Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Mevio Redirect


  • Please log in to reply

#61
dl9796

dl9796

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 109 posts
Hi Ron,

i will work on this bootable disc tomorrow. Let me know if you want me to try anything else besides the disc. I run vmware on this pc. Do you think the virus is hiding in this os. Is has not be turned on when we are testing. attached is the log you requested.

Attached Files

  • Attached File  junk.txt   850.58KB   22 downloads

  • 0

Advertisements


#62
dl9796

dl9796

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 109 posts
Hi Ron,

Two points:

1) My version of TDSSKiller did have those two additional options - i selected them and ran the program - no errors were found - it only takes a minute to run

2) I downloaded and ran the new BitDefender program - no errors were found

Do you still think the key is to get the original TDSSKiller to run or find what is causing it not to run?
  • 0

#63
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,799 posts
  • MVP
Finding out why TDSSKiller won't run might be key but it is hard to say since we are on uncharted ground here.

c:\windows\assembly\temp\U

still exists and has a bunch of files in it. This is one that Zero Access creates. Microsoft won't let you see it with Explorer but we can get to it via a Command Prompt.

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Type with an Enter after each line:

rmdir  /s  \windows\assembly\temp\U
copy  nul  \windows\assembly\temp\U
del  \windows\assembly\temp\*.*
del  \windows\assembly\temp\*


This should remove the folder U and replace it with a file of the same name so it can't be used again. May not solve anything but it should keep it from coming back.

Ron
  • 0

#64
dl9796

dl9796

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 109 posts
Hi Ron,

I followed your last post - i will be working on the AVG boot disk. I noticed one other issue. I can not start my firewall - i get a error saying the "The Windows Firewall with Advanced Security snap-in failed to load.

i don't see this service listed in my services

Any suggestions
  • 0

#65
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,799 posts
  • MVP
In my 32 bit there are three files that look like they control this.

c:\windows\system32\Firewall.cpl

c:\windows\system32\FirewallAPI.dll

c:\windows\system32\FirewallControlPanel.dll

Yours might also be in C:\windows\syswow64\

We can have OTL check them for us:

Copy the text in the code box by highlighting and Ctrl + c

/md5start
Firewall.cpl
FirewallAPI.dll
FirewallControlPanel.dl
/md5stop

then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run SCAN button at the top
Let the program run unhindered, OTL will not reboot the PC when it is done. Save the log and copy and paste it to a reply.
  • 0

#66
dl9796

dl9796

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 109 posts
Hi Ron,

I ran OTL with the custom firewall text - here is my log.
I also booted from the AVG Boot Disk - this found "0" errors - strange how this and the TDSSKillers are not finding any errors (we know they are there)

Thanks


OTL logfile created on: 11/30/2011 1:46:53 PM - Run 7
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\dloomis\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.89 Gb Total Physical Memory | 2.81 Gb Available Physical Memory | 35.55% Memory free
15.78 Gb Paging File | 11.17 Gb Available in Paging File | 70.79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 448.96 Gb Total Space | 314.81 Gb Free Space | 70.12% Space Free | Partition Type: NTFS
Drive Q: | 15.62 Gb Total Space | 6.73 Gb Free Space | 43.08% Space Free | Partition Type: NTFS

Computer Name: DL-ITDEPT | User Name: dloomis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/28 13:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/11/28 13:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/11/27 10:54:40 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\dloomis\Desktop\OTL.exe
PRC - [2011/09/01 19:42:06 | 024,183,152 | ---- | M] (Dropbox, Inc.) -- C:\Users\dloomis\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2011/06/15 12:28:18 | 000,039,816 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\GoToMeeting\723\g2mstart.exe
PRC - [2011/06/15 12:28:18 | 000,039,816 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\GoToMeeting\723\g2mlauncher.exe
PRC - [2011/06/15 12:28:18 | 000,039,816 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\GoToMeeting\723\g2mcomm.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/03/30 15:24:26 | 000,135,168 | ---- | M] (MWA Intelligence) -- C:\Program Files (x86)\MWA Intelligence\iMPS Enterprise\4.2.2.0\IDM_DCPC_SNMP.exe
PRC - [2011/03/30 08:58:30 | 000,160,768 | ---- | M] (MWA Intelligence) -- C:\Program Files (x86)\MWA Intelligence\iMPS Enterprise\4.2.2.0\IMPSDiscoveryEngine.exe
PRC - [2011/03/30 08:57:32 | 000,046,080 | ---- | M] (MWA Intelligence) -- C:\Program Files (x86)\MWA Intelligence\iMPS Enterprise\IMPSUpdateEngine.exe
PRC - [2011/03/24 14:01:18 | 000,010,240 | ---- | M] (MWA Intelligence) -- C:\Program Files (x86)\MWA Intelligence\iMPS Enterprise\DCPC Watchdog Service.exe
PRC - [2011/03/14 19:04:14 | 000,446,592 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\SysWOW64\SASrv.exe
PRC - [2011/02/25 20:46:30 | 000,059,240 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
PRC - [2011/02/25 20:46:14 | 000,040,808 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe
PRC - [2011/02/03 13:45:00 | 000,062,824 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
PRC - [2011/01/16 20:42:04 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2011/01/16 20:42:02 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/12/29 01:18:32 | 000,137,656 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ZOOM\TpScrex.exe
PRC - [2010/12/29 01:18:14 | 000,259,432 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2010/12/14 16:07:36 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe
PRC - [2010/12/01 22:55:56 | 000,064,440 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2010/11/29 14:10:32 | 000,210,896 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
PRC - [2010/11/24 02:34:26 | 000,045,496 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\micmute.exe
PRC - [2010/09/02 13:06:38 | 000,016,896 | ---- | M] () -- C:\Program Files (x86)\InfoDynamics\IntactActionService\IntactActionService.exe
PRC - [2010/07/01 05:05:32 | 000,010,752 | ---- | M] () -- C:\Program Files (x86)\InfoDynamics\Indexer\DocumentIndexingService.exe
PRC - [2010/06/07 06:39:36 | 005,395,968 | ---- | M] (hMailServer) -- C:\Program Files (x86)\hMailServer\Bin\hMailServer.exe
PRC - [2010/04/07 00:37:40 | 000,093,032 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
PRC - [2010/04/01 00:50:46 | 000,043,960 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
PRC - [2010/03/11 16:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2010/02/15 17:23:30 | 000,595,208 | ---- | M] (ABBYY) -- C:\Program Files (x86)\InfoDynamics\License Server\EngineDongleManager.exe
PRC - [2009/10/20 16:27:34 | 000,057,344 | ---- | M] (Apache Software Foundation) -- C:\Program Files (x86)\VMware\VMware Server\tomcat\bin\tomcat6.exe
PRC - [2009/10/20 14:22:06 | 000,399,920 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe
PRC - [2009/10/20 14:21:56 | 000,326,192 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe
PRC - [2009/10/20 14:21:20 | 000,322,096 | ---- | M] () -- C:\Program Files (x86)\VMware\VMware Server\vmware-hostd.exe
PRC - [2009/10/20 14:21:20 | 000,121,392 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Server\vmware-authd.exe
PRC - [2009/05/28 00:09:36 | 000,049,976 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
PRC - [2009/03/12 15:11:00 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\InfoDynamics, Inc\IntactOSA\bin\IntactFTPServer.exe
PRC - [2009/02/25 09:52:50 | 000,049,152 | ---- | M] (InfoDynamics, Inc) -- C:\Program Files (x86)\InfoDynamics, Inc\IntactOSA\bin\IntactWebServer.exe
PRC - [2008/10/10 11:48:56 | 003,197,488 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\Common Files\VMware\VMware Remote Console Plug-in\vmware-vmrc.exe
PRC - [2008/10/10 11:48:56 | 001,780,272 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\Common Files\VMware\VMware Remote Console Plug-in\vmware-remotemks.exe
PRC - [2008/01/10 14:13:50 | 000,061,440 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe


========== Modules (No Company Name) ==========

MOD - [2011/03/16 23:11:16 | 004,297,568 | -H-- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 14:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2009/05/28 00:09:36 | 000,049,976 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
MOD - [2008/10/10 11:48:56 | 000,963,584 | R--- | M] () -- C:\Program Files (x86)\Common Files\VMware\VMware Remote Console Plug-in\libxml2.dll
MOD - [2008/10/10 11:48:56 | 000,524,288 | R--- | M] () -- C:\Program Files (x86)\Common Files\VMware\VMware Remote Console Plug-in\glibmm-2.4.dll
MOD - [2008/10/10 11:48:56 | 000,319,488 | R--- | M] () -- C:\Program Files (x86)\Common Files\VMware\VMware Remote Console Plug-in\libcurl.dll
MOD - [2008/10/10 11:48:56 | 000,253,952 | R--- | M] () -- C:\Program Files (x86)\Common Files\VMware\VMware Remote Console Plug-in\libldap_r.dll
MOD - [2008/10/10 11:48:56 | 000,135,168 | R--- | M] () -- C:\Program Files (x86)\Common Files\VMware\VMware Remote Console Plug-in\liblber.dll
MOD - [2008/10/10 11:48:56 | 000,061,952 | R--- | M] () -- C:\Program Files (x86)\Common Files\VMware\VMware Remote Console Plug-in\zlib1.dll
MOD - [2008/10/10 11:48:56 | 000,049,664 | R--- | M] () -- C:\Program Files (x86)\Common Files\VMware\VMware Remote Console Plug-in\sigc-2.0.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/11/28 13:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2011/02/25 20:46:30 | 000,059,240 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe -- (LENOVO.TPKNRSVC)
SRV:64bit: - [2011/02/25 20:46:14 | 000,040,808 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe -- (LENOVO.CAMMUTE)
SRV:64bit: - [2011/01/26 06:38:11 | 000,350,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\inetsrv\ftpsvc.dll -- (ftpsvc)
SRV:64bit: - [2010/12/18 17:50:36 | 000,962,848 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2010/12/17 16:41:32 | 001,515,792 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2010/12/17 16:26:50 | 000,836,880 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2010/12/17 07:18:08 | 000,198,784 | ---- | M] (Conexant Systems Inc.) [Auto | Running] -- C:\Windows\SysNative\CxAudMsg64.exe -- (CxAudMsg)
SRV:64bit: - [2010/12/15 18:46:46 | 000,047,728 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Windows\SysNative\TPHDEXLG64.exe -- (TPHDEXLGSVC)
SRV:64bit: - [2010/12/03 15:01:54 | 000,116,072 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\RapidBoot\HyperW7Svc64.exe -- (HyperW7Svc)
SRV:64bit: - [2010/12/02 21:00:56 | 000,114,024 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\tphkload.exe -- (TPHKLOAD)
SRV:64bit: - [2010/12/01 22:55:56 | 000,064,440 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV:64bit: - [2010/11/24 02:34:26 | 000,045,496 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV:64bit: - [2010/11/20 22:24:51 | 000,049,664 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\snmp.exe -- (SNMP)
SRV:64bit: - [2010/11/20 22:24:38 | 000,015,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\inetsrv\inetinfo.exe -- (IISADMIN)
SRV:64bit: - [2010/11/12 04:48:50 | 000,045,928 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Windows\SysNative\ibmpmsvc.exe -- (IBMPMSVC)
SRV:64bit: - [2010/09/22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/04/07 00:37:40 | 000,093,032 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe -- (Lenovo.VIRTSCRLSVC)
SRV:64bit: - [2009/11/05 11:24:00 | 001,044,992 | ---- | M] ( ) [Disabled | Running] -- C:\Windows\SysNative\LMabcoms.exe -- (lmab_device)
SRV:64bit: - [2009/07/13 20:41:19 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lpdsvc.dll -- (LPDSVC)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/07/13 20:39:56 | 000,010,752 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\inetsrv\WMSvc.exe -- (WMSVC)
SRV:64bit: - [2009/07/13 20:39:47 | 000,010,240 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\TCPSVCS.EXE -- (simptcp)
SRV:64bit: - [2007/05/29 18:48:04 | 000,020,480 | ---- | M] (Oki Data Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\OPHGLDCS.EXE -- (OKI OPHG DCS Loader)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/03/30 15:24:26 | 000,135,168 | ---- | M] (MWA Intelligence) [Auto | Running] -- C:\Program Files (x86)\MWA Intelligence\iMPS Enterprise\4.2.2.0\IDM_DCPC_SNMP.exe -- (IDM_DCPC_SNMP)
SRV - [2011/03/30 08:58:30 | 000,160,768 | ---- | M] (MWA Intelligence) [Auto | Running] -- C:\Program Files (x86)\MWA Intelligence\iMPS Enterprise\4.2.2.0\IMPSDiscoveryEngine.exe -- (IMPSDiscoveryEngine)
SRV - [2011/03/30 08:57:32 | 000,046,080 | ---- | M] (MWA Intelligence) [Auto | Running] -- C:\Program Files (x86)\MWA Intelligence\iMPS Enterprise\IMPSUpdateEngine.exe -- (IMPSUpdateEngine)
SRV - [2011/03/24 14:01:18 | 000,010,240 | ---- | M] (MWA Intelligence) [Auto | Running] -- C:\Program Files (x86)\MWA Intelligence\iMPS Enterprise\DCPC Watchdog Service.exe -- (MWAServiceMonitor)
SRV - [2011/03/14 19:04:14 | 000,446,592 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\SASrv.exe -- (SAService)
SRV - [2011/02/03 13:45:00 | 000,155,496 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE -- (DozeSvc)
SRV - [2011/02/03 13:45:00 | 000,079,208 | ---- | M] (Lenovo) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE -- (Power Manager DBC Service)
SRV - [2011/01/16 20:42:04 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2011/01/16 20:42:02 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2010/12/14 16:07:36 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2010/11/29 14:10:32 | 000,210,896 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe -- (jhi_service) Intel®
SRV - [2010/11/20 22:25:10 | 000,047,616 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\snmp.exe -- (SNMP)
SRV - [2010/11/20 22:24:51 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/11/20 22:24:51 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010/11/20 22:24:51 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2010/09/02 13:06:38 | 000,016,896 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\InfoDynamics\IntactActionService\IntactActionService.exe -- (IntactActionService)
SRV - [2010/07/01 05:05:32 | 000,010,752 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\InfoDynamics\Indexer\DocumentIndexingService.exe -- (DocumentIndexingService)
SRV - [2010/06/25 12:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2010/06/07 06:39:36 | 005,395,968 | ---- | M] (hMailServer) [Auto | Running] -- C:\Program Files (x86)\hMailServer\Bin\hMailServer.exe -- (hMailServer)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/11 16:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2010/02/15 17:23:30 | 000,595,208 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files (x86)\InfoDynamics\License Server\EngineDongleManager.exe -- (Engine9DongleManagerService)
SRV - [2009/11/05 11:24:00 | 000,593,920 | ---- | M] ( ) [Disabled | Running] -- C:\Windows\SysWow64\LMabcoms.exe -- (lmab_device)
SRV - [2009/10/20 16:27:34 | 000,057,344 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Server\tomcat\bin\Tomcat6.exe -- (VMwareServerWebAccess)
SRV - [2009/10/20 14:22:06 | 000,399,920 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
SRV - [2009/10/20 14:21:56 | 000,326,192 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2009/10/20 14:21:20 | 000,322,096 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Server\vmware-hostd.exe -- (VMwareHostd)
SRV - [2009/10/20 14:21:20 | 000,121,392 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Server\vmware-authd.exe -- (VMAuthdService)
SRV - [2009/09/03 21:22:46 | 000,065,024 | ---- | M] (Gravic) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Gravic\RemarkFTPUtility12.exe -- (Remark FTP Utility)
SRV - [2009/07/13 20:14:42 | 000,009,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\TCPSVCS.EXE -- (simptcp)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/04/23 14:49:56 | 000,020,480 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2009/03/12 15:11:00 | 000,036,864 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\InfoDynamics, Inc\IntactOSA\bin\IntactFTPServer.exe -- (IntactFTPServer)
SRV - [2009/02/25 09:52:50 | 000,049,152 | ---- | M] (InfoDynamics, Inc) [Auto | Running] -- C:\Program Files (x86)\InfoDynamics, Inc\IntactOSA\bin\IntactWebServer.exe -- (IntactWebServer)
SRV - [2008/01/10 14:13:50 | 000,061,440 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2007/05/24 06:08:44 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/11/28 12:54:06 | 000,591,192 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2011/11/28 12:53:58 | 000,304,472 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2011/11/28 12:52:22 | 000,042,328 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)
DRV:64bit: - [2011/11/28 12:52:20 | 000,058,712 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2011/11/28 12:52:11 | 000,066,904 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2011/11/28 12:51:53 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2011/06/04 07:28:54 | 000,031,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pmxdrv.sys -- (pmxdrv)
DRV:64bit: - [2011/05/10 07:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/10 22:10:38 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel®
DRV:64bit: - [2011/03/10 22:10:30 | 012,264,384 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/02/17 05:25:02 | 001,419,824 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/02/09 13:48:56 | 001,577,600 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2011/02/03 13:45:00 | 000,031,344 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\DZHDD64.SYS -- (DzHDD64)
DRV:64bit: - [2011/02/03 13:45:00 | 000,014,960 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\TPPWR64V.SYS -- (TPPWRIF)
DRV:64bit: - [2010/12/23 14:55:44 | 000,166,528 | ---- | M] (Ricoh co.,Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\5U877.sys -- (5U877)
DRV:64bit: - [2010/12/21 11:08:48 | 008,505,856 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel®
DRV:64bit: - [2010/12/20 11:31:00 | 000,316,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress) Intel®
DRV:64bit: - [2010/12/18 02:58:00 | 000,425,000 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (BTWAMPFL)
DRV:64bit: - [2010/12/18 02:57:34 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2010/12/18 02:57:34 | 000,021,416 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2010/12/18 02:57:32 | 000,162,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010/12/18 02:57:32 | 000,145,960 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2010/12/15 18:45:16 | 000,139,888 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsX64.sys -- (Shockprf)
DRV:64bit: - [2010/12/15 18:43:00 | 000,023,664 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsHM64.sys -- (TPDIGIMN)
DRV:64bit: - [2010/12/14 21:12:00 | 000,098,816 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdxc64.sys -- (risdxc)
DRV:64bit: - [2010/12/03 15:01:58 | 000,031,592 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Program Files\Lenovo\RapidBoot\PHCORE64.sys -- (PHCORE)
DRV:64bit: - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 22:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/20 08:34:04 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2010/11/20 08:34:04 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2010/11/20 06:35:34 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2010/11/20 06:35:22 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2010/11/12 04:48:30 | 000,039,024 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV:64bit: - [2010/11/05 09:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/10/19 02:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel®
DRV:64bit: - [2010/09/07 00:09:36 | 000,015,472 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\smiifx64.sys -- (lenovo.smi)
DRV:64bit: - [2010/08/20 23:59:12 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2010/06/25 12:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2009/12/02 02:33:30 | 000,040,512 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\psadd.sys -- (psadd)
DRV:64bit: - [2009/10/20 14:23:48 | 000,076,336 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)
DRV:64bit: - [2009/10/20 14:23:44 | 000,030,256 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV:64bit: - [2009/10/20 14:23:36 | 000,065,072 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci)
DRV:64bit: - [2009/10/20 14:22:54 | 000,038,448 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)
DRV:64bit: - [2009/10/20 14:21:10 | 000,038,960 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV:64bit: - [2009/10/20 14:21:10 | 000,020,016 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV:64bit: - [2009/09/24 06:58:38 | 000,041,536 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tvti2c.sys -- (TVTI2C)
DRV:64bit: - [2009/09/09 12:38:24 | 000,072,736 | ---- | M] () [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\nlem64nt.sys -- (nlem64nt)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 18:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/05/06 15:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=685749"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://search.yahoo....type=685749&p="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_0_1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\dloomis\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\dloomis\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/11/29 20:45:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/06/14 17:44:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011/06/14 17:45:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\dloomis\AppData\Roaming\mozilla\Extensions
[2011/11/29 10:49:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/11/29 10:49:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011/11/29 20:45:43 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2011/04/14 11:26:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

========== Chrome ==========

CHR - default_search_provider: Yahoo! (Enabled)
CHR - default_search_provider: search_url = http://search.yahoo....p={searchTerms}
CHR - default_search_provider: suggest_url = http://ff.search.yah...d={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\dloomis\AppData\Local\Google\Chrome\Application\15.0.874.121\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\dloomis\AppData\Local\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\dloomis\AppData\Local\Google\Chrome\Application\15.0.874.121\pdf.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\dloomis\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: avast! WebRep = C:\Users\dloomis\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1289_0\
CHR - Extension: Qualys BrowserCheck = C:\Users\dloomis\AppData\Local\Google\Chrome\User Data\Default\Extensions\iekpjhkjhpbabigpoojijebfpficekjp\1.3.23.1_0\

O1 HOSTS File: ([2011/11/28 20:37:03 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [ALCKRESI.EXE] C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe (Lenovo Group Limited)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe (Lenovo Group Limited)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe (Conexant systems, Inc.)
O4:64bit: - HKLM..\Run: [SR0XRCV] C:\Windows\SysNative\spool\drivers\x64\3\SR0XRCV.exe (SHARP CORPORATION)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [FtpServer.exe] C:\Program Files (x86)\Sharp\Sharpdesk\FtpServer.exe (SHARP CORPORATION)
O4 - HKLM..\Run: [IMSS] C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation)
O4 - HKLM..\Run: [IndexTray.exe] C:\Program Files (x86)\Sharp\Sharpdesk\IndexTray.exe (SHARP CORPORATION)
O4 - HKLM..\Run: [PWMTRV] C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [SharpTray.exe] C:\Program Files (x86)\Sharp\Sharpdesk\SharpTray.exe (SHARP CORPORATION)
O4 - HKCU..\Run: [GoToMeeting] C:\Program Files (x86)\Citrix\GoToMeeting\723\g2mstart.exe (Citrix Online, a division of Citrix Systems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Program Files (x86)\VMware\VMware Server\x64\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000013 - C:\Program Files (x86)\VMware\VMware Server\x64\vsocklib.dll (VMware, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\VMware\VMware Server\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files (x86)\VMware\VMware Server\vsocklib.dll (VMware, Inc.)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Trusted sites)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.6.0.cab (DLM Control)
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bit...m/qsax/qsax.cab (BitDefender QuickScan Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {7D2FB79E-E58C-4DB5-A36F-AC1C73967F4D} https://browsercheck....com/qbc_ax.cab (Qualys BrowserCheck)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {B94C2238-346E-4C5E-9B36-8CC627F35574} Reg Error: Key error. (VMware Remote Console Plug-in 2.5.0.00000)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-FFFF-ABCDEFFEDCBA} http://75.147.67.38:...dows-i586-p.exe (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://lexmark-even...nt/ieatgpc1.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = MANNING.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0D1B0F2F-6668-45DA-ABF9-F27D23542FD6}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{25061D1D-6EF0-4AA5-9098-2491B61CC892}: NameServer = 132.145.80.89
O18:64bit: - Protocol\Handler\intu-help-qb1 - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\qbwc - No CLSID value found
O18:64bit: - Protocol\Handler\sds - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\intu-help-qb1 {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files (x86)\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll (TODO: <Company name>)
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\sds {79E0F14C-9C52-4218-89A7-7C4B0563D121} - C:\Program Files (x86)\Sharp\Sharpdesk\ExplorerExtensions.dll (SHARP CORPORATION)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/11/27 08:55:49 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/30 01:00:38 | 000,287,304 | ---- | C] (BitDefender S.R.L.) -- C:\Windows\SysNative\drivers\TrufosAlt.sys
[2011/11/29 16:22:28 | 000,000,000 | ---D | C] -- C:\ProgramData\AMMYY
[2011/11/29 11:54:45 | 000,065,072 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmci.sys
[2011/11/29 11:54:43 | 000,038,448 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\hcmon.sys
[2011/11/29 11:54:42 | 000,076,336 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmx86.sys
[2011/11/29 11:53:02 | 000,326,192 | ---- | C] (VMware, Inc.) -- C:\Windows\SysWow64\vmnetdhcp.exe
[2011/11/29 11:52:58 | 000,399,920 | ---- | C] (VMware, Inc.) -- C:\Windows\SysWow64\vmnat.exe
[2011/11/29 11:52:57 | 000,030,256 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmnetuserif.sys
[2011/11/29 11:52:53 | 000,920,112 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\vnetlib64.dll
[2011/11/29 11:52:28 | 000,000,000 | ---D | C] -- C:\Users\dloomis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VMware
[2011/11/29 10:49:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011/11/29 10:49:42 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011/11/29 10:49:42 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011/11/29 10:49:42 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011/11/29 10:43:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2011/11/29 10:43:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2011/11/29 01:28:44 | 000,000,000 | ---D | C] -- C:\george18960g
[2011/11/29 01:16:51 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011/11/28 21:46:39 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/11/28 19:44:39 | 000,000,000 | ---D | C] -- C:\george20930g
[2011/11/28 00:12:36 | 000,000,000 | ---D | C] -- C:\Users\dloomis\AppData\Roaming\QuickScan
[2011/11/28 00:08:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2011/11/27 22:38:46 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\consrv.dll
[2011/11/27 22:38:45 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/11/27 18:36:39 | 000,000,000 | ---D | C] -- C:\george
[2011/11/27 15:03:19 | 000,000,000 | ---D | C] -- C:\Users\dloomis\Desktop\geeks
[2011/11/27 14:31:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/11/27 10:54:40 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\dloomis\Desktop\OTL.exe
[2011/11/27 09:43:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2011/11/27 09:43:56 | 000,000,000 | ---D | C] -- C:\Users\dloomis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/11/27 09:01:52 | 000,000,000 | ---D | C] -- C:\Users\dloomis\AppData\Local\CrashDumps
[2011/11/27 08:55:37 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2011/11/27 08:54:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2011/11/27 01:21:14 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/11/27 01:21:14 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/11/27 01:21:14 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/11/27 01:20:05 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/11/27 01:14:37 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/11/27 00:43:05 | 000,034,152 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
[2011/11/27 00:42:26 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2011/11/27 00:42:25 | 000,000,000 | ---D | C] -- C:\Users\dloomis\Documents\Symantec
[2011/11/27 00:40:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2011/11/27 00:32:35 | 000,000,000 | ---D | C] -- C:\ProgramData\IsolatedStorage
[2011/11/27 00:32:35 | 000,000,000 | ---D | C] -- C:\Users\dloomis\AppData\Local\ID Vault
[2011/11/27 00:31:18 | 000,000,000 | ---D | C] -- C:\Users\dloomis\AppData\Roaming\ID Vault
[2011/11/27 00:30:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Constant Guard Protection Suite
[2011/11/27 00:30:09 | 000,000,000 | ---D | C] -- C:\ProgramData\White Sky, Inc
[2011/11/27 00:22:46 | 000,000,000 | ---D | C] -- C:\Users\dloomis\DoctorWeb
[2011/11/26 22:35:49 | 000,000,000 | ---D | C] -- C:\Users\dloomis\AppData\Roaming\qualys
[2011/11/26 22:25:12 | 000,000,000 | ---D | C] -- C:\Users\dloomis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011/11/26 22:24:34 | 000,000,000 | ---D | C] -- C:\Users\dloomis\AppData\Local\Google
[2011/11/26 19:21:20 | 532,132,088 | ---- | C] (VMware, Inc.) -- C:\VMware-server-2.0.2-203138.exe
[2011/11/26 19:13:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\VMware
[2011/11/26 18:24:13 | 000,000,000 | ---D | C] -- C:\Users\dloomis\AppData\Roaming\ABBYY FineReader Engine 9.0
[2011/11/26 18:24:13 | 000,000,000 | ---D | C] -- C:\Users\dloomis\AppData\Local\ABBYY FineReader Engine 9.0
[2011/11/26 18:00:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sherpa
[2011/11/26 17:59:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Business Objects
[2011/11/26 17:05:43 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2011/11/26 17:05:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2011/11/26 15:35:20 | 000,000,000 | ---D | C] -- C:\Copy of VMware
[2011/11/26 12:01:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2011/11/26 10:53:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/11/26 10:53:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2011/11/25 23:00:36 | 000,000,000 | ---D | C] -- C:\Users\dloomis\AppData\Roaming\Malwarebytes
[2011/11/25 23:00:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/11/25 23:00:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/11/25 21:21:30 | 532,132,088 | ---- | C] (VMware, Inc.) -- C:\Users\dloomis\Desktop\VMware-server-2.0.2-203138.exe
[2011/11/21 09:08:55 | 000,000,000 | ---D | C] -- C:\Users\dloomis\Desktop\OMD
[2011/11/08 14:03:46 | 000,000,000 | ---D | C] -- C:\Users\dloomis\Desktop\Panasonic
[2011/11/07 09:31:53 | 000,000,000 | ---D | C] -- C:\Users\dloomis\Desktop\6420-1055_equitrac_medusa_1_12_08
[2011/11/07 08:55:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Equitrac
[2011/11/07 08:55:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Equitrac
[2011/08/30 20:48:53 | 001,040,384 | ---- | C] ( ) -- C:\Windows\SysWow64\lmabserv.dll
[2011/08/30 20:48:53 | 000,802,816 | ---- | C] ( ) -- C:\Windows\SysWow64\lmabcomc.dll
[2011/08/30 20:48:53 | 000,593,920 | ---- | C] ( ) -- C:\Windows\SysWow64\lmabcoms.exe
[2011/08/30 20:48:53 | 000,372,736 | ---- | C] ( ) -- C:\Windows\SysWow64\lmabcomm.dll
[2011/08/30 20:48:53 | 000,356,352 | ---- | C] ( ) -- C:\Windows\SysWow64\lmabhcp.dll

========== Files - Modified Within 30 Days ==========

[2011/11/30 13:47:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3029194478-1851183931-3144514420-1000UA.job
[2011/11/30 13:29:21 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2421173305-923280183-2936765214-1127UA.job
[2011/11/30 11:47:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3029194478-1851183931-3144514420-1000Core.job
[2011/11/30 08:54:36 | 000,000,528 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2011/11/30 08:54:35 | 000,000,466 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2011/11/30 08:27:36 | 000,031,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/30 08:27:36 | 000,031,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/30 08:19:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/30 08:19:34 | 2058,801,151 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/30 01:06:47 | 000,931,218 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/11/30 01:06:47 | 000,771,534 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/11/30 01:06:47 | 000,160,578 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/11/30 01:00:38 | 000,287,304 | ---- | M] (BitDefender S.R.L.) -- C:\Windows\SysNative\drivers\TrufosAlt.sys
[2011/11/29 22:29:02 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2421173305-923280183-2936765214-1127Core.job
[2011/11/29 20:45:43 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2011/11/29 18:13:46 | 000,366,648 | ---- | M] () -- C:\Users\dloomis\Desktop\Doc1.pdf
[2011/11/29 11:07:00 | 000,200,913 | ---- | M] () -- C:\Users\dloomis\Desktop\diskmgmt_screenshot.pdf
[2011/11/29 10:49:25 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2011/11/29 10:49:25 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011/11/29 10:49:25 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011/11/29 10:49:25 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011/11/28 20:37:03 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/11/28 13:01:25 | 000,041,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/11/28 13:01:23 | 000,199,816 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2011/11/28 13:01:14 | 000,256,960 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2011/11/28 12:54:06 | 000,591,192 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2011/11/28 12:53:58 | 000,304,472 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2011/11/28 12:52:22 | 000,042,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2011/11/28 12:52:20 | 000,058,712 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2011/11/28 12:52:11 | 000,066,904 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2011/11/28 12:51:53 | 000,024,408 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2011/11/27 10:54:40 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\dloomis\Desktop\OTL.exe
[2011/11/27 08:55:49 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2011/11/26 18:14:45 | 000,001,899 | ---- | M] () -- C:\Users\dloomis\Desktop\Compass Sherpa.lnk
[2011/11/26 17:38:35 | 000,002,325 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intact Printer.lnk
[2011/11/26 17:05:44 | 000,025,160 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
[2011/11/25 21:26:07 | 532,132,088 | ---- | M] (VMware, Inc.) -- C:\VMware-server-2.0.2-203138.exe
[2011/11/25 21:26:07 | 532,132,088 | ---- | M] (VMware, Inc.) -- C:\Users\dloomis\Desktop\VMware-server-2.0.2-203138.exe
[2011/11/23 13:19:25 | 000,002,008 | -H-- | M] () -- C:\Users\dloomis\Documents\Default.rdp
[2011/11/23 12:15:21 | 000,000,441 | ---- | M] () -- C:\Users\dloomis\Documents\ChatLog Print Submission Webinar 2011_11_23 12_15.rtf
[2011/11/22 16:30:09 | 003,409,919 | ---- | M] () -- C:\Users\dloomis\Desktop\websubmission.pdf
[2011/11/21 09:07:47 | 000,001,890 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2011/11/21 09:07:04 | 000,007,597 | ---- | M] () -- C:\Users\dloomis\AppData\Local\Resmon.ResmonCfg
[2011/11/19 18:01:36 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/11/16 11:28:59 | 000,383,432 | ---- | M] () -- C:\Users\dloomis\Desktop\OCM Comments.pdf
[2011/11/10 15:01:00 | 000,456,784 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/11/09 11:35:17 | 000,965,838 | ---- | M] () -- C:\Users\dloomis\Desktop\Faxcore_ PO.pdf
[2011/11/09 09:50:41 | 000,071,125 | ---- | M] () -- C:\Users\dloomis\Desktop\GroupReport.pdf
[2011/11/04 22:09:48 | 000,018,281 | ---- | M] () -- C:\Users\dloomis\Desktop\success.csv
[2011/11/03 11:41:34 | 004,493,312 | ---- | M] () -- C:\Users\dloomis\Documents\OCM Call Tracker.accdb

========== Files Created - No Company Name ==========

[2011/11/30 12:00:39 | 000,002,445 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
[2011/11/30 12:00:39 | 000,002,325 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intact Printer.lnk
[2011/11/30 12:00:39 | 000,000,890 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
[2011/11/30 08:54:35 | 000,000,466 | ---- | C] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2011/11/29 18:13:46 | 000,366,648 | ---- | C] () -- C:\Users\dloomis\Desktop\Doc1.pdf
[2011/11/29 11:15:49 | 2058,801,151 | -HS- | C] () -- C:\hiberfil.sys
[2011/11/29 11:07:00 | 000,200,913 | ---- | C] () -- C:\Users\dloomis\Desktop\diskmgmt_screenshot.pdf
[2011/11/29 10:43:50 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/11/27 08:55:49 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2011/11/27 01:21:14 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/11/27 01:21:14 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/11/27 01:21:14 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/11/27 01:21:14 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/11/27 01:21:14 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/11/26 22:24:37 | 000,000,916 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2421173305-923280183-2936765214-1127UA.job
[2011/11/26 22:24:35 | 000,000,864 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2421173305-923280183-2936765214-1127Core.job
[2011/11/26 18:14:45 | 000,001,899 | ---- | C] () -- C:\Users\dloomis\Desktop\Compass Sherpa.lnk
[2011/11/26 18:00:07 | 000,002,278 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Compass Sherpa.lnk
[2011/11/26 17:05:44 | 000,025,160 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
[2011/11/26 11:42:48 | 000,000,904 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3029194478-1851183931-3144514420-1000UA.job
[2011/11/26 11:42:47 | 000,000,852 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3029194478-1851183931-3144514420-1000Core.job
[2011/11/23 12:15:21 | 000,000,441 | ---- | C] () -- C:\Users\dloomis\Documents\ChatLog Print Submission Webinar 2011_11_23 12_15.rtf
[2011/11/22 16:30:09 | 003,409,919 | ---- | C] () -- C:\Users\dloomis\Desktop\websubmission.pdf
[2011/11/21 09:07:04 | 000,007,597 | ---- | C] () -- C:\Users\dloomis\AppData\Local\Resmon.ResmonCfg
[2011/11/16 11:28:59 | 000,383,432 | ---- | C] () -- C:\Users\dloomis\Desktop\OCM Comments.pdf
[2011/11/09 11:35:17 | 000,965,838 | ---- | C] () -- C:\Users\dloomis\Desktop\Faxcore_ PO.pdf
[2011/11/09 09:50:41 | 000,071,125 | ---- | C] () -- C:\Users\dloomis\Desktop\GroupReport.pdf
[2011/11/04 22:09:48 | 000,018,281 | ---- | C] () -- C:\Users\dloomis\Desktop\success.csv
[2011/08/30 08:13:19 | 000,024,052 | ---- | C] () -- C:\Windows\net32.bin
[2011/08/15 09:54:03 | 000,159,836 | ---- | C] () -- C:\Windows\_isusr32.dll
[2011/08/15 09:54:03 | 000,032,768 | ---- | C] () -- C:\Windows\SysWow64\_isusr2k.dll
[2011/08/06 11:10:29 | 000,026,427 | ---- | C] () -- C:\Windows\CSTBox.INI
[2011/07/12 19:27:10 | 000,000,088 | -HS- | C] () -- C:\ProgramData\763428A7D1.sys
[2011/06/14 17:09:25 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/06/13 12:06:59 | 000,000,244 | ---- | C] () -- C:\Windows\omd.ini
[2011/06/10 22:01:56 | 000,884,230 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/06/10 15:22:39 | 000,001,890 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2011/06/09 12:53:11 | 000,002,820 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/06/04 07:34:14 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011/06/04 07:34:14 | 000,213,332 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011/06/04 07:34:13 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011/06/04 07:16:54 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2010/06/25 12:03:12 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2009/09/09 10:45:18 | 000,039,800 | ---- | C] () -- C:\Windows\SysWow64\secbuild.dll
[2009/09/09 10:45:10 | 000,030,072 | ---- | C] () -- C:\Windows\SysWow64\sectools.dll
[2009/09/09 10:44:56 | 000,055,160 | ---- | C] () -- C:\Windows\SysWow64\nlem32nt.dll
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/05/12 12:35:00 | 000,857,307 | ---- | C] () -- C:\Windows\SysWow64\SSCProt.dll
[2007/10/29 23:26:30 | 000,516,096 | ---- | C] () -- C:\Windows\SysWow64\IntactResources.dll
[2006/01/13 10:19:06 | 000,000,837 | ---- | C] () -- C:\Windows\SysWow64\noise.dat
[2005/06/03 14:54:06 | 000,002,545 | ---- | C] () -- C:\Windows\SysWow64\stemming.dat
[2002/04/16 08:14:44 | 001,683,456 | R--- | C] () -- C:\Windows\SysWow64\Ltclr13n.dll
[2002/04/16 08:14:44 | 000,118,784 | R--- | C] () -- C:\Windows\SysWow64\Lfkodak.dll
[2002/04/16 08:14:42 | 000,338,944 | R--- | C] () -- C:\Windows\SysWow64\Lffpx7.dll
[2001/01/19 14:02:46 | 000,003,769 | ---- | C] () -- C:\Windows\SysWow64\OPTIONS.DAT

========== Custom Scans ==========



< MD5 for: FIREWALL.CPL >
[2009/07/13 20:14:08 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=371F3248198FC6732D14F110495F25F6 -- C:\Windows\SysWOW64\Firewall.cpl
[2009/07/13 20:14:08 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=371F3248198FC6732D14F110495F25F6 -- C:\Windows\winsxs\x86_networking-mpssvc_31bf3856ad364e35_6.1.7601.17514_none_0c80f0c5176cbb85\Firewall.cpl
[2009/07/13 20:38:51 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=3F3F7C3B9722912DDEDDF006CFF9D9D0 -- C:\Windows\SysNative\Firewall.cpl
[2009/07/13 20:38:51 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=3F3F7C3B9722912DDEDDF006CFF9D9D0 -- C:\Windows\winsxs\amd64_networking-mpssvc_31bf3856ad364e35_6.1.7601.17514_none_689f8c48cfca2cbb\Firewall.cpl

< MD5 for: FIREWALLAPI.DLL >
[2009/07/13 20:15:21 | 000,462,848 | ---- | M] (Microsoft Corporation) MD5=3F50200237961034FACE602373838980 -- C:\Windows\SysWOW64\FirewallAPI.dll
[2009/07/13 20:15:21 | 000,462,848 | ---- | M] (Microsoft Corporation) MD5=3F50200237961034FACE602373838980 -- C:\Windows\winsxs\wow64_networking-mpssvc-svc_31bf3856ad364e35_6.1.7600.16385_none_005dd77215ee863b\FirewallAPI.dll
[2009/07/13 20:40:53 | 000,748,032 | ---- | M] (Microsoft Corporation) MD5=9AD9E06F8656F296D91FAE8EE5B95A27 -- C:\Windows\SysNative\FirewallAPI.dll
[2009/07/13 20:40:53 | 000,748,032 | ---- | M] (Microsoft Corporation) MD5=9AD9E06F8656F296D91FAE8EE5B95A27 -- C:\Windows\winsxs\amd64_networking-mpssvc-svc_31bf3856ad364e35_6.1.7601.17514_none_f83a40e7de7c47da\FirewallAPI.dll

< End of report >

Edited by dl9796, 30 November 2011 - 02:35 PM.

  • 0

#67
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,799 posts
  • MVP
I'm thinking that you are missing the file FirewallControlPanel.dll.

Download Process Monitor http://live.sysinter...com/Procmon.exe

Save it to your desktop. Run Process Monitor by right clicking and Run As Admin.

As soon as it starts,

Go to Control Panel, Windows Firewall.

Then back to Process Monitor and Files, uncheck Capture Events. Once it stops,

Click on the top line then Edit, Find and look for FirewallControlPanel. Does it find it? On mine it is a regqueryvalue HKCR\CLSID\{4026492F-2F69-46B8-B9BF-5654FC07E423}\DefaultIcon\(Default)

which is a Success and gets back: Type:REG_SZ Length:96 Data:C:\Windows\system32\FirewallControlPanel.dll,-1

The CLSID might be different on a 64bit but I would think it would still be looking for the same file tho perhaps in a different folder. Do you see something like that?

If I click on the very top line again and Edit, Find and search for just Firewall the first thing it does is look in C:\Windows\System32 and pull up all of the .cpl files. I assume this is the control panel starting up and filling in with the different icons. It does find firewall.cpl among the list.

The next time it finds firewall is is checking a registry entry called:
HKCU\Control Panel\don't load\Firewall.cpl

Apparently we do not want to find it in this don't load list.

Then it checks the equivalent list in HKLM: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\don't load\Firewall.cpl

and doesn't find it.

After that it tries to read regqueryvalue HKCR\CLSID\{4026492F-2F69-46B8-B9BF-5654FC07E423}\DefaultIcon\(Default) as previously mentioned.

When I look at the properties for FirewallControlPanel.dll it says it was created back in September but last modified in 2010. (This is a relatively new PC).
I could give you mine but it's only 32bit and last time I tried using one of mine on a 64bit it choked on it.) I can ask for a copy on our help forum but it may take a while.

(You may find some lines with FirewallPolicy. I have a second run where it did check the policy to see if there was something about not running it but it didn't find anything.)
  • 0

#68
dl9796

dl9796

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 109 posts
Hi Ron,

I think my results are similiar to yours - i think my issue is the firewall service is no longer in the servicec console, i need to find a way to reinstall this service - i can troubleshoot this on my own. Do you have any more suggestions for the redirect issues? Should we try another combo fix or another log utility. This is my main concern.

Or do you think the best thing to do is do a system restore? My question is if i use the system tools that came with the pc to restore back to factory defaults will this remove the virus or will it still be present? Will this come over when i bring my files, documents, pictures, etc. This virus has worn me down!!

i don't mind doing a factory restore i don't want to wipe out and reinstall windows.

Your thoughts

Thanks

Edited by dl9796, 30 November 2011 - 05:24 PM.

  • 0

#69
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,799 posts
  • MVP
Let's try with Combofix to find the the missing file and also look to see if there are any more clues as to what is bugging us.



Copy the text between the lines of stars by highlighting and Ctrl + c.

******************************************

Killall::

DirLook::
C:\Program Files\Common
%user%\library

MIA::
C:\Windows\SysWOW64\FirewallControlPanel.dll

******************************************

Now open notepad (Start, Run, notepad, OK) and Ctrl + V to paste the text into Notepad. Make sure you got it all then File, SAVE AS, (to your Desktop), CFScript , OK. Close notepad. (Overwrite the old one if it's still there.) You should see a file CFScript.txt on your desktop.

Pause your anti-virus.

Drag CFScript.txt over to Combofix and let go Combofix should start on its own.

Post the new log.

I don't know how this thing is working so I can't promise you that a reversion back to the factory install will fix it. With a new install we could wipe the old drive and be sure it was gone.

I will ask for help in our internal help forum. Perhaps a fresh pair of eyes will see something I'm missing.


Ron
  • 0

#70
dl9796

dl9796

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 109 posts
Hi Ron,

I agree with you and i appreciate that you are wiling to fight on!

****THURSDAY NIGHT UPDATE - i noticed that i have a service running that looks strange - it is all lower case with no description - it is called wscsvc - i have a screen shot if you think this would help -i will be available all night



Here is the log:

ComboFix 11-11-30.03 - dloomis 11/30/2011 23:38:40.4.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8079.5797 [GMT -5:00]
Running from: c:\users\dloomis\Desktop\george.exe
Command switches used :: c:\users\dloomis\Desktop\CFScript.txt
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\AMMYY
c:\programdata\AMMYY\settings.bin
c:\programdata\AMMYY\settings3.bin
c:\programdata\PCDr\5802\AddOnDownloaded\09ce0ed7-58db-4be9-b311-80b4fd9fd9bc.dll
c:\programdata\PCDr\5802\AddOnDownloaded\0b2769c8-99f3-4a8f-b749-eca9816d1c9d.dll
c:\programdata\PCDr\5802\AddOnDownloaded\283cdc40-c633-4749-b3ad-8eb5e8b11b5c.dll
c:\programdata\PCDr\5802\AddOnDownloaded\4506fabd-988f-4627-a1de-44b2f1093b08.dll
c:\programdata\PCDr\5802\AddOnDownloaded\4ab76655-9a01-4a2f-b4dc-226350587a29.dll
c:\programdata\PCDr\5802\AddOnDownloaded\54874b0a-fb04-44ef-ad2b-c957aafea033.dll
c:\programdata\PCDr\5802\AddOnDownloaded\60e1ddc2-8de1-4bd0-8e65-4c3d56791c8e.dll
c:\programdata\PCDr\5802\AddOnDownloaded\746b3523-df66-4ed9-beaa-88464b84933f.dll
c:\programdata\PCDr\5802\AddOnDownloaded\83db0f34-4452-4946-92c2-31dcd99767dd.dll
c:\programdata\PCDr\5802\AddOnDownloaded\90110d4d-0aa3-42f8-b48a-92aebd9d59f3.dll
c:\programdata\PCDr\5802\AddOnDownloaded\a6dab7e8-9159-49a5-9681-40f16e907a98.dll
c:\programdata\PCDr\5802\AddOnDownloaded\bead45d2-b2dc-44e3-94f8-c7de6979be60.dll
c:\programdata\PCDr\5802\AddOnDownloaded\d754c4cc-ae68-4d17-afb7-55002296e1e2.dll
c:\programdata\PCDr\5802\AddOnDownloaded\ec6735a3-9204-4734-bb0f-5859e58b13b2.dll
c:\programdata\PCDr\5802\AddOnDownloaded\ef10e210-fbf0-4381-a325-fb25f839bb1a.dll
c:\programdata\PCDr\5802\AddOnDownloaded\f1d18230-9731-47f0-b9f4-b537abcbb39c.dll
c:\programdata\PCDr\5802\AddOnDownloaded\f64109b2-74cc-4638-ae17-228b7886774b.dll
c:\programdata\PCDr\5802\AddOnDownloaded\fd85aea7-408e-4ff8-bdca-73b1320e8b27.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-11-01 to 2011-12-01 )))))))))))))))))))))))))))))))
.
.
2011-12-01 05:18 . 2011-12-01 05:18 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp
2011-12-01 05:18 . 2011-12-01 05:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-01 05:18 . 2011-12-01 05:18 -------- d-----w- c:\users\Dave\AppData\Local\temp
2011-12-01 05:18 . 2011-12-01 05:18 -------- d-----w- c:\users\Classic .NET AppPool\AppData\Local\temp
2011-12-01 05:18 . 2011-12-01 05:18 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2011-12-01 05:18 . 2011-12-01 05:18 -------- d-----w- c:\users\Administrator.DL-ITDEPT\AppData\Local\temp
2011-11-30 23:00 . 2011-11-30 23:00 -------- d-----w- c:\users\Dave\AppData\Local\ElevatedDiagnostics
2011-11-30 22:56 . 2011-11-30 22:56 -------- d-----w- c:\users\Dave\AppData\Roaming\CheckPoint
2011-11-30 21:29 . 2011-11-30 21:29 -------- d-----w- c:\users\dloomis\AppData\Roaming\CheckPoint
2011-11-30 21:29 . 2011-11-30 23:57 -------- d-----w- c:\program files (x86)\Conduit
2011-11-30 21:29 . 2011-12-01 04:09 -------- d-----w- c:\users\dloomis\AppData\Local\Conduit
2011-11-30 21:29 . 2011-12-01 04:12 -------- d-----w- c:\program files\CheckPoint
2011-11-30 21:28 . 2011-11-30 21:28 -------- d-----w- c:\programdata\CheckPoint
2011-11-30 21:16 . 2011-12-01 04:12 -------- d-----w- c:\program files (x86)\CheckPoint
2011-11-30 06:00 . 2011-11-30 06:00 287304 ----a-w- c:\windows\system32\drivers\TrufosAlt.sys
2011-11-29 16:54 . 2009-10-20 19:23 65072 ----a-w- c:\windows\system32\drivers\vmci.sys
2011-11-29 16:54 . 2009-10-20 19:22 38448 ----a-w- c:\windows\system32\drivers\hcmon.sys
2011-11-29 16:54 . 2009-10-20 19:23 76336 ----a-w- c:\windows\system32\drivers\vmx86.sys
2011-11-29 16:53 . 2009-10-20 19:21 326192 ----a-w- c:\windows\SysWow64\vmnetdhcp.exe
2011-11-29 16:52 . 2009-10-20 19:22 399920 ----a-w- c:\windows\SysWow64\vmnat.exe
2011-11-29 16:52 . 2009-10-20 19:23 30256 ----a-w- c:\windows\system32\drivers\vmnetuserif.sys
2011-11-29 16:52 . 2009-10-20 19:22 920112 ----a-w- c:\windows\system32\vnetlib64.dll
2011-11-29 15:49 . 2011-11-29 15:49 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-11-29 15:43 . 2011-11-29 15:43 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
2011-11-28 05:12 . 2011-11-28 05:16 -------- d-----w- c:\users\dloomis\AppData\Roaming\QuickScan
2011-11-28 05:08 . 2011-11-28 05:08 -------- d-----w- c:\program files (x86)\ESET
2011-11-28 03:38 . 2011-11-28 03:38 -------- d-----w- c:\windows\SysWow64\consrv.dll
2011-11-28 03:38 . 2011-11-29 12:05 -------- d-----w- C:\_OTL
2011-11-27 23:36 . 2011-11-28 00:51 -------- d-----w- C:\george
2011-11-27 14:43 . 2011-11-27 14:43 388096 ----a-r- c:\users\dloomis\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-11-27 14:43 . 2011-11-27 14:43 -------- d-----w- c:\program files (x86)\Trend Micro
2011-11-27 14:24 . 2011-11-27 14:24 -------- d-----w- c:\users\Dave\AppData\Roaming\Malwarebytes
2011-11-27 14:13 . 2011-11-29 12:06 -------- d-----w- c:\users\test
2011-11-27 14:01 . 2011-11-27 14:03 -------- d-----w- c:\users\dloomis\AppData\Local\CrashDumps
2011-11-27 13:55 . 2011-11-27 13:55 -------- d-----w- c:\program files\Enigma Software Group
2011-11-27 13:54 . 2011-11-30 23:57 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2011-11-27 05:43 . 2010-08-21 04:59 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-11-27 05:40 . 2011-11-30 23:56 -------- d-----w- c:\programdata\Norton
2011-11-27 05:32 . 2011-11-27 13:22 -------- d-----w- c:\users\dloomis\AppData\Local\ID Vault
2011-11-27 05:32 . 2011-11-27 05:32 -------- d-----w- c:\programdata\IsolatedStorage
2011-11-27 05:31 . 2011-11-27 13:22 -------- d-----w- c:\users\dloomis\AppData\Roaming\ID Vault
2011-11-27 05:30 . 2011-11-27 14:22 -------- d-----w- c:\program files (x86)\Constant Guard Protection Suite
2011-11-27 05:30 . 2011-11-27 05:30 -------- d-----w- c:\programdata\White Sky, Inc
2011-11-27 05:22 . 2011-11-27 05:22 -------- d-----w- c:\users\dloomis\DoctorWeb
2011-11-27 03:35 . 2011-11-27 03:35 -------- d-----w- c:\users\dloomis\AppData\Roaming\qualys
2011-11-27 03:24 . 2011-11-27 03:25 -------- d-----w- c:\users\dloomis\AppData\Local\Google
2011-11-27 00:21 . 2011-11-26 02:26 532132088 ----a-w- C:\VMware-server-2.0.2-203138.exe
2011-11-27 00:13 . 2011-11-27 00:13 -------- d-----w- c:\program files (x86)\Common Files\VMware
2011-11-26 23:24 . 2011-11-26 23:24 -------- d-----w- c:\users\Public\ABBYY FineReader Engine 9.0
2011-11-26 23:24 . 2011-11-26 23:24 -------- d-----w- c:\users\dloomis\AppData\Roaming\ABBYY FineReader Engine 9.0
2011-11-26 23:24 . 2011-11-26 23:24 -------- d-----w- c:\users\dloomis\AppData\Local\ABBYY FineReader Engine 9.0
2011-11-26 22:59 . 2011-11-26 22:59 -------- d-----w- c:\program files (x86)\Common Files\Business Objects
2011-11-26 22:05 . 2011-11-26 22:05 25160 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-11-26 22:05 . 2011-11-26 22:05 -------- d-----w- c:\program files\Hitman Pro 3.5
2011-11-26 22:05 . 2011-11-26 22:05 -------- d-----w- c:\programdata\Hitman Pro
2011-11-26 20:35 . 2011-11-30 23:57 -------- d-----w- C:\Copy of VMware
2011-11-26 17:07 . 2011-11-26 17:07 -------- d-----w- c:\users\Dave\AppData\Roaming\qualys
2011-11-26 17:01 . 2011-11-26 17:01 -------- d-----w- c:\programdata\Kaspersky Lab
2011-11-26 16:42 . 2011-11-26 16:43 -------- d-----w- c:\users\Dave\AppData\Local\Google
2011-11-26 15:53 . 2011-11-30 23:57 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2011-11-26 15:53 . 2011-11-26 22:13 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-11-26 04:00 . 2011-11-26 04:00 -------- d-----w- c:\users\dloomis\AppData\Roaming\Malwarebytes
2011-11-26 04:00 . 2011-11-26 04:00 -------- d-----w- c:\programdata\Malwarebytes
2011-11-26 04:00 . 2011-11-30 23:57 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-11-26 02:17 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D4C596EE-FE75-4251-99DA-3F2FBEFFA23C}\mpengine.dll
2011-11-09 13:28 . 2011-10-01 05:45 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-09 13:28 . 2011-10-01 04:37 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
2011-11-09 13:28 . 2011-09-29 16:29 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 13:28 . 2011-09-29 04:03 3144704 ----a-w- c:\windows\system32\win32k.sys
2011-11-07 13:55 . 2011-11-07 13:55 -------- d-----w- c:\program files (x86)\Equitrac
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-29 15:49 . 2011-06-15 12:18 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-11-28 18:01 . 2011-06-10 00:48 41184 ----a-w- c:\windows\avastSS.scr
2011-11-28 18:01 . 2011-06-10 00:48 199816 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-11-28 18:01 . 2011-06-10 00:48 256960 ----a-w- c:\windows\system32\aswBoot.exe
2011-11-28 17:54 . 2011-06-10 00:48 591192 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-11-28 17:53 . 2011-06-10 00:48 304472 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-11-28 17:52 . 2011-06-10 00:48 42328 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-11-28 17:52 . 2011-06-10 00:48 58712 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-11-28 17:52 . 2011-06-10 00:48 66904 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-11-28 17:51 . 2011-06-10 00:48 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-11-21 14:07 . 2011-06-10 20:22 1890 --sha-w- c:\programdata\KGyGaAvL.sys
2011-11-19 23:01 . 2011-06-16 23:49 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of %user%\library ----
.
.
---- Directory of c:\program files\Common ----
.
.
.
((((((((((((((((((((((((((((( [email protected]_07.16.42 )))))))))))))))))))))))))))))))))))))))))
.
- 2011-11-27 05:32 . 2011-11-27 05:56 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2011-11-27 05:32 . 2011-11-30 01:45 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2011-11-27 22:28 . 2011-11-27 22:24 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat
+ 2011-11-27 23:24 . 2011-11-27 23:24 79089 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Adobe\Acrobat\9.0\UserCache.bin
+ 2011-11-27 19:53 . 2011-11-27 23:24 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012011112720111128\index.dat
+ 2011-11-27 19:43 . 2011-11-27 19:43 49120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT
+ 2011-11-27 19:43 . 2011-11-27 23:24 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2010-11-21 03:09 . 2011-12-01 06:02 83612 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-12-01 06:02 43998 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-06-09 23:48 . 2011-12-01 06:02 10788 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2421173305-923280183-2936765214-1127_UserData.bin
- 2009-07-14 05:30 . 2011-11-27 00:52 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2009-07-14 05:30 . 2011-12-01 04:08 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2011-06-09 17:17 . 2011-12-01 00:32 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-06-09 17:17 . 2011-11-27 05:42 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-06-09 17:17 . 2011-11-27 05:42 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-12-01 00:32 . 2011-12-01 00:32 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-11-27 05:42 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-12-01 00:32 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-11-29 15:42 . 2011-11-29 15:42 32256 c:\windows\Installer\28877c.msi
+ 2011-06-06 17:55 . 2011-06-06 17:55 73624 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\wow_helper.exe
+ 2011-06-06 17:55 . 2011-06-06 17:55 17304 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\ViewerPS.dll
+ 2011-06-06 17:55 . 2011-06-06 17:55 35736 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\reader_sl.exe
+ 2011-06-06 17:55 . 2011-06-06 17:55 88992 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\PDFPrevHndlr.dll
+ 2011-06-06 17:55 . 2011-06-06 17:55 94608 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\eula.exe
+ 2011-06-06 17:55 . 2011-06-06 17:55 49064 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acrotextextractor.exe
+ 2011-06-06 17:55 . 2011-06-06 17:55 17824 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32Info.exe
+ 2011-06-06 17:55 . 2011-06-06 17:55 63912 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acroiehelpershim.dll
+ 2011-06-06 17:55 . 2011-06-06 17:55 64928 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroIEHelper.dll
+ 2011-06-06 17:55 . 2011-06-06 17:55 63384 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\Acrofx32.dll
+ 2011-07-02 15:06 . 2011-11-27 18:48 5922 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3029194478-1851183931-3144514420-1000_UserData.bin
- 2011-11-27 05:52 . 2011-11-27 05:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-12-01 05:21 . 2011-12-01 05:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-12-01 05:21 . 2011-12-01 05:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-11-27 05:52 . 2011-11-27 05:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-11-29 15:49 . 2011-11-29 15:49 157472 c:\windows\SysWOW64\javaws.exe
+ 2011-11-29 15:49 . 2011-11-29 15:49 145184 c:\windows\SysWOW64\javaw.exe
+ 2011-11-29 15:49 . 2011-11-29 15:49 145184 c:\windows\SysWOW64\java.exe
+ 2009-07-14 04:54 . 2011-12-01 05:22 196608 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-06-09 18:05 . 2011-11-27 12:55 303266 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-07-14 02:36 . 2011-12-01 05:30 771534 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2011-11-27 06:02 771534 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2011-11-27 06:02 160578 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2011-12-01 05:30 160578 c:\windows\system32\perfc009.dat
- 2009-07-14 04:45 . 2011-11-10 20:01 456784 c:\windows\system32\FNTCACHE.DAT
+ 2009-07-14 04:45 . 2011-11-30 20:32 456784 c:\windows\system32\FNTCACHE.DAT
- 2009-07-14 05:30 . 2011-11-27 00:52 143360 c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2011-12-01 04:08 143360 c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2011-12-01 04:08 143360 c:\windows\system32\DriverStore\infstor.dat
- 2009-07-14 05:30 . 2011-11-27 00:51 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2009-07-14 05:12 . 2011-12-01 00:32 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 05:12 . 2011-07-14 23:16 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 04:46 . 2011-11-27 14:07 119000 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2009-07-14 05:01 . 2011-12-01 05:20 415536 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2011-11-27 05:51 415536 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-07-08 02:29 . 2011-11-30 23:05 794108 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3029194478-1851183931-3144514420-1000-12288.dat
+ 2011-07-07 03:10 . 2011-12-01 05:20 871924 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2421173305-923280183-2936765214-1127-12288.dat
+ 2011-11-29 15:49 . 2011-11-29 15:49 207360 c:\windows\Installer\2887ce.msi
+ 2011-06-06 17:55 . 2011-06-06 17:55 249232 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\sqlite.dll
+ 2011-06-06 17:55 . 2011-06-06 17:55 394136 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\pdfshell.dll
+ 2011-06-06 17:55 . 2011-06-06 17:55 183696 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\nppdf32.dll
+ 2011-06-06 17:55 . 2011-06-06 17:55 104344 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AiodLite.dll
+ 2011-06-06 17:55 . 2011-06-06 17:55 102808 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRdIF.dll
+ 2011-06-06 17:55 . 2011-06-06 17:55 755088 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroPDF.dll
+ 2011-06-06 17:55 . 2011-06-06 17:55 296344 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acrobroker.exe
+ 2011-06-06 17:55 . 2011-06-06 17:55 205720 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\a3dutils.dll
+ 2011-11-15 20:59 . 2011-11-15 20:59 728344 c:\windows\Downloaded Program Files\qsax.dll
+ 2009-07-14 04:54 . 2011-12-01 05:22 3735552 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-12-01 05:22 6209536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-06-04 12:44 . 2011-12-01 05:20 9064288 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-11-27 20:07 . 2011-11-29 00:22 6267480 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
+ 2011-11-27 14:43 . 2011-11-27 14:43 1402880 c:\windows\Installer\e3d7f.msi
+ 2011-11-10 23:00 . 2011-11-10 23:00 2887680 c:\windows\Installer\342a9a.msi
+ 2011-06-06 20:45 . 2011-06-06 20:45 2318848 c:\windows\Installer\2887c2.msi
+ 2011-06-06 17:55 . 2011-06-06 17:55 2215312 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\rt3d.dll
+ 2011-06-06 17:55 . 2011-06-06 17:55 6543768 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\authplay.dll
+ 2011-06-06 17:55 . 2011-06-06 17:55 1240992 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AdobeCollabSync.exe
+ 2011-06-06 17:55 . 2011-06-06 17:55 1480600 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32.exe
+ 2011-11-29 15:49 . 2011-11-29 15:49 12863488 c:\windows\Installer\2887c8.msi
+ 2011-09-05 21:51 . 2011-09-05 21:51 13135872 c:\windows\Installer\2887c3.msp
+ 2011-06-06 17:55 . 2011-06-06 17:55 24731544 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\dloomis\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\dloomis\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\dloomis\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\dloomis\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2011-07-22 910208]
"GoToMeeting"="c:\program files (x86)\Citrix\GoToMeeting\723\g2mstart.exe" [2011-06-15 39816]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2011-02-03 1543016]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"SharpTray.exe"="c:\program files (x86)\Sharp\Sharpdesk\SharpTray.exe" [2010-03-08 131584]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"IndexTray.exe"="c:\program files (x86)\Sharp\Sharpdesk\IndexTray.exe" [2010-03-08 395264]
"IMSS"="c:\program files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" [2011-01-17 112152]
"FtpServer.exe"="c:\program files (x86)\Sharp\Sharpdesk\FtpServer.exe" [2010-02-22 819712]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2010-12-18 1202976]
Intact Printer.lnk - c:\program files (x86)\InfoDynamics, Inc\Intact Document Solution\IntactPrinter.Net.exe [2011-4-28 75776]
QuickBooks Update Agent.lnk - c:\program files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2009-4-24 972064]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HyperW7Svc;HyperW7 Service;c:\program files\Lenovo\RapidBoot\HyperW7Svc64.exe [2010-12-03 116072]
R2 IntactActionService;IntactActionService;c:\program files (x86)\InfoDynamics\IntactActionService\IntactActionService.exe [2010-09-02 16896]
R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 DozeSvc;Lenovo Doze Mode Service;c:\program files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2011-02-03 155496]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
R3 OKI OPHG DCS Loader;OKI OPHG DCS Loader;c:\windows\system32\spool\DRIVERS\x64\3\OPHGLDCS.EXE [2007-05-29 20480]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 pmxdrv;pmxdrv;c:\windows\system32\drivers\pmxdrv.sys [x]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2011-02-03 79208]
R3 Remark FTP Utility;Remark FTP Utility;c:\program files (x86)\Common Files\Gravic\RemarkFTPUtility12.exe [2009-09-04 65024]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
R3 WMSVC;Web Management Service;c:\windows\system32\inetsrv\wmsvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 DzHDD64;DzHDD64;c:\windows\System32\DRIVERS\DzHDD64.sys [x]
S0 nlem64nt;nlem64nt; [x]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys [x]
S1 PHCORE;PHCORE;c:\program files\Lenovo\RapidBoot\PHCORE64.SYS [2010-12-03 31592]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg64.exe [x]
S2 DocumentIndexingService;Document Indexing Service;c:\program files (x86)\InfoDynamics\Indexer\DocumentIndexingService.exe [2010-07-01 10752]
S2 Engine9DongleManagerService;FineReader Engine 9.0 Network License Server;c:\program files (x86)\InfoDynamics\License Server\EngineDongleManager.exe \service [x]
S2 ftpsvc;Microsoft FTP Service;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 hMailServer;hMailServer;c:\program files (x86)\hMailServer\Bin\hMailServer.exe RunAsService [x]
S2 IDM_DCPC_SNMP;MWA Intelligence DCPC Service;c:\program files (x86)\MWA Intelligence\iMPS Enterprise\4.2.2.0\IDM_DCPC_SNMP.exe [2011-03-30 135168]
S2 IMPSDiscoveryEngine;IMPSDiscoveryEngine;c:\program files (x86)\MWA Intelligence\iMPS Enterprise\4.2.2.0\IMPSDiscoveryEngine.exe [2011-03-30 160768]
S2 IMPSUpdateEngine;IMPSUpdateEngine;c:\program files (x86)\MWA Intelligence\iMPS Enterprise\IMPSUpdateEngine.exe [2011-03-30 46080]
S2 IntactFTPServer;IntactFTPServer;c:\program files (x86)\InfoDynamics, Inc\IntactOSA\bin\IntactFTPServer.exe [2009-03-12 36864]
S2 IntactWebServer;IntactWebServer;c:\program files (x86)\InfoDynamics, Inc\IntactOSA\bin\IntactWebServer.exe [2009-02-25 49152]
S2 jhi_service;Intel® Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2010-11-29 210896]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [2011-02-26 40808]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2010-11-24 45496]
S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [2011-02-26 59240]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2010-04-07 93032]
S2 MSSQL$INTACT;SQL Server (INTACT);c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
S2 MWAServiceMonitor;MWAServiceMonitor;c:\program files (x86)\MWA Intelligence\iMPS Enterprise\DCPC Watchdog Service.exe [2011-03-24 10240]
S2 risdxc;risdxc;c:\windows\system32\DRIVERS\risdxc64.sys [x]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [2010-12-03 114024]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2010-12-02 64440]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-01-17 2656280]
S2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [x]
S2 VMwareHostd;VMware Host Agent;c:\program files (x86)\VMware\VMware Server\vmware-hostd.exe [2009-10-20 322096]
S2 VMwareServerWebAccess;VMware Server Web Access;c:\program files (x86)\VMware\VMware Server\tomcat\bin\Tomcat6.exe [2009-10-20 57344]
S3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys [x]
S3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2421173305-923280183-2936765214-1127Core.job
- c:\users\dloomis\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-27 03:24]
.
2011-12-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2421173305-923280183-2936765214-1127UA.job
- c:\users\dloomis\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-27 03:24]
.
2011-11-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3029194478-1851183931-3144514420-1000Core.job
- c:\users\Dave\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-26 16:42]
.
2011-12-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3029194478-1851183931-3144514420-1000UA.job
- c:\users\Dave\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-26 16:42]
.
2011-11-30 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 22:06]
.
2011-11-30 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 22:06]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\dloomis\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\dloomis\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\dloomis\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\dloomis\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SR0XRCV"="c:\windows\system32\spool\drivers\x64\3\SR0XRCV.exe" [2006-10-23 102400]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2011-03-15 316032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-11 418840]
"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2011-02-26 41320]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-11 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-11 391704]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
"ALCKRESI.EXE"="c:\program files\Lenovo\AutoLock\ALCKRESI.EXE" [2010-12-17 281448]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://lenovo.msn.com
mLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
LSP: c:\program files (x86)\VMware\VMware Server\vsocklib.dll
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{25061D1D-6EF0-4AA5-9098-2491B61CC892}: NameServer = 132.145.80.89
DPF: {B94C2238-346E-4C5E-9B36-8CC627F35574}
FF - ProfilePath - c:\users\dloomis\AppData\Roaming\Mozilla\Firefox\Profiles\jbxhww7e.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=685749&p=
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{91da5e8a-3318-4f8c-b67e-5964de3ab546} - (no file)
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-Adobe Reader Speed Launcher - c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe
WebBrowser-{91DA5E8A-3318-4F8C-B67E-5964DE3AB546} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.032"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.abr"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.amr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.amr"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.ani"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.apd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.apd"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.arw"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.bay"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.bmp"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.bw"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bwf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.bwf"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cel\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.cel"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.cr2"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.crw"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.cs1"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.cur"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.dcr"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.dcx"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.dib"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.djv"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.djvu"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.dng"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.emf"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.eps"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.erf"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.fff"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.flc"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fli\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.fli"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.fpx"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.gif"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.hdr"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.icl"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.icn"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.iff"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.ilbm"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.int"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.inta"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.iw4"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.j2c"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.j2k"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.jbr"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.jfif"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.jif"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.jp2"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.jpc"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.jpe"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.jpeg"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.jpg"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.jpk"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.jpx"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kar\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.kar"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.kdc"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.lbm"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m15\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.m15"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1a\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.m1a"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2a\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.m2a"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m75\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.m75"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.mef"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.mos"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.mpv"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.mrw"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.nef"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.nrw"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.orf"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pbm"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pbr"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pcd"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pct"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pcx"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pef"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pgm"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pic"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pics\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pics"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pict"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pix"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.png"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.ppm"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.psd"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.psp"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pspbrush"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.pspimage"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.qcp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.qcp"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.qtpf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.qtpf"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.raf"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.ras"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.raw"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.rgb"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.rgba"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.rle"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.rsb"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rw2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.rw2"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rwl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.rwl"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sdv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.sdv"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sfil\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.sfil"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.sgi"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.smf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.smf"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.smi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.smi"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.smil\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.smil"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.sml"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.sr2"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.srf"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.swa\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.swa"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.tga"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.thm"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.tif"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.tiff"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.ttc"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.ttf"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ulw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.ulw"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30po\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.v30po"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30pp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.v30pp"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30ppf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.v30ppf"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vfw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.vfw"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.wbm"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.wbmp"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.wmf"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.xbm"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.xif"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.xmp"
.
[HKEY_USERS\S-1-5-21-2421173305-923280183-2936765214-1127\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.xpm"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\InfoDynamics\License Server\EngineDongleManager.exe
c:\program files (x86)\hMailServer\Bin\hMailServer.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\windows\SysWOW64\SAsrv.exe
c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\SysWOW64\vmnat.exe
c:\program files (x86)\VMware\VMware Server\vmware-authd.exe
c:\windows\SysWOW64\vmnetdhcp.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Lenovo\System Update\SUService.exe
c:\progra~1\LENOVO\VIRTSCRL\virtscrl.exe
c:\progra~1\Lenovo\Zoom\TPSCREX.EXE
c:\progra~1\Lenovo\HOTKEY\TPONSCR.EXE
c:\program files (x86)\Internet Explorer\iexplore.exe
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\Citrix\GoToMeeting\723\g2mcomm.exe
c:\windows\SysWOW64\RunDll32.exe
c:\program files (x86)\Citrix\GoToMeeting\723\g2mlauncher.exe
c:\progra~2\ThinkPad\UTILIT~1\SCHTASK.exe
c:\program files (x86)\Sharp\Sharpdesk\nsapp.exe
.
**************************************************************************
.
Completion time: 2011-12-01 01:22:57 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-01 06:22
ComboFix2.txt 2011-11-29 07:34
ComboFix3.txt 2011-11-29 01:58
ComboFix4.txt 2011-11-28 00:50
ComboFix5.txt 2011-12-01 04:29
.
Pre-Run: 321,958,453,248 bytes free
Post-Run: 321,778,737,152 bytes free
.
- - End Of File - - 2EC1177B3451B36CCAD0B047D6D57B97

Edited by dl9796, 01 December 2011 - 07:41 PM.

  • 0

Advertisements


#71
dl9796

dl9796

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 109 posts
Here is the screen shot of the image - combo log in the above post. i will stand by and wait for further assistance

Attached Thumbnails

  • service image.jpg

  • 0

#72
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,799 posts
  • MVP
Does your version of TDSSKiller have:

"Change Parameters" on the first page? If so, hit it then check both options and OK then hit Scan. This mode is prone to false positives so leave everything set to SKIP and just get the report.

You might try downloading the standard TDSSKiller again. It gets updated frequently.
  • 0

#73
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,799 posts
  • MVP
wscsvc is the Security Center. It uses a file C:\windows\system32\wscsvc.dll on my pc. It should normally be Startup Type: Automatic and it should be running. I've seen it have trouble running after uninstalling Norton.
  • 0

#74
dl9796

dl9796

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 109 posts
Hi Ron,

I tried downloading and running TDSSkiller again - did not start.

I ran my version - i do have the change parameters and selected all 4 boxes:
Services and drivers - Boot sectors - Verify driver digital signatures - detect TDLFS file sytem

Ran with no errors:

21:29:30.0676 8084 1.0.0.0 Nov 19 2011 15:54:30
21:29:30.0676 8084 Updater subsystem init failed!
21:29:30.0676 8084 ============================================================
21:29:30.0676 8084 Current date / time: 2011/12/01 21:29:30.0676
21:29:30.0676 8084 SystemInfo:
21:29:30.0676 8084
21:29:30.0676 8084 OS Version: 6.1.7601 ServicePack: 1.0
21:29:30.0676 8084 Product type: Workstation
21:29:30.0676 8084 ComputerName: DL-ITDEPT
21:29:30.0676 8084 UserName: dloomis
21:29:30.0676 8084 Windows directory: C:\Windows
21:29:30.0676 8084 System windows directory: C:\Windows
21:29:30.0676 8084 Running under WOW64
21:29:30.0676 8084 Processor architecture: Intel x64
21:29:30.0676 8084 Number of processors: 4
21:29:30.0676 8084 Page size: 0x1000
21:29:30.0676 8084 Boot type: Normal boot
21:29:30.0676 8084 ============================================================
21:29:37.0119 8084 Initialize success
21:30:12.0118 8148 ============================================================
21:30:12.0118 8148 Scan started
21:30:12.0118 8148 Mode: Manual; SigCheck; TDLFS;
21:30:12.0118 8148 ============================================================
21:30:12.0508 8148 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\DRIVERS\1394ohci.sys
21:30:12.0570 8148 1394ohci - ok
21:30:12.0617 8148 5U877 (6fc47aa89b4abd3e2f8766e55a52e426) C:\Windows\system32\DRIVERS\5U877.sys
21:30:12.0648 8148 5U877 - ok
21:30:12.0680 8148 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
21:30:12.0695 8148 ACPI - ok
21:30:12.0726 8148 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
21:30:12.0742 8148 AcpiPmi - ok
21:30:12.0804 8148 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
21:30:12.0820 8148 adp94xx - ok
21:30:12.0851 8148 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
21:30:12.0867 8148 adpahci - ok
21:30:12.0898 8148 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
21:30:12.0914 8148 adpu320 - ok
21:30:12.0960 8148 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
21:30:12.0992 8148 AFD - ok
21:30:13.0023 8148 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
21:30:13.0038 8148 agp440 - ok
21:30:13.0038 8148 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
21:30:13.0054 8148 aliide - ok
21:30:13.0070 8148 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
21:30:13.0085 8148 amdide - ok
21:30:13.0116 8148 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
21:30:13.0132 8148 AmdK8 - ok
21:30:13.0163 8148 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
21:30:13.0179 8148 AmdPPM - ok
21:30:13.0226 8148 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
21:30:13.0226 8148 amdsata - ok
21:30:13.0272 8148 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
21:30:13.0272 8148 amdsbs - ok
21:30:13.0304 8148 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
21:30:13.0304 8148 amdxata - ok
21:30:13.0350 8148 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
21:30:13.0366 8148 AppID - ok
21:30:13.0413 8148 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
21:30:13.0413 8148 arc - ok
21:30:13.0428 8148 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
21:30:13.0444 8148 arcsas - ok
21:30:13.0506 8148 aswFsBlk (ce6d8bcc4787704ea4feeb92b0d0caf8) C:\Windows\system32\drivers\aswFsBlk.sys
21:30:13.0522 8148 aswFsBlk - ok
21:30:13.0569 8148 aswMonFlt (0debeb2e3fbd0bf5343125cce617f105) C:\Windows\system32\drivers\aswMonFlt.sys
21:30:13.0569 8148 aswMonFlt - ok
21:30:13.0600 8148 aswRdr (952edc2e81f85d1781958d4128bf59f8) C:\Windows\system32\drivers\aswRdr.sys
21:30:13.0616 8148 aswRdr - ok
21:30:13.0647 8148 aswSnx (dd383e2ac941c545a85ab72503da6c12) C:\Windows\system32\drivers\aswSnx.sys
21:30:13.0662 8148 aswSnx - ok
21:30:13.0725 8148 aswSP (ef5403fb8b2dcb791ec365fdf6040a4a) C:\Windows\system32\drivers\aswSP.sys
21:30:13.0740 8148 aswSP - ok
21:30:13.0740 8148 aswTdi (34165da5c6b30c0f9d61246bf8a28040) C:\Windows\system32\drivers\aswTdi.sys
21:30:13.0756 8148 aswTdi - ok
21:30:13.0787 8148 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
21:30:13.0818 8148 AsyncMac - ok
21:30:13.0865 8148 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
21:30:13.0881 8148 atapi - ok
21:30:13.0928 8148 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
21:30:13.0959 8148 b06bdrv - ok
21:30:13.0990 8148 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
21:30:14.0021 8148 b57nd60a - ok
21:30:14.0052 8148 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
21:30:14.0084 8148 Beep - ok
21:30:14.0130 8148 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
21:30:14.0146 8148 blbdrive - ok
21:30:14.0208 8148 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
21:30:14.0224 8148 bowser - ok
21:30:14.0255 8148 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
21:30:14.0271 8148 BrFiltLo - ok
21:30:14.0286 8148 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
21:30:14.0302 8148 BrFiltUp - ok
21:30:14.0318 8148 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
21:30:14.0349 8148 Brserid - ok
21:30:14.0364 8148 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
21:30:14.0396 8148 BrSerWdm - ok
21:30:14.0411 8148 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:30:14.0427 8148 BrUsbMdm - ok
21:30:14.0427 8148 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
21:30:14.0442 8148 BrUsbSer - ok
21:30:14.0505 8148 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
21:30:14.0520 8148 BthEnum - ok
21:30:14.0552 8148 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
21:30:14.0567 8148 BTHMODEM - ok
21:30:14.0598 8148 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
21:30:14.0630 8148 BthPan - ok
21:30:14.0676 8148 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
21:30:14.0692 8148 BTHPORT - ok
21:30:14.0723 8148 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
21:30:14.0754 8148 BTHUSB - ok
21:30:14.0801 8148 BTWAMPFL (8834f87a6a745872894df8223201a6c3) C:\Windows\system32\DRIVERS\btwampfl.sys
21:30:14.0817 8148 BTWAMPFL - ok
21:30:14.0832 8148 btwaudio (9863d82ecbec6106d377ed73680d99d8) C:\Windows\system32\drivers\btwaudio.sys
21:30:14.0848 8148 btwaudio - ok
21:30:14.0879 8148 btwavdt (3432dd66ae75ab2de6d0527ad78dbfc7) C:\Windows\system32\DRIVERS\btwavdt.sys
21:30:14.0879 8148 btwavdt - ok
21:30:14.0895 8148 btwl2cap (382dc5a631ced0462ea09b7eb898bdbf) C:\Windows\system32\DRIVERS\btwl2cap.sys
21:30:14.0910 8148 btwl2cap - ok
21:30:14.0942 8148 btwrchid (13a9c2cedd44c175e6ca39a536795ca6) C:\Windows\system32\DRIVERS\btwrchid.sys
21:30:14.0942 8148 btwrchid - ok
21:30:15.0098 8148 catchme - ok
21:30:15.0160 8148 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
21:30:15.0191 8148 cdfs - ok
21:30:15.0238 8148 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
21:30:15.0254 8148 cdrom - ok
21:30:15.0285 8148 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
21:30:15.0300 8148 circlass - ok
21:30:15.0347 8148 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
21:30:15.0363 8148 CLFS - ok
21:30:15.0410 8148 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
21:30:15.0425 8148 CmBatt - ok
21:30:15.0456 8148 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
21:30:15.0456 8148 cmdide - ok
21:30:15.0488 8148 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
21:30:15.0503 8148 CNG - ok
21:30:15.0581 8148 CnxtHdAudService (db6f09464c57606892bf6d2458483417) C:\Windows\system32\drivers\CHDRT64.sys
21:30:15.0597 8148 CnxtHdAudService - ok
21:30:15.0628 8148 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
21:30:15.0644 8148 Compbatt - ok
21:30:15.0659 8148 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
21:30:15.0690 8148 CompositeBus - ok
21:30:15.0706 8148 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
21:30:15.0722 8148 crcdisk - ok
21:30:15.0753 8148 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
21:30:15.0784 8148 CSC - ok
21:30:15.0815 8148 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
21:30:15.0846 8148 DfsC - ok
21:30:15.0878 8148 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
21:30:15.0893 8148 discache - ok
21:30:15.0956 8148 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
21:30:15.0971 8148 Disk - ok
21:30:15.0987 8148 dmvsc (5db085a8a6600be6401f2b24eecb5415) C:\Windows\system32\drivers\dmvsc.sys
21:30:16.0002 8148 dmvsc - ok
21:30:16.0080 8148 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
21:30:16.0096 8148 drmkaud - ok
21:30:16.0143 8148 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
21:30:16.0158 8148 DXGKrnl - ok
21:30:16.0174 8148 DzHDD64 (ce4cffd9f64b86bceb1c343fc9924d72) C:\Windows\system32\DRIVERS\DzHDD64.sys
21:30:16.0190 8148 DzHDD64 - ok
21:30:16.0221 8148 e1cexpress (dc1776d086aa9733b1929a3d979d9fdd) C:\Windows\system32\DRIVERS\e1c62x64.sys
21:30:16.0236 8148 e1cexpress - ok
21:30:16.0299 8148 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
21:30:16.0392 8148 ebdrv - ok
21:30:16.0424 8148 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
21:30:16.0439 8148 elxstor - ok
21:30:16.0455 8148 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
21:30:16.0486 8148 ErrDev - ok
21:30:16.0533 8148 esgiguard - ok
21:30:16.0564 8148 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
21:30:16.0595 8148 exfat - ok
21:30:16.0611 8148 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
21:30:16.0658 8148 fastfat - ok
21:30:16.0673 8148 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
21:30:16.0704 8148 fdc - ok
21:30:16.0751 8148 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
21:30:16.0751 8148 FileInfo - ok
21:30:16.0767 8148 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
21:30:16.0814 8148 Filetrace - ok
21:30:16.0814 8148 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
21:30:16.0829 8148 flpydisk - ok
21:30:16.0860 8148 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
21:30:16.0860 8148 FltMgr - ok
21:30:16.0892 8148 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
21:30:16.0892 8148 FsDepends - ok
21:30:16.0923 8148 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
21:30:16.0923 8148 Fs_Rec - ok
21:30:16.0970 8148 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
21:30:16.0985 8148 fvevol - ok
21:30:17.0016 8148 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
21:30:17.0032 8148 gagp30kx - ok
21:30:17.0079 8148 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:30:17.0079 8148 GEARAspiWDM - ok
21:30:17.0126 8148 hcmon (edb09f2df76c352b7af56d0b473049d6) C:\Windows\system32\drivers\hcmon.sys
21:30:17.0126 8148 hcmon - ok
21:30:17.0157 8148 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
21:30:17.0172 8148 hcw85cir - ok
21:30:17.0204 8148 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
21:30:17.0235 8148 HdAudAddService - ok
21:30:17.0282 8148 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
21:30:17.0297 8148 HDAudBus - ok
21:30:17.0313 8148 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
21:30:17.0328 8148 HidBatt - ok
21:30:17.0360 8148 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
21:30:17.0375 8148 HidBth - ok
21:30:17.0406 8148 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
21:30:17.0422 8148 HidIr - ok
21:30:17.0453 8148 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
21:30:17.0469 8148 HidUsb - ok
21:30:17.0531 8148 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
21:30:17.0547 8148 HpSAMD - ok
21:30:17.0578 8148 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
21:30:17.0625 8148 HTTP - ok
21:30:17.0640 8148 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
21:30:17.0656 8148 hwpolicy - ok
21:30:17.0703 8148 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
21:30:17.0718 8148 i8042prt - ok
21:30:17.0765 8148 iaStor (d7921d5a870b11cc1adab198a519d50a) C:\Windows\system32\drivers\iaStor.sys
21:30:17.0781 8148 iaStor - ok
21:30:17.0812 8148 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
21:30:17.0828 8148 iaStorV - ok
21:30:17.0874 8148 IBMPMDRV (29ed470689b7c597a9701d6a4c57a578) C:\Windows\system32\DRIVERS\ibmpmdrv.sys
21:30:17.0874 8148 IBMPMDRV - ok
21:30:18.0124 8148 igfx (66dc0ce2d1867b8178eaa0e11930dbd7) C:\Windows\system32\DRIVERS\igdkmd64.sys
21:30:18.0342 8148 igfx - ok
21:30:18.0374 8148 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
21:30:18.0389 8148 iirsp - ok
21:30:18.0452 8148 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
21:30:18.0467 8148 IntcDAud - ok
21:30:18.0467 8148 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
21:30:18.0483 8148 intelide - ok
21:30:18.0498 8148 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
21:30:18.0530 8148 intelppm - ok
21:30:18.0561 8148 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:30:18.0576 8148 IpFilterDriver - ok
21:30:18.0608 8148 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
21:30:18.0623 8148 IPMIDRV - ok
21:30:18.0639 8148 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
21:30:18.0686 8148 IPNAT - ok
21:30:18.0717 8148 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
21:30:18.0748 8148 IRENUM - ok
21:30:18.0779 8148 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
21:30:18.0779 8148 isapnp - ok
21:30:18.0810 8148 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
21:30:18.0826 8148 iScsiPrt - ok
21:30:18.0873 8148 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
21:30:18.0873 8148 kbdclass - ok
21:30:18.0888 8148 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
21:30:18.0920 8148 kbdhid - ok
21:30:18.0935 8148 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
21:30:18.0951 8148 KSecDD - ok
21:30:18.0982 8148 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
21:30:18.0982 8148 KSecPkg - ok
21:30:18.0998 8148 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
21:30:19.0044 8148 ksthunk - ok
21:30:19.0091 8148 lenovo.smi (2b9d8555dc004e240082d18e7725ce20) C:\Windows\system32\DRIVERS\smiifx64.sys
21:30:19.0107 8148 lenovo.smi - ok
21:30:19.0138 8148 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
21:30:19.0169 8148 lltdio - ok
21:30:19.0247 8148 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
21:30:19.0247 8148 LSI_FC - ok
21:30:19.0278 8148 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
21:30:19.0278 8148 LSI_SAS - ok
21:30:19.0294 8148 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
21:30:19.0310 8148 LSI_SAS2 - ok
21:30:19.0325 8148 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
21:30:19.0341 8148 LSI_SCSI - ok
21:30:19.0356 8148 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
21:30:19.0388 8148 luafv - ok
21:30:19.0403 8148 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
21:30:19.0419 8148 megasas - ok
21:30:19.0450 8148 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
21:30:19.0466 8148 MegaSR - ok
21:30:19.0512 8148 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
21:30:19.0512 8148 MEIx64 - ok
21:30:19.0544 8148 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
21:30:19.0559 8148 Modem - ok
21:30:19.0590 8148 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
21:30:19.0622 8148 monitor - ok
21:30:19.0668 8148 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
21:30:19.0668 8148 mouclass - ok
21:30:19.0700 8148 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
21:30:19.0731 8148 mouhid - ok
21:30:19.0762 8148 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
21:30:19.0778 8148 mountmgr - ok
21:30:19.0793 8148 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
21:30:19.0809 8148 mpio - ok
21:30:19.0824 8148 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
21:30:19.0856 8148 mpsdrv - ok
21:30:19.0871 8148 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
21:30:19.0902 8148 MRxDAV - ok
21:30:19.0934 8148 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:30:19.0965 8148 mrxsmb - ok
21:30:19.0996 8148 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:30:20.0012 8148 mrxsmb10 - ok
21:30:20.0027 8148 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:30:20.0027 8148 mrxsmb20 - ok
21:30:20.0058 8148 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
21:30:20.0058 8148 msahci - ok
21:30:20.0074 8148 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
21:30:20.0090 8148 msdsm - ok
21:30:20.0121 8148 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
21:30:20.0152 8148 Msfs - ok
21:30:20.0168 8148 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
21:30:20.0199 8148 mshidkmdf - ok
21:30:20.0214 8148 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
21:30:20.0214 8148 msisadrv - ok
21:30:20.0246 8148 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
21:30:20.0292 8148 MSKSSRV - ok
21:30:20.0308 8148 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
21:30:20.0339 8148 MSPCLOCK - ok
21:30:20.0355 8148 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
21:30:20.0386 8148 MSPQM - ok
21:30:20.0402 8148 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
21:30:20.0417 8148 MsRPC - ok
21:30:20.0433 8148 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
21:30:20.0448 8148 mssmbios - ok
21:30:20.0480 8148 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
21:30:20.0511 8148 MSTEE - ok
21:30:20.0526 8148 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
21:30:20.0542 8148 MTConfig - ok
21:30:20.0573 8148 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
21:30:20.0573 8148 Mup - ok
21:30:20.0620 8148 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
21:30:20.0651 8148 NativeWifiP - ok
21:30:20.0698 8148 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
21:30:20.0729 8148 NDIS - ok
21:30:20.0760 8148 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
21:30:20.0792 8148 NdisCap - ok
21:30:20.0807 8148 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
21:30:20.0854 8148 NdisTapi - ok
21:30:20.0885 8148 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
21:30:20.0916 8148 Ndisuio - ok
21:30:20.0948 8148 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
21:30:20.0979 8148 NdisWan - ok
21:30:21.0026 8148 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
21:30:21.0041 8148 NDProxy - ok
21:30:21.0072 8148 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
21:30:21.0104 8148 NetBIOS - ok
21:30:21.0119 8148 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
21:30:21.0150 8148 NetBT - ok
21:30:21.0322 8148 NETwNs64 (5d262402b0634c998f8cbcead7dd8676) C:\Windows\system32\DRIVERS\NETwNs64.sys
21:30:21.0509 8148 NETwNs64 - ok
21:30:21.0556 8148 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
21:30:21.0556 8148 nfrd960 - ok
21:30:21.0618 8148 nlem64nt (31888acc1f1008489fb4e73f7441892e) C:\Windows\system32\drivers\nlem64nt.sys
21:30:21.0618 8148 nlem64nt - ok
21:30:21.0665 8148 NPF (351533acc2a069b94e80bbfc177e8fdf) C:\Windows\system32\drivers\npf.sys
21:30:21.0681 8148 NPF - ok
21:30:21.0696 8148 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
21:30:21.0743 8148 Npfs - ok
21:30:21.0759 8148 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
21:30:21.0790 8148 nsiproxy - ok
21:30:21.0852 8148 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
21:30:21.0899 8148 Ntfs - ok
21:30:21.0915 8148 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
21:30:21.0946 8148 Null - ok
21:30:21.0977 8148 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
21:30:21.0993 8148 nvraid - ok
21:30:22.0024 8148 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
21:30:22.0040 8148 nvstor - ok
21:30:22.0055 8148 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
21:30:22.0071 8148 nv_agp - ok
21:30:22.0086 8148 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
21:30:22.0102 8148 ohci1394 - ok
21:30:22.0164 8148 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
21:30:22.0180 8148 Parport - ok
21:30:22.0196 8148 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
21:30:22.0211 8148 partmgr - ok
21:30:22.0227 8148 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
21:30:22.0242 8148 pci - ok
21:30:22.0258 8148 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
21:30:22.0274 8148 pciide - ok
21:30:22.0289 8148 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
21:30:22.0305 8148 pcmcia - ok
21:30:22.0320 8148 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
21:30:22.0336 8148 pcw - ok
21:30:22.0352 8148 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
21:30:22.0383 8148 PEAUTH - ok
21:30:22.0476 8148 PHCORE (18eea095af22ac5fa16fc27fb98c82d3) C:\Program Files\Lenovo\RapidBoot\PHCORE64.SYS
21:30:22.0476 8148 PHCORE - ok
21:30:22.0523 8148 pmxdrv (0bee791c7c7ace453c134e73633c497d) C:\Windows\system32\drivers\pmxdrv.sys
21:30:22.0539 8148 pmxdrv - ok
21:30:22.0554 8148 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
21:30:22.0601 8148 PptpMiniport - ok
21:30:22.0632 8148 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
21:30:22.0648 8148 Processor - ok
21:30:22.0695 8148 psadd (a70ad30223866947e39bc221df4c2306) C:\Windows\system32\DRIVERS\psadd.sys
21:30:22.0695 8148 psadd - ok
21:30:22.0726 8148 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
21:30:22.0773 8148 Psched - ok
21:30:22.0804 8148 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
21:30:22.0851 8148 ql2300 - ok
21:30:22.0866 8148 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
21:30:22.0882 8148 ql40xx - ok
21:30:22.0898 8148 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
21:30:22.0913 8148 QWAVEdrv - ok
21:30:22.0929 8148 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
21:30:22.0944 8148 RasAcd - ok
21:30:22.0976 8148 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
21:30:23.0007 8148 RasAgileVpn - ok
21:30:23.0022 8148 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:30:23.0054 8148 Rasl2tp - ok
21:30:23.0085 8148 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
21:30:23.0132 8148 RasPppoe - ok
21:30:23.0147 8148 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
21:30:23.0178 8148 RasSstp - ok
21:30:23.0210 8148 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
21:30:23.0256 8148 rdbss - ok
21:30:23.0272 8148 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
21:30:23.0288 8148 rdpbus - ok
21:30:23.0319 8148 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:30:23.0350 8148 RDPCDD - ok
21:30:23.0366 8148 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
21:30:23.0397 8148 RDPDR - ok
21:30:23.0412 8148 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
21:30:23.0459 8148 RDPENCDD - ok
21:30:23.0490 8148 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
21:30:23.0506 8148 RDPREFMP - ok
21:30:23.0537 8148 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
21:30:23.0568 8148 RDPWD - ok
21:30:23.0600 8148 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
21:30:23.0615 8148 rdyboost - ok
21:30:23.0678 8148 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
21:30:23.0693 8148 RFCOMM - ok
21:30:23.0740 8148 risdxc (ff501f212e5d5a97f8339928320f269e) C:\Windows\system32\DRIVERS\risdxc64.sys
21:30:23.0756 8148 risdxc - ok
21:30:23.0818 8148 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
21:30:23.0849 8148 rspndr - ok
21:30:23.0880 8148 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
21:30:23.0896 8148 s3cap - ok
21:30:23.0927 8148 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
21:30:23.0943 8148 sbp2port - ok
21:30:23.0974 8148 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
21:30:24.0021 8148 scfilter - ok
21:30:24.0036 8148 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
21:30:24.0083 8148 secdrv - ok
21:30:24.0114 8148 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
21:30:24.0146 8148 Serenum - ok
21:30:24.0161 8148 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
21:30:24.0192 8148 Serial - ok
21:30:24.0224 8148 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
21:30:24.0255 8148 sermouse - ok
21:30:24.0270 8148 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
21:30:24.0286 8148 sffdisk - ok
21:30:24.0286 8148 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
21:30:24.0302 8148 sffp_mmc - ok
21:30:24.0317 8148 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
21:30:24.0348 8148 sffp_sd - ok
21:30:24.0380 8148 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
21:30:24.0380 8148 sfloppy - ok
21:30:24.0426 8148 Shockprf (e2fc046d4edabfe3b5ef7da06406277d) C:\Windows\system32\DRIVERS\Apsx64.sys
21:30:24.0426 8148 Shockprf - ok
21:30:24.0489 8148 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
21:30:24.0504 8148 SiSRaid2 - ok
21:30:24.0520 8148 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
21:30:24.0520 8148 SiSRaid4 - ok
21:30:24.0567 8148 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
21:30:24.0582 8148 Smb - ok
21:30:24.0629 8148 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
21:30:24.0645 8148 spldr - ok
21:30:24.0707 8148 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
21:30:24.0738 8148 srv - ok
21:30:24.0770 8148 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
21:30:24.0785 8148 srv2 - ok
21:30:24.0816 8148 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
21:30:24.0832 8148 srvnet - ok
21:30:24.0879 8148 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
21:30:24.0879 8148 stexstor - ok
21:30:24.0926 8148 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
21:30:24.0941 8148 storflt - ok
21:30:24.0972 8148 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
21:30:24.0972 8148 storvsc - ok
21:30:25.0019 8148 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
21:30:25.0035 8148 swenum - ok
21:30:25.0082 8148 SynTP (b49fa98afad439cd7e33164c3a19bb88) C:\Windows\system32\DRIVERS\SynTP.sys
21:30:25.0097 8148 SynTP - ok
21:30:25.0160 8148 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
21:30:25.0206 8148 Tcpip - ok
21:30:25.0269 8148 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
21:30:25.0284 8148 TCPIP6 - ok
21:30:25.0316 8148 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
21:30:25.0347 8148 tcpipreg - ok
21:30:25.0378 8148 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
21:30:25.0409 8148 TDPIPE - ok
21:30:25.0425 8148 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
21:30:25.0456 8148 TDTCP - ok
21:30:25.0487 8148 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
21:30:25.0503 8148 tdx - ok
21:30:25.0534 8148 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
21:30:25.0534 8148 TermDD - ok
21:30:25.0581 8148 TPDIGIMN (55b7fe3e1d3b616bdc4e9ea48d92d6e6) C:\Windows\system32\DRIVERS\ApsHM64.sys
21:30:25.0581 8148 TPDIGIMN - ok
21:30:25.0596 8148 TPM (dbcc20c02e8a3e43b03c304a4e40a84f) C:\Windows\system32\drivers\tpm.sys
21:30:25.0628 8148 TPM - ok
21:30:25.0690 8148 TPPWRIF (7165b5a9b4867f64a6d6935f57d4196b) C:\Windows\system32\drivers\Tppwr64v.sys
21:30:25.0690 8148 TPPWRIF - ok
21:30:25.0721 8148 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:30:25.0752 8148 tssecsrv - ok
21:30:25.0784 8148 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
21:30:25.0784 8148 TsUsbFlt - ok
21:30:25.0799 8148 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
21:30:25.0815 8148 TsUsbGD - ok
21:30:25.0830 8148 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
21:30:25.0877 8148 tunnel - ok
21:30:25.0893 8148 TVTI2C (4daae0413cd4e816258838e2fafb3147) C:\Windows\system32\DRIVERS\Tvti2c.sys
21:30:25.0893 8148 TVTI2C - ok
21:30:25.0908 8148 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
21:30:25.0924 8148 uagp35 - ok
21:30:25.0940 8148 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
21:30:25.0971 8148 udfs - ok
21:30:26.0002 8148 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
21:30:26.0018 8148 uliagpkx - ok
21:30:26.0049 8148 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
21:30:26.0080 8148 umbus - ok
21:30:26.0096 8148 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
21:30:26.0127 8148 UmPass - ok
21:30:26.0174 8148 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
21:30:26.0189 8148 USBAAPL64 - ok
21:30:26.0220 8148 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
21:30:26.0236 8148 usbccgp - ok
21:30:26.0267 8148 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
21:30:26.0283 8148 usbcir - ok
21:30:26.0314 8148 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
21:30:26.0345 8148 usbehci - ok
21:30:26.0392 8148 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
21:30:26.0423 8148 usbhub - ok
21:30:26.0454 8148 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
21:30:26.0486 8148 usbohci - ok
21:30:26.0501 8148 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
21:30:26.0517 8148 usbprint - ok
21:30:26.0564 8148 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
21:30:26.0595 8148 usbscan - ok
21:30:26.0626 8148 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:30:26.0657 8148 USBSTOR - ok
21:30:26.0673 8148 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
21:30:26.0688 8148 usbuhci - ok
21:30:26.0735 8148 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
21:30:26.0751 8148 usbvideo - ok
21:30:26.0782 8148 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
21:30:26.0782 8148 vdrvroot - ok
21:30:26.0798 8148 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
21:30:26.0813 8148 vga - ok
21:30:26.0844 8148 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
21:30:26.0876 8148 VgaSave - ok
21:30:26.0891 8148 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
21:30:26.0907 8148 vhdmp - ok
21:30:26.0907 8148 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
21:30:26.0922 8148 viaide - ok
21:30:26.0985 8148 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
21:30:27.0000 8148 vmbus - ok
21:30:27.0000 8148 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
21:30:27.0032 8148 VMBusHID - ok
21:30:27.0078 8148 vmci (69f38919ff1510560d67f9a0b2375b01) C:\Windows\system32\drivers\vmci.sys
21:30:27.0094 8148 vmci - ok
21:30:27.0110 8148 VMnetAdapter (3c37a81c995aee1802c9d8dd9ea0e835) C:\Windows\system32\DRIVERS\vmnetadapter.sys
21:30:27.0125 8148 VMnetAdapter - ok
21:30:27.0156 8148 VMnetBridge (d3b25ed3a6796fe3078475d8cfcd6024) C:\Windows\system32\DRIVERS\vmnetbridge.sys
21:30:27.0156 8148 VMnetBridge - ok
21:30:27.0219 8148 VMnetuserif (ea48bef5bc53d6cb5fec8f9be088b337) C:\Windows\system32\drivers\vmnetuserif.sys
21:30:27.0234 8148 VMnetuserif - ok
21:30:27.0266 8148 vmx86 (1286147733e31fe4e40237eb289cd7a8) C:\Windows\system32\drivers\vmx86.sys
21:30:27.0281 8148 vmx86 - ok
21:30:27.0312 8148 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
21:30:27.0312 8148 volmgr - ok
21:30:27.0344 8148 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
21:30:27.0359 8148 volmgrx - ok
21:30:27.0390 8148 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
21:30:27.0406 8148 volsnap - ok
21:30:27.0422 8148 vpcbus (b4a73ca4ef9a02b9738cea9ad5fe5917) C:\Windows\system32\DRIVERS\vpchbus.sys
21:30:27.0437 8148 vpcbus - ok
21:30:27.0468 8148 vpcnfltr (e675fb2b48c54f09895482e2253b289c) C:\Windows\system32\DRIVERS\vpcnfltr.sys
21:30:27.0500 8148 vpcnfltr - ok
21:30:27.0531 8148 vpcusb (5fb42082b0d19a0268705f1dd343df20) C:\Windows\system32\DRIVERS\vpcusb.sys
21:30:27.0546 8148 vpcusb - ok
21:30:27.0593 8148 vpcvmm (207b6539799cc1c112661a9b620dd233) C:\Windows\system32\drivers\vpcvmm.sys
21:30:27.0593 8148 vpcvmm - ok
21:30:27.0624 8148 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
21:30:27.0640 8148 vsmraid - ok
21:30:27.0656 8148 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
21:30:27.0687 8148 vwifibus - ok
21:30:27.0718 8148 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
21:30:27.0734 8148 vwififlt - ok
21:30:27.0749 8148 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
21:30:27.0749 8148 vwifimp - ok
21:30:27.0765 8148 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
21:30:27.0796 8148 WacomPen - ok
21:30:27.0827 8148 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:30:27.0874 8148 WANARP - ok
21:30:27.0890 8148 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:30:27.0905 8148 Wanarpv6 - ok
21:30:27.0968 8148 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
21:30:27.0968 8148 Wd - ok
21:30:27.0999 8148 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam64.sys
21:30:28.0014 8148 WDC_SAM - ok
21:30:28.0046 8148 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
21:30:28.0061 8148 Wdf01000 - ok
21:30:28.0092 8148 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
21:30:28.0124 8148 WfpLwf - ok
21:30:28.0139 8148 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
21:30:28.0155 8148 WIMMount - ok
21:30:28.0202 8148 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
21:30:28.0217 8148 WinUsb - ok
21:30:28.0264 8148 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
21:30:28.0280 8148 WmiAcpi - ok
21:30:28.0311 8148 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
21:30:28.0342 8148 ws2ifsl - ok
21:30:28.0373 8148 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
21:30:28.0420 8148 WudfPf - ok
21:30:28.0467 8148 MBR (0x1B8) (a22ce34a5087ca1fe9bfac2eefed9a22) \Device\Harddisk0\DR0
21:30:28.0592 8148 \Device\Harddisk0\DR0 - ok
21:30:28.0623 8148 Boot (0x1200) (6b68376a44e6153add8c7849f2227dc0) \Device\Harddisk0\DR0\Partition0
21:30:28.0638 8148 \Device\Harddisk0\DR0\Partition0 - ok
21:30:28.0654 8148 Boot (0x1200) (519ab9122b42e936370ce40a545c0752) \Device\Harddisk0\DR0\Partition1
21:30:28.0654 8148 \Device\Harddisk0\DR0\Partition1 - ok
21:30:28.0685 8148 Boot (0x1200) (74e5c970da3450f83ea2d904540f967b) \Device\Harddisk0\DR0\Partition2
21:30:28.0685 8148 \Device\Harddisk0\DR0\Partition2 - ok
21:30:28.0685 8148 ============================================================
21:30:28.0685 8148 Scan finished
21:30:28.0685 8148 ============================================================
21:30:28.0685 5992 Detected object count: 0
21:30:28.0685 5992 Actual detected object count: 0
  • 0

#75
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,799 posts
  • MVP
I'm thinking this is the new variation that MSSE calls "Dos:Alureon.E". So far they are the only ones detecting it but they can't remove it. It gets down in the MBR and a reload of windows does not totally fix it. I would think replacing the MBR is our best option. We could try with MBRcheck but it might not work since the virus is active. Better would be to download Hiren's boot cd and burn it to a CD or USB and boot off it and go into the mini XP. Then use one of the mbr tools (there are about a dozen on the CD) to first backup the mbr then replace it with a standard Windows 7 MBR.

http://www.hirensbootcd.org/download/

It's a zipped iso file so you have to unzip it then burn it to a CD. I like to use freeisobruner http://www.freeisoburner.com/ less chance of a mistake. Then you have to boot off it so you may have to change your boot order to hit the CD player first.

I would hope the virus is not smart enough to infect the iso file so you can probably create it on your PC.

Alternatively if you do have the Windows DVD we could boot off it and run fixmbr and fixboot.

Ron
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP