsbGD - ok

12:24:12.0108 5508 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

12:24:12.0123 5508 tunnel - ok

12:24:12.0123 5508 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys

12:24:12.0139 5508 uagp35 - ok

12:24:12.0139 5508 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

12:24:12.0170 5508 udfs - ok

12:24:12.0170 5508 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe

12:24:12.0186 5508 UI0Detect - ok

12:24:12.0186 5508 UleadBurningHelper (be788a747457e6916586c410ec0111e7) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

12:24:12.0201 5508 UleadBurningHelper ( UnsignedFile.Multi.Generic ) - warning

12:24:12.0201 5508 UleadBurningHelper - detected UnsignedFile.Multi.Generic (1)

12:24:12.0201 5508 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

12:24:12.0201 5508 uliagpkx - ok

12:24:12.0217 5508 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys

12:24:12.0217 5508 umbus - ok

12:24:12.0217 5508 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys

12:24:12.0232 5508 UmPass - ok

12:24:12.0232 5508 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll

12:24:12.0248 5508 UmRdpService - ok

12:24:12.0295 5508 UNS (a69cd6bdb82872999d2e46f9324ada83) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

12:24:12.0326 5508 UNS - ok

12:24:12.0357 5508 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll

12:24:12.0388 5508 upnphost - ok

12:24:12.0388 5508 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys

12:24:12.0404 5508 USBAAPL64 - ok

12:24:12.0404 5508 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys

12:24:12.0420 5508 usbaudio - ok

12:24:12.0420 5508 usbccgp (19ad7990c0b67e48dac5b26f99628223) C:\Windows\system32\DRIVERS\usbccgp.sys

12:24:12.0435 5508 usbccgp - ok

12:24:12.0435 5508 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

12:24:12.0451 5508 usbcir - ok

12:24:12.0451 5508 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys

12:24:12.0451 5508 usbehci - ok

12:24:12.0466 5508 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

12:24:12.0482 5508 usbhub - ok

12:24:12.0482 5508 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\drivers\usbohci.sys

12:24:12.0482 5508 usbohci - ok

12:24:12.0482 5508 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys

12:24:12.0498 5508 usbprint - ok

12:24:12.0498 5508 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS

12:24:12.0513 5508 USBSTOR - ok

12:24:12.0513 5508 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\drivers\usbuhci.sys

12:24:12.0529 5508 usbuhci - ok

12:24:12.0529 5508 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys

12:24:12.0544 5508 usbvideo - ok

12:24:12.0544 5508 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll

12:24:12.0576 5508 UxSms - ok

12:24:12.0576 5508 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

12:24:12.0576 5508 VaultSvc - ok

12:24:12.0591 5508 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

12:24:12.0591 5508 vdrvroot - ok

12:24:12.0607 5508 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe

12:24:12.0638 5508 vds - ok

12:24:12.0638 5508 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

12:24:12.0638 5508 vga - ok

12:24:12.0654 5508 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

12:24:12.0669 5508 VgaSave - ok

12:24:12.0685 5508 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

12:24:12.0685 5508 vhdmp - ok

12:24:12.0685 5508 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

12:24:12.0700 5508 viaide - ok

12:24:12.0700 5508 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys

12:24:12.0716 5508 vmbus - ok

12:24:12.0716 5508 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys

12:24:12.0716 5508 VMBusHID - ok

12:24:12.0732 5508 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

12:24:12.0732 5508 volmgr - ok

12:24:12.0747 5508 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

12:24:12.0747 5508 volmgrx - ok

12:24:12.0763 5508 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

12:24:12.0763 5508 volsnap - ok

12:24:12.0778 5508 vpnagent (e4d2305ebb9de0871a1e13294d0f349b) C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe

12:24:12.0794 5508 vpnagent - ok

12:24:12.0794 5508 vpnva (0e4df91e83da5739ffb18535d4db10aa) C:\Windows\system32\DRIVERS\vpnva64.sys

12:24:12.0794 5508 vpnva - ok

12:24:12.0810 5508 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys

12:24:12.0810 5508 vsmraid - ok

12:24:12.0856 5508 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe

12:24:12.0888 5508 VSS - ok

12:24:12.0903 5508 vToolbarUpdater11.1.0 (5fa45791413acce628d5361458f32dde) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe

12:24:12.0934 5508 vToolbarUpdater11.1.0 - ok

12:24:12.0950 5508 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

12:24:12.0950 5508 vwifibus - ok

12:24:12.0966 5508 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

12:24:12.0966 5508 vwififlt - ok

12:24:12.0966 5508 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys

12:24:12.0981 5508 vwifimp - ok

12:24:12.0997 5508 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll

12:24:13.0012 5508 W32Time - ok

12:24:13.0028 5508 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys

12:24:13.0028 5508 WacomPen - ok

12:24:13.0028 5508 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

12:24:13.0059 5508 WANARP - ok

12:24:13.0059 5508 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

12:24:13.0090 5508 Wanarpv6 - ok

12:24:13.0106 5508 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe

12:24:13.0137 5508 WatAdminSvc - ok

12:24:13.0168 5508 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe

12:24:13.0184 5508 wbengine - ok

12:24:13.0215 5508 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll

12:24:13.0231 5508 WbioSrvc - ok

12:24:13.0231 5508 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll

12:24:13.0246 5508 wcncsvc - ok

12:24:13.0246 5508 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll

12:24:13.0262 5508 WcsPlugInService - ok

12:24:13.0262 5508 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys

12:24:13.0278 5508 Wd - ok

12:24:13.0278 5508 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam64.sys

12:24:13.0278 5508 WDC_SAM - ok

12:24:13.0293 5508 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

12:24:13.0309 5508 Wdf01000 - ok

12:24:13.0324 5508 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

12:24:13.0340 5508 WdiServiceHost - ok

12:24:13.0340 5508 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

12:24:13.0356 5508 WdiSystemHost - ok

12:24:13.0356 5508 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll

12:24:13.0371 5508 WebClient - ok

12:24:13.0387 5508 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll

12:24:13.0402 5508 Wecsvc - ok

12:24:13.0418 5508 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll

12:24:13.0434 5508 wercplsupport - ok

12:24:13.0434 5508 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll

12:24:13.0465 5508 WerSvc - ok

12:24:13.0465 5508 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

12:24:13.0496 5508 WfpLwf - ok

12:24:13.0496 5508 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

12:24:13.0512 5508 WIMMount - ok

12:24:13.0512 5508 WinDefend - ok

12:24:13.0512 5508 WinHttpAutoProxySvc - ok

12:24:13.0527 5508 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll

12:24:13.0543 5508 Winmgmt - ok

12:24:13.0590 5508 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll

12:24:13.0636 5508 WinRM - ok

12:24:13.0652 5508 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUSB.sys

12:24:13.0668 5508 WinUsb - ok

12:24:13.0683 5508 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll

12:24:13.0714 5508 Wlansvc - ok

12:24:13.0714 5508 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe

12:24:13.0714 5508 wlcrasvc - ok

12:24:13.0777 5508 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

12:24:13.0808 5508 wlidsvc - ok

12:24:13.0824 5508 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys

12:24:13.0824 5508 WmiAcpi - ok

12:24:13.0839 5508 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe

12:24:13.0855 5508 wmiApSrv - ok

12:24:13.0855 5508 WMPNetworkSvc - ok

12:24:13.0855 5508 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll

12:24:13.0870 5508 WPCSvc - ok

12:24:13.0870 5508 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll

12:24:13.0886 5508 WPDBusEnum - ok

12:24:13.0886 5508 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

12:24:13.0917 5508 ws2ifsl - ok

12:24:13.0917 5508 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll

12:24:13.0933 5508 wscsvc - ok

12:24:13.0933 5508 WSearch - ok

12:24:13.0980 5508 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll

12:24:14.0026 5508 wuauserv - ok

12:24:14.0042 5508 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

12:24:14.0073 5508 WudfPf - ok

12:24:14.0073 5508 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

12:24:14.0104 5508 WUDFRd - ok

12:24:14.0104 5508 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll

12:24:14.0120 5508 wudfsvc - ok

12:24:14.0136 5508 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll

12:24:14.0151 5508 WwanSvc - ok

12:24:14.0167 5508 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

12:24:14.0260 5508 \Device\Harddisk0\DR0 - ok

12:24:14.0260 5508 Boot (0x1200) (cafb111438c2ef59231837af5fd3593b) \Device\Harddisk0\DR0\Partition0

12:24:14.0260 5508 \Device\Harddisk0\DR0\Partition0 - ok

12:24:14.0260 5508 Boot (0x1200) (3dc3f048ad58dfb25af1aea4f6b04d74) \Device\Harddisk0\DR0\Partition1

12:24:14.0260 5508 \Device\Harddisk0\DR0\Partition1 - ok

12:24:14.0260 5508 ============================================================

12:24:14.0260 5508 Scan finished

12:24:14.0260 5508 ============================================================

12:24:14.0276 3104 Detected object count: 4

12:24:14.0276 3104 Actual detected object count: 4

12:24:39.0969 3104 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user

12:24:39.0969 3104 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip

12:24:39.0969 3104 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user

12:24:39.0969 3104 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip

12:24:39.0969 3104 SUService ( UnsignedFile.Multi.Generic ) - skipped by user

12:24:39.0969 3104 SUService ( UnsignedFile.Multi.Generic ) - User select action: Skip

12:24:39.0969 3104 UleadBurningHelper ( UnsignedFile.Multi.Generic ) - skipped by user

12:24:39.0969 3104 UleadBurningHelper ( UnsignedFile.Multi.Generic ) - User select action: Skip

Link to post
Share on other sites

Malwarebytes Anti-Malware (Trial) 1.61.0.1400

www.malwarebytes.org

Database version: v2012.06.19.06

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

X220 :: X220-PC [administrator]

Protection: Enabled

6/19/2012 12:38:35 PM

mbam-log-2012-06-19 (12-38-35).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P

Scan options disabled:

Objects scanned: 218268

Time elapsed: 43 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31

Run by X220 at 12:40:50 on 2012-06-19

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8075.6015 [GMT -5:00]

.

AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\PROGRA~2\AVG\AVG2012\avgrsa.exe

C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\ibmpmsvc.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\SYSTEM32\WISPTIS.EXE

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\WUDFHost.exe

C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe

C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\conhost.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe

C:\Windows\system32\CxAudMsg64.exe

C:\Program Files\Intel\WiFi\bin\EvtEng.exe

C:\Program Files (x86)\Sierra Wireless Inc\Gobi\QDLService\GobiQDLService.exe

C:\Windows\system32\IProsetMonitor.exe

C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe

C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe

C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe

C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe

c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe

C:\Windows\SysWOW64\PGPserv.exe

C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe

C:\Program Files (x86)\AVG\AVG2012\avgemca.exe

C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

C:\Windows\SysWOW64\SAsrv.exe

C:\Program Files\Soluto\SolutoService.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\UI0Detect.exe

C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe

C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\taskhost.exe

C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe

C:\Program Files\Soluto\soluto.exe

C:\Windows\system32\Dwm.exe

C:\Windows\SYSTEM32\WISPTIS.EXE

C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe

C:\Program Files\CONEXANT\ForteConfig\fmapp.exe

C:\Windows\System32\TpShocks.exe

C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files (x86)\Dexpot\dexpot.exe

C:\Program Files (x86)\Windows Sidebar\sidebar.exe

C:\Program Files (x86)\Quicken\bagent.exe

C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Program Files (x86)\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe

C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe

C:\Windows\system32\rundll32.exe

C:\Program Files (x86)\AVG\AVG2012\avgtray.exe

C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe

C:\Windows\system32\igfxext.exe

C:\Program Files (x86)\ThinkPad\Tablet Shortcut\TSMResident.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\AVG Secure Search\vprot.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files (x86)\Dexpot\Dexpot64.exe

C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe

C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE

C:\Windows\system32\SearchIndexer.exe

C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SRORest.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\SysWOW64\RunDll32.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files (x86)\Lenovo\System Update\SUService.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE

C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe

C:\Program Files (x86)\ThinkPad\Tablet Shortcut\ASR\ASRSVC.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe

C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe

C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe

C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe

C:\PROGRA~1\Lenovo\HOTKEY\tpnumlk.exe

C:\Program Files (x86)\ThinkPad\Tablet Shortcut\TSMService.exe

C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe

C:\Windows\system32\rundll32.exe

C:\PROGRA~1\Lenovo\Zoom\TPSCREX.EXE

C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE

C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe

C:\Program Files\Core Temp\Core Temp.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\igfxsrvc.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = about:blank

uInternet Settings,ProxyOverride = *.local

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

BHO: WeCareReminder Class: {d824f0de-3d60-4f57-9eb1-66033ecd8abb} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

uRun: [Dexpot] C:\Program Files (x86)\Dexpot\dexpot.exe

uRun: [sidebar] C:\Program Files (x86)\Windows Sidebar\sidebar.exe /autoRun

uRun: [QuickenScheduledUpdates] C:\Program Files (x86)\Quicken\bagent.exe

mRun: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor

mRun: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe

mRun: [iMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"

mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"

mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe

mRun: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12

mRun: [brMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN

mRun: [TSMResident] "C:\Program Files (x86)\ThinkPad\Tablet Shortcut\TSMRESIDENT.EXE" /r

mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

StartupFolder: C:\Users\X220\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\PICTUR~1.LNK - C:\Program Files (x86)\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\ThinkPad\Bluetooth Software\BTTray.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Append to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert link target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert link target to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

LSP: C:\Windows\system32\PGPlsp.dll

Trusted Zone: intuit.com\ttlc

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {A6616B31-4860-41E2-98E3-CA7649AF172F} - file:///D:/launch.ocx

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{2FBF9ABD-C455-4E88-AB46-4924300BBCC5} : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{2FBF9ABD-C455-4E88-AB46-4924300BBCC5}\0557D607B696E6 : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{2FBF9ABD-C455-4E88-AB46-4924300BBCC5}\0557D607B696E65374 : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{2FBF9ABD-C455-4E88-AB46-4924300BBCC5}\3416279626F657 : DhcpNameServer = 207.87.178.40 207.87.178.41 4.2.2.2

TCP: Interfaces\{469A349C-5B6D-4F1A-8E18-175B08EF668D} : NameServer = 209.183.33.23 209.183.35.23

TCP: Interfaces\{C0F41CFF-96F9-46C4-B079-0BDBA30F2C78} : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{DCFCB76C-CB1B-42C3-B199-54156D512045} : NameServer = 172.16.145.103 172.16.145.103

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

LSA: Notification Packages = scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll

BHO-X64: AVG Do Not Track - No File

BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll

BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File

BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll

BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO-X64: SkypeIEPluginBHO - No File

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: WeCareReminder Class: {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll

BHO-X64: WeCareReminder - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO-X64: SmartSelect - No File

TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll

TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

mRun-x64: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor

mRun-x64: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe

mRun-x64: [iMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"

mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"

mRun-x64: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe

mRun-x64: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12

mRun-x64: [brMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN

mRun-x64: [TSMResident] "C:\Program Files (x86)\ThinkPad\Tablet Shortcut\TSMRESIDENT.EXE" /r

mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\X220\AppData\Roaming\Mozilla\Firefox\Profiles\pvclcagu.default\

FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)

FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&q=

FF - prefs.js: network.proxy.type - 4

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\npsitesafety.dll

FF - plugin: c:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\X220\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll

FF - plugin: C:\Users\X220\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll

FF - plugin: C:\Users\X220\AppData\Roaming\Mozilla\Firefox\Profiles\pvclcagu.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\plugins\np-mswmp.dll

FF - plugin: C:\Users\X220\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll

FF - plugin: C:\Users\X220\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: C:\Users\X220\AppData\Roaming\Mozilla\plugins\npicaN.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSHA;AVGIDSHA;C:\Windows\system32\DRIVERS\avgidsha.sys --> C:\Windows\system32\DRIVERS\avgidsha.sys [?]

R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]

R0 DzHDD64;DzHDD64;C:\Windows\system32\DRIVERS\DzHDD64.sys --> C:\Windows\system32\DRIVERS\DzHDD64.sys [?]

R0 pgpfs;PGP File Sharing;C:\Windows\system32\Drivers\PGPfsfd.sys --> C:\Windows\system32\Drivers\PGPfsfd.sys [?]

R0 Pgpwdefs;Pgpwdefs;C:\Windows\system32\DRIVERS\Pgpwdefs.sys --> C:\Windows\system32\DRIVERS\Pgpwdefs.sys [?]

R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]

R0 Soluto;Soluto;C:\Windows\system32\DRIVERS\Soluto.sys --> C:\Windows\system32\DRIVERS\Soluto.sys [?]

R0 TPDIGIMN;TPDIGIMN;C:\Windows\system32\DRIVERS\ApsHM64.sys --> C:\Windows\system32\DRIVERS\ApsHM64.sys [?]

R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]

R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]

R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]

R1 lenovo.smi;Lenovo System Interface Driver;C:\Windows\system32\DRIVERS\smiifx64.sys --> C:\Windows\system32\DRIVERS\smiifx64.sys [?]

R1 PHCORE;PHCORE;C:\Program Files\Lenovo\RapidBoot\PHCORE64.sys [2011-7-8 32104]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-4-30 5106744]

R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]

R2 CxAudMsg;Conexant Audio Message Service;C:\Windows\system32\CxAudMsg64.exe --> C:\Windows\system32\CxAudMsg64.exe [?]

R2 GobiQDLService;Sierra Wireless QDL Service;C:\Program Files (x86)\Sierra Wireless Inc\Gobi\QDLService\GobiQDLService.exe [2011-9-1 316784]

R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\system32\IProsetMonitor.exe --> C:\Windows\system32\IProsetMonitor.exe [?]

R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-8-25 13672]

R2 jhi_service;Intel® Identity Protection Technology Host Interface Service;C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2011-2-7 210896]

R2 LENOVO.CAMMUTE;Lenovo Camera Mute;C:\Program Files\Lenovo\Communications Utility\CamMute.exe [2011-12-10 41320]

R2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe [2011-12-10 59240]

R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe [2011-12-10 133992]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-5-18 654408]

R2 risdxc;risdxc;C:\Windows\system32\DRIVERS\risdxc64.sys --> C:\Windows\system32\DRIVERS\risdxc64.sys [?]

R2 SAService;Conexant SmartAudio service;C:\Windows\System32\SASrv.exe [2011-12-10 446592]

R2 smihlp;SMI Helper Driver (smihlp);C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [2011-5-30 13128]

R2 SolutoService;Soluto PCGenome Core Service;C:\Program Files\Soluto\SolutoService.exe [2012-4-24 584224]

R2 SROSVC;Screen Reading Optimizer Service Program;C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe [2011-12-10 446800]

R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-12-10 2656280]

R2 vpnagent;Cisco AnyConnect VPN Agent;C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2009-10-9 493248]

R2 vToolbarUpdater11.1.0;vToolbarUpdater11.1.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe [2012-6-12 935480]

R3 5U877;USB Video Device;C:\Windows\system32\DRIVERS\5U877.sys --> C:\Windows\system32\DRIVERS\5U877.sys [?]

R3 ASRSVC;ASR Service;C:\Program Files (x86)\ThinkPad\Tablet Shortcut\ASR\ASRSVC.exe [2011-12-10 79136]

R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\avgidsdrivera.sys --> C:\Windows\system32\DRIVERS\avgidsdrivera.sys [?]

R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\avgidsfiltera.sys --> C:\Windows\system32\DRIVERS\avgidsfiltera.sys [?]

R3 DozeSvc;Lenovo Doze Mode Service;C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2012-2-14 478056]

R3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;C:\Windows\system32\DRIVERS\e1c62x64.sys --> C:\Windows\system32\DRIVERS\e1c62x64.sys [?]

R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]

R3 iwdbus;IWD Bus Enumerator;C:\Windows\system32\DRIVERS\iwdbus.sys --> C:\Windows\system32\DRIVERS\iwdbus.sys [?]

R3 LENOVO.MICMUTE;Lenovo Microphone Mute;C:\Program Files\Lenovo\HOTKEY\micmute.exe [2011-12-10 101736]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]

R3 swg3kmbb01;Sierra Wireless QMI USB-NDIS 6.20 miniport for Lenovo;C:\Windows\system32\DRIVERS\swg3kmbb01.sys --> C:\Windows\system32\DRIVERS\swg3kmbb01.sys [?]

R3 swg3knmea01;Sierra Wireless QMI NMEA Communication - Lenovo;C:\Windows\system32\DRIVERS\swg3knmea01.sys --> C:\Windows\system32\DRIVERS\swg3knmea01.sys [?]

R3 swg3kser01;Sierra Wireless QMI USB Device for Legacy Serial Communication - Lenovo;C:\Windows\system32\DRIVERS\swg3kser01.sys --> C:\Windows\system32\DRIVERS\swg3kser01.sys [?]

R3 swibus01;Sierra Wireless Bus Enumerator 01;C:\Windows\system32\DRIVERS\swibus01.sys --> C:\Windows\system32\DRIVERS\swibus01.sys [?]

R3 swibusflt01;Sierra Wireless Bus Enumerator Filter 01;C:\Windows\system32\DRIVERS\swibusflt01.sys --> C:\Windows\system32\DRIVERS\swibusflt01.sys [?]

R3 TabletSVC;TABLET Service;C:\Program Files (x86)\ThinkPad\Tablet Shortcut\TSMService.exe [2011-12-10 83440]

R3 TPHKLOAD;Lenovo Hotkey Client Loader;C:\Program Files\Lenovo\HOTKEY\tphkload.exe [2011-12-10 145256]

R3 TPHKSVC;On Screen Display;C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe [2011-12-10 142696]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 HyperW7Svc;HyperW7 Service;C:\Program Files\Lenovo\RapidBoot\HyperW7Svc64.exe [2011-7-8 144232]

S3 BTWAMPFL;BTWAMPFL;C:\Windows\system32\DRIVERS\btwampfl.sys --> C:\Windows\system32\DRIVERS\btwampfl.sys [?]

S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]

S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]

S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]

S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]

S3 GTNDIS62;GT62 UHS IP NDIS;C:\Windows\system32\DRIVERS\gtuhs62.sys --> C:\Windows\system32\DRIVERS\gtuhs62.sys [?]

S3 GTUHSBUS;GT UHS BUS;C:\Windows\system32\DRIVERS\gtuhsbus.sys --> C:\Windows\system32\DRIVERS\gtuhsbus.sys [?]

S3 GTUHSSER;GT UHS SER;C:\Windows\system32\DRIVERS\gtuhsser.sys --> C:\Windows\system32\DRIVERS\gtuhsser.sys [?]

S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\system32\drivers\intelaud.sys --> C:\Windows\system32\drivers\intelaud.sys [?]

S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-5 113120]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 PACSPTISVR-Sound_Organizer;PACSPTISVR-Sound_Organizer;C:\Program Files (x86)\Sony\Sound Organizer\Sony.Earth\PACSPTISVR.exe [2011-6-23 157544]

S3 Power Manager DBC Service;Power Manager DBC Service;C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe [2011-12-10 89152]

S3 PwmEWSvc;Cisco EnergyWise Enabler;C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.exe [2011-12-10 175168]

S3 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856]

S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]

S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 61976]

S4 RsFx0105;RsFx0105 Driver;C:\Windows\system32\DRIVERS\RsFx0105.sys --> C:\Windows\system32\DRIVERS\RsFx0105.sys [?]

S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-9-22 431464]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2012-06-18 13:15:08 -------- d-sh--w- C:\$RECYCLE.BIN

2012-06-18 12:34:56 98816 ----a-w- C:\Windows\sed.exe

2012-06-18 12:34:56 518144 ----a-w- C:\Windows\SWREG.exe

2012-06-18 12:34:56 256000 ----a-w- C:\Windows\PEV.exe

2012-06-18 12:34:56 208896 ----a-w- C:\Windows\MBR.exe

2012-06-14 00:11:59 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll

2012-06-14 00:11:59 366592 ----a-w- C:\Windows\System32\qdvd.dll

2012-06-09 15:40:17 770384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll

2012-06-09 15:40:17 421200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll

2012-06-09 00:12:30 -------- d-----w- C:\Users\X220\AppData\Local\{809704FA-C931-478D-B31C-D950B2CC53D3}

2012-06-09 00:12:19 -------- d-----w- C:\Users\X220\AppData\Local\{0748966C-BB0A-4F50-B83C-758ADED73862}

2012-06-08 23:32:37 -------- d-----w- C:\Users\X220\AppData\Local\Macromedia

2012-06-02 14:48:22 55280 ------w- C:\Windows\System32\drivers\PxHlpa64.sys

2012-06-02 14:48:22 10224 ------w- C:\Windows\System32\drivers\cdralw2k.sys

2012-06-02 14:48:22 10224 ------w- C:\Windows\System32\drivers\cdr4_xp.sys

2012-06-02 14:48:22 -------- d-----w- C:\Program Files (x86)\Common Files\PX Storage Engine

2012-05-30 02:24:24 -------- d-----w- C:\Program Files (x86)\Scratch

2012-05-20 20:25:57 -------- d-----w- C:\Users\X220\AppData\Roaming\Avery

2012-05-20 20:23:38 -------- d-----w- C:\Program Files (x86)\Avery Dennison

.

==================== Find3M ====================

.

2012-06-08 23:32:29 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-06-08 23:32:29 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll

2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-05-15 01:32:33 3146752 ----a-w- C:\Windows\System32\win32k.sys

2012-05-09 12:23:10 8769696 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe

2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll

2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys

2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll

2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll

2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe

2012-04-24 22:13:24 54728 ----a-w- C:\Windows\System32\drivers\Soluto.sys

2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll

2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll

2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll

2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll

2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll

2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll

2012-04-19 09:50:26 28480 ----a-w- C:\Windows\System32\drivers\avgidsha.sys

2012-04-07 12:31:40 3216384 ----a-w- C:\Windows\System32\msi.dll

2012-04-07 11:26:29 2342400 ----a-w- C:\Windows\SysWow64\msi.dll

2012-04-04 20:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-03-30 11:35:47 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys

.

============= FINISH: 12:41:06.87 ===============

Link to post
Share on other sites

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 12/9/2011 7:12:28 AM

System Uptime: 6/19/2012 12:21:16 PM (0 hours ago)

.

Motherboard: LENOVO | | 4294CTO

Processor: Intel® Core i7-2640M CPU @ 2.80GHz | CPU | 2801/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 477 GiB total, 162.248 GiB free.

.

==== Disabled Device Manager Items =============

.

Class GUID:

Description: Intel® Centrino® Advanced-N + WiMAX 6250

Device ID: USB\VID_8086&PID_0187\6&3E6B990&0&3

Manufacturer:

Name: Intel® Centrino® Advanced-N + WiMAX 6250

PNP Device ID: USB\VID_8086&PID_0187\6&3E6B990&0&3

Service:

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64

Device ID: ROOT\NET\0000

Manufacturer: Cisco Systems

Name: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64

PNP Device ID: ROOT\NET\0000

Service: vpnva

.

==== System Restore Points ===================

.

RP148: 6/2/2012 9:48:25 AM - Installed Sound Organizer.

RP149: 6/2/2012 12:52:57 PM - Installed Sound Organizer.

RP150: 6/4/2012 9:18:29 PM - Installed AVG 2012

RP151: 6/5/2012 6:29:24 AM - Windows Update

RP152: 6/12/2012 9:17:23 AM - Scheduled Checkpoint

RP153: 6/13/2012 6:28:25 PM - Windows Update

RP154: 6/13/2012 7:12:00 PM - Windows Update

RP155: 6/18/2012 7:34:59 AM - ComboFix created restore point

.

==== Installed Programs ======================

.

.

Update for Microsoft Office 2007 (KB2508958)

Adobe Acrobat 9 Pro - English, Français, Deutsch

Adobe Acrobat 9.5.1 - CPSID_83708

Adobe Anchor Service CS3

Adobe Asset Services CS3

Adobe Bridge CS3

Adobe Bridge Start Meeting

Adobe Camera Raw 4.0

Adobe CMaps

Adobe Default Language CS3

Adobe Device Central CS3

Adobe Dreamweaver CS3

Adobe ExtendScript Toolkit 2

Adobe Extension Manager CS3

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Help Viewer CS3

Adobe PDF Library Files

Adobe Setup

Adobe Type Support

Adobe Update Manager CS3

Adobe Version Cue CS3 Client

Apple Application Support

Apple Software Update

ASPCA Reminder by We-Care.com v5.0.5.1

Batman - Arkham City

BlackBerry Desktop Software 6.1

Brother MFL-Pro Suite MFC-790CW

Burn.Now 4.5

Call of Duty: Modern Warfare 3

Call of Duty: Modern Warfare 3 - Multiplayer

Cisco AnyConnect VPN Client

Citrix XenApp Web Plugin

ClipCase

Corel Burn.Now Lenovo Edition

Corel DVD MovieFactory 7

Corel DVD MovieFactory Lenovo Edition

Corel WinDVD

CQGNet

D3DX10

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

DesignPro 5

Dexpot

Direct DiscRecorder

DivXLand Media Subtitler

Dual-Core Optimizer

Duplicate Cleaner 2.1b

Family Tree Maker 2011

FileZilla Client 3.5.3

FrontLook Screen Capture 1.0

GetFLV 9.1.0.0

GIMP 2.6.11

Google SketchUp 8

Google Talk Plugin

HandBrake 0.9.6

IC-R2 Programmer

Integrated Camera Driver Installer Package Ver.1.1.0.1147

Integrated Camera TWAIN

Intel PROSet Wireless

Intel® Control Center

Intel® Identity Protection Technology 1.0.74.0

Intel® Management Engine Components

Intel® Processor Graphics

Intel® WiDi

iSEEK AnswerWorks English Runtime

Java Auto Updater

Java 6 Update 31

Junk Mail filter update

LEGO MINDSTORMS NXT - English Language Pack

LEGO MINDSTORMS NXT Migration Package

LEGO MINDSTORMS NXT Software v2.0

Lenovo Patch Utility

Lenovo Screen Reading Optimizer

LiveZilla

Malwarebytes Anti-Malware version 1.61.0.1400

Mesh Runtime

Microsoft .NET Framework 4 Multi-Targeting Pack

Microsoft Application Error Reporting

Microsoft Camera Codec Pack

Microsoft CCR and DSS Runtime 4 Beta 2

Microsoft Games for Windows - LIVE Redistributable

Microsoft Games for Windows Marketplace

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Outlook 2010

Microsoft Office Outlook MUI (English) 2007

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2007

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing (English) 2010

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Standard 2007

Microsoft Office Word MUI (English) 2007

Microsoft Outlook 2010

Microsoft Primary Interoperability Assemblies 2005

Microsoft Robotics Developer Studio 4 Beta 2

Microsoft Server Speech Recognition Language - Kinect (en-US)

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft SQL Server 2008 Browser

Microsoft SQL Server 2008 R2 Management Objects

Microsoft SQL Server Compact 3.5 SP2 ENU

Microsoft SQL Server System CLR Types

Microsoft Visual C# 2010 Express - ENU

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools

Microsoft WSE 3.0 Runtime

Microsoft XNA Framework Redistributable 4.0

Mozilla Firefox 13.0.1 (x86 en-US)

Mozilla Maintenance Service

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Nikon Message Center 2

Nikon Movie Editor

NVIDIA GAME System Software 2.8.1

Objection Series 3.4

Picture Control Utility

Pidgin

Quicken 2012

Quicken WillMaker Plus 2012

QuickTime

RICOH_Media_Driver_v2.14.18.01

Scratch

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Extended (KB2416472)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition

Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)

Security Update for Microsoft Visual C# 2010 Express - ENU (KB2251489)

Sierra Wireless QMI Lenovo Driver Package

Skype Click to Call

Skype™ 5.8

Sony DVD Architect Studio 4.5

Sony Picture Utility

Sony Sound Forge Audio Studio 9.0

Sound Organizer

Steam

System Update

ThinkPad Power Manager

ThinkPad Tablet Button Driver

ThinkPad Tablet Shortcut Menu

ThinkPad UltraNav Utility

TreeSize Free V2.5

TurboTax 2011

TurboTax 2011 wiliper

TurboTax 2011 WinPerFedFormset

TurboTax 2011 WinPerReleaseEngine

TurboTax 2011 WinPerTaxSupport

TurboTax 2011 wrapper

Unity Web Player

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687267) 32-Bit Edition

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition

Vegas Movie Studio Platinum 9.0

VirtualDJ Home FREE

Visual Studio 2008 x64 Redistributables

Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU

VLC media player 2.0.0

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Windows Media Encoder 9 Series

Windows Media Player Firefox Plugin

Word 2007 Content Control Toolkit

XAMPP 1.7.7

.

==== Event Viewer Messages From Past Week ========

.

6/19/2012 6:29:04 AM, Error: NetBT [4307] - Initialization failed because the transport refused to open initial addresses.

6/19/2012 12:21:59 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom

6/18/2012 8:14:40 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgtdia cdrom

6/18/2012 7:53:14 AM, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: The specified module could not be found.

6/18/2012 7:51:39 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

6/18/2012 7:41:18 AM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

6/13/2012 6:47:17 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.

6/12/2012 10:33:52 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the jhi_service service.

6/12/2012 10:33:52 AM, Error: Service Control Manager [7000] - The Intel® Identity Protection Technology Host Interface Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

.

==== End Of File ===========================

Link to post
Share on other sites

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Link to post
Share on other sites

ComboFix 12-06-16.02 - X220 06/19/2012 15:30:23.2.4 - x64

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8075.5699 [GMT -5:00]

Running from: c:\temp\ComboFix.exe

AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((( Files Created from 2012-05-19 to 2012-06-19 )))))))))))))))))))))))))))))))

.

.

2012-06-19 20:33 . 2012-06-19 20:33 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-06-14 00:11 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll

2012-06-14 00:11 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll

2012-06-09 15:40 . 2012-06-09 15:40 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll

2012-06-09 15:40 . 2012-06-09 15:40 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll

2012-06-08 23:32 . 2012-06-08 23:32 -------- d-----w- c:\users\X220\AppData\Local\Macromedia

2012-06-02 14:48 . 2012-06-02 14:48 -------- d-----w- c:\program files (x86)\Common Files\PX Storage Engine

2012-06-02 14:48 . 2012-06-02 14:48 55280 ------w- c:\windows\system32\drivers\PxHlpa64.sys

2012-06-02 14:48 . 2012-06-02 14:48 10224 ------w- c:\windows\system32\drivers\cdralw2k.sys

2012-06-02 14:48 . 2012-06-02 14:48 10224 ------w- c:\windows\system32\drivers\cdr4_xp.sys

2012-05-30 02:24 . 2012-05-30 02:24 -------- d-----w- c:\program files (x86)\Scratch

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-06-08 23:32 . 2012-04-03 12:25 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-06-08 23:32 . 2011-12-11 02:41 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-05-09 12:23 . 2012-05-09 12:23 8769696 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe

2012-04-24 22:13 . 2011-12-11 12:19 54728 ----a-w- c:\windows\system32\drivers\Soluto.sys

2012-04-19 09:50 . 2012-04-19 09:50 28480 ----a-w- c:\windows\system32\drivers\avgidsha.sys

2012-04-04 20:56 . 2012-05-18 11:45 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-30 11:35 . 2012-05-09 11:58 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys

.

.

((((((((((((((((((((((((((((( SnapShot@2012-06-18_12.53.57 )))))))))))))))))))))))))))))))))))))))))

.

- 2009-07-14 04:54 . 2012-06-17 12:49 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-07-14 04:54 . 2012-06-19 13:07 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-07-14 04:54 . 2012-06-19 13:07 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2012-06-17 12:49 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:54 . 2012-06-19 13:07 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-07-14 04:54 . 2012-06-17 12:49 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 05:10 . 2012-06-19 17:24 28566 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2011-12-09 15:08 . 2012-06-19 18:01 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2011-12-09 15:08 . 2012-06-18 12:35 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2011-12-09 15:08 . 2012-06-19 18:01 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2011-12-09 15:08 . 2012-06-18 12:35 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2012-06-18 12:35 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:54 . 2012-06-19 18:01 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2011-12-09 13:22 . 2012-06-19 17:24 4354 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-883609196-808434145-3285787096-1000_UserData.bin

- 2012-06-18 12:52 . 2012-06-18 12:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-06-19 20:34 . 2012-06-19 20:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-06-19 20:34 . 2012-06-19 20:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2012-06-18 12:52 . 2012-06-18 12:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2011-12-10 13:41 . 2012-06-19 20:24 339764 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin

+ 2009-07-14 02:36 . 2012-06-19 17:26 729436 c:\windows\system32\perfh009.dat

- 2009-07-14 02:36 . 2012-06-18 12:21 729436 c:\windows\system32\perfh009.dat

+ 2009-07-14 02:36 . 2012-06-19 17:26 147958 c:\windows\system32\perfc009.dat

- 2009-07-14 02:36 . 2012-06-18 12:21 147958 c:\windows\system32\perfc009.dat

- 2009-07-14 05:01 . 2012-06-18 12:52 357852 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2009-07-14 05:01 . 2012-06-19 20:33 357852 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2011-12-11 12:20 . 2012-06-19 20:33 7769040 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

- 2011-12-11 12:20 . 2012-06-18 12:52 7769040 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

- 2011-12-10 12:17 . 2012-06-09 00:33 4743065 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-883609196-808434145-3285787096-1000-12288.dat

+ 2011-12-10 12:17 . 2012-06-19 20:33 4743065 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-883609196-808434145-3285787096-1000-12288.dat

+ 2012-06-18 17:20 . 2012-06-18 17:20 2871808 c:\windows\Installer\e21159.msi

+ 2011-12-10 12:17 . 2012-06-19 20:33 15291180 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-883609196-808434145-3285787096-1000-8192.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]

2012-06-12 19:41 2068536 ----a-w- c:\program files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll" [2012-06-12 2068536]

.

[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IconOverlayHandlerAccessible]

@="{3DBF5F01-3287-46EB-82CF-45AA5C241162}"

[HKEY_CLASSES_ROOT\CLSID\{3DBF5F01-3287-46EB-82CF-45AA5C241162}]

2010-02-16 04:25 613496 ----a-w- c:\windows\SysWOW64\PGPfsshl.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Dexpot"="c:\program files (x86)\Dexpot\dexpot.exe" [2012-06-08 1310720]

"Sidebar"="c:\program files (x86)\Windows Sidebar\sidebar.exe" [2010-11-21 1174016]

"QuickenScheduledUpdates"="c:\program files (x86)\Quicken\bagent.exe" [2012-04-18 74840]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2011-12-01 1631808]

"RotateImage"="c:\program files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe" [2008-10-30 55808]

"IMSS"="c:\program files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" [2011-01-17 112152]

"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]

"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]

"ROC_roc_dec12"="c:\program files (x86)\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-18 928096]

"BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]

"TSMResident"="c:\program files (x86)\ThinkPad\Tablet Shortcut\TSMRESIDENT.EXE" [2011-06-30 484856]

"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-06-12 1104440]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]

.

c:\users\X220\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Picture Motion Browser Media Check Tool.lnk - c:\program files (x86)\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2011-12-20 380928]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2011-10-17 1213216]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages REG_MULTI_SZ scecli c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SolutoService]

@="Service"

.

R1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 HyperW7Svc;HyperW7 Service;c:\program files\Lenovo\RapidBoot\HyperW7Svc64.exe [2011-07-08 144232]

R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-08-25 13672]

R2 jhi_service;Intel® Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2011-02-07 210896]

R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]

R2 SROSVC;Screen Reading Optimizer Service Program;c:\program files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe [2011-09-02 446800]

R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-01-17 2656280]

R3 ALSysIO;ALSysIO;c:\users\X220\AppData\Local\Temp\ALSysIO64.sys [x]

R3 ASRSVC;ASR Service;c:\program files (x86)\ThinkPad\Tablet Shortcut\ASR\ASRSVC.exe [2010-10-28 79136]

R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [x]

R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]

R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]

R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]

R3 DozeSvc;Lenovo Doze Mode Service;c:\program files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2011-12-01 478056]

R3 GTNDIS62;GT62 UHS IP NDIS;c:\windows\system32\DRIVERS\gtuhs62.sys [x]

R3 GTUHSBUS;GT UHS BUS;c:\windows\system32\DRIVERS\gtuhsbus.sys [x]

R3 GTUHSSER;GT UHS SER;c:\windows\system32\DRIVERS\gtuhsser.sys [x]

R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [x]

R3 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2011-07-12 101736]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-18 113120]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 PACSPTISVR-Sound_Organizer;PACSPTISVR-Sound_Organizer;c:\program files (x86)\Sony\Sound Organizer\Sony.Earth\PACSPTISVR.exe [2011-06-23 157544]

R3 PCTINDIS5X64;PCTINDIS5X64 NDIS Protocol Driver;c:\windows\system32\PCTINDIS5X64.SYS [x]

R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2011-12-01 89152]

R3 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE [2011-12-01 175168]

R3 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]

R3 TabletSVC;TABLET Service;c:\program files (x86)\ThinkPad\Tablet Shortcut\TSMService.exe [2011-06-30 83440]

R3 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [2011-07-12 145256]

R3 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2011-07-12 142696]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]

R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]

R4 RsFx0105;RsFx0105 Driver;c:\windows\system32\DRIVERS\RsFx0105.sys [x]

R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-09-23 431464]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [x]

S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]

S0 DzHDD64;DzHDD64;c:\windows\System32\DRIVERS\DzHDD64.sys [x]

S0 pgpfs;PGP File Sharing;c:\windows\System32\Drivers\PGPfsfd.sys [x]

S0 Pgpwdefs;Pgpwdefs;c:\windows\system32\DRIVERS\Pgpwdefs.sys [x]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]

S0 Soluto;Soluto;c:\windows\system32\DRIVERS\Soluto.sys [x]

S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys [x]

S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]

S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]

S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys [x]

S1 PHCORE;PHCORE;c:\program files\Lenovo\RapidBoot\PHCORE64.SYS [2011-07-08 32104]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2012-04-30 5106744]

S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]

S2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg64.exe [x]

S2 GobiQDLService;Sierra Wireless QDL Service;c:\program files (x86)\Sierra Wireless Inc\Gobi\QDLService\GobiQDLService.exe [2011-09-01 316784]

S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [x]

S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [2011-05-31 41320]

S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [2011-05-31 59240]

S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2011-07-12 133992]

S2 risdxc;risdxc;c:\windows\system32\DRIVERS\risdxc64.sys [x]

S2 smihlp;SMI Helper Driver (smihlp);c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [2011-05-31 13128]

S2 SolutoService;Soluto PCGenome Core Service;c:\program files\Soluto\SolutoService.exe [2012-04-24 584224]

S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2009-10-09 493248]

S2 vToolbarUpdater11.1.0;vToolbarUpdater11.1.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe [2012-06-12 935480]

S3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys [x]

S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [x]

S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [x]

S3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [x]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]

S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [x]

S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]

S3 swg3kmbb01;Sierra Wireless QMI USB-NDIS 6.20 miniport for Lenovo;c:\windows\system32\DRIVERS\swg3kmbb01.sys [x]

S3 swg3knmea01;Sierra Wireless QMI NMEA Communication - Lenovo;c:\windows\system32\DRIVERS\swg3knmea01.sys [x]

S3 swg3kser01;Sierra Wireless QMI USB Device for Legacy Serial Communication - Lenovo;c:\windows\system32\DRIVERS\swg3kser01.sys [x]

S3 swibus01;Sierra Wireless Bus Enumerator 01;c:\windows\system32\DRIVERS\swibus01.sys [x]

S3 swibusflt01;Sierra Wireless Bus Enumerator Filter 01;c:\windows\system32\DRIVERS\swibusflt01.sys [x]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-06-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-883609196-808434145-3285787096-1000Core.job

- c:\users\X220\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-24 19:23]

.

2012-06-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-883609196-808434145-3285787096-1000UA.job

- c:\users\X220\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-24 19:23]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IconOverlayHandlerAccessible]

@="{3DBF5F01-3287-46EB-82CF-45AA5C241162}"

[HKEY_CLASSES_ROOT\CLSID\{3DBF5F01-3287-46EB-82CF-45AA5C241162}]

2010-02-16 04:25 538744 ----a-w- c:\windows\System32\PGPfsshl.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ForteConfig"="c:\program files\Conexant\ForteConfig\fmapp.exe" [2010-10-26 49056]

"TpShocks"="TpShocks.exe" [2011-03-29 380776]

"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2011-05-31 40808]

"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]

"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-12-14 316032]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-10-04 167704]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-10-04 416024]

"PSQLLauncher"="c:\program files\ThinkVantage Fingerprint Software\launcher.exe" [2011-07-14 85832]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = about:blank

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: Append to existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert link target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert link target to existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: Send image to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm

LSP: c:\windows\system32\PGPlsp.dll

Trusted Zone: intuit.com\ttlc

TCP: Interfaces\{469A349C-5B6D-4F1A-8E18-175B08EF668D}: NameServer = 209.183.33.23 209.183.35.23

TCP: Interfaces\{DCFCB76C-CB1B-42C3-B199-54156D512045}: NameServer = 172.16.145.103 172.16.145.103

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll

DPF: {A6616B31-4860-41E2-98E3-CA7649AF172F} - file:///D:/launch.ocx

FF - ProfilePath - c:\users\X220\AppData\Roaming\Mozilla\Firefox\Profiles\pvclcagu.default\

FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)

FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&q=

FF - prefs.js: network.proxy.type - 4

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]

@Denied: (2) (LocalSystem)

"{95B7759C-8C7F-4BF1-B163-73684A933233}"=hex:51,66,7a,6c,4c,1d,38,12,f2,76,a4,

91,4d,c2,9f,0e,ce,75,30,28,4f,cd,76,27

"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"=hex:51,66,7a,6c,4c,1d,38,12,57,36,90,

43,f7,9e,4b,04,e0,be,4b,59,e7,b4,e8,87

"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,

1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7

"{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,38,12,7c,f0,b1,

38,5c,21,3d,0e,d9,78,0d,25,e1,c9,8c,d4

"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,

72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57

"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,

94,30,02,d1,0f,f1,da,12,24,73,56,27,d2

"{AE7CD045-E861-484F-8273-0445EE161910}"=hex:51,66,7a,6c,4c,1d,38,12,2b,d3,6f,

aa,53,a6,21,0d,fd,65,47,05,eb,48,5d,04

"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,

aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83

"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,

b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb

"{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}"=hex:51,66,7a,6c,4c,1d,38,12,b0,f3,37,

dc,52,73,39,0a,e1,a7,25,43,3b,93,ce,af

"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,

df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd

"{F4971EE7-DAA0-4053-9964-665D8EE6A077}"=hex:51,66,7a,6c,4c,1d,38,12,89,1d,84,

f0,92,94,3d,05,e6,72,25,1d,8b,b8,e4,63

"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,

fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17

"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,

b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]

@Denied: (2) (LocalSystem)

"Timestamp"=hex:29,52,d8,8c,63,26,cd,01

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\windows\SysWOW64\PGPserv.exe

c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

c:\windows\SysWOW64\SAsrv.exe

c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe

c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

c:\program files (x86)\Lenovo\System Update\SUService.exe

.

**************************************************************************

.

Completion time: 2012-06-19 15:36:56 - machine was rebooted

ComboFix-quarantined-files.txt 2012-06-19 20:36

ComboFix2.txt 2012-06-18 13:11

.

Pre-Run: 174,167,048,192 bytes free

Post-Run: 173,848,752,128 bytes free

.

- - End Of File - - 44DAD3DBB8EAA83E8CDDA73986764793

Link to post
Share on other sites

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

FireFox::
FF - ProfilePath - c:\users\X220\AppData\Roaming\Mozilla\Firefox\Profiles\pvclcagu.default\
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&q=
FF - prefs.js: network.proxy.type - 4

JavaClearCache::

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Link to post
Share on other sites

ComboFix 12-06-19.03 - X220 06/19/2012 18:22:42.3.4 - x64

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8075.6013 [GMT -5:00]

Running from: c:\temp\ComboFix.exe

Command switches used :: c:\temp\CFScript.txt

AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((( Files Created from 2012-05-19 to 2012-06-19 )))))))))))))))))))))))))))))))

.

.

2012-06-19 23:36 . 2012-06-19 23:36 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-06-14 00:11 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll

2012-06-14 00:11 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll

2012-06-09 15:40 . 2012-06-09 15:40 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll

2012-06-09 15:40 . 2012-06-09 15:40 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll

2012-06-08 23:32 . 2012-06-08 23:32 -------- d-----w- c:\users\X220\AppData\Local\Macromedia

2012-06-02 14:48 . 2012-06-02 14:48 -------- d-----w- c:\program files (x86)\Common Files\PX Storage Engine

2012-06-02 14:48 . 2012-06-02 14:48 55280 ------w- c:\windows\system32\drivers\PxHlpa64.sys

2012-06-02 14:48 . 2012-06-02 14:48 10224 ------w- c:\windows\system32\drivers\cdralw2k.sys

2012-06-02 14:48 . 2012-06-02 14:48 10224 ------w- c:\windows\system32\drivers\cdr4_xp.sys

2012-05-30 02:24 . 2012-05-30 02:24 -------- d-----w- c:\program files (x86)\Scratch

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-06-08 23:32 . 2012-04-03 12:25 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-06-08 23:32 . 2011-12-11 02:41 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-05-09 12:23 . 2012-05-09 12:23 8769696 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe

2012-04-24 22:13 . 2011-12-11 12:19 54728 ----a-w- c:\windows\system32\drivers\Soluto.sys

2012-04-19 09:50 . 2012-04-19 09:50 28480 ----a-w- c:\windows\system32\drivers\avgidsha.sys

2012-04-04 20:56 . 2012-05-18 11:45 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-30 11:35 . 2012-05-09 11:58 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys

.

.

((((((((((((((((((((((((((((( SnapShot@2012-06-18_12.53.57 )))))))))))))))))))))))))))))))))))))))))

.

- 2009-07-14 04:54 . 2012-06-17 12:49 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-07-14 04:54 . 2012-06-19 13:07 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-07-14 04:54 . 2012-06-19 13:07 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2012-06-17 12:49 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:54 . 2012-06-19 13:07 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-07-14 04:54 . 2012-06-17 12:49 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 05:10 . 2012-06-19 23:20 28582 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2011-12-09 15:08 . 2012-06-19 23:21 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2011-12-09 15:08 . 2012-06-18 12:35 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2011-12-09 15:08 . 2012-06-19 23:21 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2011-12-09 15:08 . 2012-06-18 12:35 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2012-06-18 12:35 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:54 . 2012-06-19 23:21 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2011-12-09 13:22 . 2012-06-19 23:20 4534 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-883609196-808434145-3285787096-1000_UserData.bin

- 2012-06-18 12:52 . 2012-06-18 12:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-06-19 23:17 . 2012-06-19 23:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-06-19 23:17 . 2012-06-19 23:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2012-06-18 12:52 . 2012-06-18 12:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2011-12-10 13:41 . 2012-06-19 23:13 340004 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin

+ 2009-07-14 02:36 . 2012-06-19 23:24 729436 c:\windows\system32\perfh009.dat

- 2009-07-14 02:36 . 2012-06-18 12:21 729436 c:\windows\system32\perfh009.dat

+ 2009-07-14 02:36 . 2012-06-19 23:24 147958 c:\windows\system32\perfc009.dat

- 2009-07-14 02:36 . 2012-06-18 12:21 147958 c:\windows\system32\perfc009.dat

- 2009-07-14 05:01 . 2012-06-18 12:52 357852 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2009-07-14 05:01 . 2012-06-19 23:17 357852 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2011-12-11 12:20 . 2012-06-19 23:17 7769040 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

- 2011-12-11 12:20 . 2012-06-18 12:52 7769040 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

+ 2011-12-10 12:17 . 2012-06-19 20:33 4743065 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-883609196-808434145-3285787096-1000-12288.dat

- 2011-12-10 12:17 . 2012-06-09 00:33 4743065 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-883609196-808434145-3285787096-1000-12288.dat

+ 2012-06-18 17:20 . 2012-06-18 17:20 2871808 c:\windows\Installer\e21159.msi

+ 2011-12-10 12:17 . 2012-06-19 23:17 15291180 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-883609196-808434145-3285787096-1000-8192.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]

2012-06-12 19:41 2068536 ----a-w- c:\program files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll" [2012-06-12 2068536]

.

[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IconOverlayHandlerAccessible]

@="{3DBF5F01-3287-46EB-82CF-45AA5C241162}"

[HKEY_CLASSES_ROOT\CLSID\{3DBF5F01-3287-46EB-82CF-45AA5C241162}]

2010-02-16 04:25 613496 ----a-w- c:\windows\SysWOW64\PGPfsshl.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Dexpot"="c:\program files (x86)\Dexpot\dexpot.exe" [2012-06-08 1310720]

"Sidebar"="c:\program files (x86)\Windows Sidebar\sidebar.exe" [2010-11-21 1174016]

"QuickenScheduledUpdates"="c:\program files (x86)\Quicken\bagent.exe" [2012-04-18 74840]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2011-12-01 1631808]

"RotateImage"="c:\program files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe" [2008-10-30 55808]

"IMSS"="c:\program files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" [2011-01-17 112152]

"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]

"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]

"ROC_roc_dec12"="c:\program files (x86)\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-18 928096]

"BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]

"TSMResident"="c:\program files (x86)\ThinkPad\Tablet Shortcut\TSMRESIDENT.EXE" [2011-06-30 484856]

"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-06-12 1104440]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]

.

c:\users\X220\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Picture Motion Browser Media Check Tool.lnk - c:\program files (x86)\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2011-12-20 380928]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2011-10-17 1213216]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages REG_MULTI_SZ scecli c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SolutoService]

@="Service"

.

R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2012-04-30 5106744]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 HyperW7Svc;HyperW7 Service;c:\program files\Lenovo\RapidBoot\HyperW7Svc64.exe [2011-07-08 144232]

R3 ALSysIO;ALSysIO;c:\users\X220\AppData\Local\Temp\ALSysIO64.sys [x]

R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [x]

R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]

R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]

R3 GTNDIS62;GT62 UHS IP NDIS;c:\windows\system32\DRIVERS\gtuhs62.sys [x]

R3 GTUHSBUS;GT UHS BUS;c:\windows\system32\DRIVERS\gtuhsbus.sys [x]

R3 GTUHSSER;GT UHS SER;c:\windows\system32\DRIVERS\gtuhsser.sys [x]

R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [x]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-18 113120]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 PACSPTISVR-Sound_Organizer;PACSPTISVR-Sound_Organizer;c:\program files (x86)\Sony\Sound Organizer\Sony.Earth\PACSPTISVR.exe [2011-06-23 157544]

R3 PCTINDIS5X64;PCTINDIS5X64 NDIS Protocol Driver;c:\windows\system32\PCTINDIS5X64.SYS [x]

R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2011-12-01 89152]

R3 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE [2011-12-01 175168]

R3 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]

R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]

R4 RsFx0105;RsFx0105 Driver;c:\windows\system32\DRIVERS\RsFx0105.sys [x]

R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-09-23 431464]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [x]

S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]

S0 DzHDD64;DzHDD64;c:\windows\System32\DRIVERS\DzHDD64.sys [x]

S0 pgpfs;PGP File Sharing;c:\windows\System32\Drivers\PGPfsfd.sys [x]

S0 Pgpwdefs;Pgpwdefs;c:\windows\system32\DRIVERS\Pgpwdefs.sys [x]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]

S0 Soluto;Soluto;c:\windows\system32\DRIVERS\Soluto.sys [x]

S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys [x]

S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]

S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]

S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]

S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys [x]

S1 PHCORE;PHCORE;c:\program files\Lenovo\RapidBoot\PHCORE64.SYS [2011-07-08 32104]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]

S2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg64.exe [x]

S2 GobiQDLService;Sierra Wireless QDL Service;c:\program files (x86)\Sierra Wireless Inc\Gobi\QDLService\GobiQDLService.exe [2011-09-01 316784]

S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [x]

S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-08-25 13672]

S2 jhi_service;Intel® Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2011-02-07 210896]

S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [2011-05-31 41320]

S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [2011-05-31 59240]

S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2011-07-12 133992]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]

S2 risdxc;risdxc;c:\windows\system32\DRIVERS\risdxc64.sys [x]

S2 smihlp;SMI Helper Driver (smihlp);c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [2011-05-31 13128]

S2 SolutoService;Soluto PCGenome Core Service;c:\program files\Soluto\SolutoService.exe [2012-04-24 584224]

S2 SROSVC;Screen Reading Optimizer Service Program;c:\program files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe [2011-09-02 446800]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-01-17 2656280]

S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2009-10-09 493248]

S2 vToolbarUpdater11.1.0;vToolbarUpdater11.1.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe [2012-06-12 935480]

S3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys [x]

S3 ASRSVC;ASR Service;c:\program files (x86)\ThinkPad\Tablet Shortcut\ASR\ASRSVC.exe [2010-10-28 79136]

S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [x]

S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [x]

S3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]

S3 DozeSvc;Lenovo Doze Mode Service;c:\program files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2011-12-01 478056]

S3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [x]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]

S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [x]

S3 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2011-07-12 101736]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]

S3 swg3kmbb01;Sierra Wireless QMI USB-NDIS 6.20 miniport for Lenovo;c:\windows\system32\DRIVERS\swg3kmbb01.sys [x]

S3 swg3knmea01;Sierra Wireless QMI NMEA Communication - Lenovo;c:\windows\system32\DRIVERS\swg3knmea01.sys [x]

S3 swg3kser01;Sierra Wireless QMI USB Device for Legacy Serial Communication - Lenovo;c:\windows\system32\DRIVERS\swg3kser01.sys [x]

S3 swibus01;Sierra Wireless Bus Enumerator 01;c:\windows\system32\DRIVERS\swibus01.sys [x]

S3 swibusflt01;Sierra Wireless Bus Enumerator Filter 01;c:\windows\system32\DRIVERS\swibusflt01.sys [x]

S3 TabletSVC;TABLET Service;c:\program files (x86)\ThinkPad\Tablet Shortcut\TSMService.exe [2011-06-30 83440]

S3 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [2011-07-12 145256]

S3 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2011-07-12 142696]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-06-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-883609196-808434145-3285787096-1000Core.job

- c:\users\X220\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-24 19:23]

.

2012-06-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-883609196-808434145-3285787096-1000UA.job

- c:\users\X220\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-24 19:23]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IconOverlayHandlerAccessible]

@="{3DBF5F01-3287-46EB-82CF-45AA5C241162}"

[HKEY_CLASSES_ROOT\CLSID\{3DBF5F01-3287-46EB-82CF-45AA5C241162}]

2010-02-16 04:25 538744 ----a-w- c:\windows\System32\PGPfsshl.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ForteConfig"="c:\program files\Conexant\ForteConfig\fmapp.exe" [2010-10-26 49056]

"TpShocks"="TpShocks.exe" [2011-03-29 380776]

"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2011-05-31 40808]

"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]

"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-12-14 316032]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-10-04 167704]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-10-04 416024]

"PSQLLauncher"="c:\program files\ThinkVantage Fingerprint Software\launcher.exe" [2011-07-14 85832]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = about:blank

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: Append to existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert link target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert link target to existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: Send image to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm

LSP: c:\windows\system32\PGPlsp.dll

Trusted Zone: intuit.com\ttlc

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{469A349C-5B6D-4F1A-8E18-175B08EF668D}: NameServer = 209.183.33.23 209.183.35.23

TCP: Interfaces\{DCFCB76C-CB1B-42C3-B199-54156D512045}: NameServer = 172.16.145.103 172.16.145.103

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll

DPF: {A6616B31-4860-41E2-98E3-CA7649AF172F} - file:///D:/launch.ocx

FF - ProfilePath - c:\users\X220\AppData\Roaming\Mozilla\Firefox\Profiles\pvclcagu.default\

FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]

@Denied: (2) (LocalSystem)

"{95B7759C-8C7F-4BF1-B163-73684A933233}"=hex:51,66,7a,6c,4c,1d,38,12,f2,76,a4,

91,4d,c2,9f,0e,ce,75,30,28,4f,cd,76,27

"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"=hex:51,66,7a,6c,4c,1d,38,12,57,36,90,

43,f7,9e,4b,04,e0,be,4b,59,e7,b4,e8,87

"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,

1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7

"{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,38,12,7c,f0,b1,

38,5c,21,3d,0e,d9,78,0d,25,e1,c9,8c,d4

"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,

72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57

"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,

94,30,02,d1,0f,f1,da,12,24,73,56,27,d2

"{AE7CD045-E861-484F-8273-0445EE161910}"=hex:51,66,7a,6c,4c,1d,38,12,2b,d3,6f,

aa,53,a6,21,0d,fd,65,47,05,eb,48,5d,04

"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,

aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83

"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,

b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb

"{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}"=hex:51,66,7a,6c,4c,1d,38,12,b0,f3,37,

dc,52,73,39,0a,e1,a7,25,43,3b,93,ce,af

"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,

df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd

"{F4971EE7-DAA0-4053-9964-665D8EE6A077}"=hex:51,66,7a,6c,4c,1d,38,12,89,1d,84,

f0,92,94,3d,05,e6,72,25,1d,8b,b8,e4,63

"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,

fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17

"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,

b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]

@Denied: (2) (LocalSystem)

"Timestamp"=hex:29,52,d8,8c,63,26,cd,01

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-06-19 19:21:37

ComboFix-quarantined-files.txt 2012-06-20 00:21

ComboFix2.txt 2012-06-19 20:36

ComboFix3.txt 2012-06-18 13:11

.

Pre-Run: 173,952,671,744 bytes free

Post-Run: 173,648,621,568 bytes free

.

- - End Of File - - D914E8AB3180CAA53DB97E68B52EEEE2

Link to post
Share on other sites

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Link to post
Share on other sites

sorry, found it. it was hidden for some reason?

ESETSmartInstaller@High as CAB hook log:

OnlineScanner64.ocx - registred OK

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=c834d7df522cd7489eb81bfefded6397

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2012-06-20 12:06:29

# local_time=2012-06-20 07:06:29 (-0600, Central Daylight Time)

# country="United States"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=1024 16777215 100 0 16543746 16543746 0 0

# compatibility_mode=5893 16776574 100 94 16543727 91732727 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=313265

# found=6

# cleaned=6

# scan_time=4711

C:\Install\dexpot_1514_r1777.exe Win32/OpenCandy application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Install\Ancestry_FamilyTreeMaker2011\Family Tree Maker 2011.msi a variant of Win32/HiddenStart.A application (deleted - quarantined) 00000000000000000000000000000000 C

C:\Install\InstallSync\acaladvdripperprose.exe Win32/Somoto application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Install\InstallSync\dexpot_158_r1434.exe Win32/OpenCandy application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Install\TreeSizeFree\cnet2_TreeSizeFreeSetup_exe.exe a variant of Win32/InstallCore.D application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Windows\Installer\21cd14.msi a variant of Win32/HiddenStart.A application (deleted - quarantined) 00000000000000000000000000000000 C

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.