Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Trojan Win64/Sirefef, Win64/Alureon, Redirect Removal [Solved]

Started by BJH1010 , Jul 22 2012 02:50 PM

  • This topic is locked This topic is locked

#1
BJH1010
Posted 22 July 2012 - 02:50 PM

BJH1010

    Member

  • Member
  • PipPip
  • 29 posts
In need of Geek help. Last week started receiving redirects on search engine results, MSE was disabled and could not enable, could not get Window Updates and svchost was quite active with uploading. Ran various software (HitMan Pro, ESET, Malwarebytes Anti-Malware, etc.) and a couple of system restores. They appear to have removed some of the nasty stuff but still getting the redirects. I tried the steps in your redirect removal discussion but no luck. Running Windows 7. Any assistance would be greatly appreciated. OTL file attached.

OTL logfile created on: 7/22/2012 4:21:06 PM - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Brad\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 2.11 Gb Available Physical Memory | 55.50% Memory free
7.60 Gb Paging File | 5.55 Gb Available in Paging File | 73.08% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 464.59 Gb Total Space | 291.76 Gb Free Space | 62.80% Space Free | Partition Type: NTFS

Computer Name: BRAD-THINK | User Name: Brad | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Brad\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Users\Brad\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
PRC - C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe ()
PRC - C:\Program Files (x86)\NETGEAR Genie\bin\genie_tray.exe ()
PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit Inc.)
PRC - C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
PRC - C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
PRC - C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\Communications Utility\CamMute.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited)
PRC - C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe (Lenovo)
PRC - C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe (Lenovo)
PRC - C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe (Lenovo)
PRC - C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe (Lenovo Group Limited)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - c:\Program Files (x86)\Lenovo\System Update\SUService.exe (Lenovo Group Limited)
PRC - C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)
PRC - C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe ()
PRC - C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
PRC - C:\Program Files (x86)\Intuit\QuickBooks Pro\Components\QBAgent\qbdagent2002.exe ()


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Resource.dll ()
MOD - C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Internet.dll ()
MOD - C:\Program Files (x86)\NETGEAR Genie\bin\DiagnoseDll.dll ()
MOD - C:\Program Files (x86)\NETGEAR Genie\bin\DiagnosePlugin.dll ()
MOD - C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Map.dll ()
MOD - C:\Program Files (x86)\NETGEAR Genie\bin\NetcardApi.dll ()
MOD - C:\Program Files (x86)\NETGEAR Genie\bin\SVTUtils.dll ()
MOD - C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_ParentalControl.dll ()
MOD - C:\Program Files (x86)\NETGEAR Genie\bin\InnerPlugin_FirmwareUpdate.dll ()
MOD - C:\Program Files (x86)\NETGEAR Genie\bin\Genie.dll ()
MOD - C:\Program Files (x86)\NETGEAR Genie\bin\InnerPlugin_TrafficMeter.dll ()
MOD - C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Airprint.dll ()
MOD - C:\Program Files (x86)\NETGEAR Genie\bin\airprintdll.dll ()
MOD - C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe ()
MOD - C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_RouterConfiguration.dll ()
MOD - C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_NetworkProblem.dll ()
MOD - C:\Program Files (x86)\NETGEAR Genie\bin\DragonNetTool.dll ()
MOD - C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Wireless.dll ()
MOD - C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Statistics.dll ()
MOD - C:\Program Files (x86)\NETGEAR Genie\bin\QtGui4.dll ()
MOD - C:\Program Files (x86)\NETGEAR Genie\bin\QtCore4.dll ()
MOD - C:\Program Files (x86)\NETGEAR Genie\bin\QtNetwork4.dll ()
MOD - C:\Program Files (x86)\NETGEAR Genie\bin\genie_tray.exe ()
MOD - C:\Program Files (x86)\NETGEAR Genie\bin\InnerPlugin_WirelessExport.dll ()
MOD - C:\Program Files (x86)\NETGEAR Genie\bin\QtXml4.dll ()
MOD - C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qjpeg4.dll ()
MOD - C:\Program Files (x86)\NETGEAR Genie\bin\WSetupApiPlugin.dll ()
MOD - C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qico4.dll ()
MOD - C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qgif4.dll ()
MOD - C:\Program Files (x86)\NETGEAR Genie\bin\WSetupDll.dll ()
MOD - C:\Program Files (x86)\NETGEAR Genie\bin\libgcc_s_dw2-1.dll ()
MOD - C:\Program Files (x86)\NETGEAR Genie\bin\mingwm10.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
MOD - C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll ()
MOD - C:\Windows\SysWOW64\370prop.ax ()
MOD - C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe ()
MOD - C:\Program Files (x86)\Intuit\QuickBooks Pro\Components\QBAgent\qbdagent2002.exe ()
MOD - C:\Program Files (x86)\Intuit\QuickBooks Pro\Components\QBAgent\QBDInstallMgr.dll ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (HitmanProScheduler) -- C:\Program Files\HitmanPro\hmpsched.exe (SurfRight B.V.)
SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (LENOVO.TPKNRSVC) -- C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe (Lenovo Group Limited)
SRV:64bit: - (LENOVO.CAMMUTE) -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe (Lenovo Group Limited)
SRV:64bit: - (TPHKSVC) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)
SRV:64bit: - (LENOVO.MICMUTE) -- C:\Program Files\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited)
SRV:64bit: - (IBMPMSVC) -- C:\Windows\SysNative\ibmpmsvc.exe (Lenovo.)
SRV:64bit: - (TPHDEXLGSVC) -- C:\Windows\SysNative\TPHDEXLG64.exe (Lenovo.)
SRV:64bit: - (TurboBoost) -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe (Intel® Corporation)
SRV:64bit: - (EvtEng) Intel® -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation)
SRV:64bit: - (RegSrvc) Intel® -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (NETGEARGenieDaemon) -- C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe (NETGEAR)
SRV - (IntuitUpdateServiceV4) -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit Inc.)
SRV - (IntuitUpdateService) -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (AcSvc) -- C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe (Lenovo)
SRV - (AcPrfMgrSvc) -- C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe (Lenovo)
SRV - (Power Manager DBC Service) -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe (Lenovo)
SRV - (UNS) Intel® -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) Intel® -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (SUService) -- c:\Program Files (x86)\Lenovo\System Update\SUService.exe (Lenovo Group Limited)
SRV - (AdobeActiveFileMonitor8.0) -- C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
SRV - (ThinkVantage Registry Monitor Service) -- C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (IviRegMgr) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)


========== Driver Services (SafeList) ==========

DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (NPF) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies, Inc.)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (RimUsb) -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys (Research In Motion Limited)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (Netaapl) -- C:\Windows\SysNative\drivers\netaapl64.sys (Apple Inc.)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (IntcDAud) Intel® -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel® Corporation)
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (TPPWRIF) -- C:\Windows\SysNative\drivers\TPPWR64V.SYS ()
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (PCDSRVC{127174DC-C366ED8B-06000000}_0) -- c:\Program Files\PC-Doctor\pcdsrvc_x64.pkms (PC-Doctor, Inc.)
DRV:64bit: - (IBMPMDRV) -- C:\Windows\SysNative\drivers\ibmpmdrv.sys (Lenovo.)
DRV:64bit: - (usbsmi) -- C:\Windows\SysNative\drivers\SMIksdrv.sys (SMI)
DRV:64bit: - (Shockprf) -- C:\Windows\SysNative\drivers\ApsX64.sys (Lenovo.)
DRV:64bit: - (TPDIGIMN) -- C:\Windows\SysNative\drivers\ApsHM64.sys (Lenovo.)
DRV:64bit: - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys ()
DRV:64bit: - (HECIx64) Intel® -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (NETw5s64) Intel® -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (ROOTMODEM) -- C:\Windows\SysNative\drivers\rootmdm.sys (Microsoft Corporation)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (psadd) -- C:\Windows\SysNative\drivers\psadd.sys (Lenovo (United States) Inc.)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (netw5v64) Intel® -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (RimVSerPort) -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys (Research in Motion Ltd)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (lenovo.smi) -- C:\Windows\SysNative\drivers\smiifx64.sys (Lenovo Group Limited)
DRV:64bit: - (WDC_SAM) -- C:\Windows\SysNative\drivers\wdcsam64.sys (Western Digital Technologies)
DRV - (MREMP50) -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MRESP50) -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (SMSIVZAM5X64) -- C:\Program Files (x86)\Verizon Wireless\VZAccess Manager\SMSIVZAM5X64.sys (Smith Micro Inc.)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE:64bit: - HKLM\..\SearchScopes\{653C4D7A-F9FA-4495-99B8-52C38E049CD0}: "URL" = http://www.bing.com/...c=IE-SearchBox;
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{098FA262-8B21-44DB-92F5-99D07EBC8B8A}: "URL" = http://www.bing.com/...c=IE-SearchBox;
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.drudgereport.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.drudgereport.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {bff829b6-b433-42ce-9a19-e459d3e4e483}:3.6.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.5.200812101546
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10
FF - prefs.js..network.proxy.no_proxies_on: "*.local"


FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Brad\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Brad\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Brad\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)


[2012/07/15 13:43:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Brad\AppData\Roaming\Mozilla\Firefox\Profiles\vq3i93wb.default\extensions
[2010/04/25 20:53:18 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Brad\AppData\Roaming\Mozilla\Firefox\Profiles\vq3i93wb.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/25 20:53:21 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Brad\AppData\Roaming\Mozilla\Firefox\Profiles\vq3i93wb.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\BRAD HAMMOND\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\VQ3I93WB.DEFAULT\EXTENSIONS\{20A82645-C095-46ED-80E3-08825760534B}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\BRAD HAMMOND\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\VQ3I93WB.DEFAULT\EXTENSIONS\{635ABD67-4FE9-1B23-4F01-E679FA7484C1}
File not found (No name found) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{BFF829B6-B433-42CE-9A19-E459D3E4E483}

========== Chrome ==========

CHR - homepage: http://www.drudgereport.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.drudgereport.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Brad\AppData\Local\Google\Chrome\Application\21.0.1180.49\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Brad\AppData\Local\Google\Chrome\Application\21.0.1180.49\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Brad\AppData\Local\Google\Chrome\Application\21.0.1180.49\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Brad\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Brad\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Users\Brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitBHO64.dll (TechSmith Corporation)
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (IePasswordManagerHelper Class) - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files (x86)\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitIEAddin64.dll (TechSmith Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [AcWin7Hlpr] C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe ()
O4:64bit: - HKLM..\Run: [cssauth] C:\Program Files\Lenovo\Client Security Solution\cssauth.exe (Lenovo Group Limited)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe (Lenovo Group Limited)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated)
O4:64bit: - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
O4:64bit: - HKLM..\Run: [TpShocks] C:\Windows\SysNative\TpShocks.exe (Lenovo.)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Message Center Plus] C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe ()
O4 - HKLM..\Run: [PWMTRV] C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [Adobe Acrobat Synchronizer] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe" File not found
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Brad\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKCU..\Run: [Ancestry.com] C:\Users\Brad\AppData\Local\Apple\Ancestry.com\rtfzrvfnz.dll (Microsoft Corporation)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Brad\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [Google Update] C:\Users\Brad\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKCU..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [NETGEARGenie] C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe ()
O4 - HKCU..\Run: [OfficeSyncProcess] C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files (x86)\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Windows\SysNative\wshbth.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\wshbth.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.h...tDetection2.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicr...osoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file:///C:/Windows/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5E9F3355-180C-477D-8241-AA8A1A457E35}: DhcpNameServer = 66.174.95.44 69.78.96.14
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{97C08801-0BB1-4FA3-B651-1813E85FB91E}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\http\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\http\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\https\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files (x86)\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop Components:1 (SuperStats Desktop Display for vsign_2190534) - http://www.superstat...051c3093d6a2de1
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (livessp) - C:\Windows\SysNative\livessp.dll (Microsoft Corp.)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\SysWow64\livessp.dll (Microsoft Corp.)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{89609232-3cca-11df-af28-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{89609232-3cca-11df-af28-806e6f6e6963}\Shell\AutoRun\command - "" = Q:\LenovoQDrive.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/22 16:18:06 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Brad\Desktop\OTL.exe
[2012/07/22 15:10:20 | 000,000,000 | ---D | C] -- C:\Users\Brad\Desktop\Virus Removal
[2012/07/22 11:47:55 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{9CD570B2-5087-4E26-BEFC-3A08F4A9CF54}
[2012/07/22 11:47:01 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{E6E58669-225B-4973-9D2C-DB581CA22DDC}
[2012/07/21 22:19:38 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{DFD9EAFF-C698-4237-BAC7-9280B211C80F}
[2012/07/21 22:19:27 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{F3B864D6-D7C1-4A95-BACC-2E2803D3E759}
[2012/07/21 10:06:24 | 000,157,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012/07/21 10:06:24 | 000,149,296 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012/07/21 10:06:24 | 000,149,296 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012/07/21 10:00:12 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{3BD22A04-CF98-4202-98C8-9A4176374494}
[2012/07/21 10:00:01 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{80022776-98E0-4162-810B-82945B670AF1}
[2012/07/21 01:07:09 | 000,000,000 | ---D | C] -- C:\Users\Brad\Desktop\band logos
[2012/07/20 22:38:01 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2012/07/20 22:31:38 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2012/07/20 20:42:20 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Roaming\Malwarebytes
[2012/07/20 20:42:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/07/20 20:42:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/07/20 20:42:12 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/07/20 20:42:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/07/20 20:29:09 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{03AF351A-B3F5-4B3F-8E3A-2EBBDCF3C1FF}
[2012/07/20 20:28:57 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{F2609D24-6FD8-4BD3-B7AB-FEE0AA0522E2}
[2012/07/20 19:51:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
[2012/07/20 19:34:34 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{F2007428-BA65-4DC4-B73C-43A615B5EB7F}
[2012/07/20 19:34:22 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{BBECFA24-205E-4ABA-9A29-7A137EA12682}
[2012/07/20 18:21:52 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2012/07/20 17:03:24 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SanDisk SecureAccess Manager
[2012/07/20 17:03:22 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Roaming\SanDisk
[2012/07/20 09:20:19 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{8C139FAE-B7EB-42D9-9BC3-7908D8E708EC}
[2012/07/20 09:19:51 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{BD0F5186-7928-4263-A796-861D864BFA33}
[2012/07/19 18:45:55 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{50E6662C-8369-41E0-AEB7-52E9CCD418DB}
[2012/07/19 18:45:43 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{1B62A5C1-12DA-4006-A16D-4DB47990DA90}
[2012/07/18 18:27:42 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{E526B0F6-5586-403A-97AC-31ACA8F60C4D}
[2012/07/18 18:26:38 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{EBF7B058-0703-4841-9EE8-E71A5ECF73E7}
[2012/07/17 22:53:20 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{0CDC9266-D2FE-488F-B97C-9E63F924E844}
[2012/07/17 22:52:21 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{8F9A2DFC-7905-402B-982C-EDE50F1F67C6}
[2012/07/16 23:37:18 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{30686D8F-B3BD-40F2-94D0-92731487D462}
[2012/07/16 23:37:07 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{106E8380-4554-4EA9-96FF-0188CBDE5CC3}
[2012/07/15 12:23:23 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{F5EF34DB-F84B-4A25-A27E-6A4B5EB8E4C4}
[2012/07/15 12:23:12 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{962E9C63-73A3-4499-9B1A-C449E5641760}
[2012/07/15 11:45:39 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{4B9BEA92-9CAC-444E-8143-88E17218300C}
[2012/07/15 11:44:39 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{38754440-E789-4E4B-90BA-4DE543880AF7}
[2012/07/14 23:11:35 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{63BEB0B5-233F-4B0A-94B4-AD20FBB8797C}
[2012/07/14 23:11:23 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{F41A174E-E231-471D-AF2A-EDF4C00EE663}
[2012/07/14 11:10:54 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{C6AAB7C7-9E14-4135-895C-7D0D0A351065}
[2012/07/14 11:09:30 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{FA50F4E6-4107-4240-B921-8D4073416273}
[2012/07/12 22:53:21 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{092A0B2F-275F-4917-8DA1-CB540C0FCC8D}
[2012/07/12 08:00:24 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{99D0689F-1439-44F3-8A8C-3BEAA51A442A}
[2012/07/12 08:00:13 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{A493270A-7E86-4F18-9E37-C84A5D0D63AD}
[2012/07/11 19:59:46 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{77FED515-74E8-463E-BBA0-51971654EA54}
[2012/07/11 07:59:20 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{E8F481D8-9EA8-4F3D-9B93-EAA1380E32A4}
[2012/07/11 07:59:09 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{DBF45C19-6447-41D4-B00C-54BE4260852F}
[2012/07/10 23:04:18 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/07/10 23:04:18 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/07/10 23:04:17 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/07/10 23:04:17 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/07/10 23:04:15 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/07/10 23:04:15 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/07/10 23:04:15 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/07/10 23:04:14 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/07/10 23:04:13 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/07/10 23:04:12 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/07/10 23:04:12 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/07/10 23:04:12 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/07/10 23:04:12 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/07/10 20:07:36 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2012/07/10 20:07:36 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2012/07/10 20:07:29 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012/07/10 20:07:06 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll
[2012/07/10 20:07:04 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
[2012/07/10 19:58:28 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{E688706F-D968-46CB-83C3-5C2EF0E30967}
[2012/07/10 19:57:21 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{D4008873-BFDC-4DEB-8FDA-764B933D0245}
[2012/07/09 20:35:01 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{8B499F4E-1569-4824-A4F2-68984ABF1187}
[2012/07/09 20:34:48 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{919DD604-3DD1-47DE-AF3A-58584ECA55F4}
[2012/07/09 10:19:22 | 000,000,000 | ---D | C] -- C:\Users\Brad\Desktop\iPad_GUI_retina_1.0.psd
[2012/07/09 07:44:23 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{C1F7EB59-AE9C-4DCC-BEDC-8DA2151D2E31}
[2012/07/08 18:02:38 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{30D63BC3-0A6A-4D41-9789-7CD10DB41BDC}
[2012/07/08 18:02:26 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{34C5B53A-A34D-4E46-9BC9-0F4EC89DEA9C}
[2012/07/08 00:38:21 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{FEC0A208-F8B3-4CE5-B2B2-EE8DDA46B6E1}
[2012/07/08 00:37:38 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{A6132ECD-65EF-44E5-AF58-D3E8A61CD534}
[2012/07/07 00:13:30 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{EF9E1FD0-8245-4BEE-BF80-5DFE6E20FD81}
[2012/07/06 11:59:45 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{D0616FDF-AA45-4D06-9814-374882B98D35}
[2012/07/06 11:57:02 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{E6AB62AF-2509-43FE-B4ED-39D0F60A8496}
[2012/07/05 16:26:15 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{255529EB-26A6-4297-98DC-05B52A14E602}
[2012/07/05 01:08:32 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{4E34B116-0B7E-4E71-8894-D2B8111B37BE}
[2012/07/04 08:40:37 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{37CE1079-5A1D-4F6C-BE7C-94E2ACED4C82}
[2012/07/03 15:40:29 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{4C4FDA0F-8398-4BB1-903D-D9484649185D}
[2012/07/03 15:38:57 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{E0BF0E8F-FC78-4213-98C9-E9573D30EE5A}
[2012/07/02 18:24:15 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{3A261376-D6A9-417B-A2F9-6746E0F2ECB4}
[2012/07/01 13:33:24 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{A06CCDD9-7455-4EB9-9AA8-0663A5090453}
[2012/07/01 13:32:18 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{004FC525-3D14-4F96-A6FA-12BB3A063E05}
[2012/06/30 14:49:56 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{9BA0E5B3-7D69-4BEB-8550-CAD36BF201F6}
[2012/06/30 14:49:07 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{2044FCCE-3DFD-47CC-9BE5-3A81018D344C}
[2012/06/29 10:25:47 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{1B13FFD5-CB4C-4577-9CDA-C1B08F058099}
[2012/06/29 10:25:01 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{9881B2DA-B40C-440A-8F3B-20DBF762B421}
[2012/06/28 22:12:21 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{B1B685CF-3A48-4F31-95AB-282C06B0FDF4}
[2012/06/28 22:10:35 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{86DBB729-B555-4113-8DD3-4B1666D8261E}
[2012/06/27 15:26:51 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{742E400B-D1F9-4511-AA3F-740742E3A276}
[2012/06/26 23:25:35 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{F7C0907C-5CEA-405B-98CB-076B61A624FC}
[2012/06/26 23:21:23 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{3D0AF7B9-97A0-497B-BC1E-B87A76B21977}
[2012/06/26 01:52:11 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{A4858653-BB08-42F9-B87D-A719DF6FD31E}
[2012/06/25 08:25:11 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{E0714170-ABAB-4C51-9BEF-6F4D28EDCB65}
[2012/06/25 08:24:59 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{6908B27A-B91D-4882-8819-B98B60D874FD}
[2012/06/25 08:05:12 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{74D42C11-5733-4530-9243-268EE4B78959}
[2012/06/25 08:00:46 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012/06/25 07:33:38 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{FF6C97D6-33FE-40D3-9195-0D76FE0CD4E3}
[2012/06/25 07:23:06 | 000,000,000 | ---D | C] -- C:\Users\Brad\Desktop\moms carmera june 2012
[2012/06/24 22:18:24 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2012/06/24 22:18:24 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012/06/24 22:18:23 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012/06/24 22:18:13 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012/06/24 22:18:13 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2012/06/24 22:18:13 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012/06/24 22:17:57 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2012/06/24 22:17:57 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2012/06/24 21:59:14 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{CC5EC8C3-5128-452D-8A55-BA8A3BDA6975}
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/22 16:18:06 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Brad\Desktop\OTL.exe
[2012/07/22 16:01:00 | 000,000,254 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Messager.job
[2012/07/22 15:59:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/22 15:58:55 | 000,020,704 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/22 15:58:55 | 000,020,704 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/22 15:51:47 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/22 15:51:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/22 15:51:01 | 3061,227,520 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/22 15:38:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1407327172-4063872591-163262699-1004UA.job
[2012/07/22 13:59:01 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1407327172-4063872591-163262699-1004UA.job
[2012/07/22 13:28:25 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2012/07/22 13:21:15 | 000,001,904 | ---- | M] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2012/07/22 12:48:40 | 001,374,064 | ---- | M] () -- C:\Users\Brad\Desktop\1920UnitedStatesFederalCensus_Allens.jpg
[2012/07/22 12:44:29 | 001,030,071 | ---- | M] () -- C:\Users\Brad\Desktop\1930UnitedStatesFederalCensus_Allens.jpg
[2012/07/22 12:39:36 | 000,743,354 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/07/22 12:39:36 | 000,635,308 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/07/22 12:39:36 | 000,111,810 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/07/21 11:38:30 | 003,175,671 | ---- | M] () -- C:\Users\Brad\Desktop\ben and pauline allen 1940 census.jpg
[2012/07/21 01:40:29 | 000,002,458 | ---- | M] () -- C:\Users\Brad\Desktop\Google Chrome.lnk
[2012/07/20 22:38:30 | 000,001,908 | ---- | M] () -- C:\Users\Brad\Desktop\log2.xml
[2012/07/20 20:42:13 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/20 20:03:10 | 000,001,672 | ---- | M] () -- C:\Users\Brad\Desktop\log.xml
[2012/07/20 17:02:53 | 000,000,288 | ---- | M] () -- C:\Users\Brad\AppData\Roaming\.backup.dm
[2012/07/15 20:32:22 | 000,061,485 | ---- | M] () -- C:\Users\Brad\Desktop\64869989-2590-4ec3-a405-6e2ee9b668ae-1.jpg
[2012/07/15 17:38:03 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1407327172-4063872591-163262699-1004Core.job
[2012/07/15 16:59:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1407327172-4063872591-163262699-1004Core.job
[2012/07/15 10:51:23 | 000,007,593 | ---- | M] () -- C:\Users\Brad\AppData\Local\Resmon.ResmonCfg
[2012/07/13 09:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012/07/10 23:20:19 | 000,002,025 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012/07/10 23:15:43 | 000,456,928 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/07/09 10:19:08 | 036,876,420 | ---- | M] () -- C:\Users\Brad\Desktop\iPad_GUI_retina_1.0.psd.zip
[2012/07/07 14:00:00 | 000,000,528 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/06/28 20:23:50 | 000,476,976 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\npdeployJava1.dll
[2012/06/28 20:23:46 | 000,472,880 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2012/06/28 20:20:51 | 000,157,488 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012/06/28 20:20:48 | 000,149,296 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012/06/28 20:20:42 | 000,149,296 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/22 13:21:15 | 000,001,904 | ---- | C] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2012/07/22 12:48:40 | 001,374,064 | ---- | C] () -- C:\Users\Brad\Desktop\1920UnitedStatesFederalCensus_Allens.jpg
[2012/07/22 12:44:28 | 001,030,071 | ---- | C] () -- C:\Users\Brad\Desktop\1930UnitedStatesFederalCensus_Allens.jpg
[2012/07/21 11:38:30 | 003,175,671 | ---- | C] () -- C:\Users\Brad\Desktop\ben and pauline allen 1940 census.jpg
[2012/07/20 22:38:30 | 000,001,908 | ---- | C] () -- C:\Users\Brad\Desktop\log2.xml
[2012/07/20 20:42:13 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/20 20:03:10 | 000,001,672 | ---- | C] () -- C:\Users\Brad\Desktop\log.xml
[2012/07/20 17:02:53 | 000,000,288 | ---- | C] () -- C:\Users\Brad\AppData\Roaming\.backup.dm
[2012/07/15 20:32:52 | 000,061,485 | ---- | C] () -- C:\Users\Brad\Desktop\64869989-2590-4ec3-a405-6e2ee9b668ae-1.jpg
[2012/07/09 10:18:20 | 036,876,420 | ---- | C] () -- C:\Users\Brad\Desktop\iPad_GUI_retina_1.0.psd.zip
[2012/04/16 21:09:27 | 000,000,614 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2012/02/16 00:21:36 | 000,007,593 | ---- | C] () -- C:\Users\Brad\AppData\Local\Resmon.ResmonCfg
[2012/02/04 21:17:16 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012/01/10 23:33:33 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{f3151df8-0c73-ad17-b3d0-fd5ef391f0cd}\@
[2012/01/10 23:33:33 | 000,002,048 | -HS- | C] () -- C:\Users\Brad\AppData\Local\{f3151df8-0c73-ad17-b3d0-fd5ef391f0cd}\@
[2011/03/13 12:00:29 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/11/29 06:21:32 | 000,128,204 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2010/11/29 06:21:30 | 000,867,020 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2010/11/29 06:21:30 | 000,105,408 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2010/08/21 13:13:27 | 000,005,120 | ---- | C] () -- C:\Users\Brad\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/13 19:57:50 | 081,463,468 | ---- | C] () -- C:\Users\Brad\Everlong_v3.21_Full.zip

========== LOP Check ==========

[2011/05/20 18:51:19 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\Blackberry Desktop
[2011/11/23 19:56:48 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\Free MP3 WMA OGG Converter
[2012/02/16 00:10:11 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\Kingston
[2010/04/24 17:02:41 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\Lenovo
[2010/08/21 13:13:17 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\Research In Motion
[2012/07/20 19:28:04 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\SanDisk
[2010/10/22 16:24:27 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\Smith Micro
[2010/07/31 22:24:42 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\TP
[2010/10/17 16:48:24 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\Ulead Systems
[2012/07/15 16:59:00 | 000,000,902 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1407327172-4063872591-163262699-1004Core.job
[2012/07/22 13:59:01 | 000,000,924 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1407327172-4063872591-163262699-1004UA.job
[2012/07/07 14:00:00 | 000,000,528 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2012/04/26 06:37:43 | 000,032,600 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/07/13 09:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job

========== Purity Check ==========



< End of report >

Edited by BJH1010, 22 July 2012 - 02:57 PM.

  • 0

Advertisements

#2
maliprog
Posted 23 July 2012 - 12:47 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hello BJH1010 and welcome to my office here at G2G! :)

My nick is maliprog and I'll be your technical support on this issue. Before we start please read my notes carefully:

NOTES:
  • Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
  • Absence of symptoms does not always mean the computer is clean
  • Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
  • Please DO NOT run any scans or fix on your own without my direction.
  • Please read all of my response through at least once before attempting to follow the procedures described.
  • If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste it to include the log in your reply.
  • You must reply within 3 days or your topic will be closed

Step 1

NOTE: This fix is custom made for this system only and for current system state! Don't try to run it on another system!

Please close all running programs and Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local>
    [2012/07/22 11:47:55 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{9CD570B2-5087-4E26-BEFC-3A08F4A9CF54}
    [2012/07/22 11:47:01 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{E6E58669-225B-4973-9D2C-DB581CA22DDC}
    [2012/07/21 22:19:38 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{DFD9EAFF-C698-4237-BAC7-9280B211C80F}
    [2012/07/21 22:19:27 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{F3B864D6-D7C1-4A95-BACC-2E2803D3E759}
    [2012/07/21 10:00:12 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{3BD22A04-CF98-4202-98C8-9A4176374494}
    [2012/07/21 10:00:01 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{80022776-98E0-4162-810B-82945B670AF1}
    [2012/07/20 20:29:09 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{03AF351A-B3F5-4B3F-8E3A-2EBBDCF3C1FF}
    [2012/07/20 20:28:57 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{F2609D24-6FD8-4BD3-B7AB-FEE0AA0522E2}
    [2012/07/20 19:34:34 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{F2007428-BA65-4DC4-B73C-43A615B5EB7F}
    [2012/07/20 19:34:22 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{BBECFA24-205E-4ABA-9A29-7A137EA12682}
    [2012/07/20 09:20:19 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{8C139FAE-B7EB-42D9-9BC3-7908D8E708EC}
    [2012/07/20 09:19:51 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{BD0F5186-7928-4263-A796-861D864BFA33}
    [2012/07/19 18:45:55 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{50E6662C-8369-41E0-AEB7-52E9CCD418DB}
    [2012/07/19 18:45:43 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{1B62A5C1-12DA-4006-A16D-4DB47990DA90}
    [2012/07/18 18:27:42 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{E526B0F6-5586-403A-97AC-31ACA8F60C4D}
    [2012/07/18 18:26:38 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{EBF7B058-0703-4841-9EE8-E71A5ECF73E7}
    [2012/07/17 22:53:20 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{0CDC9266-D2FE-488F-B97C-9E63F924E844}
    [2012/07/17 22:52:21 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{8F9A2DFC-7905-402B-982C-EDE50F1F67C6}
    [2012/07/16 23:37:18 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{30686D8F-B3BD-40F2-94D0-92731487D462}
    [2012/07/16 23:37:07 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{106E8380-4554-4EA9-96FF-0188CBDE5CC3}
    [2012/07/15 12:23:23 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{F5EF34DB-F84B-4A25-A27E-6A4B5EB8E4C4}
    [2012/07/15 12:23:12 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{962E9C63-73A3-4499-9B1A-C449E5641760}
    [2012/07/15 11:45:39 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{4B9BEA92-9CAC-444E-8143-88E17218300C}
    [2012/07/15 11:44:39 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{38754440-E789-4E4B-90BA-4DE543880AF7}
    [2012/07/14 23:11:35 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{63BEB0B5-233F-4B0A-94B4-AD20FBB8797C}
    [2012/07/14 23:11:23 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{F41A174E-E231-471D-AF2A-EDF4C00EE663}
    [2012/07/14 11:10:54 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{C6AAB7C7-9E14-4135-895C-7D0D0A351065}
    [2012/07/14 11:09:30 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{FA50F4E6-4107-4240-B921-8D4073416273}
    [2012/07/12 22:53:21 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{092A0B2F-275F-4917-8DA1-CB540C0FCC8D}
    [2012/07/12 08:00:24 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{99D0689F-1439-44F3-8A8C-3BEAA51A442A}
    [2012/07/12 08:00:13 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{A493270A-7E86-4F18-9E37-C84A5D0D63AD}
    [2012/07/11 19:59:46 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{77FED515-74E8-463E-BBA0-51971654EA54}
    [2012/07/11 07:59:20 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{E8F481D8-9EA8-4F3D-9B93-EAA1380E32A4}
    [2012/07/11 07:59:09 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{DBF45C19-6447-41D4-B00C-54BE4260852F}
    [2012/07/10 19:58:28 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{E688706F-D968-46CB-83C3-5C2EF0E30967}
    [2012/07/10 19:57:21 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{D4008873-BFDC-4DEB-8FDA-764B933D0245}
    [2012/07/09 20:35:01 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{8B499F4E-1569-4824-A4F2-68984ABF1187}
    [2012/07/09 20:34:48 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{919DD604-3DD1-47DE-AF3A-58584ECA55F4}
    [2012/07/09 07:44:23 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{C1F7EB59-AE9C-4DCC-BEDC-8DA2151D2E31}
    [2012/07/08 18:02:38 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{30D63BC3-0A6A-4D41-9789-7CD10DB41BDC}
    [2012/07/08 18:02:26 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{34C5B53A-A34D-4E46-9BC9-0F4EC89DEA9C}
    [2012/07/08 00:38:21 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{FEC0A208-F8B3-4CE5-B2B2-EE8DDA46B6E1}
    [2012/07/08 00:37:38 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{A6132ECD-65EF-44E5-AF58-D3E8A61CD534}
    [2012/07/07 00:13:30 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{EF9E1FD0-8245-4BEE-BF80-5DFE6E20FD81}
    [2012/07/06 11:59:45 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{D0616FDF-AA45-4D06-9814-374882B98D35}
    [2012/07/06 11:57:02 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{E6AB62AF-2509-43FE-B4ED-39D0F60A8496}
    [2012/07/05 16:26:15 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{255529EB-26A6-4297-98DC-05B52A14E602}
    [2012/07/05 01:08:32 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{4E34B116-0B7E-4E71-8894-D2B8111B37BE}
    [2012/07/04 08:40:37 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{37CE1079-5A1D-4F6C-BE7C-94E2ACED4C82}
    [2012/07/03 15:40:29 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{4C4FDA0F-8398-4BB1-903D-D9484649185D}
    [2012/07/03 15:38:57 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{E0BF0E8F-FC78-4213-98C9-E9573D30EE5A}
    [2012/07/02 18:24:15 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{3A261376-D6A9-417B-A2F9-6746E0F2ECB4}
    [2012/07/01 13:33:24 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{A06CCDD9-7455-4EB9-9AA8-0663A5090453}
    [2012/07/01 13:32:18 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{004FC525-3D14-4F96-A6FA-12BB3A063E05}
    [2012/06/30 14:49:56 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{9BA0E5B3-7D69-4BEB-8550-CAD36BF201F6}
    [2012/06/30 14:49:07 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{2044FCCE-3DFD-47CC-9BE5-3A81018D344C}
    [2012/06/29 10:25:47 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{1B13FFD5-CB4C-4577-9CDA-C1B08F058099}
    [2012/06/29 10:25:01 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{9881B2DA-B40C-440A-8F3B-20DBF762B421}
    [2012/06/28 22:12:21 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{B1B685CF-3A48-4F31-95AB-282C06B0FDF4}
    [2012/06/28 22:10:35 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{86DBB729-B555-4113-8DD3-4B1666D8261E}
    [2012/06/27 15:26:51 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{742E400B-D1F9-4511-AA3F-740742E3A276}
    [2012/06/26 23:25:35 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{F7C0907C-5CEA-405B-98CB-076B61A624FC}
    [2012/06/26 23:21:23 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{3D0AF7B9-97A0-497B-BC1E-B87A76B21977}
    [2012/06/26 01:52:11 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{A4858653-BB08-42F9-B87D-A719DF6FD31E}
    [2012/06/25 08:25:11 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{E0714170-ABAB-4C51-9BEF-6F4D28EDCB65}
    [2012/06/25 08:24:59 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{6908B27A-B91D-4882-8819-B98B60D874FD}
    [2012/06/25 08:05:12 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{74D42C11-5733-4530-9243-268EE4B78959}
    [2012/06/25 07:33:38 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{FF6C97D6-33FE-40D3-9195-0D76FE0CD4E3}
    [2012/06/24 21:59:14 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{CC5EC8C3-5128-452D-8A55-BA8A3BDA6975}


    :Files
    ipconfig /flushdns /c
    C:\Windows\Installer\{f3151df8-0c73-ad17-b3d0-fd5ef391f0cd}
    C:\Users\Brad\AppData\Local\{f3151df8-0c73-ad17-b3d0-fd5ef391f0cd}

    :Commands
    [purity]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles

Step 2

Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop *

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the combo fix log in your next reply

Step 3

Download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  • Check the boxes beside:

    • Verify Driver Digital Signature
    • Detect TDLFS file system
  • then click OK.
  • Click the Start Scan button to start the scan.
  • If a suspicious object is detected, the default action will be Skip
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected for malicious objects

    Posted Image
  • Click Continue then Reboot now to finish the cleaning process.
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.


Step 4

Please don't forget to include these items in your reply:

  • OTL fix log
  • Combofix log
  • TDSSKiller log
It would be helpful if you could post each log in separate post using "Add Reply" button
  • 0

#3
BJH1010
Posted 23 July 2012 - 07:28 AM

BJH1010

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Hello maliprog! I got through Step 2 (ComboFix) but now cannot launch any program or view any of the log files. I get the following error: "Illegal operation attempted on a registry key that has been marked for deletion". I have not rebooted since ComboFix completed. Please advise.
  • 0

#4
BJH1010
Posted 23 July 2012 - 07:49 AM

BJH1010

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
I was able to retrieve the OTL and ComboFix log files from the infected computer. Appended in subsequent replies.
  • 0

#5
BJH1010
Posted 23 July 2012 - 07:51 AM

BJH1010

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
========== OTL ==========
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
C:\Users\Brad\AppData\Local\{9CD570B2-5087-4E26-BEFC-3A08F4A9CF54} folder moved successfully.
C:\Users\Brad\AppData\Local\{E6E58669-225B-4973-9D2C-DB581CA22DDC} folder moved successfully.
C:\Users\Brad\AppData\Local\{DFD9EAFF-C698-4237-BAC7-9280B211C80F} folder moved successfully.
C:\Users\Brad\AppData\Local\{F3B864D6-D7C1-4A95-BACC-2E2803D3E759} folder moved successfully.
C:\Users\Brad\AppData\Local\{3BD22A04-CF98-4202-98C8-9A4176374494} folder moved successfully.
C:\Users\Brad\AppData\Local\{80022776-98E0-4162-810B-82945B670AF1} folder moved successfully.
C:\Users\Brad\AppData\Local\{03AF351A-B3F5-4B3F-8E3A-2EBBDCF3C1FF} folder moved successfully.
C:\Users\Brad\AppData\Local\{F2609D24-6FD8-4BD3-B7AB-FEE0AA0522E2} folder moved successfully.
C:\Users\Brad\AppData\Local\{F2007428-BA65-4DC4-B73C-43A615B5EB7F} folder moved successfully.
C:\Users\Brad\AppData\Local\{BBECFA24-205E-4ABA-9A29-7A137EA12682} folder moved successfully.
C:\Users\Brad\AppData\Local\{8C139FAE-B7EB-42D9-9BC3-7908D8E708EC} folder moved successfully.
C:\Users\Brad\AppData\Local\{BD0F5186-7928-4263-A796-861D864BFA33} folder moved successfully.
C:\Users\Brad\AppData\Local\{50E6662C-8369-41E0-AEB7-52E9CCD418DB} folder moved successfully.
C:\Users\Brad\AppData\Local\{1B62A5C1-12DA-4006-A16D-4DB47990DA90} folder moved successfully.
C:\Users\Brad\AppData\Local\{E526B0F6-5586-403A-97AC-31ACA8F60C4D} folder moved successfully.
C:\Users\Brad\AppData\Local\{EBF7B058-0703-4841-9EE8-E71A5ECF73E7} folder moved successfully.
C:\Users\Brad\AppData\Local\{0CDC9266-D2FE-488F-B97C-9E63F924E844} folder moved successfully.
C:\Users\Brad\AppData\Local\{8F9A2DFC-7905-402B-982C-EDE50F1F67C6} folder moved successfully.
C:\Users\Brad\AppData\Local\{30686D8F-B3BD-40F2-94D0-92731487D462} folder moved successfully.
C:\Users\Brad\AppData\Local\{106E8380-4554-4EA9-96FF-0188CBDE5CC3} folder moved successfully.
C:\Users\Brad\AppData\Local\{F5EF34DB-F84B-4A25-A27E-6A4B5EB8E4C4} folder moved successfully.
C:\Users\Brad\AppData\Local\{962E9C63-73A3-4499-9B1A-C449E5641760} folder moved successfully.
C:\Users\Brad\AppData\Local\{4B9BEA92-9CAC-444E-8143-88E17218300C} folder moved successfully.
C:\Users\Brad\AppData\Local\{38754440-E789-4E4B-90BA-4DE543880AF7} folder moved successfully.
C:\Users\Brad\AppData\Local\{63BEB0B5-233F-4B0A-94B4-AD20FBB8797C} folder moved successfully.
C:\Users\Brad\AppData\Local\{F41A174E-E231-471D-AF2A-EDF4C00EE663} folder moved successfully.
C:\Users\Brad\AppData\Local\{C6AAB7C7-9E14-4135-895C-7D0D0A351065} folder moved successfully.
C:\Users\Brad\AppData\Local\{FA50F4E6-4107-4240-B921-8D4073416273} folder moved successfully.
C:\Users\Brad\AppData\Local\{092A0B2F-275F-4917-8DA1-CB540C0FCC8D} folder moved successfully.
C:\Users\Brad\AppData\Local\{99D0689F-1439-44F3-8A8C-3BEAA51A442A} folder moved successfully.
C:\Users\Brad\AppData\Local\{A493270A-7E86-4F18-9E37-C84A5D0D63AD} folder moved successfully.
C:\Users\Brad\AppData\Local\{77FED515-74E8-463E-BBA0-51971654EA54} folder moved successfully.
C:\Users\Brad\AppData\Local\{E8F481D8-9EA8-4F3D-9B93-EAA1380E32A4} folder moved successfully.
C:\Users\Brad\AppData\Local\{DBF45C19-6447-41D4-B00C-54BE4260852F} folder moved successfully.
C:\Users\Brad\AppData\Local\{E688706F-D968-46CB-83C3-5C2EF0E30967} folder moved successfully.
C:\Users\Brad\AppData\Local\{D4008873-BFDC-4DEB-8FDA-764B933D0245} folder moved successfully.
C:\Users\Brad\AppData\Local\{8B499F4E-1569-4824-A4F2-68984ABF1187} folder moved successfully.
C:\Users\Brad\AppData\Local\{919DD604-3DD1-47DE-AF3A-58584ECA55F4} folder moved successfully.
C:\Users\Brad\AppData\Local\{C1F7EB59-AE9C-4DCC-BEDC-8DA2151D2E31} folder moved successfully.
C:\Users\Brad\AppData\Local\{30D63BC3-0A6A-4D41-9789-7CD10DB41BDC} folder moved successfully.
C:\Users\Brad\AppData\Local\{34C5B53A-A34D-4E46-9BC9-0F4EC89DEA9C} folder moved successfully.
C:\Users\Brad\AppData\Local\{FEC0A208-F8B3-4CE5-B2B2-EE8DDA46B6E1} folder moved successfully.
C:\Users\Brad\AppData\Local\{A6132ECD-65EF-44E5-AF58-D3E8A61CD534} folder moved successfully.
C:\Users\Brad\AppData\Local\{EF9E1FD0-8245-4BEE-BF80-5DFE6E20FD81} folder moved successfully.
C:\Users\Brad\AppData\Local\{D0616FDF-AA45-4D06-9814-374882B98D35} folder moved successfully.
C:\Users\Brad\AppData\Local\{E6AB62AF-2509-43FE-B4ED-39D0F60A8496} folder moved successfully.
C:\Users\Brad\AppData\Local\{255529EB-26A6-4297-98DC-05B52A14E602} folder moved successfully.
C:\Users\Brad\AppData\Local\{4E34B116-0B7E-4E71-8894-D2B8111B37BE} folder moved successfully.
C:\Users\Brad\AppData\Local\{37CE1079-5A1D-4F6C-BE7C-94E2ACED4C82} folder moved successfully.
C:\Users\Brad\AppData\Local\{4C4FDA0F-8398-4BB1-903D-D9484649185D} folder moved successfully.
C:\Users\Brad\AppData\Local\{E0BF0E8F-FC78-4213-98C9-E9573D30EE5A} folder moved successfully.
C:\Users\Brad\AppData\Local\{3A261376-D6A9-417B-A2F9-6746E0F2ECB4} folder moved successfully.
C:\Users\Brad\AppData\Local\{A06CCDD9-7455-4EB9-9AA8-0663A5090453} folder moved successfully.
C:\Users\Brad\AppData\Local\{004FC525-3D14-4F96-A6FA-12BB3A063E05} folder moved successfully.
C:\Users\Brad\AppData\Local\{9BA0E5B3-7D69-4BEB-8550-CAD36BF201F6} folder moved successfully.
C:\Users\Brad\AppData\Local\{2044FCCE-3DFD-47CC-9BE5-3A81018D344C} folder moved successfully.
C:\Users\Brad\AppData\Local\{1B13FFD5-CB4C-4577-9CDA-C1B08F058099} folder moved successfully.
C:\Users\Brad\AppData\Local\{9881B2DA-B40C-440A-8F3B-20DBF762B421} folder moved successfully.
C:\Users\Brad\AppData\Local\{B1B685CF-3A48-4F31-95AB-282C06B0FDF4} folder moved successfully.
C:\Users\Brad\AppData\Local\{86DBB729-B555-4113-8DD3-4B1666D8261E} folder moved successfully.
C:\Users\Brad\AppData\Local\{742E400B-D1F9-4511-AA3F-740742E3A276} folder moved successfully.
C:\Users\Brad\AppData\Local\{F7C0907C-5CEA-405B-98CB-076B61A624FC} folder moved successfully.
C:\Users\Brad\AppData\Local\{3D0AF7B9-97A0-497B-BC1E-B87A76B21977} folder moved successfully.
C:\Users\Brad\AppData\Local\{A4858653-BB08-42F9-B87D-A719DF6FD31E} folder moved successfully.
C:\Users\Brad\AppData\Local\{E0714170-ABAB-4C51-9BEF-6F4D28EDCB65} folder moved successfully.
C:\Users\Brad\AppData\Local\{6908B27A-B91D-4882-8819-B98B60D874FD} folder moved successfully.
C:\Users\Brad\AppData\Local\{74D42C11-5733-4530-9243-268EE4B78959} folder moved successfully.
C:\Users\Brad\AppData\Local\{FF6C97D6-33FE-40D3-9195-0D76FE0CD4E3} folder moved successfully.
C:\Users\Brad\AppData\Local\{CC5EC8C3-5128-452D-8A55-BA8A3BDA6975} folder moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Brad\Desktop\cmd.bat deleted successfully.
C:\Users\Brad\Desktop\cmd.txt deleted successfully.
C:\Windows\Installer\{f3151df8-0c73-ad17-b3d0-fd5ef391f0cd} folder moved successfully.
C:\Users\Brad\AppData\Local\{f3151df8-0c73-ad17-b3d0-fd5ef391f0cd}\U folder moved successfully.
C:\Users\Brad\AppData\Local\{f3151df8-0c73-ad17-b3d0-fd5ef391f0cd}\L folder moved successfully.
C:\Users\Brad\AppData\Local\{f3151df8-0c73-ad17-b3d0-fd5ef391f0cd} folder moved successfully.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.54.0 log created on 07232012_083226
  • 0

#6
BJH1010
Posted 23 July 2012 - 07:53 AM

BJH1010

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
ComboFix 12-07-21.01 - Brad 07/23/2012 8:40.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3893.2286 [GMT -4:00]
Running from: c:\users\Brad\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\users\Brad\AppData\Local\Apple\Ancestry.com\rtfzrvfnz.dll
c:\users\Brad\AppData\Local\assembly\tmp
c:\windows\SysWow64\bszip.dll
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\wpcap.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_NPF
.
.
((((((((((((((((((((((((( Files Created from 2012-06-23 to 2012-07-23 )))))))))))))))))))))))))))))))
.
.
2012-07-23 12:52 . 2012-07-23 12:52 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-07-23 12:52 . 2012-07-23 12:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-23 12:52 . 2012-07-23 12:52 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-07-23 12:32 . 2012-07-23 12:32 -------- d-----w- C:\_OTL
2012-07-22 22:32 . 2012-02-10 22:19 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{28F82A15-1B41-49CC-8356-CB6FEF7CB36D}\gapaengine.dll
2012-07-21 02:38 . 2012-07-22 17:28 12872 ----a-w- c:\windows\system32\bootdelete.exe
2012-07-21 00:42 . 2012-07-21 00:42 -------- d-----w- c:\users\Brad\AppData\Roaming\Malwarebytes
2012-07-21 00:42 . 2012-07-21 00:42 -------- d-----w- c:\programdata\Malwarebytes
2012-07-21 00:27 . 2012-05-31 04:04 9013136 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E4795767-A300-443D-83AD-6A573769F022}\mpengine.dll
2012-07-20 22:21 . 2012-07-21 02:37 -------- d-----w- c:\programdata\HitmanPro
2012-07-20 21:03 . 2012-07-20 23:28 -------- d-----w- c:\users\Brad\AppData\Roaming\SanDisk
2012-07-20 00:05 . 2012-07-20 00:05 120320 ----a-w- c:\programdata\Microsoft\Windows\DRM\8EF7.tmp.dat
2012-07-15 16:32 . 2012-05-31 04:04 9013136 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-11 03:11 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 00:07 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-06-25 02:18 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-25 02:18 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-25 02:18 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-25 02:18 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-25 02:18 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-25 02:18 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-25 02:18 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-25 02:17 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-25 02:17 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-11 03:05 . 2010-04-30 04:30 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-06-29 00:23 . 2012-06-05 02:12 476976 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-06-29 00:23 . 2010-05-29 11:53 472880 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-05-31 16:25 . 2010-04-24 21:12 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-05-04 11:06 . 2012-06-14 01:41 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-14 01:41 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-14 01:41 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40 . 2012-06-14 01:41 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-04-28 03:55 . 2012-06-14 01:41 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-26 05:41 . 2012-06-14 01:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-26 05:41 . 2012-06-14 01:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-26 05:34 . 2012-06-14 01:41 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="c:\users\Brad\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-11 138096]
"Akamai NetSession Interface"="c:\users\Brad\AppData\Local\Akamai\netsession_win.exe" [2012-05-26 4327744]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-04-24 39408]
"NETGEARGenie"="c:\program files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe" [2012-03-12 1091872]
"OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2011-07-22 718720]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2010-01-05 1101672]
"Message Center Plus"="c:\program files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe" [2009-05-28 49976]
"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-5-23 110592]
QuickBooks 2002 Delivery Agent.lnk - c:\program files (x86)\Intuit\QuickBooks Pro\Components\QBAgent\qbdagent2002.exe [2001-11-14 311296]
QuickBooks Update Agent.lnk - c:\program files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2007-10-2 815104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-25 135664]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-25 135664]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2010-04-19 22528]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 PCDSRVC{127174DC-C366ED8B-06000000}_0;PCDSRVC{127174DC-C366ED8B-06000000}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor\pcdsrvc_x64.pkms [2009-11-20 23536]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2010-01-05 75112]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-02-08 239136]
R3 SMSIVZAM5X64;SMSIVZAM5X64 NDIS Protocol Driver;c:\progra~2\VERIZO~1\VZACCE~1\SMSIVZAM5X64.SYS [2009-05-25 43032]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-09-30 126392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-06 1255736]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2008-06-16 55024]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys [2009-10-09 23592]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys [2008-05-12 15400]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-09-06 169312]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2012-02-06 13672]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [2010-04-20 50536]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2010-04-07 45496]
S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [2010-04-20 74088]
S2 McciCMService64;McciCMService64;c:\program files\Common Files\Motive\McciCMService.exe [2011-06-13 441344]
S2 NETGEARGenieDaemon;NETGEARGenieDaemon;c:\program files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [2012-03-07 1370400]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2010-04-07 63928]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2009-09-30 12728]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-11-04 2320920]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-01-06 158848]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-01-07 271872]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2009-09-15 6952960]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-03-21 452200]
S3 usbsmi;Integrated Camera;c:\windows\system32\DRIVERS\SMIksdrv.sys [2009-10-26 206080]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - NPF
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-22 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1407327172-4063872591-163262699-1004Core.job
- c:\users\Brad\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-15 20:54]
.
2012-07-23 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1407327172-4063872591-163262699-1004UA.job
- c:\users\Brad\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-15 20:54]
.
2012-07-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-25 03:02]
.
2012-07-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-25 03:02]
.
2012-07-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1407327172-4063872591-163262699-1004Core.job
- c:\users\Brad\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-19 01:12]
.
2012-07-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1407327172-4063872591-163262699-1004UA.job
- c:\users\Brad\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-19 01:12]
.
2012-07-23 c:\windows\Tasks\HP Photo Creations Messager.job
- c:\programdata\HP Photo Creations\MessageCheck.exe [2011-02-15 10:11]
.
2012-07-07 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\pcdlauncher.exe [2009-11-20 10:39]
.
2012-07-23 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\pcdr5cuiw32.exe [2010-01-28 07:07]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2009-12-21 69568]
"TpShocks"="TpShocks.exe" [2009-12-11 380776]
"AcWin7Hlpr"="c:\program files (x86)\Lenovo\Access Connections\AcTBenabler.exe" [2009-10-14 36864]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2009-08-26 5879608]
"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2010-04-20 62312]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-11-29 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-11-29 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-11-29 417304]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
"combofix"="c:\combofix\CF26562.3XE" [2010-11-20 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.drudgereport.com/
uLocal Page = c:\windows\system32\blank.htm
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105
Trusted Zone: intuit.com\ttlc
Trusted Zone: turbotax.com
TCP: DhcpNameServer = 192.168.1.1
DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-Adobe Acrobat Synchronizer - c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe
Wow6432Node-HKCU-Run-Ancestry.com - c:\users\Brad\AppData\Local\Apple\Ancestry.com\rtfzrvfnz.dll
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCDSRVC{127174DC-C366ED8B-06000000}_0]
"ImagePath"="\??\c:\program files\pc-doctor\pcdsrvc_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\progra~1\Lenovo\HOTKEY\tpnumlkd.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Common Files\Motive\McciCMService.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Lenovo\Access Connections\AcSvc.exe
c:\program files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
c:\program files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\program files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files (x86)\Lenovo\System Update\SUService.exe
c:\program files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
.
**************************************************************************
.
Completion time: 2012-07-23 09:11:30 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-23 13:11
.
Pre-Run: 313,269,035,008 bytes free
Post-Run: 313,690,284,032 bytes free
.
- - End Of File - - 335CE47E6E94E01E42B0ECB5AEE7A2F3
  • 0

#7
maliprog
Posted 23 July 2012 - 01:22 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
You must restart your PC after Combofix. That will sort problem. Do TDSSKiller scan and post log after that.
  • 0

#8
BJH1010
Posted 23 July 2012 - 01:53 PM

BJH1010

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Thanks, maliprog. TDSSKiller log:

15:43:37.0869 5812 TDSS rootkit removing tool 2.7.47.0 Jul 20 2012 20:36:30
15:43:38.0139 5812 ============================================================
15:43:38.0139 5812 Current date / time: 2012/07/23 15:43:38.0139
15:43:38.0139 5812 SystemInfo:
15:43:38.0139 5812
15:43:38.0139 5812 OS Version: 6.1.7601 ServicePack: 1.0
15:43:38.0139 5812 Product type: Workstation
15:43:38.0139 5812 ComputerName: BRAD-THINK
15:43:38.0139 5812 UserName: Brad
15:43:38.0139 5812 Windows directory: C:\Windows
15:43:38.0139 5812 System windows directory: C:\Windows
15:43:38.0139 5812 Running under WOW64
15:43:38.0139 5812 Processor architecture: Intel x64
15:43:38.0139 5812 Number of processors: 4
15:43:38.0139 5812 Page size: 0x1000
15:43:38.0139 5812 Boot type: Normal boot
15:43:38.0139 5812 ============================================================
15:43:38.0729 5812 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:43:38.0739 5812 ============================================================
15:43:38.0739 5812 \Device\Harddisk0\DR0:
15:43:38.0739 5812 MBR partitions:
15:43:38.0739 5812 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x258000
15:43:38.0739 5812 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x258800, BlocksNum 0x3A12D030
15:43:38.0739 5812 ============================================================
15:43:38.0779 5812 C: <-> \Device\Harddisk0\DR0\Partition1
15:43:38.0779 5812 ============================================================
15:43:38.0779 5812 Initialize success
15:43:38.0779 5812 ============================================================
15:45:30.0973 5516 ============================================================
15:45:30.0973 5516 Scan started
15:45:30.0973 5516 Mode: Manual; SigCheck; TDLFS;
15:45:30.0973 5516 ============================================================
15:45:33.0524 5516 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
15:45:33.0644 5516 1394ohci - ok
15:45:33.0744 5516 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
15:45:33.0774 5516 ACPI - ok
15:45:33.0834 5516 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
15:45:33.0924 5516 AcpiPmi - ok
15:45:34.0334 5516 AcPrfMgrSvc (a0342cef755d06a131976f09ac037f05) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
15:45:34.0354 5516 AcPrfMgrSvc - ok
15:45:34.0434 5516 AcSvc (6e7d700cbf8613ff3473789e3a19e0be) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
15:45:34.0474 5516 AcSvc - ok
15:45:34.0924 5516 AdobeActiveFileMonitor8.0 (4451cc2275b04043ec2bcc757af97291) C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
15:45:34.0984 5516 AdobeActiveFileMonitor8.0 - ok
15:45:35.0094 5516 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
15:45:35.0144 5516 adp94xx - ok
15:45:35.0464 5516 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
15:45:35.0524 5516 adpahci - ok
15:45:35.0544 5516 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
15:45:35.0574 5516 adpu320 - ok
15:45:35.0594 5516 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
15:45:35.0754 5516 AeLookupSvc - ok
15:45:36.0114 5516 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
15:45:36.0174 5516 AFD - ok
15:45:36.0244 5516 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
15:45:36.0254 5516 agp440 - ok
15:45:36.0304 5516 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
15:45:36.0384 5516 ALG - ok
15:45:36.0454 5516 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
15:45:36.0464 5516 aliide - ok
15:45:36.0484 5516 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
15:45:36.0494 5516 amdide - ok
15:45:36.0534 5516 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
15:45:36.0604 5516 AmdK8 - ok
15:45:36.0614 5516 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
15:45:36.0664 5516 AmdPPM - ok
15:45:36.0734 5516 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
15:45:36.0744 5516 amdsata - ok
15:45:36.0804 5516 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
15:45:36.0834 5516 amdsbs - ok
15:45:36.0844 5516 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
15:45:36.0854 5516 amdxata - ok
15:45:36.0914 5516 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
15:45:37.0124 5516 AppID - ok
15:45:37.0144 5516 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
15:45:37.0224 5516 AppIDSvc - ok
15:45:37.0314 5516 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
15:45:37.0374 5516 Appinfo - ok
15:45:37.0634 5516 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:45:37.0684 5516 Apple Mobile Device - ok
15:45:37.0784 5516 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
15:45:37.0845 5516 AppMgmt - ok
15:45:37.0925 5516 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
15:45:37.0945 5516 arc - ok
15:45:37.0955 5516 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
15:45:37.0965 5516 arcsas - ok
15:45:38.0035 5516 aspnet_state - ok
15:45:38.0095 5516 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
15:45:38.0185 5516 AsyncMac - ok
15:45:38.0235 5516 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
15:45:38.0245 5516 atapi - ok
15:45:38.0745 5516 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
15:45:38.0855 5516 AudioEndpointBuilder - ok
15:45:38.0865 5516 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
15:45:38.0915 5516 AudioSrv - ok
15:45:38.0975 5516 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
15:45:39.0085 5516 AxInstSV - ok
15:45:39.0585 5516 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
15:45:39.0665 5516 b06bdrv - ok
15:45:39.0755 5516 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
15:45:39.0815 5516 b57nd60a - ok
15:45:39.0865 5516 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
15:45:39.0925 5516 BDESVC - ok
15:45:39.0935 5516 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
15:45:40.0005 5516 Beep - ok
15:45:40.0245 5516 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
15:45:40.0345 5516 BFE - ok
15:45:41.0005 5516 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
15:45:41.0105 5516 BITS - ok
15:45:41.0225 5516 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
15:45:41.0275 5516 blbdrive - ok
15:45:41.0595 5516 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
15:45:41.0625 5516 Bonjour Service - ok
15:45:41.0855 5516 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
15:45:41.0925 5516 bowser - ok
15:45:41.0965 5516 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:45:42.0045 5516 BrFiltLo - ok
15:45:42.0065 5516 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:45:42.0085 5516 BrFiltUp - ok
15:45:42.0165 5516 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
15:45:42.0215 5516 BridgeMP - ok
15:45:42.0275 5516 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
15:45:42.0355 5516 Browser - ok
15:45:42.0415 5516 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
15:45:42.0495 5516 Brserid - ok
15:45:42.0515 5516 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
15:45:42.0545 5516 BrSerWdm - ok
15:45:42.0575 5516 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
15:45:42.0625 5516 BrUsbMdm - ok
15:45:42.0635 5516 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
15:45:42.0645 5516 BrUsbSer - ok
15:45:42.0745 5516 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
15:45:42.0805 5516 BthEnum - ok
15:45:42.0866 5516 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
15:45:42.0906 5516 BTHMODEM - ok
15:45:42.0946 5516 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
15:45:42.0996 5516 BthPan - ok
15:45:43.0256 5516 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
15:45:43.0336 5516 BTHPORT - ok
15:45:43.0426 5516 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
15:45:43.0496 5516 bthserv - ok
15:45:43.0696 5516 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
15:45:43.0746 5516 BTHUSB - ok
15:45:43.0816 5516 catchme - ok
15:45:43.0856 5516 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
15:45:43.0926 5516 cdfs - ok
15:45:44.0006 5516 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
15:45:44.0056 5516 cdrom - ok
15:45:44.0146 5516 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
15:45:44.0226 5516 CertPropSvc - ok
15:45:44.0296 5516 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
15:45:44.0336 5516 circlass - ok
15:45:45.0046 5516 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
15:45:45.0096 5516 CLFS - ok
15:45:45.0466 5516 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:45:45.0526 5516 clr_optimization_v2.0.50727_32 - ok
15:45:45.0566 5516 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:45:45.0576 5516 clr_optimization_v2.0.50727_64 - ok
15:45:45.0946 5516 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:45:45.0956 5516 clr_optimization_v4.0.30319_32 - ok
15:45:46.0246 5516 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:45:46.0256 5516 clr_optimization_v4.0.30319_64 - ok
15:45:46.0316 5516 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
15:45:46.0346 5516 CmBatt - ok
15:45:46.0376 5516 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
15:45:46.0386 5516 cmdide - ok
15:45:47.0216 5516 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
15:45:47.0246 5516 CNG - ok
15:45:47.0306 5516 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
15:45:47.0316 5516 Compbatt - ok
15:45:47.0386 5516 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
15:45:47.0416 5516 CompositeBus - ok
15:45:47.0446 5516 COMSysApp - ok
15:45:47.0486 5516 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
15:45:47.0496 5516 crcdisk - ok
15:45:47.0616 5516 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
15:45:47.0706 5516 CryptSvc - ok
15:45:47.0776 5516 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
15:45:47.0876 5516 CSC - ok
15:45:48.0436 5516 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
15:45:48.0506 5516 CscService - ok
15:45:48.0756 5516 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
15:45:48.0856 5516 DcomLaunch - ok
15:45:48.0906 5516 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
15:45:48.0986 5516 defragsvc - ok
15:45:49.0146 5516 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
15:45:49.0206 5516 DfsC - ok
15:45:49.0266 5516 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
15:45:49.0326 5516 Dhcp - ok
15:45:49.0386 5516 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
15:45:49.0466 5516 discache - ok
15:45:49.0526 5516 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
15:45:49.0536 5516 Disk - ok
15:45:49.0636 5516 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
15:45:49.0706 5516 Dnscache - ok
15:45:49.0746 5516 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
15:45:49.0847 5516 dot3svc - ok
15:45:49.0857 5516 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
15:45:49.0907 5516 DPS - ok
15:45:49.0957 5516 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
15:45:49.0977 5516 drmkaud - ok
15:45:50.0067 5516 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
15:45:50.0097 5516 DXGKrnl - ok
15:45:50.0147 5516 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
15:45:50.0217 5516 EapHost - ok
15:45:50.0447 5516 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
15:45:50.0567 5516 ebdrv - ok
15:45:50.0937 5516 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
15:45:51.0007 5516 EFS - ok
15:45:51.0557 5516 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
15:45:51.0637 5516 ehRecvr - ok
15:45:51.0667 5516 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
15:45:51.0727 5516 ehSched - ok
15:45:52.0337 5516 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
15:45:52.0377 5516 elxstor - ok
15:45:52.0427 5516 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
15:45:52.0457 5516 ErrDev - ok
15:45:52.0557 5516 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
15:45:52.0647 5516 EventSystem - ok
15:45:53.0337 5516 EvtEng (51643ee2712d9212e1e53ca7e8d8eb4a) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
15:45:53.0397 5516 EvtEng - ok
15:45:54.0008 5516 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
15:45:54.0048 5516 exfat - ok
15:45:54.0328 5516 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
15:45:54.0378 5516 fastfat - ok
15:45:54.0458 5516 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
15:45:54.0548 5516 Fax - ok
15:45:54.0608 5516 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
15:45:54.0648 5516 fdc - ok
15:45:54.0728 5516 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
15:45:54.0798 5516 fdPHost - ok
15:45:54.0828 5516 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
15:45:54.0868 5516 FDResPub - ok
15:45:54.0908 5516 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
15:45:54.0918 5516 FileInfo - ok
15:45:54.0928 5516 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
15:45:54.0988 5516 Filetrace - ok
15:45:55.0618 5516 FLEXnet Licensing Service (abedfd48ac042c6aaad32452e77217a1) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
15:45:55.0658 5516 FLEXnet Licensing Service - ok
15:45:55.0678 5516 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
15:45:55.0698 5516 flpydisk - ok
15:45:55.0758 5516 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
15:45:55.0798 5516 FltMgr - ok
15:45:57.0948 5516 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
15:45:58.0068 5516 FontCache - ok
15:45:58.0138 5516 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:45:58.0148 5516 FontCache3.0.0.0 - ok
15:45:58.0488 5516 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
15:45:58.0498 5516 FsDepends - ok
15:45:58.0568 5516 fssfltr (07da62c960ddccc2d35836aeab4fc578) C:\Windows\system32\DRIVERS\fssfltr.sys
15:45:58.0578 5516 fssfltr - ok
15:45:59.0428 5516 fsssvc (28ddeeec44e988657b732cf404d504cb) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
15:45:59.0528 5516 fsssvc - ok
15:46:00.0338 5516 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
15:46:00.0348 5516 Fs_Rec - ok
15:46:00.0418 5516 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
15:46:00.0448 5516 fvevol - ok
15:46:00.0478 5516 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
15:46:00.0488 5516 gagp30kx - ok
15:46:00.0538 5516 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:46:00.0548 5516 GEARAspiWDM - ok
15:46:01.0589 5516 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
15:46:01.0689 5516 gpsvc - ok
15:46:02.0119 5516 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:46:02.0139 5516 gupdate - ok
15:46:02.0179 5516 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:46:02.0189 5516 gupdatem - ok
15:46:02.0239 5516 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
15:46:02.0259 5516 gusvc - ok
15:46:02.0289 5516 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
15:46:02.0349 5516 hcw85cir - ok
15:46:03.0059 5516 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
15:46:03.0139 5516 HdAudAddService - ok
15:46:03.0199 5516 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
15:46:03.0239 5516 HDAudBus - ok
15:46:03.0359 5516 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
15:46:03.0369 5516 HECIx64 - ok
15:46:03.0479 5516 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
15:46:03.0489 5516 HidBatt - ok
15:46:03.0519 5516 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
15:46:03.0539 5516 HidBth - ok
15:46:03.0589 5516 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
15:46:03.0639 5516 HidIr - ok
15:46:03.0689 5516 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
15:46:03.0759 5516 hidserv - ok
15:46:03.0869 5516 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
15:46:03.0889 5516 HidUsb - ok
15:46:04.0039 5516 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
15:46:04.0119 5516 hkmsvc - ok
15:46:04.0159 5516 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
15:46:04.0239 5516 HomeGroupListener - ok
15:46:04.0579 5516 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
15:46:04.0619 5516 HomeGroupProvider - ok
15:46:04.0669 5516 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
15:46:04.0679 5516 HpSAMD - ok
15:46:04.0909 5516 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
15:46:05.0049 5516 HTTP - ok
15:46:05.0079 5516 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
15:46:05.0099 5516 hwpolicy - ok
15:46:05.0309 5516 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
15:46:05.0319 5516 i8042prt - ok
15:46:05.0389 5516 iaStor (42e00996dfc13c46366689c0ea8abc5e) C:\Windows\system32\DRIVERS\iaStor.sys
15:46:05.0409 5516 iaStor - ok
15:46:05.0489 5516 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
15:46:05.0519 5516 iaStorV - ok
15:46:05.0549 5516 IBMPMDRV (3761fab385f1c2f51b2fad48cfabbe9d) C:\Windows\system32\DRIVERS\ibmpmdrv.sys
15:46:05.0559 5516 IBMPMDRV - ok
15:46:05.0569 5516 IBMPMSVC (fc22310f3862e2c7c8722ef4778d5cc3) C:\Windows\system32\ibmpmsvc.exe
15:46:05.0579 5516 IBMPMSVC - ok
15:46:07.0449 5516 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:46:07.0519 5516 idsvc - ok
15:46:19.0561 5516 igfx (0ac9e321d604be48a0d72b69ba484bdc) C:\Windows\system32\DRIVERS\igdkmd64.sys
15:46:19.0971 5516 igfx - ok
15:46:21.0441 5516 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
15:46:21.0451 5516 iirsp - ok
15:46:22.0081 5516 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
15:46:22.0161 5516 IKEEXT - ok
15:46:22.0251 5516 Impcd (c48567d80ad357613cd0eeade18780ae) C:\Windows\system32\DRIVERS\Impcd.sys
15:46:22.0321 5516 Impcd - ok
15:46:23.0561 5516 IntcAzAudAddService (53019327813ff5ab2964b33b2c61307c) C:\Windows\system32\drivers\RTKVHD64.sys
15:46:23.0611 5516 IntcAzAudAddService - ok
15:46:24.0521 5516 IntcDAud (da24c1f66ee1b5a92e045376d7a44b58) C:\Windows\system32\DRIVERS\IntcDAud.sys
15:46:24.0581 5516 IntcDAud - ok
15:46:24.0631 5516 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
15:46:24.0641 5516 intelide - ok
15:46:24.0681 5516 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
15:46:24.0721 5516 intelppm - ok
15:46:24.0951 5516 IntuitUpdateService (3dc635b66dd7412e1c9c3a77b8d78f25) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
15:46:24.0961 5516 IntuitUpdateService - ok
15:46:25.0041 5516 IntuitUpdateServiceV4 (1663a135865f0ba6e853353e98e67f2a) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
15:46:25.0051 5516 IntuitUpdateServiceV4 - ok
15:46:25.0101 5516 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
15:46:25.0161 5516 IPBusEnum - ok
15:46:25.0371 5516 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:46:25.0451 5516 IpFilterDriver - ok
15:46:25.0561 5516 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
15:46:25.0651 5516 iphlpsvc - ok
15:46:25.0761 5516 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
15:46:25.0791 5516 IPMIDRV - ok
15:46:25.0811 5516 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
15:46:25.0881 5516 IPNAT - ok
15:46:27.0112 5516 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
15:46:27.0162 5516 iPod Service - ok
15:46:27.0222 5516 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
15:46:27.0252 5516 IRENUM - ok
15:46:27.0312 5516 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
15:46:27.0322 5516 isapnp - ok
15:46:27.0362 5516 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
15:46:27.0392 5516 iScsiPrt - ok
15:46:27.0472 5516 IviRegMgr (213822072085b5bbad9af30ab577d817) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
15:46:27.0492 5516 IviRegMgr - ok
15:46:27.0542 5516 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
15:46:27.0562 5516 kbdclass - ok
15:46:27.0572 5516 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
15:46:27.0612 5516 kbdhid - ok
15:46:27.0652 5516 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:46:27.0662 5516 KeyIso - ok
15:46:27.0752 5516 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
15:46:27.0762 5516 KSecDD - ok
15:46:27.0912 5516 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
15:46:27.0922 5516 KSecPkg - ok
15:46:27.0982 5516 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
15:46:28.0052 5516 ksthunk - ok
15:46:28.0102 5516 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
15:46:28.0182 5516 KtmRm - ok
15:46:28.0262 5516 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
15:46:28.0352 5516 LanmanServer - ok
15:46:28.0452 5516 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
15:46:28.0532 5516 LanmanWorkstation - ok
15:46:28.0632 5516 LENOVO.CAMMUTE (70481dabd9adab51a6933c5893b82925) C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
15:46:28.0642 5516 LENOVO.CAMMUTE - ok
15:46:28.0712 5516 LENOVO.MICMUTE (c88eb33793420a79f601fb5e33e2edd9) C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
15:46:28.0732 5516 LENOVO.MICMUTE - ok
15:46:28.0752 5516 lenovo.smi (5acff5823634bc2c4ebf559c3b33e18e) C:\Windows\system32\DRIVERS\smiifx64.sys
15:46:28.0762 5516 lenovo.smi - ok
15:46:28.0782 5516 LENOVO.TPKNRSVC (d0daf6a22037f6dee706a095c647aa41) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
15:46:28.0792 5516 LENOVO.TPKNRSVC - ok
15:46:28.0852 5516 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
15:46:28.0902 5516 lltdio - ok
15:46:28.0952 5516 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
15:46:29.0012 5516 lltdsvc - ok
15:46:29.0062 5516 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
15:46:29.0102 5516 lmhosts - ok
15:46:29.0272 5516 LMS (5460828f8951d310b42b442877603b8d) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
15:46:29.0312 5516 LMS - ok
15:46:29.0362 5516 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
15:46:29.0372 5516 LSI_FC - ok
15:46:29.0402 5516 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
15:46:29.0422 5516 LSI_SAS - ok
15:46:29.0432 5516 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:46:29.0452 5516 LSI_SAS2 - ok
15:46:29.0472 5516 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:46:29.0492 5516 LSI_SCSI - ok
15:46:29.0532 5516 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
15:46:29.0602 5516 luafv - ok
15:46:29.0732 5516 McciCMService (944b3087b142cd9bf8da6b3039fbfba5) C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
15:46:29.0772 5516 McciCMService ( UnsignedFile.Multi.Generic ) - warning
15:46:29.0772 5516 McciCMService - detected UnsignedFile.Multi.Generic (1)
15:46:30.0292 5516 McciCMService64 (fbd57a7c443c85cc6c6169493a020fdf) C:\Program Files\Common Files\Motive\McciCMService.exe
15:46:30.0342 5516 McciCMService64 ( UnsignedFile.Multi.Generic ) - warning
15:46:30.0342 5516 McciCMService64 - detected UnsignedFile.Multi.Generic (1)
15:46:30.0392 5516 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
15:46:30.0412 5516 Mcx2Svc - ok
15:46:30.0432 5516 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
15:46:30.0442 5516 megasas - ok
15:46:30.0472 5516 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
15:46:30.0502 5516 MegaSR - ok
15:46:30.0682 5516 Microsoft SharePoint Workspace Audit Service - ok
15:46:30.0752 5516 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
15:46:30.0822 5516 MMCSS - ok
15:46:30.0852 5516 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
15:46:30.0922 5516 Modem - ok
15:46:30.0992 5516 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
15:46:31.0022 5516 monitor - ok
15:46:31.0072 5516 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
15:46:31.0082 5516 mouclass - ok
15:46:31.0132 5516 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
15:46:31.0172 5516 mouhid - ok
15:46:31.0222 5516 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
15:46:31.0242 5516 mountmgr - ok
15:46:31.0332 5516 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys
15:46:31.0362 5516 MpFilter - ok
15:46:31.0602 5516 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
15:46:31.0612 5516 mpio - ok
15:46:31.0652 5516 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
15:46:31.0692 5516 mpsdrv - ok
15:46:32.0582 5516 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
15:46:32.0672 5516 MpsSvc - ok
15:46:32.0782 5516 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS
15:46:32.0812 5516 MREMP50 ( UnsignedFile.Multi.Generic ) - warning
15:46:32.0812 5516 MREMP50 - detected UnsignedFile.Multi.Generic (1)
15:46:32.0892 5516 MREMP50a64 - ok
15:46:32.0922 5516 MREMPR5 - ok
15:46:32.0932 5516 MRENDIS5 - ok
15:46:32.0982 5516 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS
15:46:33.0002 5516 MRESP50 ( UnsignedFile.Multi.Generic ) - warning
15:46:33.0012 5516 MRESP50 - detected UnsignedFile.Multi.Generic (1)
15:46:33.0022 5516 MRESP50a64 - ok
15:46:33.0062 5516 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
15:46:33.0102 5516 MRxDAV - ok
15:46:33.0142 5516 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:46:33.0212 5516 mrxsmb - ok
15:46:33.0292 5516 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:46:33.0342 5516 mrxsmb10 - ok
15:46:33.0392 5516 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:46:33.0402 5516 mrxsmb20 - ok
15:46:33.0452 5516 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
15:46:33.0462 5516 msahci - ok
15:46:33.0702 5516 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
15:46:33.0742 5516 msdsm - ok
15:46:33.0792 5516 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
15:46:33.0832 5516 MSDTC - ok
15:46:33.0872 5516 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
15:46:33.0922 5516 Msfs - ok
15:46:33.0972 5516 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
15:46:34.0042 5516 mshidkmdf - ok
15:46:34.0082 5516 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
15:46:34.0092 5516 msisadrv - ok
15:46:34.0122 5516 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
15:46:34.0212 5516 MSiSCSI - ok
15:46:34.0222 5516 msiserver - ok
15:46:34.0262 5516 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
15:46:34.0332 5516 MSKSSRV - ok
15:46:34.0492 5516 MsMpSvc (59faaf2c83c8169ea20f9e335e418907) c:\Program Files\Microsoft Security Client\MsMpEng.exe
15:46:34.0512 5516 MsMpSvc - ok
15:46:34.0532 5516 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
15:46:34.0582 5516 MSPCLOCK - ok
15:46:34.0602 5516 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
15:46:34.0662 5516 MSPQM - ok
15:46:35.0122 5516 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
15:46:35.0152 5516 MsRPC - ok
15:46:35.0212 5516 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
15:46:35.0222 5516 mssmbios - ok
15:46:35.0252 5516 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
15:46:35.0322 5516 MSTEE - ok
15:46:35.0382 5516 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
15:46:35.0472 5516 MTConfig - ok
15:46:35.0552 5516 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
15:46:35.0572 5516 Mup - ok
15:46:36.0093 5516 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
15:46:36.0153 5516 napagent - ok
15:46:36.0333 5516 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
15:46:36.0373 5516 NativeWifiP - ok
15:46:37.0403 5516 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
15:46:37.0473 5516 NDIS - ok
15:46:37.0523 5516 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
15:46:37.0643 5516 NdisCap - ok
15:46:37.0673 5516 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
15:46:37.0713 5516 NdisTapi - ok
15:46:37.0753 5516 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
15:46:37.0813 5516 Ndisuio - ok
15:46:37.0853 5516 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
15:46:37.0933 5516 NdisWan - ok
15:46:38.0093 5516 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
15:46:38.0133 5516 NDProxy - ok
15:46:38.0193 5516 Net Driver HPZ12 (2334dc48997ba203b794df3ee70521db) C:\Windows\system32\HPZinw12.dll
15:46:38.0223 5516 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
15:46:38.0223 5516 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
15:46:38.0313 5516 Netaapl (307bc83250fc8e3b2878d81e7d760299) C:\Windows\system32\DRIVERS\netaapl64.sys
15:46:38.0333 5516 Netaapl ( UnsignedFile.Multi.Generic ) - warning
15:46:38.0333 5516 Netaapl - detected UnsignedFile.Multi.Generic (1)
15:46:38.0363 5516 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
15:46:38.0433 5516 NetBIOS - ok
15:46:39.0063 5516 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
15:46:39.0153 5516 NetBT - ok
15:46:40.0863 5516 NETGEARGenieDaemon (ea833758be56a68aabecd50e1ddcf4a3) C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe
15:46:40.0933 5516 NETGEARGenieDaemon - ok
15:46:41.0273 5516 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:46:41.0293 5516 Netlogon - ok
15:46:41.0543 5516 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
15:46:41.0623 5516 Netman - ok
15:46:41.0713 5516 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
15:46:41.0783 5516 netprofm - ok
15:46:42.0023 5516 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:46:42.0033 5516 NetTcpPortSharing - ok
15:46:42.0883 5516 NETw5s64 (4d85a450edef10c38882182753a49aae) C:\Windows\system32\DRIVERS\NETw5s64.sys
15:46:43.0143 5516 NETw5s64 - ok
15:46:43.0483 5516 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
15:46:43.0683 5516 netw5v64 - ok
15:46:43.0783 5516 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
15:46:43.0803 5516 nfrd960 - ok
15:46:43.0863 5516 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
15:46:43.0873 5516 NisDrv - ok
15:46:44.0274 5516 NisSrv (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe
15:46:44.0294 5516 NisSrv - ok
15:46:44.0354 5516 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
15:46:44.0444 5516 NlaSvc - ok
15:46:44.0504 5516 NPF (351533acc2a069b94e80bbfc177e8fdf) C:\Windows\system32\drivers\NPF.sys
15:46:44.0514 5516 NPF - ok
15:46:44.0534 5516 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
15:46:44.0584 5516 Npfs - ok
15:46:44.0604 5516 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
15:46:44.0674 5516 nsi - ok
15:46:44.0674 5516 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
15:46:44.0714 5516 nsiproxy - ok
15:46:46.0214 5516 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
15:46:46.0294 5516 Ntfs - ok
15:46:46.0454 5516 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
15:46:46.0494 5516 Null - ok
15:46:46.0554 5516 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
15:46:46.0564 5516 nvraid - ok
15:46:46.0584 5516 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
15:46:46.0604 5516 nvstor - ok
15:46:46.0614 5516 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
15:46:46.0634 5516 nv_agp - ok
15:46:46.0654 5516 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
15:46:46.0694 5516 ohci1394 - ok
15:46:47.0054 5516 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:46:47.0084 5516 ose - ok
15:46:50.0074 5516 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
15:46:50.0254 5516 osppsvc - ok
15:46:51.0365 5516 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
15:46:51.0445 5516 p2pimsvc - ok
15:46:51.0505 5516 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
15:46:51.0565 5516 p2psvc - ok
15:46:51.0675 5516 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
15:46:51.0705 5516 Parport - ok
15:46:51.0815 5516 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
15:46:51.0825 5516 partmgr - ok
15:46:51.0855 5516 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
15:46:51.0905 5516 PcaSvc - ok
15:46:52.0095 5516 PCDSRVC{127174DC-C366ED8B-06000000}_0 (51209fbdb13a46e05c1b0077a9310264) c:\program files\pc-doctor\pcdsrvc_x64.pkms
15:46:52.0445 5516 PCDSRVC{127174DC-C366ED8B-06000000}_0 - ok
15:46:52.0565 5516 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
15:46:52.0585 5516 pci - ok
15:46:52.0595 5516 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
15:46:52.0605 5516 pciide - ok
15:46:52.0635 5516 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
15:46:52.0665 5516 pcmcia - ok
15:46:52.0685 5516 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
15:46:52.0695 5516 pcw - ok
15:46:53.0515 5516 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
15:46:53.0615 5516 PEAUTH - ok
15:46:54.0215 5516 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
15:46:54.0325 5516 PeerDistSvc - ok
15:46:54.0435 5516 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
15:46:54.0485 5516 PerfHost - ok
15:46:55.0275 5516 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
15:46:55.0385 5516 pla - ok
15:46:55.0465 5516 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
15:46:55.0545 5516 PlugPlay - ok
15:46:55.0615 5516 Pml Driver HPZ12 (ac78df349f0e4cfb8b667c0cfff83cce) C:\Windows\system32\HPZipm12.dll
15:46:55.0635 5516 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
15:46:55.0635 5516 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
15:46:55.0695 5516 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
15:46:55.0725 5516 PNRPAutoReg - ok
15:46:55.0805 5516 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
15:46:55.0825 5516 PNRPsvc - ok
15:46:56.0465 5516 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
15:46:56.0555 5516 PolicyAgent - ok
15:46:56.0595 5516 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
15:46:56.0665 5516 Power - ok
15:46:56.0905 5516 Power Manager DBC Service (0b6590c8e9b12cd7edc7bb7311efbb30) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
15:46:56.0915 5516 Power Manager DBC Service - ok
15:46:57.0125 5516 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
15:46:57.0195 5516 PptpMiniport - ok
15:46:57.0225 5516 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
15:46:57.0255 5516 Processor - ok
15:46:57.0315 5516 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
15:46:57.0385 5516 ProfSvc - ok
15:46:57.0445 5516 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:46:57.0455 5516 ProtectedStorage - ok
15:46:57.0515 5516 psadd (515a7c5a0886fcc60901916785efd549) C:\Windows\system32\DRIVERS\psadd.sys
15:46:57.0525 5516 psadd - ok
15:46:57.0585 5516 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
15:46:57.0655 5516 Psched - ok
15:46:57.0705 5516 PxHlpa64 (fbf4db6d53585437e41a113300002a2b) C:\Windows\system32\Drivers\PxHlpa64.sys
15:46:57.0715 5516 PxHlpa64 - ok
15:46:58.0866 5516 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
15:46:58.0936 5516 ql2300 - ok
15:46:59.0206 5516 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
15:46:59.0226 5516 ql40xx - ok
15:46:59.0346 5516 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
15:46:59.0416 5516 QWAVE - ok
15:46:59.0446 5516 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
15:46:59.0486 5516 QWAVEdrv - ok
15:46:59.0506 5516 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
15:46:59.0576 5516 RasAcd - ok
15:46:59.0626 5516 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
15:46:59.0676 5516 RasAgileVpn - ok
15:46:59.0696 5516 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
15:46:59.0756 5516 RasAuto - ok
15:46:59.0796 5516 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:46:59.0856 5516 Rasl2tp - ok
15:47:00.0436 5516 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
15:47:00.0536 5516 RasMan - ok
15:47:00.0596 5516 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
15:47:00.0656 5516 RasPppoe - ok
15:47:00.0686 5516 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
15:47:00.0746 5516 RasSstp - ok
15:47:01.0196 5516 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
15:47:01.0276 5516 rdbss - ok
15:47:01.0306 5516 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
15:47:01.0346 5516 rdpbus - ok
15:47:01.0376 5516 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:47:01.0436 5516 RDPCDD - ok
15:47:01.0526 5516 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
15:47:01.0596 5516 RDPDR - ok
15:47:01.0646 5516 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
15:47:01.0706 5516 RDPENCDD - ok
15:47:01.0766 5516 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
15:47:01.0806 5516 RDPREFMP - ok
15:47:02.0216 5516 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
15:47:02.0316 5516 RDPWD - ok
15:47:02.0376 5516 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
15:47:02.0396 5516 rdyboost - ok
15:47:02.0606 5516 RegSrvc (3b71b5b91e7dca93585d5a86c897adc4) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
15:47:02.0636 5516 RegSrvc - ok
15:47:02.0786 5516 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
15:47:02.0856 5516 RemoteAccess - ok
15:47:02.0886 5516 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
15:47:02.0946 5516 RemoteRegistry - ok
15:47:03.0056 5516 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
15:47:03.0106 5516 RFCOMM - ok
15:47:03.0166 5516 RimUsb (71b48ddaf5e9c2b40e64de5c405f5aac) C:\Windows\system32\Drivers\RimUsb_AMD64.sys
15:47:03.0226 5516 RimUsb - ok
15:47:03.0306 5516 RimVSerPort (c903d49655b4aae46673f0aaa6be0f58) C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
15:47:03.0356 5516 RimVSerPort - ok
15:47:03.0396 5516 ROOTMODEM (388d3dd1a6457280f3badba9f3acd6b1) C:\Windows\system32\Drivers\RootMdm.sys
15:47:03.0456 5516 ROOTMODEM - ok
15:47:03.0526 5516 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
15:47:03.0586 5516 RpcEptMapper - ok
15:47:03.0616 5516 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
15:47:03.0646 5516 RpcLocator - ok
15:47:04.0326 5516 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\System32\rpcss.dll
15:47:04.0376 5516 RpcSs - ok
15:47:04.0436 5516 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
15:47:04.0486 5516 rspndr - ok
15:47:04.0526 5516 RSUSBSTOR (3ceee53bbf8ba284ff44585cec0162fe) C:\Windows\system32\Drivers\RtsUStor.sys
15:47:04.0536 5516 RSUSBSTOR - ok
15:47:04.0626 5516 RTL8167 (16d4e350420baa7e63e16e3fc033e1f5) C:\Windows\system32\DRIVERS\Rt64win7.sys
15:47:04.0636 5516 RTL8167 - ok
15:47:04.0686 5516 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
15:47:04.0716 5516 s3cap - ok
15:47:04.0776 5516 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:47:04.0786 5516 SamSs - ok
15:47:04.0936 5516 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
15:47:04.0976 5516 sbp2port - ok
15:47:05.0016 5516 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
15:47:05.0066 5516 SCardSvr - ok
15:47:05.0116 5516 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
15:47:05.0176 5516 scfilter - ok
15:47:06.0237 5516 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
15:47:06.0347 5516 Schedule - ok
15:47:06.0447 5516 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
15:47:06.0497 5516 SCPolicySvc - ok
15:47:06.0567 5516 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
15:47:06.0607 5516 sdbus - ok
15:47:06.0657 5516 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
15:47:06.0737 5516 SDRSVC - ok
15:47:07.0197 5516 SeaPort (16a252022535b680046f6e34e136d378) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
15:47:07.0227 5516 SeaPort - ok
15:47:07.0267 5516 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
15:47:07.0327 5516 secdrv - ok
15:47:07.0427 5516 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
15:47:07.0497 5516 seclogon - ok
15:47:07.0587 5516 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
15:47:07.0667 5516 SENS - ok
15:47:07.0707 5516 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
15:47:07.0767 5516 SensrSvc - ok
15:47:07.0777 5516 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
15:47:07.0807 5516 Serenum - ok
15:47:07.0827 5516 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
15:47:07.0837 5516 Serial - ok
15:47:07.0927 5516 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
15:47:07.0977 5516 sermouse - ok
15:47:08.0137 5516 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
15:47:08.0227 5516 SessionEnv - ok
15:47:08.0297 5516 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
15:47:08.0347 5516 sffdisk - ok
15:47:08.0357 5516 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
15:47:08.0397 5516 sffp_mmc - ok
15:47:08.0427 5516 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
15:47:08.0467 5516 sffp_sd - ok
15:47:08.0517 5516 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
15:47:08.0547 5516 sfloppy - ok
15:47:08.0717 5516 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
15:47:08.0807 5516 SharedAccess - ok
15:47:09.0227 5516 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
15:47:09.0307 5516 ShellHWDetection - ok
15:47:09.0387 5516 Shockprf (c45942985943fc4ab8a7ea7a92f29c00) C:\Windows\system32\DRIVERS\Apsx64.sys
15:47:09.0407 5516 Shockprf - ok
15:47:09.0417 5516 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:47:09.0427 5516 SiSRaid2 - ok
15:47:09.0477 5516 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
15:47:09.0497 5516 SiSRaid4 - ok
15:47:09.0507 5516 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
15:47:09.0577 5516 Smb - ok
15:47:09.0847 5516 SMSIVZAM5X64 (b5d3c24e4ea8e6d4850e83dad8c510d4) C:\PROGRA~2\VERIZO~1\VZACCE~1\SMSIVZAM5X64.SYS
15:47:09.0867 5516 SMSIVZAM5X64 - ok
15:47:09.0917 5516 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
15:47:09.0957 5516 SNMPTRAP - ok
15:47:09.0997 5516 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
15:47:10.0007 5516 spldr - ok
15:47:10.0637 5516 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
15:47:10.0717 5516 Spooler - ok
15:47:12.0657 5516 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
15:47:12.0837 5516 sppsvc - ok
15:47:13.0688 5516 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
15:47:13.0748 5516 sppuinotify - ok
15:47:13.0918 5516 SQLWriter (d63fc56c7c3f9b576bc25f617e3f7963) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
15:47:13.0938 5516 SQLWriter - ok
15:47:14.0608 5516 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
15:47:14.0668 5516 srv - ok
15:47:14.0758 5516 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
15:47:14.0788 5516 srv2 - ok
15:47:15.0118 5516 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
15:47:15.0148 5516 SrvHsfHDA - ok
15:47:16.0668 5516 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
15:47:16.0758 5516 SrvHsfV92 - ok
15:47:17.0638 5516 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
15:47:17.0688 5516 SrvHsfWinac - ok
15:47:17.0818 5516 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
15:47:17.0888 5516 srvnet - ok
15:47:17.0948 5516 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
15:47:18.0028 5516 SSDPSRV - ok
15:47:18.0058 5516 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
15:47:18.0098 5516 SstpSvc - ok
15:47:18.0128 5516 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
15:47:18.0138 5516 stexstor - ok
15:47:18.0168 5516 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
15:47:18.0258 5516 StillCam - ok
15:47:18.0348 5516 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
15:47:18.0418 5516 stisvc - ok
15:47:18.0448 5516 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
15:47:18.0458 5516 storflt - ok
15:47:18.0488 5516 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
15:47:18.0618 5516 StorSvc - ok
15:47:18.0668 5516 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
15:47:18.0688 5516 storvsc - ok
15:47:18.0808 5516 SUService (3119e9bc5fad5ea1cd31ae200a1da591) c:\Program Files (x86)\Lenovo\System Update\SUService.exe
15:47:18.0838 5516 SUService ( UnsignedFile.Multi.Generic ) - warning
15:47:18.0838 5516 SUService - detected UnsignedFile.Multi.Generic (1)
15:47:18.0898 5516 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
15:47:18.0908 5516 swenum - ok
15:47:19.0558 5516 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
15:47:19.0648 5516 swprv - ok
15:47:20.0028 5516 SynTP (868dfb220a18312a12cef01ba9ac069b) C:\Windows\system32\DRIVERS\SynTP.sys
15:47:20.0048 5516 SynTP - ok
15:47:21.0598 5516 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
15:47:21.0688 5516 SysMain - ok
15:47:22.0279 5516 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
15:47:22.0319 5516 TabletInputService - ok
15:47:22.0379 5516 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
15:47:22.0469 5516 TapiSrv - ok
15:47:22.0509 5516 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
15:47:22.0559 5516 TBS - ok
15:47:25.0049 5516 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
15:47:25.0119 5516 Tcpip - ok
15:47:27.0409 5516 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
15:47:27.0459 5516 TCPIP6 - ok
15:47:28.0899 5516 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
15:47:28.0969 5516 tcpipreg - ok
15:47:29.0059 5516 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
15:47:29.0109 5516 TDPIPE - ok
15:47:29.0249 5516 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
15:47:29.0319 5516 TDTCP - ok
15:47:29.0379 5516 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
15:47:29.0429 5516 tdx - ok
15:47:29.0469 5516 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
15:47:29.0479 5516 TermDD - ok
15:47:29.0529 5516 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
15:47:29.0599 5516 TermService - ok
15:47:29.0689 5516 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
15:47:29.0769 5516 Themes - ok
15:47:30.0810 5516 ThinkVantage Registry Monitor Service (39ac444e07fdbd8c2e8e291a65d515d3) C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
15:47:30.0900 5516 ThinkVantage Registry Monitor Service ( UnsignedFile.Multi.Generic ) - warning
15:47:30.0900 5516 ThinkVantage Registry Monitor Service - detected UnsignedFile.Multi.Generic (1)
15:47:30.0950 5516 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
15:47:30.0990 5516 THREADORDER - ok
15:47:31.0110 5516 TPDIGIMN (6db3fae611554dc373e266ed50111b1c) C:\Windows\system32\DRIVERS\ApsHM64.sys
15:47:31.0120 5516 TPDIGIMN - ok
15:47:31.0180 5516 TPHDEXLGSVC (47d2009fdc682833ee03b6dcba23fdd2) C:\Windows\system32\TPHDEXLG64.exe
15:47:31.0200 5516 TPHDEXLGSVC - ok
15:47:31.0340 5516 TPHKSVC (2cf225e19490f499528b926263fe4554) C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
15:47:31.0340 5516 TPHKSVC - ok
15:47:31.0390 5516 TPM (dbcc20c02e8a3e43b03c304a4e40a84f) C:\Windows\system32\drivers\tpm.sys
15:47:31.0430 5516 TPM - ok
15:47:31.0500 5516 TPPWRIF (2c067e01d6bbccc88b233b868e210907) C:\Windows\system32\drivers\Tppwr64v.sys
15:47:31.0510 5516 TPPWRIF - ok
15:47:31.0580 5516 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
15:47:31.0620 5516 TrkWks - ok
15:47:31.0790 5516 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
15:47:31.0870 5516 TrustedInstaller - ok
15:47:31.0910 5516 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:47:31.0970 5516 tssecsrv - ok
15:47:32.0040 5516 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
15:47:32.0070 5516 TsUsbFlt - ok
15:47:32.0140 5516 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
15:47:32.0230 5516 tunnel - ok
15:47:32.0260 5516 TurboB (53ff5f00eab07e329abe48ae3de4f5d7) C:\Windows\system32\DRIVERS\TurboB.sys
15:47:32.0270 5516 TurboB - ok
15:47:32.0350 5516 TurboBoost (b670df651f00194434adc6b326743709) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
15:47:32.0370 5516 TurboBoost - ok
15:47:34.0170 5516 TVT Backup Service (b56da1aa776c15043d10f82b32aa000d) C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe
15:47:34.0230 5516 TVT Backup Service ( UnsignedFile.Multi.Generic ) - warning
15:47:34.0230 5516 TVT Backup Service - detected UnsignedFile.Multi.Generic (1)
15:47:34.0620 5516 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
15:47:34.0640 5516 uagp35 - ok
15:47:35.0320 5516 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
15:47:35.0380 5516 udfs - ok
15:47:35.0420 5516 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
15:47:35.0440 5516 UI0Detect - ok
15:47:35.0590 5516 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
15:47:35.0640 5516 uliagpkx - ok
15:47:35.0690 5516 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
15:47:35.0710 5516 umbus - ok
15:47:35.0720 5516 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
15:47:35.0760 5516 UmPass - ok
15:47:36.0300 5516 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
15:47:36.0380 5516 UmRdpService - ok
15:47:39.0581 5516 UNS (9e89c2d6945389270de067ce51ff7425) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
15:47:39.0671 5516 UNS - ok
15:47:41.0571 5516 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
15:47:41.0661 5516 upnphost - ok
15:47:41.0831 5516 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
15:47:41.0891 5516 USBAAPL64 - ok
15:47:41.0941 5516 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
15:47:41.0991 5516 usbccgp - ok
15:47:42.0011 5516 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
15:47:42.0031 5516 usbcir - ok
15:47:42.0051 5516 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
15:47:42.0071 5516 usbehci - ok
15:47:42.0131 5516 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
15:47:42.0211 5516 usbhub - ok
15:47:42.0241 5516 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
15:47:42.0281 5516 usbohci - ok
15:47:42.0331 5516 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
15:47:42.0381 5516 usbprint - ok
15:47:42.0441 5516 usbsmi (e99218022f2da9afb0e89718178ca51c) C:\Windows\system32\DRIVERS\SMIksdrv.sys
15:47:42.0501 5516 usbsmi - ok
15:47:42.0551 5516 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:47:42.0621 5516 USBSTOR - ok
15:47:42.0661 5516 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
15:47:42.0691 5516 usbuhci - ok
15:47:43.0132 5516 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
15:47:43.0162 5516 usbvideo - ok
15:47:43.0202 5516 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
15:47:43.0242 5516 UxSms - ok
15:47:43.0292 5516 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:47:43.0312 5516 VaultSvc - ok
15:47:43.0352 5516 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
15:47:43.0372 5516 vdrvroot - ok
15:47:43.0882 5516 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
15:47:43.0992 5516 vds - ok
15:47:44.0042 5516 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
15:47:44.0062 5516 vga - ok
15:47:44.0072 5516 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
15:47:44.0132 5516 VgaSave - ok
15:47:44.0182 5516 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
15:47:44.0192 5516 vhdmp - ok
15:47:44.0242 5516 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
15:47:44.0252 5516 viaide - ok
15:47:44.0282 5516 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
15:47:44.0302 5516 vmbus - ok
15:47:44.0312 5516 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
15:47:44.0352 5516 VMBusHID - ok
15:47:44.0542 5516 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
15:47:44.0552 5516 volmgr - ok
15:47:44.0742 5516 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
15:47:44.0782 5516 volmgrx - ok
15:47:44.0842 5516 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
15:47:44.0872 5516 volsnap - ok
15:47:44.0902 5516 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
15:47:44.0912 5516 vsmraid - ok
15:47:45.0822 5516 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
15:47:45.0972 5516 VSS - ok
15:47:46.0642 5516 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
15:47:46.0732 5516 vwifibus - ok
15:47:46.0772 5516 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
15:47:46.0812 5516 vwififlt - ok
15:47:46.0842 5516 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
15:47:46.0862 5516 vwifimp - ok
15:47:46.0942 5516 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
15:47:46.0992 5516 W32Time - ok
15:47:47.0022 5516 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
15:47:47.0062 5516 WacomPen - ok
15:47:47.0152 5516 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:47:47.0212 5516 WANARP - ok
15:47:47.0222 5516 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:47:47.0262 5516 Wanarpv6 - ok
15:47:47.0802 5516 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
15:47:47.0862 5516 WatAdminSvc - ok
15:47:50.0363 5516 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
15:47:50.0443 5516 wbengine - ok
15:47:51.0183 5516 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
15:47:51.0203 5516 WbioSrvc - ok
15:47:51.0343 5516 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
15:47:51.0383 5516 wcncsvc - ok
15:47:51.0423 5516 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
15:47:51.0443 5516 WcsPlugInService - ok
15:47:51.0483 5516 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
15:47:51.0493 5516 Wd - ok
15:47:51.0543 5516 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam64.sys
15:47:51.0563 5516 WDC_SAM - ok
15:47:51.0623 5516 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
15:47:51.0683 5516 Wdf01000 - ok
15:47:51.0713 5516 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
15:47:51.0843 5516 WdiServiceHost - ok
15:47:51.0843 5516 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
15:47:51.0863 5516 WdiSystemHost - ok
15:47:52.0423 5516 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
15:47:52.0533 5516 WebClient - ok
15:47:52.0583 5516 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
15:47:52.0663 5516 Wecsvc - ok
15:47:52.0693 5516 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
15:47:52.0763 5516 wercplsupport - ok
15:47:52.0803 5516 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
15:47:52.0843 5516 WerSvc - ok
15:47:52.0923 5516 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
15:47:52.0973 5516 WfpLwf - ok
15:47:52.0983 5516 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
15:47:52.0993 5516 WIMMount - ok
15:47:53.0043 5516 WinDefend - ok
15:47:53.0053 5516 WinHttpAutoProxySvc - ok
15:47:53.0773 5516 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
15:47:53.0883 5516 Winmgmt - ok
15:47:57.0084 5516 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
15:47:57.0204 5516 WinRM - ok
15:47:58.0134 5516 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
15:47:58.0164 5516 WinUsb - ok
15:47:58.0424 5516 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
15:47:58.0484 5516 Wlansvc - ok
15:47:58.0594 5516 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
15:47:58.0604 5516 wlcrasvc - ok
15:48:00.0624 5516 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:48:00.0704 5516 wlidsvc - ok
15:48:01.0264 5516 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
15:48:01.0304 5516 WmiAcpi - ok
15:48:01.0534 5516 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
15:48:01.0594 5516 wmiApSrv - ok
15:48:01.0644 5516 WMPNetworkSvc - ok
15:48:01.0664 5516 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
15:48:01.0684 5516 WPCSvc - ok
15:48:01.0744 5516 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
15:48:01.0764 5516 WPDBusEnum - ok
15:48:01.0784 5516 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
15:48:01.0854 5516 ws2ifsl - ok
15:48:01.0894 5516 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
15:48:01.0934 5516 wscsvc - ok
15:48:01.0934 5516 WSearch - ok
15:48:03.0654 5516 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
15:48:03.0764 5516 wuauserv - ok
15:48:04.0744 5516 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
15:48:04.0804 5516 WudfPf - ok
15:48:04.0834 5516 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:48:04.0894 5516 WUDFRd - ok
15:48:04.0964 5516 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
15:48:05.0014 5516 wudfsvc - ok
15:48:05.0194 5516 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
15:48:05.0234 5516 WwanSvc - ok
15:48:05.0304 5516 MBR (0x1B8) (b78038123b23a81488e5022a944ce598) \Device\Harddisk0\DR0
15:48:07.0565 5516 \Device\Harddisk0\DR0 - ok
15:48:07.0625 5516 Boot (0x1200) (a8d8af9949a33d2370bb9d6fdb640a9a) \Device\Harddisk0\DR0\Partition0
15:48:07.0625 5516 \Device\Harddisk0\DR0\Partition0 - ok
15:48:07.0645 5516 Boot (0x1200) (59f44498c8e17f4dd330eb12cbbb94c7) \Device\Harddisk0\DR0\Partition1
15:48:07.0655 5516 \Device\Harddisk0\DR0\Partition1 - ok
15:48:07.0655 5516 ============================================================
15:48:07.0655 5516 Scan finished
15:48:07.0655 5516 ============================================================
15:48:07.0665 1952 Detected object count: 10
15:48:07.0665 1952 Actual detected object count: 10
15:49:57.0709 1952 McciCMService ( UnsignedFile.Multi.Generic ) - skipped by user
15:49:57.0709 1952 McciCMService ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:49:57.0719 1952 McciCMService64 ( UnsignedFile.Multi.Generic ) - skipped by user
15:49:57.0719 1952 McciCMService64 ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:49:57.0719 1952 MREMP50 ( UnsignedFile.Multi.Generic ) - skipped by user
15:49:57.0719 1952 MREMP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:49:57.0719 1952 MRESP50 ( UnsignedFile.Multi.Generic ) - skipped by user
15:49:57.0719 1952 MRESP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:49:57.0719 1952 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
15:49:57.0719 1952 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:49:57.0719 1952 Netaapl ( UnsignedFile.Multi.Generic ) - skipped by user
15:49:57.0719 1952 Netaapl ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:49:57.0719 1952 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
15:49:57.0719 1952 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:49:57.0729 1952 SUService ( UnsignedFile.Multi.Generic ) - skipped by user
15:49:57.0729 1952 SUService ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:49:57.0729 1952 ThinkVantage Registry Monitor Service ( UnsignedFile.Multi.Generic ) - skipped by user
15:49:57.0729 1952 ThinkVantage Registry Monitor Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:49:57.0729 1952 TVT Backup Service ( UnsignedFile.Multi.Generic ) - skipped by user
15:49:57.0729 1952 TVT Backup Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
  • 0

#9
maliprog
Posted 23 July 2012 - 01:55 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Download aswMBR.exe ( 511KB ) to your desktop.

  • Double click the aswMBR.exe to run it
  • Click the "Scan" button to start scan
  • On completion of the scan click save log, save it to your desktop and post aswMBR.txt in your next reply
  • Also, aswMBR will save additional file named MBR.dat. Attach it to your next reply

  • 0

#10
BJH1010
Posted 23 July 2012 - 02:32 PM

BJH1010

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-23 15:59:15
-----------------------------
15:59:15.393 OS Version: Windows x64 6.1.7601 Service Pack 1
15:59:15.393 Number of processors: 4 586 0x2502
15:59:15.393 ComputerName: BRAD-THINK UserName: Brad
15:59:17.104 Initialize success
16:01:32.257 AVAST engine defs: 12072301
16:01:40.938 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
16:01:40.938 Disk 0 Vendor: ST950032 0020 Size: 476940MB BusType: 3
16:01:40.948 Disk 0 MBR read successfully
16:01:40.958 Disk 0 MBR scan
16:01:40.958 Disk 0 unknown MBR code
16:01:40.978 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 1200 MB offset 2048
16:01:40.988 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 475738 MB offset 2459648
16:01:41.018 Disk 0 scanning C:\Windows\system32\drivers
16:01:56.721 Service scanning
16:02:28.896 Modules scanning
16:02:28.896 Disk 0 trace - called modules:
16:02:29.036 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
16:02:29.036 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005240060]
16:02:29.046 3 CLASSPNP.SYS[fffff8800185143f] -> nt!IofCallDriver -> [0xfffffa8004f22c30]
16:02:29.046 5 ACPI.sys[fffff88000e1a7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004f4e050]
16:02:30.696 AVAST engine scan C:\Windows
16:02:35.096 AVAST engine scan C:\Windows\system32
16:06:49.897 AVAST engine scan C:\Windows\system32\drivers
16:07:06.610 AVAST engine scan C:\Users\Brad
16:24:49.451 AVAST engine scan C:\ProgramData
16:29:56.971 File: C:\ProgramData\Microsoft\Windows\DRM\8EF7.tmp.dat **INFECTED** Win32:Alureon-ATZ [Trj]
16:30:40.818 Scan finished successfully
16:30:56.942 Disk 0 MBR has been saved successfully to "C:\Users\Brad\Desktop\MBR.dat"
16:30:56.947 The log file has been saved successfully to "C:\Users\Brad\Desktop\aswMBR.txt"

Attached Files

  • Attached File  MBR.dat   512bytes   169 downloads

  • 0

Advertisements

#11
maliprog
Posted 23 July 2012 - 11:12 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
How is your system now? Any changes?

Step 1

NOTE: This fix is custom made for this system only and for current system state! Don't try to run it on another system!

Please close all running programs and Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL

    :Files
    C:\ProgramData\Microsoft\Windows\DRM\8EF7.tmp.dat

    :Commands
    [purity]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles


Step 2


Download Virus Removal Tool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image


Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
Posted Image

Allow Virus Removal Tool to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threads report from the left and press Save button
Save it to your desktop and attach to your next post


Step 3


Please don't forget to include these items in your reply:


  • OTL fix log
  • VRT log
It would be helpful if you could post each log in separate post using "Add Reply" button
  • 0

#12
BJH1010
Posted 23 July 2012 - 11:15 PM

BJH1010

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Redirects appear to have subsided. Something is still blocking MSE from updating definitions. Will provide requested logs shortly.
  • 0

#13
BJH1010
Posted 23 July 2012 - 11:26 PM

BJH1010

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
First step completed

========== OTL ==========
========== FILES ==========
C:\ProgramData\Microsoft\Windows\DRM\8EF7.tmp.dat moved successfully.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.54.0 log created on 07242012_011754
  • 0

#14
BJH1010
Posted 24 July 2012 - 08:45 AM

BJH1010

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
VRT Log

Status: Deleted (events: 1)
7/24/2012 7:34:41 AM Deleted Trojan program Trojan.Win32.TDSS.ispc C:\_OTL\MovedFiles\07242012_011754\C_ProgramData\Microsoft\Windows\DRM\8EF7.tmp.dat High
Status: Quarantined (events: 11)
7/24/2012 7:52:28 AM Quarantined Trojan program Trojan-Spy.HTML.Fraud.gen Outlook\Archive Folders\Top of Personal Folders\Sent Items\[From:Brad Hammond][Subject:FW: Personal Account Verification][Time:2006/05/05 22:00:58]/RichBody High
7/24/2012 7:52:28 AM Quarantined Trojan program Trojan-Spy.HTML.Fraud.gen Outlook\Archive Folders\Top of Personal Folders\Sent Items\[From:Brad Hammond][Subject:FW: Personal Account Verification][Time:2006/05/05 22:00:58]/RichBody//Html2Rtf High
7/24/2012 7:52:44 AM Quarantined Trojan program Trojan-Spy.HTML.Fraud.gen Outlook\Archive Folders\Top of Personal Folders\Sent Items\[From:Brad Hammond][Subject:FW: Personal Account Verification][Time:2006/05/05 22:01:16]/RichBody High
7/24/2012 7:52:44 AM Quarantined Trojan program Trojan-Spy.HTML.Fraud.gen Outlook\Archive Folders\Top of Personal Folders\Sent Items\[From:Brad Hammond][Subject:FW: Personal Account Verification][Time:2006/05/05 22:01:16]/RichBody//Html2Rtf High
7/24/2012 7:52:51 AM Quarantined Trojan program Trojan-Spy.HTML.Fraud.gen Outlook\Archive Folders\Top of Personal Folders\Sent Items\[From:Brad Hammond][Subject:FW: Personal Account Verification][Time:2006/05/05 22:01:42]/RichBody High
7/24/2012 7:52:51 AM Quarantined Trojan program Trojan-Spy.HTML.Fraud.gen Outlook\Archive Folders\Top of Personal Folders\Sent Items\[From:Brad Hammond][Subject:FW: Personal Account Verification][Time:2006/05/05 22:01:42]/RichBody//Html2Rtf High
7/24/2012 7:52:59 AM Quarantined Trojan program Trojan-Spy.HTML.Fraud.gen Outlook\Archive Folders\Top of Personal Folders\Sent Items\[From:Brad Hammond][Subject:FW: Personal Account Verification][Time:2006/05/06 19:34:08]/RichBody High
7/24/2012 7:52:59 AM Quarantined Trojan program Trojan-Spy.HTML.Fraud.gen Outlook\Archive Folders\Top of Personal Folders\Sent Items\[From:Brad Hammond][Subject:FW: Personal Account Verification][Time:2006/05/06 19:34:08]/RichBody//Html2Rtf High
7/24/2012 8:00:25 AM Quarantined Trojan program Trojan-Spy.HTML.Fraud.gen Outlook\Old Archive\Top of Personal Folders\2006 Archive\[From:Wells Fargo Bank][Subject:Personal Account Verification][Time:2006/05/05 21:29:40]/HTMLBody High
7/24/2012 8:09:06 AM Quarantined Trojan program HEUR:Trojan.Win32.Generic Outlook\Old Archive\Top of Personal Folders\2008-2010 Archive\[From:Mail Delivery Subsystem][Subject:Returned mail: see transcript for details][Time:2009/06/09 09:35:26]/ Raquel Valerio-Struck (60.8 KB)/wire.scr High
7/24/2012 8:20:18 AM Quarantined Trojan program Trojan-Spy.HTML.Fraud.gen Outlook\Personal Folders\Top of Personal Folders\Inbox\[From:[email protected]][Subject:You sent a payment][Time:2012/04/11 08:05:47]/HTMLBody High
Status: Disinfected (events: 6)
7/24/2012 7:57:26 AM Disinfected Trojan program Trojan-Spy.HTML.Paylap.ev Outlook\Old Archive\Top of Personal Folders\2005 Archive\[From:PayPal][Subject:[Norton AntiSpam] New Security Requirements][Time:2005/06/22 18:08:08]/HTMLBody High
7/24/2012 7:57:31 AM Disinfected Trojan program Trojan-Spy.HTML.Paylap.ev Outlook\Old Archive\Top of Personal Folders\2005 Archive\[From:PayPal][Subject:[Norton AntiSpam] New Security Requirements][Time:2005/06/23 01:20:59]/HTMLBody High
7/24/2012 8:08:14 AM Disinfected Trojan program Backdoor.Win32.Bredolab.cbb Outlook\Old Archive\Top of Personal Folders\2008-2010 Archive\[From:UPS Manager Hugo Craft][Subject:UPS Delivery Problem NR 56948.][Time:2010/01/28 07:31:48]/UPS_invoice_NR34587.zip High
7/24/2012 8:08:40 AM Disinfected Trojan program Backdoor.Win32.Bredolab.azc Outlook\Old Archive\Top of Personal Folders\2008-2010 Archive\[From:The Facebook Team][Subject:Facebook Password Reset Confirmation.][Time:2009/10/28 09:20:22]/Facebook_Password_ea5f6.zip High
7/24/2012 8:08:40 AM Disinfected Trojan program Backdoor.Win32.Bredolab.azc Outlook\Old Archive\Top of Personal Folders\2008-2010 Archive\[From:The Facebook Team][Subject:Facebook Password Reset Confirmation.][Time:2009/10/28 09:20:22]/Facebook_Password_ea5f6.zip/Facebook_Password_ea5f6.exe High
7/24/2012 8:09:06 AM Disinfected Trojan program HEUR:Trojan.Win32.Generic Outlook\Old Archive\Top of Personal Folders\2008-2010 Archive\[From:Mail Delivery Subsystem][Subject:Returned mail: see transcript for details][Time:2009/06/09 09:35:26]/ Raquel Valerio-Struck (60.8 KB) High
  • 0

#15
maliprog
Posted 24 July 2012 - 02:02 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Let's try to reinstall MSE. Download new version from Here and reinstall it. That should fix your updating problem.

Let me know results.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP