Inactive [A] Random audio clips are plaguing me

Status
Not open for further replies.
M

minsey

Posts: 22   +0
I just got my computer back, it has been in storage for a few months. I'm not sure how it happened but I manage to get some malware that keeps playing audio clips. Most of the time it says, "Congratulations, you won". Yesterday it was much worse than it is today for some reason, but my internet connection is still slow. Can someone help me remove this and clean my computer?

I will post logs from MBAM and TDSSK below.


Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.04.06

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
Toby :: UNCG-R9F29ZG [administrator]

2/5/2012 1:12:29 AM
mbam-log-2012-02-05 (01-12-29).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 341541
Time elapsed: 1 hour(s), 30 minute(s), 7 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 
00:58:23.0208 7224 TDSS rootkit removing tool 2.7.9.0 Feb 1 2012 09:28:49
00:58:23.0614 7224 ============================================================
00:58:23.0614 7224 Current date / time: 2012/02/05 00:58:23.0614
00:58:23.0614 7224 SystemInfo:
00:58:23.0614 7224
00:58:23.0614 7224 OS Version: 6.1.7601 ServicePack: 1.0
00:58:23.0614 7224 Product type: Workstation
00:58:23.0614 7224 ComputerName: UNCG-R9F29ZG
00:58:23.0614 7224 UserName: Toby
00:58:23.0614 7224 Windows directory: C:\Windows
00:58:23.0614 7224 System windows directory: C:\Windows
00:58:23.0614 7224 Processor architecture: Intel x86
00:58:23.0614 7224 Number of processors: 4
00:58:23.0614 7224 Page size: 0x1000
00:58:23.0614 7224 Boot type: Normal boot
00:58:23.0614 7224 ============================================================
00:58:24.0015 7224 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
00:58:24.0017 7224 \Device\Harddisk0\DR0:
00:58:24.0017 7224 MBR used
00:58:24.0017 7224 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x149F000, BlocksNum 0xC862800
00:58:24.0017 7224 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xDD01800, BlocksNum 0x1772C800
00:58:24.0066 7224 Initialize success
00:58:24.0066 7224 ============================================================
00:58:24.0943 2916 ============================================================
00:58:24.0943 2916 Scan started
00:58:24.0943 2916 Mode: Manual;
00:58:24.0943 2916 ============================================================
00:58:26.0922 2916 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
00:58:26.0922 2916 1394ohci - ok
00:58:27.0065 2916 5U877 (1875f492c399db858e77c1b29366d54b) C:\Windows\system32\DRIVERS\5U877.sys
00:58:27.0066 2916 5U877 - ok
00:58:27.0243 2916 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
00:58:27.0245 2916 ACPI - ok
00:58:27.0336 2916 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
00:58:27.0336 2916 AcpiPmi - ok
00:58:27.0452 2916 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
00:58:27.0455 2916 adp94xx - ok
00:58:27.0554 2916 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
00:58:27.0554 2916 adpahci - ok
00:58:27.0644 2916 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
00:58:27.0644 2916 adpu320 - ok
00:58:27.0754 2916 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
00:58:27.0756 2916 AFD - ok
00:58:27.0846 2916 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
00:58:27.0846 2916 agp440 - ok
00:58:27.0936 2916 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
00:58:27.0936 2916 aic78xx - ok
00:58:28.0279 2916 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
00:58:28.0280 2916 aliide - ok
00:58:28.0372 2916 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
00:58:28.0372 2916 amdagp - ok
00:58:28.0463 2916 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
00:58:28.0463 2916 amdide - ok
00:58:28.0561 2916 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
00:58:28.0561 2916 AmdK8 - ok
00:58:28.0653 2916 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
00:58:28.0654 2916 AmdPPM - ok
00:58:28.0742 2916 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
00:58:28.0743 2916 amdsata - ok
00:58:28.0826 2916 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
00:58:28.0827 2916 amdsbs - ok
00:58:28.0898 2916 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
00:58:28.0898 2916 amdxata - ok
00:58:29.0000 2916 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
00:58:29.0000 2916 AppID - ok
00:58:29.0120 2916 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
00:58:29.0121 2916 arc - ok
00:58:29.0173 2916 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
00:58:29.0173 2916 arcsas - ok
00:58:29.0253 2916 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
00:58:29.0253 2916 AsyncMac - ok
00:58:29.0363 2916 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
00:58:29.0363 2916 atapi - ok
00:58:29.0483 2916 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
00:58:29.0483 2916 b06bdrv - ok
00:58:29.0583 2916 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
00:58:29.0583 2916 b57nd60x - ok
00:58:29.0695 2916 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
00:58:29.0695 2916 Beep - ok
00:58:29.0775 2916 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
00:58:29.0785 2916 blbdrive - ok
00:58:29.0855 2916 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
00:58:29.0855 2916 bowser - ok
00:58:29.0965 2916 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
00:58:29.0965 2916 BrFiltLo - ok
00:58:30.0391 2916 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
00:58:30.0391 2916 BrFiltUp - ok
00:58:30.0513 2916 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
00:58:30.0513 2916 Brserid - ok
00:58:30.0637 2916 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
00:58:30.0637 2916 BrSerWdm - ok
00:58:30.0664 2916 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
00:58:30.0665 2916 BrUsbMdm - ok
00:58:30.0806 2916 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
00:58:30.0807 2916 BrUsbSer - ok
00:58:30.0892 2916 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\drivers\BthEnum.sys
00:58:30.0892 2916 BthEnum - ok
00:58:30.0959 2916 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
00:58:30.0960 2916 BTHMODEM - ok
00:58:31.0020 2916 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
00:58:31.0021 2916 BthPan - ok
00:58:31.0068 2916 BTHPORT (c2fbf6d271d9a94d839c416bf186ead9) C:\Windows\System32\Drivers\BTHport.sys
00:58:31.0070 2916 BTHPORT - ok
00:58:31.0104 2916 BTHUSB (c81e9413a25a439f436b1d4b6a0cf9e9) C:\Windows\System32\Drivers\BTHUSB.sys
00:58:31.0105 2916 BTHUSB - ok
00:58:31.0225 2916 BTWAMPFL (c1006bc7114b24e147dbbc2f6e83f01f) C:\Windows\system32\DRIVERS\btwampfl.sys
00:58:31.0227 2916 BTWAMPFL - ok
00:58:31.0342 2916 btwaudio (b9967a1c4f04bfcb9f4f037b20047a17) C:\Windows\system32\drivers\btwaudio.sys
00:58:31.0343 2916 btwaudio - ok
00:58:31.0400 2916 btwavdt (b325aa3278aad2af0ac6ad9dcaac744b) C:\Windows\system32\DRIVERS\btwavdt.sys
00:58:31.0401 2916 btwavdt - ok
00:58:31.0535 2916 btwl2cap (6d7a78ce470876788edb68c646f19d54) C:\Windows\system32\DRIVERS\btwl2cap.sys
00:58:31.0535 2916 btwl2cap - ok
00:58:31.0619 2916 btwrchid (bfec5b8ebc5ed16cf56496a007917791) C:\Windows\system32\DRIVERS\btwrchid.sys
00:58:31.0619 2916 btwrchid - ok
00:58:31.0700 2916 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
00:58:31.0700 2916 cdfs - ok
00:58:31.0742 2916 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
00:58:31.0743 2916 cdrom - ok
00:58:31.0778 2916 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
00:58:31.0779 2916 circlass - ok
00:58:31.0829 2916 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
00:58:31.0830 2916 CLFS - ok
00:58:31.0894 2916 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
00:58:31.0895 2916 CmBatt - ok
00:58:31.0937 2916 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
00:58:31.0937 2916 cmdide - ok
00:58:31.0969 2916 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
00:58:31.0972 2916 CNG - ok
00:58:32.0009 2916 CnxtHdAudService (108d22ae4b97307668ae5f951aed72d1) C:\Windows\system32\drivers\CHDRT32.sys
00:58:32.0019 2916 CnxtHdAudService - ok
00:58:32.0049 2916 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
00:58:32.0049 2916 Compbatt - ok
00:58:32.0089 2916 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
00:58:32.0089 2916 CompositeBus - ok
00:58:32.0151 2916 cpuz135 - ok
00:58:32.0239 2916 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
00:58:32.0239 2916 crcdisk - ok
00:58:32.0332 2916 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
00:58:32.0334 2916 CSC - ok
00:58:32.0442 2916 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
00:58:32.0443 2916 discache - ok
00:58:32.0558 2916 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
00:58:32.0558 2916 Disk - ok
00:58:32.0647 2916 DozeHDD (6d279bb0de1d8e34f454e1b353f4d738) C:\Windows\system32\DRIVERS\DozeHDD.sys
00:58:32.0648 2916 DozeHDD - ok
00:58:32.0694 2916 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
00:58:32.0695 2916 drmkaud - ok
00:58:32.0753 2916 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
00:58:32.0757 2916 DXGKrnl - ok
00:58:32.0813 2916 e1cexpress (890a46fb3d58667be559cee1a0252049) C:\Windows\system32\DRIVERS\e1c6232.sys
00:58:32.0815 2916 e1cexpress - ok
00:58:32.0891 2916 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
00:58:32.0907 2916 ebdrv - ok
00:58:33.0018 2916 eeCtrl (579a6b6135d32b857faf0e3a974535d8) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
00:58:33.0021 2916 eeCtrl - ok
00:58:33.0129 2916 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
00:58:33.0131 2916 elxstor - ok
00:58:33.0201 2916 EraserUtilRebootDrv (028d50f059bd0d2ccb209e9011b9a9a4) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
00:58:33.0202 2916 EraserUtilRebootDrv - ok
00:58:33.0304 2916 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
00:58:33.0304 2916 ErrDev - ok
00:58:33.0364 2916 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
00:58:33.0364 2916 exfat - ok
00:58:33.0394 2916 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
00:58:33.0394 2916 fastfat - ok
00:58:33.0404 2916 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
00:58:33.0404 2916 fdc - ok
00:58:33.0454 2916 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
00:58:33.0454 2916 FileInfo - ok
00:58:33.0464 2916 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
00:58:33.0464 2916 Filetrace - ok
00:58:33.0484 2916 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
00:58:33.0484 2916 flpydisk - ok
00:58:33.0514 2916 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
00:58:33.0514 2916 FltMgr - ok
00:58:33.0531 2916 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
00:58:33.0532 2916 FsDepends - ok
00:58:33.0541 2916 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
00:58:33.0542 2916 Fs_Rec - ok
00:58:33.0656 2916 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
00:58:33.0656 2916 fvevol - ok
00:58:33.0718 2916 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
00:58:33.0718 2916 gagp30kx - ok
00:58:33.0728 2916 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
00:58:33.0728 2916 hcw85cir - ok
00:58:33.0768 2916 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
00:58:33.0768 2916 HDAudBus - ok
00:58:33.0788 2916 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
00:58:33.0788 2916 HidBatt - ok
00:58:33.0808 2916 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
00:58:33.0808 2916 HidBth - ok
00:58:33.0828 2916 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
00:58:33.0828 2916 HidIr - ok
00:58:33.0874 2916 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
00:58:33.0875 2916 HidUsb - ok
00:58:33.0928 2916 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
00:58:33.0928 2916 HpSAMD - ok
00:58:33.0968 2916 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
00:58:33.0968 2916 HTTP - ok
00:58:33.0993 2916 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
00:58:33.0993 2916 hwpolicy - ok
00:58:34.0112 2916 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
00:58:34.0113 2916 i8042prt - ok
00:58:34.0162 2916 iaStor (f4037a3fedb92dd97c95f320766ea5c9) C:\Windows\system32\DRIVERS\iaStor.sys
00:58:34.0162 2916 iaStor - ok
00:58:34.0254 2916 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
00:58:34.0257 2916 iaStorV - ok
00:58:34.0294 2916 IBMPMDRV (fa3d0a6da7bb7968efe5c5bc267f0e55) C:\Windows\system32\DRIVERS\ibmpmdrv.sys
00:58:34.0295 2916 IBMPMDRV - ok
00:58:34.0552 2916 igfx (5bcac9ee17f90d03e5ff4f9bb7d2f4b8) C:\Windows\system32\DRIVERS\igdkmd32.sys
00:58:34.0606 2916 igfx - ok
00:58:34.0699 2916 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
00:58:34.0699 2916 iirsp - ok
00:58:34.0751 2916 IntcDAud (5576ad2f0039d2bccca3567fc0bf981c) C:\Windows\system32\DRIVERS\IntcDAud.sys
00:58:34.0753 2916 IntcDAud - ok
00:58:34.0789 2916 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
00:58:34.0789 2916 intelide - ok
00:58:34.0852 2916 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
00:58:34.0853 2916 intelppm - ok
00:58:34.0884 2916 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
00:58:34.0885 2916 IpFilterDriver - ok
00:58:34.0948 2916 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
00:58:34.0949 2916 IPMIDRV - ok
00:58:34.0959 2916 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
00:58:34.0960 2916 IPNAT - ok
00:58:34.0981 2916 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
00:58:34.0982 2916 IRENUM - ok
00:58:35.0006 2916 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
00:58:35.0007 2916 isapnp - ok
00:58:35.0034 2916 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
00:58:35.0035 2916 iScsiPrt - ok
00:58:35.0083 2916 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
00:58:35.0084 2916 kbdclass - ok
00:58:35.0132 2916 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys
00:58:35.0132 2916 kbdhid - ok
00:58:35.0236 2916 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys
00:58:35.0236 2916 KSecDD - ok
00:58:35.0258 2916 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
00:58:35.0258 2916 KSecPkg - ok
00:58:35.0301 2916 lenovo.smi (9aac267a225f3caebb9e633f7eb16e4b) C:\Windows\system32\DRIVERS\smiif32.sys
00:58:35.0302 2916 lenovo.smi - ok
00:58:35.0400 2916 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
00:58:35.0400 2916 lltdio - ok
00:58:35.0440 2916 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
00:58:35.0440 2916 LSI_FC - ok
00:58:35.0450 2916 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
00:58:35.0460 2916 LSI_SAS - ok
00:58:35.0470 2916 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
00:58:35.0470 2916 LSI_SAS2 - ok
00:58:35.0480 2916 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
00:58:35.0480 2916 LSI_SCSI - ok
00:58:35.0510 2916 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
00:58:35.0510 2916 luafv - ok
00:58:35.0520 2916 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
00:58:35.0520 2916 megasas - ok
00:58:35.0553 2916 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
00:58:35.0554 2916 MegaSR - ok
00:58:35.0609 2916 MEI (d86ac00883b9c98b570e7643aaf8e554) C:\Windows\system32\DRIVERS\HECI.sys
00:58:35.0610 2916 MEI - ok
00:58:35.0653 2916 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
00:58:35.0653 2916 Modem - ok
00:58:35.0701 2916 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
00:58:35.0701 2916 monitor - ok
00:58:35.0738 2916 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
00:58:35.0739 2916 mouclass - ok
00:58:35.0780 2916 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
00:58:35.0780 2916 mouhid - ok
00:58:35.0830 2916 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
00:58:35.0830 2916 mountmgr - ok
00:58:35.0893 2916 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
00:58:35.0894 2916 mpio - ok
00:58:35.0956 2916 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
00:58:35.0957 2916 mpsdrv - ok
00:58:36.0037 2916 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
00:58:36.0038 2916 MRxDAV - ok
00:58:36.0083 2916 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
00:58:36.0084 2916 mrxsmb - ok
00:58:36.0133 2916 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
00:58:36.0135 2916 mrxsmb10 - ok
00:58:36.0150 2916 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
00:58:36.0151 2916 mrxsmb20 - ok
00:58:36.0179 2916 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
00:58:36.0179 2916 msahci - ok
00:58:36.0208 2916 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
00:58:36.0208 2916 msdsm - ok
00:58:36.0239 2916 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
00:58:36.0239 2916 Msfs - ok
00:58:36.0284 2916 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
00:58:36.0284 2916 mshidkmdf - ok
00:58:36.0302 2916 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
00:58:36.0303 2916 msisadrv - ok
00:58:36.0348 2916 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
00:58:36.0348 2916 MSKSSRV - ok
00:58:36.0358 2916 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
00:58:36.0359 2916 MSPCLOCK - ok
00:58:36.0385 2916 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
00:58:36.0386 2916 MSPQM - ok
00:58:36.0441 2916 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
00:58:36.0443 2916 MsRPC - ok
00:58:36.0477 2916 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
00:58:36.0477 2916 mssmbios - ok
00:58:36.0518 2916 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
00:58:36.0518 2916 MSTEE - ok
00:58:36.0527 2916 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
00:58:36.0528 2916 MTConfig - ok
00:58:36.0549 2916 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
00:58:36.0550 2916 Mup - ok
00:58:36.0581 2916 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
00:58:36.0584 2916 NativeWifiP - ok
00:58:36.0707 2916 NAVENG (862f55824ac81295837b0ab63f91071f) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20120203.036\NAVENG.SYS
00:58:36.0708 2916 NAVENG - ok
00:58:36.0808 2916 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20120203.036\NAVEX15.SYS
00:58:36.0817 2916 NAVEX15 - ok
00:58:37.0146 2916 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
00:58:37.0150 2916 NDIS - ok
00:58:37.0191 2916 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
00:58:37.0192 2916 NdisCap - ok
00:58:37.0241 2916 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
00:58:37.0241 2916 NdisTapi - ok
00:58:37.0268 2916 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
00:58:37.0269 2916 Ndisuio - ok
00:58:37.0294 2916 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
00:58:37.0295 2916 NdisWan - ok
00:58:37.0337 2916 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
00:58:37.0337 2916 NDProxy - ok
00:58:37.0362 2916 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
00:58:37.0362 2916 NetBIOS - ok
00:58:37.0382 2916 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
00:58:37.0382 2916 NetBT - ok
00:58:37.0524 2916 NETwNs32 (814596469bbe40ef99ccfd582a375b83) C:\Windows\system32\DRIVERS\NETwNs32.sys
00:58:37.0572 2916 NETwNs32 - ok
00:58:37.0629 2916 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
00:58:37.0630 2916 nfrd960 - ok
00:58:37.0658 2916 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
00:58:37.0659 2916 Npfs - ok
00:58:37.0670 2916 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
00:58:37.0670 2916 nsiproxy - ok
00:58:37.0736 2916 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
00:58:37.0736 2916 Ntfs - ok
00:58:37.0756 2916 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
00:58:37.0756 2916 Null - ok
00:58:37.0947 2916 nvlddmkm (f86c503cb3b63cdf0b987c3fc54c1353) C:\Windows\system32\DRIVERS\nvlddmkm.sys
00:58:38.0000 2916 nvlddmkm - ok
00:58:38.0025 2916 nvpciflt (71c77ad0c6edf31034ecf5aa820fa26b) C:\Windows\system32\DRIVERS\nvpciflt.sys
00:58:38.0025 2916 nvpciflt - ok
00:58:38.0060 2916 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
00:58:38.0060 2916 nvraid - ok
00:58:38.0080 2916 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
00:58:38.0080 2916 nvstor - ok
00:58:38.0172 2916 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
00:58:38.0172 2916 nv_agp - ok
00:58:38.0202 2916 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
00:58:38.0202 2916 ohci1394 - ok
00:58:38.0324 2916 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
00:58:38.0324 2916 Parport - ok
00:58:38.0424 2916 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
00:58:38.0424 2916 partmgr - ok
00:58:38.0454 2916 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
00:58:38.0454 2916 Parvdm - ok
00:58:38.0565 2916 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
00:58:38.0566 2916 pci - ok
00:58:38.0590 2916 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
00:58:38.0590 2916 pciide - ok
00:58:38.0698 2916 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
00:58:38.0698 2916 pcmcia - ok
00:58:38.0788 2916 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
00:58:38.0788 2916 pcw - ok
00:58:38.0808 2916 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
00:58:38.0818 2916 PEAUTH - ok
00:58:38.0954 2916 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
00:58:38.0954 2916 PptpMiniport - ok
00:58:38.0992 2916 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
00:58:38.0992 2916 Processor - ok
00:58:39.0042 2916 psadd (06f82545e04ebf113b1c2c1c9f766d81) C:\Windows\system32\DRIVERS\psadd.sys
00:58:39.0042 2916 psadd - ok
00:58:39.0092 2916 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
00:58:39.0093 2916 Psched - ok
00:58:39.0124 2916 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
00:58:39.0134 2916 ql2300 - ok
00:58:39.0144 2916 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
00:58:39.0144 2916 ql40xx - ok
00:58:39.0164 2916 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
00:58:39.0164 2916 QWAVEdrv - ok
00:58:39.0164 2916 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
00:58:39.0164 2916 RasAcd - ok
00:58:39.0204 2916 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
00:58:39.0204 2916 RasAgileVpn - ok
00:58:39.0214 2916 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
00:58:39.0214 2916 Rasl2tp - ok
00:58:39.0252 2916 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
00:58:39.0253 2916 RasPppoe - ok
00:58:39.0265 2916 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
00:58:39.0265 2916 RasSstp - ok
00:58:39.0298 2916 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
00:58:39.0300 2916 rdbss - ok
00:58:39.0320 2916 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
00:58:39.0321 2916 rdpbus - ok
00:58:39.0366 2916 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
00:58:39.0366 2916 RDPCDD - ok
00:58:39.0399 2916 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
00:58:39.0400 2916 RDPDR - ok
00:58:39.0429 2916 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
00:58:39.0430 2916 RDPENCDD - ok
00:58:39.0447 2916 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
00:58:39.0448 2916 RDPREFMP - ok
00:58:39.0500 2916 RdpVideoMiniport (68a0387f58e226deee23d9715955572a) C:\Windows\system32\drivers\rdpvideominiport.sys
00:58:39.0500 2916 RdpVideoMiniport - ok
00:58:39.0558 2916 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
00:58:39.0560 2916 RDPWD - ok
00:58:39.0604 2916 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
00:58:39.0605 2916 rdyboost - ok
00:58:39.0658 2916 regi (001b4278407f4303efc902a2b16f2453) C:\Windows\system32\drivers\regi.sys
00:58:39.0658 2916 regi - ok
00:58:39.0701 2916 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
00:58:39.0702 2916 RFCOMM - ok
00:58:39.0738 2916 risdxc (9ebc0f4b55ec20e91fe40ac83825836c) C:\Windows\system32\DRIVERS\risdxc86.sys
00:58:39.0739 2916 risdxc - ok
00:58:39.0785 2916 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
00:58:39.0786 2916 rspndr - ok
00:58:39.0824 2916 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
00:58:39.0824 2916 s3cap - ok
00:58:39.0857 2916 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
00:58:39.0858 2916 sbp2port - ok
00:58:39.0895 2916 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
00:58:39.0896 2916 scfilter - ok
00:58:39.0938 2916 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
00:58:39.0939 2916 secdrv - ok
00:58:39.0958 2916 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
00:58:39.0959 2916 Serenum - ok
00:58:39.0978 2916 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
00:58:39.0979 2916 Serial - ok
00:58:40.0006 2916 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
00:58:40.0007 2916 sermouse - ok
00:58:40.0049 2916 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
00:58:40.0049 2916 sffdisk - ok
00:58:40.0064 2916 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
00:58:40.0065 2916 sffp_mmc - ok
00:58:40.0082 2916 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
00:58:40.0082 2916 sffp_sd - ok
00:58:40.0113 2916 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
00:58:40.0113 2916 sfloppy - ok
00:58:40.0227 2916 Shockprf (df6a84dd19d3c0858d707b5e64938d60) C:\Windows\system32\DRIVERS\Apsx86.sys
00:58:40.0227 2916 Shockprf - ok
00:58:40.0307 2916 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
00:58:40.0307 2916 sisagp - ok
00:58:40.0377 2916 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
00:58:40.0377 2916 SiSRaid2 - ok
00:58:40.0407 2916 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
00:58:40.0407 2916 SiSRaid4 - ok
00:58:40.0437 2916 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
00:58:40.0447 2916 Smb - ok
00:58:40.0497 2916 smihlp (0b9c01236d25bdcb37aa79dc59dfb7d3) C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys
00:58:40.0497 2916 smihlp - ok
00:58:40.0587 2916 SPBBCDrv (e87cf104f12c92401c4d33c50a3d5dc8) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
00:58:40.0587 2916 SPBBCDrv - ok
00:58:40.0687 2916 spldr (95cf1ae7527fb70f7816563cbc09d942)
 
C:\Windows\system32\drivers\spldr.sys
00:58:40.0687 2916 spldr - ok
00:58:40.0737 2916 SRTSP (5a293729e1f9fce3a2106d1f5dc5e98a) C:\Windows\system32\Drivers\SRTSP.SYS
00:58:40.0747 2916 SRTSP - ok
00:58:40.0767 2916 SRTSPL (0ddb7fba32be09d8057063c0cee24137) C:\Windows\system32\Drivers\SRTSPL.SYS
00:58:40.0767 2916 SRTSPL - ok
00:58:40.0847 2916 SRTSPX (a99719dfb61b61aa5026341bbb733c0a) C:\Windows\system32\Drivers\SRTSPX.SYS
00:58:40.0847 2916 SRTSPX - ok
00:58:40.0877 2916 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
00:58:40.0877 2916 srv - ok
00:58:40.0947 2916 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
00:58:40.0957 2916 srv2 - ok
00:58:40.0997 2916 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
00:58:40.0997 2916 srvnet - ok
00:58:41.0097 2916 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
00:58:41.0097 2916 stexstor - ok
00:58:41.0127 2916 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
00:58:41.0137 2916 storflt - ok
00:58:41.0197 2916 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
00:58:41.0197 2916 storvsc - ok
00:58:41.0217 2916 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
00:58:41.0217 2916 swenum - ok
00:58:41.0317 2916 SWI32 (408902ccbc48113154e428b41931aa5b) C:\Program Files\Lenovo\System Update\tvsuhd32.sys
00:58:41.0317 2916 SWI32 - ok
00:58:41.0407 2916 SymEvent (a54ff04bd6e75dc4d8cb6f3e352635e0) C:\Windows\system32\Drivers\SYMEVENT.SYS
00:58:41.0407 2916 SymEvent - ok
00:58:41.0437 2916 SYMREDRV (394b2368212114d538316812af60fddd) C:\Windows\System32\Drivers\SYMREDRV.SYS
00:58:41.0437 2916 SYMREDRV - ok
00:58:41.0537 2916 SYMTDI (d46676bb414c7531bdffe637a33f5033) C:\Windows\System32\Drivers\SYMTDI.SYS
00:58:41.0537 2916 SYMTDI - ok
00:58:41.0567 2916 Synth3dVsc - ok
00:58:41.0616 2916 SynTP (2185cc5be9922562108cf87f42e4bbaf) C:\Windows\system32\DRIVERS\SynTP.sys
00:58:41.0624 2916 SynTP - ok
00:58:41.0734 2916 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
00:58:41.0741 2916 Tcpip - ok
00:58:41.0809 2916 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
00:58:41.0816 2916 TCPIP6 - ok
00:58:41.0845 2916 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
00:58:41.0846 2916 tcpipreg - ok
00:58:41.0877 2916 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
00:58:41.0877 2916 TDPIPE - ok
00:58:41.0890 2916 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
00:58:41.0891 2916 TDTCP - ok
00:58:41.0926 2916 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
00:58:41.0927 2916 tdx - ok
00:58:41.0960 2916 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
00:58:41.0961 2916 TermDD - ok
00:58:42.0091 2916 TPDIGIMN (50b570e4209f6d401893720fc8ddce46) C:\Windows\system32\DRIVERS\ApsHM86.sys
00:58:42.0091 2916 TPDIGIMN - ok
00:58:42.0186 2916 TPM (5ad05191dc8b444a7ba4d79b76c42a30) C:\Windows\system32\drivers\tpm.sys
00:58:42.0187 2916 TPM - ok
00:58:42.0295 2916 TPPWRIF (c16ec6a5390904d3971179553852025b) C:\Windows\system32\drivers\Tppwr32v.sys
00:58:42.0296 2916 TPPWRIF - ok
00:58:42.0421 2916 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
00:58:42.0423 2916 tssecsrv - ok
00:58:42.0516 2916 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
00:58:42.0517 2916 TsUsbFlt - ok
00:58:42.0584 2916 tsusbhub - ok
00:58:42.0894 2916 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
00:58:42.0897 2916 tunnel - ok
00:58:43.0001 2916 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
00:58:43.0001 2916 uagp35 - ok
00:58:43.0076 2916 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
00:58:43.0081 2916 udfs - ok
00:58:43.0236 2916 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
00:58:43.0238 2916 uliagpkx - ok
00:58:43.0354 2916 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
00:58:43.0355 2916 umbus - ok
00:58:43.0465 2916 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
00:58:43.0466 2916 UmPass - ok
00:58:43.0562 2916 usbaudio (1d9f2bd026e8e2d45033a4df3f16b78c) C:\Windows\system32\drivers\usbaudio.sys
00:58:43.0563 2916 usbaudio - ok
00:58:43.0644 2916 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
00:58:43.0644 2916 usbccgp - ok
00:58:43.0755 2916 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
00:58:43.0758 2916 usbcir - ok
00:58:43.0853 2916 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\drivers\usbehci.sys
00:58:43.0853 2916 usbehci - ok
00:58:43.0951 2916 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
00:58:43.0958 2916 usbhub - ok
00:58:44.0251 2916 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
00:58:44.0251 2916 usbohci - ok
00:58:44.0348 2916 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
00:58:44.0348 2916 usbprint - ok
00:58:44.0456 2916 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
00:58:44.0457 2916 usbscan - ok
00:58:44.0579 2916 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
00:58:44.0580 2916 USBSTOR - ok
00:58:44.0676 2916 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys
00:58:44.0676 2916 usbuhci - ok
00:58:44.0797 2916 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys
00:58:44.0801 2916 usbvideo - ok
00:58:44.0900 2916 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
00:58:44.0902 2916 vdrvroot - ok
00:58:45.0013 2916 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
00:58:45.0014 2916 vga - ok
00:58:45.0103 2916 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
00:58:45.0103 2916 VgaSave - ok
00:58:45.0160 2916 VGPU - ok
00:58:45.0238 2916 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
00:58:45.0240 2916 vhdmp - ok
00:58:45.0347 2916 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
00:58:45.0348 2916 viaagp - ok
00:58:45.0442 2916 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
00:58:45.0443 2916 ViaC7 - ok
00:58:45.0532 2916 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
00:58:45.0533 2916 viaide - ok
00:58:45.0633 2916 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
00:58:45.0634 2916 vmbus - ok
00:58:45.0743 2916 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
00:58:45.0744 2916 VMBusHID - ok
00:58:45.0829 2916 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
00:58:45.0829 2916 volmgr - ok
00:58:45.0888 2916 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
00:58:45.0890 2916 volmgrx - ok
00:58:46.0076 2916 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
00:58:46.0081 2916 volsnap - ok
00:58:46.0325 2916 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
00:58:46.0329 2916 vsmraid - ok
00:58:46.0440 2916 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
00:58:46.0442 2916 vwifibus - ok
00:58:46.0554 2916 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
00:58:46.0556 2916 vwififlt - ok
00:58:46.0605 2916 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
00:58:46.0606 2916 WacomPen - ok
00:58:46.0721 2916 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
00:58:46.0721 2916 WANARP - ok
00:58:46.0731 2916 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
00:58:46.0731 2916 Wanarpv6 - ok
00:58:46.0835 2916 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
00:58:46.0836 2916 Wd - ok
00:58:46.0902 2916 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
00:58:46.0906 2916 Wdf01000 - ok
00:58:47.0054 2916 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
00:58:47.0054 2916 WfpLwf - ok
00:58:47.0155 2916 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
00:58:47.0157 2916 WIMMount - ok
00:58:47.0288 2916 WinDriver6 (451f905bc7bff9e1cff2e7ae76196b2c) C:\Windows\system32\drivers\windrvr6.sys
00:58:47.0291 2916 WinDriver6 - ok
00:58:47.0427 2916 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUSB.sys
00:58:47.0429 2916 WinUsb - ok
00:58:47.0537 2916 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
00:58:47.0539 2916 WmiAcpi - ok
00:58:47.0641 2916 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
00:58:47.0642 2916 ws2ifsl - ok
00:58:47.0695 2916 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
00:58:47.0696 2916 WudfPf - ok
00:58:47.0738 2916 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
00:58:47.0738 2916 WUDFRd - ok
00:58:47.0798 2916 MBR (0x1B8) (39993602a90111766c6e32adca5d1cb9) \Device\Harddisk0\DR0
00:58:47.0835 2916 \Device\Harddisk0\DR0 - ok
00:58:47.0891 2916 Boot (0x1200) (aaed9544365d9113a8ec2b14f8ffe474) \Device\Harddisk0\DR0\Partition0
00:58:47.0892 2916 \Device\Harddisk0\DR0\Partition0 - ok
00:58:47.0914 2916 Boot (0x1200) (f0e754be0d6d9c75a2c2e225e6aa600c) \Device\Harddisk0\DR0\Partition1
00:58:47.0916 2916 \Device\Harddisk0\DR0\Partition1 - ok
00:58:47.0920 2916 ============================================================
00:58:47.0920 2916 Scan finished
00:58:47.0920 2916 ============================================================
00:58:47.0932 6288 Detected object count: 0
00:58:47.0932 6288 Actual detected object count: 0
00:58:52.0692 5104 ============================================================
00:58:52.0692 5104 Scan started
00:58:52.0692 5104 Mode: Manual;
00:58:52.0692 5104 ============================================================
00:58:54.0591 5104 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
00:58:54.0592 5104 1394ohci - ok
00:58:54.0697 5104 5U877 (1875f492c399db858e77c1b29366d54b) C:\Windows\system32\DRIVERS\5U877.sys
00:58:54.0697 5104 5U877 - ok
00:58:55.0366 5104 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
00:58:55.0368 5104 ACPI - ok
00:58:55.0468 5104 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
00:58:55.0468 5104 AcpiPmi - ok
00:58:55.0554 5104 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
00:58:55.0554 5104 adp94xx - ok
00:58:55.0654 5104 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
00:58:55.0664 5104 adpahci - ok
00:58:55.0764 5104 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
00:58:55.0764 5104 adpu320 - ok
00:58:55.0864 5104 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
00:58:55.0864 5104 AFD - ok
00:58:55.0954 5104 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
00:58:55.0954 5104 agp440 - ok
00:58:56.0054 5104 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
00:58:56.0054 5104 aic78xx - ok
00:58:56.0204 5104 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
00:58:56.0204 5104 aliide - ok
00:58:56.0294 5104 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
00:58:56.0294 5104 amdagp - ok
00:58:56.0384 5104 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
00:58:56.0384 5104 amdide - ok
00:58:56.0474 5104 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
00:58:56.0474 5104 AmdK8 - ok
00:58:56.0568 5104 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
00:58:56.0569 5104 AmdPPM - ok
00:58:56.0657 5104 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
00:58:56.0658 5104 amdsata - ok
00:58:56.0759 5104 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
00:58:56.0762 5104 amdsbs - ok
00:58:56.0846 5104 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
00:58:56.0848 5104 amdxata - ok
00:58:56.0940 5104 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
00:58:56.0941 5104 AppID - ok
00:58:57.0044 5104 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
00:58:57.0045 5104 arc - ok
00:58:57.0138 5104 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
00:58:57.0139 5104 arcsas - ok
00:58:57.0241 5104 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
00:58:57.0242 5104 AsyncMac - ok
00:58:57.0341 5104 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
00:58:57.0342 5104 atapi - ok
00:58:57.0485 5104 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
00:58:57.0488 5104 b06bdrv - ok
00:58:57.0605 5104 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
00:58:57.0608 5104 b57nd60x - ok
00:58:57.0719 5104 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
00:58:57.0720 5104 Beep - ok
00:58:57.0825 5104 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
00:58:57.0825 5104 blbdrive - ok
00:58:57.0928 5104 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
00:58:57.0928 5104 bowser - ok
00:58:58.0238 5104 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
00:58:58.0239 5104 BrFiltLo - ok
00:58:58.0332 5104 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
00:58:58.0332 5104 BrFiltUp - ok
00:58:58.0407 5104 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
00:58:58.0413 5104 Brserid - ok
00:58:58.0470 5104 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
00:58:58.0470 5104 BrSerWdm - ok
00:58:58.0496 5104 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
00:58:58.0497 5104 BrUsbMdm - ok
00:58:58.0588 5104 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
00:58:58.0589 5104 BrUsbSer - ok
00:58:58.0666 5104 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\drivers\BthEnum.sys
00:58:58.0667 5104 BthEnum - ok
00:58:58.0766 5104 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
00:58:58.0767 5104 BTHMODEM - ok
00:58:58.0829 5104 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
00:58:58.0831 5104 BthPan - ok
00:58:58.0895 5104 BTHPORT (c2fbf6d271d9a94d839c416bf186ead9) C:\Windows\System32\Drivers\BTHport.sys
00:58:58.0902 5104 BTHPORT - ok
00:58:59.0003 5104 BTHUSB (c81e9413a25a439f436b1d4b6a0cf9e9) C:\Windows\System32\Drivers\BTHUSB.sys
00:58:59.0004 5104 BTHUSB - ok
00:58:59.0080 5104 BTWAMPFL (c1006bc7114b24e147dbbc2f6e83f01f) C:\Windows\system32\DRIVERS\btwampfl.sys
00:58:59.0081 5104 BTWAMPFL - ok
00:58:59.0165 5104 btwaudio (b9967a1c4f04bfcb9f4f037b20047a17) C:\Windows\system32\drivers\btwaudio.sys
00:58:59.0165 5104 btwaudio - ok
00:58:59.0223 5104 btwavdt (b325aa3278aad2af0ac6ad9dcaac744b) C:\Windows\system32\DRIVERS\btwavdt.sys
00:58:59.0224 5104 btwavdt - ok
00:58:59.0261 5104 btwl2cap (6d7a78ce470876788edb68c646f19d54) C:\Windows\system32\DRIVERS\btwl2cap.sys
00:58:59.0262 5104 btwl2cap - ok
00:58:59.0275 5104 btwrchid (bfec5b8ebc5ed16cf56496a007917791) C:\Windows\system32\DRIVERS\btwrchid.sys
00:58:59.0276 5104 btwrchid - ok
00:58:59.0298 5104 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
00:58:59.0299 5104 cdfs - ok
00:58:59.0349 5104 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
00:58:59.0349 5104 cdrom - ok
00:58:59.0369 5104 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
00:58:59.0369 5104 circlass - ok
00:58:59.0402 5104 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
00:58:59.0403 5104 CLFS - ok
00:58:59.0509 5104 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
00:58:59.0510 5104 CmBatt - ok
00:58:59.0630 5104 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
00:58:59.0631 5104 cmdide - ok
00:58:59.0743 5104 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
00:58:59.0745 5104 CNG - ok
00:58:59.0878 5104 CnxtHdAudService (108d22ae4b97307668ae5f951aed72d1) C:\Windows\system32\drivers\CHDRT32.sys
00:58:59.0889 5104 CnxtHdAudService - ok
00:59:00.0007 5104 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
00:59:00.0008 5104 Compbatt - ok
00:59:00.0288 5104 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
00:59:00.0288 5104 CompositeBus - ok
00:59:00.0326 5104 cpuz135 - ok
00:59:00.0413 5104 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
00:59:00.0414 5104 crcdisk - ok
00:59:00.0510 5104 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
00:59:00.0517 5104 CSC - ok
00:59:00.0600 5104 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
00:59:00.0601 5104 discache - ok
00:59:00.0645 5104 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
00:59:00.0645 5104 Disk - ok
00:59:00.0672 5104 DozeHDD (6d279bb0de1d8e34f454e1b353f4d738) C:\Windows\system32\DRIVERS\DozeHDD.sys
00:59:00.0672 5104 DozeHDD - ok
00:59:00.0694 5104 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
00:59:00.0695 5104 drmkaud - ok
00:59:00.0746 5104 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
00:59:00.0749 5104 DXGKrnl - ok
00:59:00.0770 5104 e1cexpress (890a46fb3d58667be559cee1a0252049) C:\Windows\system32\DRIVERS\e1c6232.sys
00:59:00.0771 5104 e1cexpress - ok
00:59:00.0835 5104 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
00:59:00.0849 5104 ebdrv - ok
00:59:00.0917 5104 eeCtrl (579a6b6135d32b857faf0e3a974535d8) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
00:59:00.0919 5104 eeCtrl - ok
00:59:01.0019 5104 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
00:59:01.0021 5104 elxstor - ok
00:59:01.0066 5104 EraserUtilRebootDrv (028d50f059bd0d2ccb209e9011b9a9a4) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
00:59:01.0067 5104 EraserUtilRebootDrv - ok
00:59:01.0161 5104 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
00:59:01.0161 5104 ErrDev - ok
00:59:01.0214 5104 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
00:59:01.0217 5104 exfat - ok
00:59:01.0244 5104 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
00:59:01.0247 5104 fastfat - ok
00:59:01.0265 5104 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
00:59:01.0266 5104 fdc - ok
00:59:01.0296 5104 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
00:59:01.0297 5104 FileInfo - ok
00:59:01.0309 5104 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
00:59:01.0309 5104 Filetrace - ok
00:59:01.0330 5104 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
00:59:01.0331 5104 flpydisk - ok
00:59:01.0345 5104 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
00:59:01.0346 5104 FltMgr - ok
00:59:01.0362 5104 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
00:59:01.0363 5104 FsDepends - ok
00:59:01.0373 5104 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
00:59:01.0374 5104 Fs_Rec - ok
00:59:01.0416 5104 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
00:59:01.0418 5104 fvevol - ok
00:59:01.0441 5104 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
00:59:01.0442 5104 gagp30kx - ok
00:59:01.0464 5104 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
00:59:01.0465 5104 hcw85cir - ok
00:59:01.0498 5104 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
00:59:01.0499 5104 HDAudBus - ok
00:59:01.0514 5104 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
00:59:01.0514 5104 HidBatt - ok
00:59:01.0525 5104 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
00:59:01.0526 5104 HidBth - ok
00:59:01.0535 5104 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
00:59:01.0536 5104 HidIr - ok
00:59:01.0556 5104 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
00:59:01.0556 5104 HidUsb - ok
00:59:01.0590 5104 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
00:59:01.0591 5104 HpSAMD - ok
00:59:01.0618 5104 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
00:59:01.0620 5104 HTTP - ok
00:59:01.0650 5104 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
00:59:01.0650 5104 hwpolicy - ok
00:59:01.0685 5104 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
00:59:01.0686 5104 i8042prt - ok
00:59:01.0736 5104 iaStor (f4037a3fedb92dd97c95f320766ea5c9) C:\Windows\system32\DRIVERS\iaStor.sys
00:59:01.0737 5104 iaStor - ok
00:59:01.0778 5104 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
00:59:01.0780 5104 iaStorV - ok
00:59:01.0822 5104 IBMPMDRV (fa3d0a6da7bb7968efe5c5bc267f0e55) C:\Windows\system32\DRIVERS\ibmpmdrv.sys
00:59:01.0822 5104 IBMPMDRV - ok
00:59:02.0029 5104 igfx (5bcac9ee17f90d03e5ff4f9bb7d2f4b8) C:\Windows\system32\DRIVERS\igdkmd32.sys
00:59:02.0075 5104 igfx - ok
00:59:02.0198 5104 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
00:59:02.0199 5104 iirsp - ok
00:59:02.0267 5104 IntcDAud (5576ad2f0039d2bccca3567fc0bf981c) C:\Windows\system32\DRIVERS\IntcDAud.sys
00:59:02.0270 5104 IntcDAud - ok
00:59:02.0365 5104 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
00:59:02.0366 5104 intelide - ok
00:59:02.0444 5104 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
00:59:02.0446 5104 intelppm - ok
00:59:02.0550 5104 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
00:59:02.0551 5104 IpFilterDriver - ok
00:59:02.0621 5104 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
00:59:02.0622 5104 IPMIDRV - ok
00:59:02.0668 5104 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
00:59:02.0668 5104 IPNAT - ok
00:59:02.0755 5104 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
00:59:02.0756 5104 IRENUM - ok
00:59:02.0805 5104 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
00:59:02.0805 5104 isapnp - ok
00:59:02.0874 5104 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
00:59:02.0875 5104 iScsiPrt - ok
00:59:02.0898 5104 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
00:59:02.0899 5104 kbdclass - ok
00:59:02.0930 5104 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys
00:59:02.0931 5104 kbdhid - ok
00:59:02.0959 5104 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys
00:59:02.0960 5104 KSecDD - ok
00:59:03.0059 5104 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
00:59:03.0059 5104 KSecPkg - ok
00:59:03.0116 5104 lenovo.smi (9aac267a225f3caebb9e633f7eb16e4b) C:\Windows\system32\DRIVERS\smiif32.sys
00:59:03.0117 5104 lenovo.smi - ok
00:59:03.0227 5104 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
00:59:03.0228 5104 lltdio - ok
00:59:03.0372 5104 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
00:59:03.0372 5104 LSI_FC - ok
00:59:03.0499 5104 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
00:59:03.0500 5104 LSI_SAS - ok
00:59:03.0560 5104 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
00:59:03.0561 5104 LSI_SAS2 - ok
00:59:03.0594 5104 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
00:59:03.0595 5104 LSI_SCSI - ok
00:59:03.0661 5104 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
00:59:03.0662 5104 luafv - ok
00:59:03.0778 5104 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
00:59:03.0778 5104 megasas - ok
00:59:03.0886 5104 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
00:59:03.0896 5104 MegaSR - ok
00:59:04.0016 5104 MEI (d86ac00883b9c98b570e7643aaf8e554) C:\Windows\system32\DRIVERS\HECI.sys
00:59:04.0017 5104 MEI - ok
00:59:04.0109 5104 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
00:59:04.0110 5104 Modem - ok
00:59:04.0207 5104 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
00:59:04.0208 5104 monitor - ok
00:59:04.0503 5104 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
00:59:04.0503 5104 mouclass - ok
00:59:04.0620 5104 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
00:59:04.0622 5104 mouhid - ok
00:59:04.0729 5104 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
00:59:04.0731 5104 mountmgr - ok
00:59:04.0841 5104 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
00:59:04.0842 5104 mpio - ok
00:59:04.0946 5104 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
00:59:04.0946 5104 mpsdrv - ok
00:59:05.0062 5104 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
00:59:05.0064 5104 MRxDAV - ok
00:59:05.0173 5104 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
00:59:05.0175 5104 mrxsmb - ok
00:59:05.0290 5104 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
00:59:05.0291 5104 mrxsmb10 - ok
00:59:05.0399 5104 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
00:59:05.0402 5104 mrxsmb20 - ok
00:59:05.0510 5104 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
00:59:05.0511 5104 msahci - ok
00:59:05.0622 5104 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
00:59:05.0623 5104 msdsm - ok
00:59:05.0721 5104 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
00:59:05.0723 5104 Msfs - ok
00:59:05.0824 5104 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
00:59:05.0824 5104 mshidkmdf - ok
00:59:05.0951 5104 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
00:59:05.0952 5104 msisadrv - ok
00:59:06.0254 5104 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
00:59:06.0255 5104 MSKSSRV - ok
00:59:06.0388 5104 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
00:59:06.0388 5104 MSPCLOCK - ok
00:59:06.0516 5104 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
00:59:06.0516 5104 MSPQM - ok
00:59:06.0649 5104 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
00:59:06.0653 5104 MsRPC - ok
00:59:06.0828 5104 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
00:59:06.0828 5104 mssmbios - ok
00:59:06.0966 5104 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
00:59:06.0967 5104 MSTEE - ok
00:59:07.0108 5104 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
00:59:07.0109 5104 MTConfig - ok
00:59:07.0264 5104 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
00:59:07.0265 5104 Mup - ok
00:59:07.0392 5104 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
00:59:07.0398 5104 NativeWifiP - ok
00:59:07.0489 5104 NAVENG (862f55824ac81295837b0ab63f91071f) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20120203.036\NAVENG.SYS
00:59:07.0490 5104 NAVENG - ok
00:59:07.0530 5104 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20120203.036\NAVEX15.SYS
00:59:07.0537 5104 NAVEX15 - ok
00:59:07.0688 5104 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
00:59:07.0694 5104 NDIS - ok
00:59:07.0815 5104 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
00:59:07.0816 5104 NdisCap - ok
00:59:07.0947 5104 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
00:59:07.0949 5104 NdisTapi - ok
00:59:08.0191 5104 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
00:59:08.0192 5104 Ndisuio - ok
00:59:08.0326 5104 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
00:59:08.0326 5104 NdisWan - ok
00:59:08.0460 5104 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
00:59:08.0462 5104 NDProxy - ok
00:59:08.0589 5104 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
00:59:08.0590 5104 NetBIOS - ok
00:59:08.0732 5104 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
00:59:08.0736 5104 NetBT - ok
00:59:09.0051 5104 NETwNs32 (814596469bbe40ef99ccfd582a375b83) C:\Windows\system32\DRIVERS\NETwNs32.sys
00:59:09.0082 5104 NETwNs32 - ok
00:59:09.0220 5104 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
00:59:09.0221 5104 nfrd960 - ok
00:59:09.0340 5104 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
00:59:09.0340 5104 Npfs - ok
00:59:09.0423 5104 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
00:59:09.0425 5104 nsiproxy - ok
00:59:09.0560 5104 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
00:59:09.0575 5104 Ntfs - ok
00:59:09.0706 5104 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
00:59:09.0707 5104 Null - ok
00:59:10.0041 5104 nvlddmkm (f86c503cb3b63cdf0b987c3fc54c1353) C:\Windows\system32\DRIVERS\nvlddmkm.sys
00:59:10.0085 5104 nvlddmkm - ok
00:59:10.0184 5104 nvpciflt (71c77ad0c6edf31034ecf5aa820fa26b) C:\Windows\system32\DRIVERS\nvpciflt.sys
00:59:10.0184 5104 nvpciflt - ok
00:59:10.0304 5104 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
00:59:10.0304 5104 nvraid - ok
00:59:10.0423 5104 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
00:59:10.0426 5104 nvstor - ok
00:59:10.0571 5104 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
00:59:10.0574 5104 nv_agp - ok
00:59:10.0696 5104 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
00:59:10.0698 5104 ohci1394 - ok
00:59:10.0877 5104 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
00:59:10.0880 5104 Parport - ok
00:59:11.0007 5104 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
00:59:11.0011 5104 partmgr - ok
00:59:11.0139 5104 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
00:59:11.0140 5104 Parvdm - ok
00:59:11.0271 5104 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
00:59:11.0274 5104 pci - ok
00:59:11.0404 5104 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
00:59:11.0406 5104 pciide - ok
00:59:11.0530 5104 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
00:59:11.0532 5104 pcmcia - ok
00:59:11.0658 5104 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
00:59:11.0659 5104 pcw - ok
00:59:11.0755 5104 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
00:59:11.0758 5104 PEAUTH - ok
00:59:11.0890 5104 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
00:59:11.0891 5104 PptpMiniport - ok
00:59:12.0031 5104 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
00:59:12.0032 5104 Processor - ok
00:59:12.0266 5104 psadd (06f82545e04ebf113b1c2c1c9f766d81) C:\Windows\system32\DRIVERS\psadd.sys
00:59:12.0267 5104 psadd - ok
00:59:12.0390 5104 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
00:59:12.0391 5104 Psched - ok
00:59:12.0526 5104 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
00:59:12.0532 5104 ql2300 - ok
00:59:12.0667 5104 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
00:59:12.0669 5104 ql40xx - ok
00:59:12.0877 5104 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
00:59:12.0878 5104 QWAVEdrv - ok
00:59:13.0041 5104 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
00:59:13.0042 5104 RasAcd - ok
00:59:13.0272 5104 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
00:59:13.0273 5104 RasAgileVpn - ok
00:59:13.0569 5104 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
00:59:13.0570 5104 Rasl2tp - ok
00:59:13.0864 5104 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
00:59:13.0865 5104 RasPppoe - ok
00:59:14.0291 5104 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
00:59:14.0292 5104 RasSstp - ok
00:59:14.0421 5104 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
00:59:14.0422 5104 rdbss - ok
00:59:14.0535 5104 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
00:59:14.0535 5104 rdpbus - ok
00:59:14.0655 5104 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
00:59:14.0655 5104 RDPCDD - ok
00:59:14.0788 5104 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
00:59:14.0789 5104 RDPDR - ok
00:59:14.0910 5104 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
00:59:14.0912 5104 RDPENCDD - ok
00:59:15.0037 5104 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
00:59:15.0037 5104 RDPREFMP - ok
00:59:15.0164 5104 RdpVideoMiniport (68a0387f58e226deee23d9715955572a) C:\Windows\system32\drivers\rdpvideominiport.sys
00:59:15.0164 5104 RdpVideoMiniport - ok
00:59:15.0289 5104 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
00:59:15.0291 5104 RDPWD - ok
00:59:15.0428 5104 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
00:59:15.0431 5104 rdyboost - ok
00:59:15.0555 5104 regi (001b4278407f4303efc902a2b16f2453) C:\Windows\system32\drivers\regi.sys
00:59:15.0556 5104 regi - ok
00:59:15.0725 5104 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
00:59:15.0727 5104 RFCOMM - ok
00:59:15.0853 5104 risdxc (9ebc0f4b55ec20e91fe40ac83825836c) C:\Windows\system32\DRIVERS\risdxc86.sys
00:59:15.0855 5104 risdxc - ok
00:59:16.0299 5104 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
00:59:16.0301 5104 rspndr - ok
00:59:16.0396 5104 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
00:59:16.0396 5104 s3cap - ok
00:59:16.0530 5104 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
00:59:16.0531 5104 sbp2port - ok
00:59:16.0659 5104 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
00:59:16.0660 5104 scfilter - ok
00:59:16.0777 5104 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
00:59:16.0778 5104 secdrv - ok
00:59:16.0904 5104 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
00:59:16.0905 5104 Serenum - ok
00:59:17.0025 5104 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
00:59:17.0028 5104 Serial - ok
00:59:17.0162 5104 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
00:59:17.0163 5104 sermouse - ok
00:59:17.0304 5104 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
00:59:17.0306 5104 sffdisk - ok
00:59:17.0478 5104 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
00:59:17.0480 5104 sffp_mmc - ok
00:59:17.0738 5104 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
00:59:17.0738 5104 sffp_sd - ok
00:59:17.0910 5104 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
00:59:17.0911 5104 sfloppy - ok
00:59:18.0249 5104 Shockprf (df6a84dd19d3c0858d707b5e64938d60) C:\Windows\system32\DRIVERS\Apsx86.sys
00:59:18.0250 5104 Shockprf - ok
00:59:18.0616 5104 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
00:59:18.0617 5104 sisagp - ok
00:59:18.0805 5104 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
00:59:18.0807 5104 SiSRaid2 - ok
00:59:18.0990 5104 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
00:59:18.0992 5104 SiSRaid4 - ok
00:59:19.0165 5104 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
00:59:19.0167 5104 Smb - ok
00:59:19.0302 5104 smihlp (0b9c01236d25bdcb37aa79dc59dfb7d3) C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys
00:59:19.0303 5104 smihlp - ok
00:59:19.0600 5104 SPBBCDrv (e87cf104f12c92401c4d33c50a3d5dc8) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
00:59:19.0609 5104 SPBBCDrv - ok
00:59:20.0022 5104 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
00:59:20.0022 5104 spldr - ok
00:59:20.0359 5104 SRTSP (5a293729e1f9fce3a2106d1f5dc5e98a) C:\Windows\system32\Drivers\SRTSP.SYS
00:59:20.0361 5104 SRTSP - ok
00:59:20.0578 5104 SRTSPL (0ddb7fba32be09d8057063c0cee24137) C:\Windows\system32\Drivers\SRTSPL.SYS
00:59:20.0588 5104 SRTSPL - ok
00:59:20.0709 5104 SRTSPX (a99719dfb61b61aa5026341bbb733c0a) C:\Windows\system32\Drivers\SRTSPX.SYS
00:59:20.0709 5104 SRTSPX - ok
00:59:20.0840 5104 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
00:59:20.0844 5104 srv - ok
00:59:20.0968 5104 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
00:59:20.0974 5104 srv2 - ok
00:59:21.0086 5104 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
00:59:21.0088 5104 srvnet - ok
00:59:21.0195 5104 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
00:59:21.0197 5104 stexstor - ok
00:59:21.0242 5104 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
00:59:21.0243 5104 storflt - ok
00:59:21.0262 5104 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
00:59:21.0263 5104 storvsc - ok
00:59:21.0302 5104 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
00:59:21.0302 5104 swenum - ok
00:59:21.0362 5104 SWI32 (408902ccbc48113154e428b41931aa5b) C:\Program Files\Lenovo\System Update\tvsuhd32.sys
00:59:21.0363 5104 SWI32 - ok
00:59:21.0496 5104 SymEvent (a54ff04bd6e75dc4d8cb6f3e352635e0) C:\Windows\system32\Drivers\SYMEVENT.SYS
00:59:21.0500 5104 SymEvent - ok
00:59:21.0545 5104 SYMREDRV (394b2368212114d538316812af60fddd) C:\Windows\System32\Drivers\SYMREDRV.SYS
00:59:21.0547 5104 SYMREDRV - ok
00:59:21.0565 5104 SYMTDI (d46676bb414c7531bdffe637a33f5033) C:\Windows\System32\Drivers\SYMTDI.SYS
00:59:21.0569 5104 SYMTDI - ok
00:59:21.0585 5104 Synth3dVsc - ok
00:59:21.0622 5104 SynTP (2185cc5be9922562108cf87f42e4bbaf) C:\Windows\system32\DRIVERS\SynTP.sys
00:59:21.0629 5104 SynTP - ok
00:59:21.0701 5104 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
00:59:21.0711 5104 Tcpip - ok
00:59:21.0881 5104 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
00:59:21.0891 5104 TCPIP6 - ok
00:59:21.0951 5104 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
00:59:21.0951 5104 tcpipreg - ok
00:59:22.0001 5104 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
00:59:22.0001 5104 TDPIPE - ok
00:59:22.0071 5104 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
00:59:22.0071 5104 TDTCP - ok
00:59:22.0116 5104 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
00:59:22.0116 5104 tdx - ok
00:59:22.0151 5104 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
00:59:22.0151 5104 TermDD - ok
00:59:22.0201 5104 TPDIGIMN (50b570e4209f6d401893720fc8ddce46) C:\Windows\system32\DRIVERS\ApsHM86.sys
00:59:22.0201 5104 TPDIGIMN - ok
00:59:22.0241 5104 TPM (5ad05191dc8b444a7ba4d79b76c42a30) C:\Windows\system32\drivers\tpm.sys
00:59:22.0241 5104 TPM - ok
00:59:22.0301 5104 TPPWRIF (c16ec6a5390904d3971179553852025b) C:\Windows\system32\drivers\Tppwr32v.sys
00:59:22.0301 5104 TPPWRIF - ok
00:59:22.0341 5104 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
00:59:22.0341 5104 tssecsrv - ok
00:59:22.0371 5104 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
00:59:22.0371 5104 TsUsbFlt - ok
00:59:22.0381 5104 tsusbhub - ok
00:59:22.0411 5104 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
00:59:22.0411 5104 tunnel - ok
00:59:22.0441 5104 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
00:59:22.0441 5104 uagp35 - ok
00:59:22.0481 5104 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
00:59:22.0481 5104 udfs - ok
00:59:22.0511 5104 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
00:59:22.0511 5104 uliagpkx - ok
00:59:22.0541 5104 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
00:59:22.0541 5104 umbus - ok
00:59:22.0571 5104 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
00:59:22.0571 5104 UmPass - ok
00:59:22.0641 5104 usbaudio (1d9f2bd026e8e2d45033a4df3f16b78c) C:\Windows\system32\drivers\usbaudio.sys
00:59:22.0641 5104 usbaudio - ok
00:59:22.0661 5104 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
00:59:22.0661 5104 usbccgp - ok
00:59:22.0686 5104 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
00:59:22.0687 5104 usbcir - ok
00:59:22.0701 5104 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\drivers\usbehci.sys
00:59:22.0701 5104 usbehci - ok
00:59:22.0722 5104 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
00:59:22.0723 5104 usbhub - ok
00:59:22.0749 5104 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
00:59:22.0749 5104 usbohci - ok
00:59:22.0780 5104 usbprint (797d862fe0875e75c7cc4c1ad7b30252)
 
C:\Windows\system32\DRIVERS\usbprint.sys
00:59:22.0780 5104 usbprint - ok
00:59:22.0805 5104 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
00:59:22.0805 5104 usbscan - ok
00:59:22.0844 5104 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
00:59:22.0845 5104 USBSTOR - ok
00:59:22.0876 5104 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys
00:59:22.0877 5104 usbuhci - ok
00:59:22.0918 5104 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys
00:59:22.0919 5104 usbvideo - ok
00:59:22.0948 5104 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
00:59:22.0949 5104 vdrvroot - ok
00:59:22.0978 5104 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
00:59:22.0979 5104 vga - ok
00:59:23.0001 5104 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
00:59:23.0001 5104 VgaSave - ok
00:59:23.0010 5104 VGPU - ok
00:59:23.0054 5104 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
00:59:23.0057 5104 vhdmp - ok
00:59:23.0087 5104 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
00:59:23.0088 5104 viaagp - ok
00:59:23.0103 5104 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
00:59:23.0105 5104 ViaC7 - ok
00:59:23.0131 5104 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
00:59:23.0131 5104 viaide - ok
00:59:23.0164 5104 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
00:59:23.0165 5104 vmbus - ok
00:59:23.0200 5104 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
00:59:23.0202 5104 VMBusHID - ok
00:59:23.0227 5104 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
00:59:23.0230 5104 volmgr - ok
00:59:23.0262 5104 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
00:59:23.0266 5104 volmgrx - ok
00:59:23.0307 5104 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
00:59:23.0310 5104 volsnap - ok
00:59:23.0347 5104 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
00:59:23.0349 5104 vsmraid - ok
00:59:23.0372 5104 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
00:59:23.0373 5104 vwifibus - ok
00:59:23.0383 5104 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
00:59:23.0383 5104 vwififlt - ok
00:59:23.0399 5104 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
00:59:23.0400 5104 WacomPen - ok
00:59:23.0441 5104 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
00:59:23.0442 5104 WANARP - ok
00:59:23.0445 5104 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
00:59:23.0446 5104 Wanarpv6 - ok
00:59:23.0463 5104 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
00:59:23.0464 5104 Wd - ok
00:59:23.0491 5104 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
00:59:23.0493 5104 Wdf01000 - ok
00:59:23.0527 5104 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
00:59:23.0528 5104 WfpLwf - ok
00:59:23.0545 5104 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
00:59:23.0546 5104 WIMMount - ok
00:59:23.0576 5104 WinDriver6 (451f905bc7bff9e1cff2e7ae76196b2c) C:\Windows\system32\drivers\windrvr6.sys
00:59:23.0578 5104 WinDriver6 - ok
00:59:23.0625 5104 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUSB.sys
00:59:23.0625 5104 WinUsb - ok
00:59:23.0644 5104 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
00:59:23.0644 5104 WmiAcpi - ok
00:59:23.0697 5104 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
00:59:23.0698 5104 ws2ifsl - ok
00:59:23.0744 5104 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
00:59:23.0745 5104 WudfPf - ok
00:59:23.0764 5104 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
00:59:23.0765 5104 WUDFRd - ok
00:59:23.0804 5104 MBR (0x1B8) (39993602a90111766c6e32adca5d1cb9) \Device\Harddisk0\DR0
00:59:23.0845 5104 \Device\Harddisk0\DR0 - ok
00:59:23.0889 5104 Boot (0x1200) (aaed9544365d9113a8ec2b14f8ffe474) \Device\Harddisk0\DR0\Partition0
00:59:23.0890 5104 \Device\Harddisk0\DR0\Partition0 - ok
00:59:23.0913 5104 Boot (0x1200) (f0e754be0d6d9c75a2c2e225e6aa600c) \Device\Harddisk0\DR0\Partition1
00:59:23.0914 5104 \Device\Harddisk0\DR0\Partition1 - ok
00:59:23.0915 5104 ============================================================
00:59:23.0915 5104 Scan finished
00:59:23.0915 5104 ============================================================
00:59:23.0925 1636 Detected object count: 0
00:59:23.0925 1636 Actual detected object count: 0
01:02:50.0514 4460 Deinitialize success
 
Welcome aboard
yahooo.gif


Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
 
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.04.06

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
Toby :: UNCG-R9F29ZG [administrator]

2/6/2012 1:58:30 PM
mbam-log-2012-02-06 (13-58-30).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 219587
Time elapsed: 9 minute(s), 52 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-02-07 09:44:04
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD32 rev.02.0
Running: rcv3jvsq.exe; Driver: C:\Users\Toby\AppData\Local\Temp\kxlcrkoc.sys


---- System - GMER 1.0.15 ----

SSDT 87D33130 ZwConnectPort

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKey + 13D1 82A49369 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82A82D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1193 82A89E48 4 Bytes [30, 31, D3, 87]

---- User code sections - GMER 1.0.15 ----

.text C:\Users\Toby\AppData\Local\Google\Chrome\Application\chrome.exe[4788] ntdll.dll!NtCreateFile + 6 774855CE 4 Bytes [28, 00, 07, 00]
.text C:\Users\Toby\AppData\Local\Google\Chrome\Application\chrome.exe[4788] ntdll.dll!NtCreateFile + B 774855D3 1 Byte [E2]
.text C:\Users\Toby\AppData\Local\Google\Chrome\Application\chrome.exe[4788] ntdll.dll!NtMapViewOfSection + 6 77485C2E 1 Byte [28]
.text C:\Users\Toby\AppData\Local\Google\Chrome\Application\chrome.exe[4788] ntdll.dll!NtMapViewOfSection + 6 77485C2E 4 Bytes [28, 03, 07, 00]
.text C:\Users\Toby\AppData\Local\Google\Chrome\Application\chrome.exe[4788] ntdll.dll!NtMapViewOfSection + B 77485C33 1 Byte [E2]
.text C:\Users\Toby\AppData\Local\Google\Chrome\Application\chrome.exe[4788] ntdll.dll!NtOpenFile + 6 77485CDE 4 Bytes [68, 00, 07, 00]
.text C:\Users\Toby\AppData\Local\Google\Chrome\Application\chrome.exe[4788] ntdll.dll!NtOpenFile + B 77485CE3 1 Byte [E2]
.text C:\Users\Toby\AppData\Local\Google\Chrome\Application\chrome.exe[4788] ntdll.dll!NtOpenProcess + 6 77485D8E 4 Bytes [A8, 01, 07, 00]
.text C:\Users\Toby\AppData\Local\Google\Chrome\Application\chrome.exe[4788] ntdll.dll!NtOpenProcess + B 77485D93 1 Byte [E2]
.text C:\Users\Toby\AppData\Local\Google\Chrome\Application\chrome.exe[4788] ntdll.dll!NtOpenProcessToken + 6 77485D9E 4 Bytes CALL 764864A4 C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
.text C:\Users\Toby\AppData\Local\Google\Chrome\Application\chrome.exe[4788] ntdll.dll!NtOpenProcessToken + B 77485DA3 1 Byte [E2]
.text C:\Users\Toby\AppData\Local\Google\Chrome\Application\chrome.exe[4788] ntdll.dll!NtOpenProcessTokenEx + 6 77485DAE 4 Bytes [A8, 02, 07, 00]
.text C:\Users\Toby\AppData\Local\Google\Chrome\Application\chrome.exe[4788] ntdll.dll!NtOpenProcessTokenEx + B 77485DB3 1 Byte [E2]
.text C:\Users\Toby\AppData\Local\Google\Chrome\Application\chrome.exe[4788] ntdll.dll!NtOpenThread + 6 77485E0E 4 Bytes [68, 01, 07, 00]
.text C:\Users\Toby\AppData\Local\Google\Chrome\Application\chrome.exe[4788] ntdll.dll!NtOpenThread + B 77485E13 1 Byte [E2]
.text C:\Users\Toby\AppData\Local\Google\Chrome\Application\chrome.exe[4788] ntdll.dll!NtOpenThreadToken + 6 77485E1E 4 Bytes [68, 02, 07, 00]
.text C:\Users\Toby\AppData\Local\Google\Chrome\Application\chrome.exe[4788] ntdll.dll!NtOpenThreadToken + B 77485E23 1 Byte [E2]
.text C:\Users\Toby\AppData\Local\Google\Chrome\Application\chrome.exe[4788] ntdll.dll!NtOpenThreadTokenEx + 6 77485E2E 4 Bytes CALL 76486535 C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
.text C:\Users\Toby\AppData\Local\Google\Chrome\Application\chrome.exe[4788] ntdll.dll!NtOpenThreadTokenEx + B 77485E33 1 Byte [E2]
.text C:\Users\Toby\AppData\Local\Google\Chrome\Application\chrome.exe[4788] ntdll.dll!NtQueryAttributesFile + 6 77485F3E 4 Bytes [A8, 00, 07, 00]
.text C:\Users\Toby\AppData\Local\Google\Chrome\Application\chrome.exe[4788] ntdll.dll!NtQueryAttributesFile + B 77485F43 1 Byte [E2]
.text C:\Users\Toby\AppData\Local\Google\Chrome\Application\chrome.exe[4788] ntdll.dll!NtQueryFullAttributesFile + 6 77485FEE 4 Bytes CALL 764866F3 C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
.text C:\Users\Toby\AppData\Local\Google\Chrome\Application\chrome.exe[4788] ntdll.dll!NtQueryFullAttributesFile + B 77485FF3 1 Byte [E2]
.text C:\Users\Toby\AppData\Local\Google\Chrome\Application\chrome.exe[4788] ntdll.dll!NtSetInformationFile + 6 7748663E 4 Bytes [28, 01, 07, 00]
.text C:\Users\Toby\AppData\Local\Google\Chrome\Application\chrome.exe[4788] ntdll.dll!NtSetInformationFile + B 77486643 1 Byte [E2]
.text C:\Users\Toby\AppData\Local\Google\Chrome\Application\chrome.exe[4788] ntdll.dll!NtSetInformationThread + 6 7748669E 4 Bytes [28, 02, 07, 00]
.text C:\Users\Toby\AppData\Local\Google\Chrome\Application\chrome.exe[4788] ntdll.dll!NtSetInformationThread + B 774866A3 1 Byte [E2]
.text C:\Users\Toby\AppData\Local\Google\Chrome\Application\chrome.exe[4788] ntdll.dll!NtUnmapViewOfSection + 6 774869BE 1 Byte [68]
.text C:\Users\Toby\AppData\Local\Google\Chrome\Application\chrome.exe[4788] ntdll.dll!NtUnmapViewOfSection + 6 774869BE 4 Bytes [68, 03, 07, 00]
.text C:\Users\Toby\AppData\Local\Google\Chrome\Application\chrome.exe[4788] ntdll.dll!NtUnmapViewOfSection + B 774869C3 1 Byte [E2]
.text C:\Users\Toby\AppData\Local\Google\Chrome\Application\chrome.exe[4872] ntdll.dll!NtCreateFile + 6 774855CE 4 Bytes [28, 00, 07, 00]
.text C:\Users\Toby\AppData\Local\Google\Chrome\Application\chrome.exe[4872] ntdll.dll!NtCreateFile + B 774855D3 1 Byte [E2]
.text C:\Users\Toby\AppData\Local\Google\Chrome\Application\chrome.exe[4872] ntdll.dll!NtMapViewOfSection + 6 77485C2E 1 Byte [28]
.text C:\Users\Toby\AppData\Local\Google\Chrome\Application\chrome.exe[4872] ntdll.dll!NtMapViewOfSection + 6 77485C2E 4 Bytes [28, 03, 07, 00]
.text C:\Users\Toby\AppData\Local\Google\Chrome\Application\chrome.exe[4872] ntdll.dll!NtMapViewOfSection + B 77485C33 1 Byte [E2]
.text C:\Users\Toby\AppData\Local\Google\Chrome\Application\chrome.exe[4872] ntdll.dll!NtOpenFile + 6 77485CDE 4 Bytes [68, 00, 07, 00]
.text C:\Users\Toby\AppData\Local\Google\Chrome\Application\chrome.exe[4872] ntdll.dll!NtOpenFile + B 77485CE3 1 Byte [E2]
.text C:\Users\Toby\AppData\Local\Google\Chrome\Application\chrome.exe[4872] ntdll.dll!NtOpenProcess + 6 77485D8E 4 Bytes [A8, 01, 07, 00]
.text C:\Users\Toby\AppData\Local\Google\Chrome\Application\chrome.exe[4872] ntdll.dll!NtOpenProcess + B 77485D93 1 Byte [E2]
.text C:\Users\Toby\AppData\Local\Google\Chrome\Application\chrome.exe[4872] ntdll.dll!NtOpenProcessToken + 6 77485D9E 4 Bytes CALL 764864A4 C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
.text C:\Users\Toby\AppData\Local\Google\Chrome\Application\chrome.exe[4872] ntdll.dll!NtOpenProcessToken + B 77485DA3 1 Byte [E2]
.text C:\Users\Toby\AppData\Local\Google\Chrome\Application\chrome.exe[4872] ntdll.dll!NtOpenProcessTokenEx + 6 77485DAE 4 Bytes [A8, 02, 07, 00]
.text C:\Users\Toby\AppData\Local\Google\Chrome\Application\chrome.exe[4872] ntdll.dll!NtOpenProcessTokenEx + B 77485DB3 1 Byte [E2]
.text C:\Users\Toby\AppData\Local\Google\Chrome\Application\chrome.exe[4872] ntdll.dll!NtOpenThread + 6 77485E0E 4 Bytes [68, 01, 07, 00]
.text C:\Users\Toby\AppData\Local\Google\Chrome\Application\chrome.exe[4872] ntdll.dll!NtOpenThread + B 77485E13 1 Byte [E2]
.text C:\Users\Toby\AppData\Local\Google\Chrome\Application\chrome.exe[4872] ntdll.dll!NtOpenThreadToken + 6 77485E1E 4 Bytes [68, 02, 07, 00]
.text C:\Users\Toby\AppData\Local\Google\Chrome\Application\chrome.exe[4872] ntdll.dll!NtOpenThreadToken + B 77485E23 1 Byte [E2]
.text C:\Users\Toby\AppData\Local\Google\Chrome\Application\chrome.exe[4872] ntdll.dll!NtOpenThreadTokenEx + 6 77485E2E 4 Bytes CALL 76486535 C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
.text C:\Users\Toby\AppData\Local\Google\Chrome\Application\chrome.exe[4872] ntdll.dll!NtOpenThreadTokenEx + B 77485E33 1 Byte [E2]
.text C:\Users\Toby\AppData\Local\Google\Chrome\Application\chrome.exe[4872] ntdll.dll!NtQueryAttributesFile + 6 77485F3E 4 Bytes [A8, 00, 07, 00]
.text C:\Users\Toby\AppData\Local\Google\Chrome\Application\chrome.exe[4872] ntdll.dll!NtQueryAttributesFile + B 77485F43 1 Byte [E2]
.text C:\Users\Toby\AppData\Local\Google\Chrome\Application\chrome.exe[4872] ntdll.dll!NtQueryFullAttributesFile + 6 77485FEE 4 Bytes CALL 764866F3 C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
.text C:\Users\Toby\AppData\Local\Google\Chrome\Application\chrome.exe[4872] ntdll.dll!NtQueryFullAttributesFile + B 77485FF3 1 Byte [E2]
.text C:\Users\Toby\AppData\Local\Google\Chrome\Application\chrome.exe[4872] ntdll.dll!NtSetInformationFile + 6 7748663E 4 Bytes [28, 01, 07, 00]
.text C:\Users\Toby\AppData\Local\Google\Chrome\Application\chrome.exe[4872] ntdll.dll!NtSetInformationFile + B 77486643 1 Byte [E2]
.text C:\Users\Toby\AppData\Local\Google\Chrome\Application\chrome.exe[4872] ntdll.dll!NtSetInformationThread + 6 7748669E 4 Bytes [28, 02, 07, 00]
.text C:\Users\Toby\AppData\Local\Google\Chrome\Application\chrome.exe[4872] ntdll.dll!NtSetInformationThread + B 774866A3 1 Byte [E2]
.text C:\Users\Toby\AppData\Local\Google\Chrome\Application\chrome.exe[4872] ntdll.dll!NtUnmapViewOfSection + 6 774869BE 1 Byte [68]
.text C:\Users\Toby\AppData\Local\Google\Chrome\Application\chrome.exe[4872] ntdll.dll!NtUnmapViewOfSection + 6 774869BE 4 Bytes [68, 03, 07, 00]
.text C:\Users\Toby\AppData\Local\Google\Chrome\Application\chrome.exe[4872] ntdll.dll!NtUnmapViewOfSection + B 774869C3 1 Byte [E2]
.text C:\Users\Toby\AppData\Local\Google\Chrome\Application\chrome.exe[4880] ntdll.dll!NtCreateFile + 6 774855CE 4 Bytes [28, 00, 07, 00]
.text C:\Users\Toby\AppData\Local\Google\Chrome\Application\chrome.exe[4880] ntdll.dll!NtCreateFile + B 774855D3 1 Byte [E2]
.text C:\Users\Toby\AppData\Local\Google\Chrome\Application\chrome.exe[4880] ntdll.dll!NtMapViewOfSection + 6 77485C2E 1 Byte [28]
.text C:\Users\Toby\AppData\Local\Google\Chrome\Application\chrome.exe[4880] ntdll.dll!NtMapViewOfSection + 6 77485C2E 4 Bytes [28, 03, 07, 00]
.text C:\Users\Toby\AppData\Local\Google\Chrome\Application\chrome.exe[4880] ntdll.dll!NtMapViewOfSection + B 77485C33 1 Byte [E2]
.text C:\Users\Toby\AppData\Local\Google\Chrome\Application\chrome.exe[4880] ntdll.dll!NtOpenFile + 6 77485CDE 4 Bytes [68, 00, 07, 00]
.text C:\Users\Toby\AppData\Local\Google\Chrome\Application\chrome.exe[4880] ntdll.dll!NtOpenFile + B 77485CE3 1 Byte [E2]
.text C:\Users\Toby\AppData\Local\Google\Chrome\Application\chrome.exe[4880] ntdll.dll!NtOpenProcess + 6 77485D8E 4 Bytes [A8, 01, 07, 00]
.text C:\Users\Toby\AppData\Local\Google\Chrome\Application\chrome.exe[4880] ntdll.dll!NtOpenProcess + B 77485D93 1 Byte [E2]
.text C:\Users\Toby\AppData\Local\Google\Chrome\Application\chrome.exe[4880] ntdll.dll!NtOpenProcessToken + 6 77485D9E 4 Bytes CALL 764864A4 C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
.text C:\Users\Toby\AppData\Local\Google\Chrome\Application\chrome.exe[4880] ntdll.dll!NtOpenProcessToken + B 77485DA3 1 Byte [E2]
.text C:\Users\Toby\AppData\Local\Google\Chrome\Application\chrome.exe[4880] ntdll.dll!NtOpenProcessTokenEx + 6 77485DAE 4 Bytes [A8, 02, 07, 00]
.text C:\Users\Toby\AppData\Local\Google\Chrome\Application\chrome.exe[4880] ntdll.dll!NtOpenProcessTokenEx + B 77485DB3 1 Byte [E2]
.text C:\Users\Toby\AppData\Local\Google\Chrome\Application\chrome.exe[4880] ntdll.dll!NtOpenThread + 6 77485E0E 4 Bytes [68, 01, 07, 00]
.text C:\Users\Toby\AppData\Local\Google\Chrome\Application\chrome.exe[4880] ntdll.dll!NtOpenThread + B 77485E13 1 Byte [E2]
.text C:\Users\Toby\AppData\Local\Google\Chrome\Application\chrome.exe[4880] ntdll.dll!NtOpenThreadToken + 6 77485E1E 4 Bytes [68, 02, 07, 00]
.text C:\Users\Toby\AppData\Local\Google\Chrome\Application\chrome.exe[4880] ntdll.dll!NtOpenThreadToken + B 77485E23 1 Byte [E2]
.text C:\Users\Toby\AppData\Local\Google\Chrome\Application\chrome.exe[4880] ntdll.dll!NtOpenThreadTokenEx + 6 77485E2E 4 Bytes CALL 76486535 C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
.text C:\Users\Toby\AppData\Local\Google\Chrome\Application\chrome.exe[4880] ntdll.dll!NtOpenThreadTokenEx + B 77485E33 1 Byte [E2]
.text C:\Users\Toby\AppData\Local\Google\Chrome\Application\chrome.exe[4880] ntdll.dll!NtQueryAttributesFile + 6 77485F3E 4 Bytes [A8, 00, 07, 00]
.text C:\Users\Toby\AppData\Local\Google\Chrome\Application\chrome.exe[4880] ntdll.dll!NtQueryAttributesFile + B 77485F43 1 Byte [E2]
.text C:\Users\Toby\AppData\Local\Google\Chrome\Application\chrome.exe[4880] ntdll.dll!NtQueryFullAttributesFile + 6 77485FEE 4 Bytes CALL 764866F3 C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
.text C:\Users\Toby\AppData\Local\Google\Chrome\Application\chrome.exe[4880] ntdll.dll!NtQueryFullAttributesFile + B 77485FF3 1 Byte [E2]
.text C:\Users\Toby\AppData\Local\Google\Chrome\Application\chrome.exe[4880] ntdll.dll!NtSetInformationFile + 6 7748663E 4 Bytes [28, 01, 07, 00]
.text C:\Users\Toby\AppData\Local\Google\Chrome\Application\chrome.exe[4880] ntdll.dll!NtSetInformationFile + B 77486643 1 Byte [E2]
.text C:\Users\Toby\AppData\Local\Google\Chrome\Application\chrome.exe[4880] ntdll.dll!NtSetInformationThread + 6 7748669E 4 Bytes [28, 02, 07, 00]
.text C:\Users\Toby\AppData\Local\Google\Chrome\Application\chrome.exe[4880] ntdll.dll!NtSetInformationThread + B 774866A3 1 Byte [E2]
.text C:\Users\Toby\AppData\Local\Google\Chrome\Application\chrome.exe[4880] ntdll.dll!NtUnmapViewOfSection + 6 774869BE 1 Byte [68]
.text C:\Users\Toby\AppData\Local\Google\Chrome\Application\chrome.exe[4880] ntdll.dll!NtUnmapViewOfSection + 6 774869BE 4 Bytes [68, 03, 07, 00]
.text C:\Users\Toby\AppData\Local\Google\Chrome\Application\chrome.exe[4880] ntdll.dll!NtUnmapViewOfSection + B 774869C3 1 Byte [E2]
.text C:\Users\Toby\AppData\Local\Google\Chrome\Application\chrome.exe[6748] ntdll.dll!NtCreateFile + 6 774855CE 4 Bytes [28, 00, 17, 00]
.text C:\Users\Toby\AppData\Local\Google\Chrome\Application\chrome.exe[6748] ntdll.dll!NtCreateFile + B 774855D3 1 Byte [E2]
.text C:\Users\Toby\AppData\Local\Google\Chrome\Application\chrome.exe[6748] ntdll.dll!NtMapViewOfSection + 6 77485C2E 1 Byte [28]
.text C:\Users\Toby\AppData\Local\Google\Chrome\Application\chrome.exe[6748] ntdll.dll!NtMapViewOfSection + 6 77485C2E 4 Bytes [28, 03, 17, 00]
.text C:\Users\Toby\AppData\Local\Google\Chrome\Application\chrome.exe[6748] ntdll.dll!NtMapViewOfSection + B 77485C33 1 Byte [E2]
.text C:\Users\Toby\AppData\Local\Google\Chrome\Application\chrome.exe[6748] ntdll.dll!NtOpenFile + 6 77485CDE 4 Bytes [68, 00, 17, 00]
.text C:\Users\Toby\AppData\Local\Google\Chrome\Application\chrome.exe[6748] ntdll.dll!NtOpenFile + B 77485CE3 1 Byte [E2]
.text C:\Users\Toby\AppData\Local\Google\Chrome\Application\chrome.exe[6748] ntdll.dll!NtOpenProcess + 6 77485D8E 4 Bytes [A8, 01, 17, 00]
.text C:\Users\Toby\AppData\Local\Google\Chrome\Application\chrome.exe[6748] ntdll.dll!NtOpenProcess + B 77485D93 1 Byte [E2]
.text C:\Users\Toby\AppData\Local\Google\Chrome\Application\chrome.exe[6748] ntdll.dll!NtOpenProcessToken + 6 77485D9E 4 Bytes CALL 764874A4 C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
.text C:\Users\Toby\AppData\Local\Google\Chrome\Application\chrome.exe[6748] ntdll.dll!NtOpenProcessToken + B 77485DA3 1 Byte [E2]
.text C:\Users\Toby\AppData\Local\Google\Chrome\Application\chrome.exe[6748] ntdll.dll!NtOpenProcessTokenEx + 6 77485DAE 4 Bytes [A8, 02, 17, 00]
.text C:\Users\Toby\AppData\Local\Google\Chrome\Application\chrome.exe[6748] ntdll.dll!NtOpenProcessTokenEx + B 77485DB3 1 Byte [E2]
.text C:\Users\Toby\AppData\Local\Google\Chrome\Application\chrome.exe[6748] ntdll.dll!NtOpenThread + 6 77485E0E 4 Bytes [68, 01, 17, 00]
.text C:\Users\Toby\AppData\Local\Google\Chrome\Application\chrome.exe[6748] ntdll.dll!NtOpenThread + B 77485E13 1 Byte [E2]
.text C:\Users\Toby\AppData\Local\Google\Chrome\Application\chrome.exe[6748] ntdll.dll!NtOpenThreadToken + 6 77485E1E 4 Bytes [68, 02, 17, 00]
.text C:\Users\Toby\AppData\Local\Google\Chrome\Application\chrome.exe[6748] ntdll.dll!NtOpenThreadToken + B 77485E23 1 Byte [E2]
.text C:\Users\Toby\AppData\Local\Google\Chrome\Application\chrome.exe[6748] ntdll.dll!NtOpenThreadTokenEx + 6 77485E2E 4 Bytes CALL 76487535 C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
.text C:\Users\Toby\AppData\Local\Google\Chrome\Application\chrome.exe[6748] ntdll.dll!NtOpenThreadTokenEx + B 77485E33 1 Byte [E2]
.text C:\Users\Toby\AppData\Local\Google\Chrome\Application\chrome.exe[6748] ntdll.dll!NtQueryAttributesFile + 6 77485F3E 4 Bytes [A8, 00, 17, 00]
.text C:\Users\Toby\AppData\Local\Google\Chrome\Application\chrome.exe[6748] ntdll.dll!NtQueryAttributesFile + B 77485F43 1 Byte [E2]
.text C:\Users\Toby\AppData\Local\Google\Chrome\Application\chrome.exe[6748] ntdll.dll!NtQueryFullAttributesFile + 6 77485FEE 4 Bytes CALL 764876F3 C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
.text C:\Users\Toby\AppData\Local\Google\Chrome\Application\chrome.exe[6748] ntdll.dll!NtQueryFullAttributesFile + B 77485FF3 1 Byte [E2]
.text C:\Users\Toby\AppData\Local\Google\Chrome\Application\chrome.exe[6748] ntdll.dll!NtSetInformationFile + 6 7748663E 4 Bytes [28, 01, 17, 00]
.text C:\Users\Toby\AppData\Local\Google\Chrome\Application\chrome.exe[6748] ntdll.dll!NtSetInformationFile + B 77486643 1 Byte [E2]
.text C:\Users\Toby\AppData\Local\Google\Chrome\Application\chrome.exe[6748] ntdll.dll!NtSetInformationThread + 6 7748669E 4 Bytes [28, 02, 17, 00]
.text C:\Users\Toby\AppData\Local\Google\Chrome\Application\chrome.exe[6748] ntdll.dll!NtSetInformationThread + B 774866A3 1 Byte [E2]
.text C:\Users\Toby\AppData\Local\Google\Chrome\Application\chrome.exe[6748] ntdll.dll!NtUnmapViewOfSection + 6 774869BE 1 Byte [68]
.text C:\Users\Toby\AppData\Local\Google\Chrome\Application\chrome.exe[6748] ntdll.dll!NtUnmapViewOfSection + 6 774869BE 4 Bytes [68, 03, 17, 00]
.text C:\Users\Toby\AppData\Local\Google\Chrome\Application\chrome.exe[6748] ntdll.dll!NtUnmapViewOfSection + B 774869C3 1 Byte [E2]
.text C:\Users\Toby\AppData\Local\Google\Chrome\Application\chrome.exe[7096] ntdll.dll!NtCreateFile + 6 774855CE 4 Bytes [28, 00, 07, 00]
.text C:\Users\Toby\AppData\Local\Google\Chrome\Application\chrome.exe[7096] ntdll.dll!NtCreateFile + B 774855D3 1 Byte [E2]
.text C:\Users\Toby\AppData\Local\Google\Chrome\Application\chrome.exe[7096] ntdll.dll!NtMapViewOfSection + 6 77485C2E 1 Byte [28]
.text C:\Users\Toby\AppData\Local\Google\Chrome\Application\chrome.exe[7096] ntdll.dll!NtMapViewOfSection + 6 77485C2E 4 Bytes [28, 03, 07, 00]
.text C:\Users\Toby\AppData\Local\Google\Chrome\Application\chrome.exe[7096] ntdll.dll!NtMapViewOfSection + B 77485C33 1 Byte [E2]
.text C:\Users\Toby\AppData\Local\Google\Chrome\Application\chrome.exe[7096] ntdll.dll!NtOpenFile + 6 77485CDE 4 Bytes [68, 00, 07, 00]
.text C:\Users\Toby\AppData\Local\Google\Chrome\Application\chrome.exe[7096] ntdll.dll!NtOpenFile + B 77485CE3 1 Byte [E2]
.text C:\Users\Toby\AppData\Local\Google\Chrome\Application\chrome.exe[7096] ntdll.dll!NtOpenProcess + 6 77485D8E 4 Bytes [A8, 01, 07, 00]
.text C:\Users\Toby\AppData\Local\Google\Chrome\Application\chrome.exe[7096] ntdll.dll!NtOpenProcess + B 77485D93 1 Byte [E2]
.text C:\Users\Toby\AppData\Local\Google\Chrome\Application\chrome.exe[7096] ntdll.dll!NtOpenProcessToken + 6 77485D9E 4 Bytes CALL 764864A4 C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
.text C:\Users\Toby\AppData\Local\Google\Chrome\Application\chrome.exe[7096] ntdll.dll!NtOpenProcessToken + B 77485DA3 1 Byte [E2]
.text C:\Users\Toby\AppData\Local\Google\Chrome\Application\chrome.exe[7096] ntdll.dll!NtOpenProcessTokenEx + 6 77485DAE 4 Bytes [A8, 02, 07, 00]
.text C:\Users\Toby\AppData\Local\Google\Chrome\Application\chrome.exe[7096] ntdll.dll!NtOpenProcessTokenEx + B 77485DB3 1 Byte [E2]
.text C:\Users\Toby\AppData\Local\Google\Chrome\Application\chrome.exe[7096] ntdll.dll!NtOpenThread + 6 77485E0E 4 Bytes [68, 01, 07, 00]
.text C:\Users\Toby\AppData\Local\Google\Chrome\Application\chrome.exe[7096] ntdll.dll!NtOpenThread + B 77485E13 1 Byte [E2]
.text C:\Users\Toby\AppData\Local\Google\Chrome\Application\chrome.exe[7096] ntdll.dll!NtOpenThreadToken + 6 77485E1E 4 Bytes [68, 02, 07, 00]
.text C:\Users\Toby\AppData\Local\Google\Chrome\Application\chrome.exe[7096] ntdll.dll!NtOpenThreadToken + B 77485E23 1 Byte [E2]
.text C:\Users\Toby\AppData\Local\Google\Chrome\Application\chrome.exe[7096] ntdll.dll!NtOpenThreadTokenEx + 6 77485E2E 4 Bytes CALL 76486535 C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
.text C:\Users\Toby\AppData\Local\Google\Chrome\Application\chrome.exe[7096] ntdll.dll!NtOpenThreadTokenEx + B 77485E33 1 Byte [E2]
.text C:\Users\Toby\AppData\Local\Google\Chrome\Application\chrome.exe[7096] ntdll.dll!NtQueryAttributesFile + 6 77485F3E 4 Bytes [A8, 00, 07, 00]
.text C:\Users\Toby\AppData\Local\Google\Chrome\Application\chrome.exe[7096] ntdll.dll!NtQueryAttributesFile + B 77485F43 1 Byte [E2]
.text C:\Users\Toby\AppData\Local\Google\Chrome\Application\chrome.exe[7096] ntdll.dll!NtQueryFullAttributesFile + 6 77485FEE 4 Bytes CALL 764866F3 C:\Windows\system32\ole32.dll (Microsoft OLE for Windows/Microsoft Corporation)
.text C:\Users\Toby\AppData\Local\Google\Chrome\Application\chrome.exe[7096] ntdll.dll!NtQueryFullAttributesFile + B 77485FF3 1 Byte [E2]
.text C:\Users\Toby\AppData\Local\Google\Chrome\Application\chrome.exe[7096] ntdll.dll!NtSetInformationFile + 6 7748663E 4 Bytes [28, 01, 07, 00]
.text C:\Users\Toby\AppData\Local\Google\Chrome\Application\chrome.exe[7096] ntdll.dll!NtSetInformationFile + B 77486643 1 Byte [E2]
.text C:\Users\Toby\AppData\Local\Google\Chrome\Application\chrome.exe[7096] ntdll.dll!NtSetInformationThread + 6 7748669E 4 Bytes [28, 02, 07, 00]
.text C:\Users\Toby\AppData\Local\Google\Chrome\Application\chrome.exe[7096] ntdll.dll!NtSetInformationThread + B 774866A3 1 Byte [E2]
.text C:\Users\Toby\AppData\Local\Google\Chrome\Application\chrome.exe[7096] ntdll.dll!NtUnmapViewOfSection + 6 774869BE 1 Byte [68]
.text C:\Users\Toby\AppData\Local\Google\Chrome\Application\chrome.exe[7096] ntdll.dll!NtUnmapViewOfSection + 6 774869BE 4 Bytes [68, 03, 07, 00]
.text C:\Users\Toby\AppData\Local\Google\Chrome\Application\chrome.exe[7096] ntdll.dll!NtUnmapViewOfSection + B 774869C3 1 Byte [E2]

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\System32\rundll32.exe[1564] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [7548FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[1564] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [7548FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[1564] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [7548FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[1564] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [7548FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[1564] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [7548FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[2532] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [7548FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[2532] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [7548FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[2532] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [7548FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[2532] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [7548FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[2532] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [7548FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[2532] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [7548FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[3176] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [7548FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[3176] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [7548FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[3176] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [7548FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[3176] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [7548FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Lenovo\System Update\SUService.exe[4520] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [7548FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Lenovo\System Update\SUService.exe[4520] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [7548FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Lenovo\System Update\SUService.exe[4520] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [7548FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Lenovo\System Update\SUService.exe[4520] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [7548FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Lenovo\System Update\SUService.exe[4520] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [7548FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Lenovo\System Update\SUService.exe[4520] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [7548FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\ACPI_HAL \Device\00000059 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\889ffaec58f9
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\889ffaec58f9 (not active ControlSet)

---- Files - GMER 1.0.15 ----

File C:\Windows\$NtUninstallKB43229$\4139144665 0 bytes
File C:\Windows\$NtUninstallKB43229$\4274476570 0 bytes
File C:\Windows\$NtUninstallKB43229$\4274476570\@ 2048 bytes
File C:\Windows\$NtUninstallKB43229$\4274476570\bckfg.tmp 842 bytes
File C:\Windows\$NtUninstallKB43229$\4274476570\cfg.ini 208 bytes
File C:\Windows\$NtUninstallKB43229$\4274476570\Desktop.ini 4608 bytes
File C:\Windows\$NtUninstallKB43229$\4274476570\keywords 178 bytes
File C:\Windows\$NtUninstallKB43229$\4274476570\kwrd.dll 223744 bytes
File C:\Windows\$NtUninstallKB43229$\4274476570\L 0 bytes
File C:\Windows\$NtUninstallKB43229$\4274476570\L\xadqgnnk 78336 bytes
File C:\Windows\$NtUninstallKB43229$\4274476570\lsflt7.ver 5176 bytes
File C:\Windows\$NtUninstallKB43229$\4274476570\U 0 bytes
File C:\Windows\$NtUninstallKB43229$\4274476570\U\00000001.@ 2048 bytes
File C:\Windows\$NtUninstallKB43229$\4274476570\U\00000002.@ 224768 bytes
File C:\Windows\$NtUninstallKB43229$\4274476570\U\00000004.@ 1024 bytes
File C:\Windows\$NtUninstallKB43229$\4274476570\U\80000000.@ 1024 bytes
File C:\Windows\$NtUninstallKB43229$\4274476570\U\80000004.@ 12800 bytes
File C:\Windows\$NtUninstallKB43229$\4274476570\U\80000032.@ 98304 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{6CAC07DB-515B-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{6CAC07DC-515B-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{6CAC07DD-515B-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{6CAC07DE-515B-11E1-9713-F0DEF1758608}.dat 4096 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{6CAC07DF-515B-11E1-9713-F0DEF1758608}.dat 4096 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{FA68174C-515B-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{FA68174D-515B-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{FA68174E-515B-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{FA68174F-515B-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{0E06AECE-515C-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{0E06AECF-515C-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{0E06AED0-515C-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{0E06AED1-515C-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B1C34EC3-515C-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B1C34EC4-515C-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B1C34EC5-515C-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B1C34EC6-515C-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{07122981-515C-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{07122982-515C-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{07122983-515C-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{07122984-515C-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{48ACD113-515C-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{48ACD114-515C-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{48ACD115-515C-11E1-9713-F0DEF1758608}.dat 4608 bytes
 
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{48ACD116-515C-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D9955DC5-515B-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D9955DC6-515B-11E1-9713-F0DEF1758608}.dat 4096 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D9955DC7-515B-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D9955DC8-515B-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{2186546D-515C-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{2186546E-515C-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{2186546F-515C-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{21865470-515C-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C81696B5-515C-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C81696B6-515C-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C81696B7-515C-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{6515A4FC-515B-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E9357C45-515C-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E9357C46-515C-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E9357C47-515C-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E9357C48-515C-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E9357C49-515C-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{9A28D398-515B-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{9A28D399-515B-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{9A28D39A-515B-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{9A28D39B-515B-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{5677B1CD-515B-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{5677B1CE-515B-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{5677B1CF-515B-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{5677B1D0-515B-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{AA367165-515C-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{AA367166-515C-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{AA367167-515C-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{AA367168-515C-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B84F1784-515C-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B84F1785-515C-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B84F1786-515C-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B84F1787-515C-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B84F1788-515C-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{147385AB-515C-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{147385AC-515C-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{147385AD-515C-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{147385AE-515C-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{5DD9B666-515B-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{5DD9B667-515B-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{5DD9B668-515B-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{5DD9B669-515B-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{5DD9B66A-515B-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{8F0639C4-515C-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{27E9A5C9-515C-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{91DB26C3-515B-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{91DB26C4-515B-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{91DB26C5-515B-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{91DB26C6-515B-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{91DB26C7-515B-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{41C432A7-515C-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{41C432A8-515C-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{41C432A9-515C-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{41C432AA-515C-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{67B67DB5-515D-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{67B67DB6-515D-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{67B67DB7-515D-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{7C43EB87-515B-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{7C43EB88-515B-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{7C43EB89-515B-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{7C43EB8A-515B-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{7C43EB8B-515B-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{37614CE8-515D-11E1-9713-F0DEF1758608}.dat 8192 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{82E2BF4A-515B-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{82E2BF4B-515B-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{82E2BF4C-515B-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{82E2BF4D-515B-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{DFB3A739-515B-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{DFB3A73A-515B-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{DFB3A73B-515B-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{DFB3A73C-515B-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{EFB5DC1D-515D-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{EFB5DC1E-515D-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{EFB5DC1F-515D-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{EFB5DC20-515D-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{EFB5DC21-515D-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F83585D7-515D-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F83585D8-515D-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F83585D9-515D-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F83585DA-515D-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{DBFD1577-515D-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{DBFD1578-515D-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{DBFD1579-515D-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{DBFD157A-515D-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F23A730F-515C-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F23A7310-515C-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F23A7311-515C-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F23A7312-515C-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{A7FE067B-515D-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{A7FE067C-515D-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{A7FE067D-515D-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{A7FE067E-515D-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{A4146120-515E-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{A4146121-515E-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{A4146122-515E-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{A4146123-515E-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{A4146124-515E-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{A43719D4-515C-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{A43719D5-515C-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{A43719D6-515C-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{A43719D7-515C-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{BFBDFEEF-515E-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{BFBDFEF0-515E-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{BFBDFEF1-515E-11E1-9713-F0DEF1758608}.dat 4096 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{77C5662E-515D-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{77C5662F-515D-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{77C56630-515D-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{3B7B106E-515C-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{3B7B106F-515C-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{3B7B1070-515C-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{3B7B1071-515C-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{942B10B6-515D-11E1-9713-F0DEF1758608}.dat 30720 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{2E294281-515C-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{2E294282-515C-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{2E294283-515C-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{2E294284-515C-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{B09D2014-515E-11E1-9713-F0DEF1758608}.dat 16896 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D6DF62A9-515C-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D6DF62AA-515C-11E1-9713-F0DEF1758608}.dat 4096 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D6DF62AB-515C-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{1AA4DA22-515C-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{1AA4DA23-515C-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{1AA4DA24-515C-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{1AA4DA25-515C-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{1BF14E14-515E-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{1BF14E15-515E-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{1BF14E16-515E-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E978A0C5-515D-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E978A0C6-515D-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E978A0C7-515D-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E978A0C8-515D-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{8943608C-515E-11E1-9713-F0DEF1758608}.dat 12288 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{27E9A5CA-515C-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{57BD019E-515D-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{57BD019F-515D-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{57BD01A0-515D-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{AE0BA64E-515D-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{AE0BA64F-515D-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{AE0BA650-515D-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{AE0BA651-515D-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{DBA0BDC5-515E-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{DBA0BDC6-515E-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{DBA0BDC7-515E-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{DBA0BDC8-515E-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{DBA0BDC9-515E-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E2D76BA1-515D-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E2D76BA2-515D-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E2D76BA3-515D-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E2D76BA4-515D-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{73C6A32D-515B-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{73C6A32E-515B-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{73C6A32F-515B-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{73C6A330-515B-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{D3986797-515B-11E1-9713-F0DEF1758608}.dat 22528 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C7F5C169-515D-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C7F5C16A-515D-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C7F5C16B-515D-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C7F5C16C-515D-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{8B51BF62-515B-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{8B51BF63-515B-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{8B51BF64-515B-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{8B51BF65-515B-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{2C42DD15-515E-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B7162C8C-515B-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B7162C8D-515B-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B7162C8E-515B-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{87618EA3-515C-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{87618EA4-515C-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{87618EA5-515C-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{87618EA6-515C-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{AF002475-515F-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{AF002476-515F-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B50B62E7-515F-11E1-9713-F0DEF1758608}.dat 4096 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B50B62E8-515F-11E1-9713-F0DEF1758608}.dat 4096 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B50B62EA-515F-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B50B62EB-515F-11E1-9713-F0DEF1758608}.dat 3584 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E27FD6AF-515E-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E27FD6B0-515E-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E27FD6B1-515E-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E27FD6B2-515E-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{00698180-515F-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{00698181-515F-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{00698182-515F-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{00698183-515F-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{00698184-515F-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{20E7EEEF-515D-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{20E7EEF0-515D-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{20E7EEF1-515D-11E1-9713-F0DEF1758608}.dat 4096 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{FF295B91-515F-11E1-9713-F0DEF1758608}.dat 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D3DD20C0-515E-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D3DD20C1-515E-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D3DD20C2-515E-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D3DD20C3-515E-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{4C5265C7-515E-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{4C5265C8-515E-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{4C5265C9-515E-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{8A291878-515F-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{8A291879-515F-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{8A29187A-515F-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{8A29187B-515F-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{37614CE9-515D-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{37614CEB-515D-11E1-9713-F0DEF1758608}.dat 4096 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{37614CEC-515D-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C34A1F0B-515F-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C34A1F0C-515F-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C34A1F0D-515F-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C34A1F0E-515F-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C34A1F0F-515F-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{00EB7140-515D-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{00EB7141-515D-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{00EB7142-515D-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{CA5B34DB-515F-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{CA5B34DC-515F-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{CA5B34DD-515F-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{CA5B34DE-515F-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{2F7506DF-5160-11E1-9713-F0DEF1758608}.dat 4608 bytes
File C:\Windows\Temp\Temporary Internet Files\Content.IE5\C07WS6PE\batera_com_br[1].htm 0 bytes
File C:\Windows\Temp\Temporary Internet Files\Content.IE5\C07WS6PE\errorPageStrings[1] 0 bytes
File C:\Windows\Temp\Temporary Internet Files\Content.IE5\KAG9DKTZ\dnserror[1] 5947 bytes
File C:\Windows\Temp\Temporary Internet Files\Content.IE5\PMBK500V\index[1].htm 0 bytes
File C:\Windows\Temp\Temporary Internet Files\Content.IE5\V69W0065\tools[1] 0 bytes
File C:\Windows\Temp\Temporary Internet Files\Content.IE5\V69W0065\ErrorPageTemplate[1] 0 bytes
File C:\Windows\Temp\Temporary Internet Files\Content.IE5\ZME68H5F\int[1].htm 0 bytes
File C:\Windows\Temp\~DF9723E1B4598388C7.TMP 0 bytes
File C:\Windows\Temp\~DFE66D51B593C332A8.TMP 0 bytes
File C:\Windows\Temp\~DFF11DEA77A43AAE2A.TMP 0 bytes
File C:\Windows\Temp\~DF314D9027FF3CF4A8.TMP 0 bytes

---- EOF - GMER 1.0.15 ----
 
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.2.1
Run by Toby at 9:44:16 on 2012-02-07
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.1.1033.18.3497.2215 [GMT -5:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe
C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Intel\Services\IPT\jhi_service.exe
C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
C:\Windows\system32\PnkBstrA.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\Explorer.EXE
C:\Program Files\Lenovo\Access Connections\AcSvc.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe
C:\Program Files\Integrated Camera Driver\RCIMGDIR.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
C:\Windows\System32\TpShocks.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\SCHTASK.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Lenovo\Access Connections\SvcGuiHlpr.exe
C:\Program Files\ThinkPad\Bluetooth Software\Bluetooth Headset Helper.exe
C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\Toby\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Toby\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Toby\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Toby\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Program Files\Lenovo\System Update\SUService.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Users\Toby\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Q2ICLX~1.COM
C:\Windows\system32\Q2ICLX~1.COM
C:\Windows\system32\Q2ICLX~1.COM
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.uncg.edu/
uWindow Title = Internet Explorer provided by UNCG
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.0 runtime\bin\jp2ssv.dll
uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe
uRun: [Google Update] "c:\users\toby\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [ALCKRESI.EXE] c:\program files\lenovo\autolock\ALCKRESI.EXE
mRun: [RotateImage] c:\program files\integrated camera driver\RCIMGDIR.exe
mRun: [IMSS] "c:\program files\intel\intel(r) management engine components\imss\PIconStartup.exe"
mRun: [PWMTRV] rundll32 c:\progra~1\thinkpad\utilit~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
mRun: [LENOVO.TPKNRRES] c:\program files\lenovo\communications utility\TPKNRRES.exe
mRun: [AcWin7Hlpr] c:\program files\lenovo\access connections\AcTBenabler.exe
mRun: [<NO NAME>]
mRun: [TpShocks] TpShocks.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10q_ActiveX.exe -update activex
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\thinkpad\bluetooth software\BTTray.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{6D9FE746-BAD5-4670-AEF9-C79251B7E4F8} : DhcpNameServer = 152.13.12.101 152.13.12.102
TCP: Interfaces\{6D9FE746-BAD5-4670-AEF9-C79251B7E4F8}\D496E6365697 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{999C29DA-EB78-4031-89B3-DFD72E916A22} : DhcpNameServer = 209.18.47.61 209.18.47.62
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
Notify: psfus - c:\program files\thinkvantage fingerprint software\psqlpwd.dll
AppInit_DLLs: c:\windows\system32\nvinit.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
LSA: Notification Packages = scecli c:\program files\thinkvantage fingerprint software\psqlpwd.dll ACGina
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\toby\appdata\roaming\mozilla\firefox\profiles\jy23lgs6.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.uncg.edu/
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\users\toby\appdata\local\google\update\1.3.21.79\npGoogleUpdate3.dll
.
============= SERVICES / DRIVERS ===============
.
R0 DozeHDD;DozeHDD;c:\windows\system32\drivers\DOZEHDD.SYS [2011-5-10 25968]
R0 nvpciflt;nvpciflt;c:\windows\system32\drivers\nvpciflt.sys [2011-5-5 20328]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2011-1-13 20592]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2011-5-10 13680]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;c:\program files\intel\services\ipt\jhi_service.exe [2011-2-7 210896]
R2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\lenovo\communications utility\CamMute.exe [2011-5-10 40808]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\lenovo\hotkey\micmute.exe [2011-5-10 45496]
R2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\lenovo\communications utility\TPKNRSVC.exe [2011-5-10 59240]
R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\lenovo\virtscrl\lvvsst.exe [2011-5-10 93032]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-5-10 2009704]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032]
R2 risdxc;risdxc;c:\windows\system32\drivers\risdxc86.sys [2011-5-5 75264]
R2 smihlp;SMI Helper Driver (smihlp);c:\program files\thinkvantage fingerprint software\smihlp.sys [2009-3-13 12560]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2011-2-2 378472]
R2 TPHKSVC;On Screen Display;c:\program files\lenovo\hotkey\TPHKSVC.exe [2011-5-10 64440]
R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files\intel\intel(r) management engine components\uns\UNS.exe [2011-5-10 2656280]
R3 5U877;USB Video Device;c:\windows\system32\drivers\5U877.sys [2011-5-10 132096]
R3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\drivers\e1c6232.sys [2011-5-4 238760]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-2-3 106104]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2011-5-5 269824]
R3 MEI;Intel(R) Management Engine Interface;c:\windows\system32\drivers\HECI.sys [2011-5-5 41088]
R3 NETwNs32;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETwNs32.sys [2011-5-5 7434240]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-1-31 158856]
S2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2010-6-11 1831024]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\lenovo\hotkey\tphkload.exe [2011-5-10 99328]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\drivers\btwampfl.sys [2011-5-10 367656]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2011-5-10 33832]
S3 DozeSvc;Lenovo Doze Mode Service;c:\program files\thinkpad\utilities\DOZESVC.EXE [2011-5-10 292200]
S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files\futuremark\futuremark systeminfo\FMSISvc.exe [2011-10-29 130976]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 Power Manager DBC Service;Power Manager DBC Service;c:\program files\thinkpad\utilities\PWMDBSVC.exe [2011-5-10 79208]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-8-22 15872]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 SWI32;SWI32;c:\program files\lenovo\system update\tvsuhd32.sys [2009-10-21 28224]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-8-22 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-5-9 1343400]
.
=============== Created Last 30 ================
.
2012-02-07 12:25:21 111616 ----a-w- c:\windows\system32\Q2IcLX6bo.com
2012-02-07 02:44:48 -------- d--h--w- c:\windows\system32\Settings
2012-02-06 17:56:14 -------- d-s---w- C:\ComboFix
2012-02-06 05:39:47 98816 ----a-w- c:\windows\sed.exe
2012-02-06 05:39:47 518144 ----a-w- c:\windows\SWREG.exe
2012-02-06 05:39:47 256000 ----a-w- c:\windows\PEV.exe
2012-02-06 05:39:47 208896 ----a-w- c:\windows\MBR.exe
2012-02-05 06:27:10 -------- d-----w- c:\program files\ESET
2012-02-05 06:14:40 -------- d-----w- c:\program files\Oracle
2012-02-05 06:13:40 637848 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-02-05 05:52:20 -------- d-----w- c:\windows\system32\appmgmt
2012-02-05 01:42:10 981504 ----a-w- c:\windows\system32\wininet.dll
2012-02-05 01:42:00 860672 ----a-w- c:\program files\internet explorer\iedvtool.dll
2012-02-05 01:41:46 163328 ----a-w- c:\program files\internet explorer\ieproxy.dll
2012-02-05 01:41:41 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-05 01:41:02 111616 ----a-w- c:\windows\system32\Q2IcLX6bo.com_
2012-02-05 01:39:37 -------- d-----w- c:\programdata\AVAST Software
2012-02-05 01:39:37 -------- d-----w- c:\program files\AVAST Software
2012-02-05 01:37:49 -------- d-----w- c:\users\toby\appdata\local\Broadcom
2012-02-05 01:36:53 -------- d-----r- c:\program files\Skype
2012-02-05 01:30:40 -------- d-----w- c:\users\toby\appdata\roaming\Malwarebytes
2012-02-05 01:30:28 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-05 01:30:28 -------- d-----w- c:\programdata\Malwarebytes
2012-02-05 01:30:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-05 01:11:24 514560 ----a-w- c:\windows\system32\qdvd.dll
2012-02-05 01:11:24 1328128 ----a-w- c:\windows\system32\quartz.dll
2012-02-05 00:29:39 67072 ----a-w- c:\windows\system32\packager.dll
2012-02-05 00:24:48 1288472 ----a-w- c:\windows\system32\ntdll.dll
2012-02-05 00:12:20 2342912 ----a-w- c:\windows\system32\win32k.sys
2012-02-05 00:11:52 2048 ----a-w- c:\windows\system32\tzres.dll
2012-02-05 00:11:21 534528 ----a-w- c:\windows\system32\EncDec.dll
2012-02-05 00:11:20 38912 ----a-w- c:\windows\system32\csrsrv.dll
2012-02-05 00:09:04 224768 ----a-w- c:\windows\system32\schannel.dll
2012-02-05 00:09:04 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-02-05 00:09:03 369352 ----a-w- c:\windows\system32\drivers\cng.sys
2012-02-05 00:09:03 1038848 ----a-w- c:\windows\system32\lsasrv.dll
2012-02-05 00:09:02 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-02-05 00:09:02 22528 ----a-w- c:\windows\system32\lsass.exe
2012-02-05 00:09:01 314880 ----a-w- c:\windows\system32\webio.dll
2012-02-05 00:09:00 100352 ----a-w- c:\windows\system32\sspicli.dll
2012-02-05 00:08:59 22016 ----a-w- c:\windows\system32\secur32.dll
2012-02-05 00:08:59 15872 ----a-w- c:\windows\system32\sspisrv.dll
2012-02-05 00:08:42 3967856 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-02-05 00:08:42 3912560 ----a-w- c:\windows\system32\ntoskrnl.exe
.
==================== Find3M ====================
.
2012-02-05 00:02:23 0 ----a-w- c:\users\toby\___.tmp
.
============= FINISH: 9:49:55.74 ===============
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Enterprise
Boot Device: \Device\HarddiskVolume2
Install Date: 8/20/2011 3:41:48 AM
System Uptime: 2/6/2012 9:43:54 PM (12 hours ago)
.
Motherboard: LENOVO | | 4242Y16
Processor: Intel(R) Core(TM) i5-2540M CPU @ 2.60GHz | CPU | 2601/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 100 GiB total, 41.485 GiB free.
D: is FIXED (NTFS) - 188 GiB total, 186.537 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP56: 2/4/2012 6:49:14 PM - Scheduled Checkpoint
RP57: 2/4/2012 8:39:02 PM - avast! Free Antivirus Setup
RP58: 2/4/2012 10:06:59 PM - avast! Free Antivirus Setup
RP59: 2/5/2012 12:37:27 AM - Installed Java(TM) 6 Update 30
RP60: 2/5/2012 12:51:41 AM - Removed Java(TM) 6 Update 30
RP61: 2/5/2012 1:13:20 AM - Installed Java(TM) 7 Update 2
RP62: 2/5/2012 1:14:27 AM - Installed JavaFX 2.0.2
RP63: 2/5/2012 8:03:08 AM - Windows Update
.
==== Installed Programs ======================
.
.
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader X
Broadcom InConcert Maestro
Burn.Now 4.5
Burn.Now Lenovo Edition
Conexant 20672 SmartAudio HD
Corel DVD MovieFactory
Corel DVD MovieFactory 7 Lenovo Edition
Definition update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Direct DiscRecorder
ESET Online Scanner v3
Firefox
Futuremark SystemInfo
Google Chrome
Integrated Camera Driver Installer Package Ver.1.1.0.1147
Integrated Camera TWAIN
Intel PROSet Wireless
Intel(R) Control Center
Intel(R) Identity Protection Technology 1.0.74.0
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Intel(R) PROSet/Wireless WiFi Software
InterVideo WinDVD 8
Java Auto Updater
Java(TM) 7 Update 2
JavaFX 2.0.2
League of Legends
Lenovo Auto Scroll Utility
Lenovo System Interface Driver
LiveUpdate 3.3 (Symantec Corporation)
Logger Pro 3.8
LoggerPro3
Malwarebytes Anti-Malware version 1.60.1.1000
Microsoft .NET Framework 4 Client Profile
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NVIDIA 3D Vision Driver 266.96
NVIDIA Control Panel 266.96
NVIDIA Graphics Driver 266.96
NVIDIA HD Audio Driver 1.2.19.0
NVIDIA Install Application
NVIDIA Optimus 1.0.21
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
NVIDIA Update Components
On Screen Display
Pando Media Booster
PDFCreator
PunkBuster Services
RapidBoot
Rescue and Recovery
RICOH_Media_Driver_v2.13.18.02
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553353) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Skype™ 5.8
StarCraft II
Symantec Endpoint Protection
Synaptics Pointing Device Driver
System Requirements Lab CYRI
System Update
ThinkPad Bluetooth with Enhanced Data Rate Software
ThinkPad FullScreen Magnifier
ThinkPad Hotkey Features Integration Setup
ThinkPad Power Management Driver
ThinkPad Power Manager
ThinkPad UltraNav Utility
ThinkVantage Access Connections
ThinkVantage Active Protection System
ThinkVantage AutoLock
ThinkVantage Communications Utility
ThinkVantage Fingerprint Software
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553455) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition
Update for Microsoft Outlook Social Connector (KB2583935)
Yahoo! Detect
.
==== Event Viewer Messages From Past Week ========
.
2/7/2012 9:48:29 AM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
2/7/2012 8:54:50 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the LiveUpdate service to connect.
2/7/2012 8:54:50 AM, Error: Service Control Manager [7000] - The LiveUpdate service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/7/2012 12:33:23 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Symantec Settings Manager service to connect.
2/6/2012 9:54:47 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service LiveUpdate with arguments "" in order to run the server: {03E0E6C2-363B-11D3-B536-00902771A435}
2/6/2012 9:44:53 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service Symantec AntiVirus with arguments "" in order to run the server: {98694799-6891-4FD7-A91D-FB43B78AEC8C}
2/6/2012 9:44:52 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service Symantec AntiVirus with arguments "" in order to run the server: {5CEC0E13-CF22-414C-8D67-D44B06420FC1}
2/6/2012 9:44:49 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
2/6/2012 9:44:49 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
2/6/2012 9:44:46 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
2/6/2012 9:44:43 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000d1 (0xffffffbe, 0x00000002, 0x00000001, 0x8c070c46). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 020612-44600-01.
2/6/2012 5:46:12 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000d1 (0x00000004, 0x00000002, 0x00000001, 0x8c043928). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 020612-48750-01.
2/6/2012 12:58:20 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
2/6/2012 12:16:23 AM, Error: Schannel [36888] - The following fatal alert was generated: 40. The internal error state is 107.
2/6/2012 12:16:23 AM, Error: Schannel [36874] - An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
2/4/2012 5:40:14 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: DfsC
.
==== End Of File ===========================
 
Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

=============================================================

Download Bootkit Remover to your Desktop.

  • Unzip downloaded file to your Desktop.
  • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
  • It will show a Black screen with some data on it.
  • Right click on the screen and click Select All.
  • Press CTRL+C
  • Open a Notepad and press CTRL+V
  • Post the output back here.
 
Ok, Here you go.


aswMBR version 0.9.9.1532 Copyright(c) 2011 AVAST Software
Run date: 2012-02-07 18:50:30
-----------------------------
18:50:30.473 OS Version: Windows 6.1.7601 Service Pack 1
18:50:30.473 Number of processors: 4 586 0x2A07
18:50:30.473 ComputerName: UNCG-R9F29ZG UserName: Toby
18:50:34.978 Initialize success
18:50:41.075 AVAST engine defs: 12020701
18:50:43.425 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
18:50:43.425 Disk 0 Vendor: WDC_WD32 02.0 Size: 305245MB BusType: 3
18:50:43.441 Disk 0 MBR read successfully
18:50:43.441 Disk 0 MBR scan
18:50:43.441 Disk 0 unknown MBR code
18:50:43.441 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 10557 MB offset 2048
18:50:43.472 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 102597 MB offset 21622784
18:50:43.488 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 192089 MB offset 231741440
18:50:43.503 Disk 0 scanning sectors +625139712
18:50:43.566 Disk 0 scanning C:\Windows\system32\drivers
18:50:56.678 Service scanning
18:50:58.050 Modules scanning
18:51:12.059 Disk 0 trace - called modules:
18:51:12.075 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll iaStor.sys
18:51:12.075 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8795e330]
18:51:12.075 3 CLASSPNP.SYS[8c5cd59e] -> nt!IofCallDriver -> [0x85e6c380]
18:51:12.075 5 ACPI.sys[8bea73d4] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x85df1028]
18:51:14.961 AVAST engine scan C:\Windows
18:51:18.705 AVAST engine scan C:\Windows\system32
18:52:39.032 File: C:\Windows\system32\Q2IcLX6bo.com **INFECTED** Win32:Malware-gen
18:52:39.079 File: C:\Windows\system32\Q2IcLX6bo.com_ **INFECTED** Win32:Malware-gen
18:54:28.935 AVAST engine scan C:\Windows\system32\drivers
18:54:55.252 AVAST engine scan C:\Users\Toby
18:56:11.167 AVAST engine scan C:\ProgramData
18:58:48.465 Scan finished successfully
18:59:15.417 Disk 0 MBR has been saved successfully to "C:\Users\Toby\Desktop\MBR.dat"
18:59:15.421 The log file has been saved successfully to "C:\Users\Toby\Desktop\aswMBR.txt"



Bootkit Remover
(c) 2009 Esage Lab
www.esagelab.com

Program version: 1.2.0.1
OS Version: Microsoft Windows 7 Enterprise Edition Service Pack 1 (build 7601),
32-bit

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000002`93e00000

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Controlled by rootkit!

Boot code on some of your physical disks is hidden by a rootkit.
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]


Done;
Press any key to quit...
 
ListParts by Farbar
Ran by Toby on 07-02-2012 at 19:18:32
Windows 7 (X86)
Running From: D:\Downloads
Language: 0409
************************************************************

========================= Memory info ======================

Percentage of memory in use: 52%
Total physical RAM: 3497.23 MB
Available physical RAM: 1651.66 MB
Total Pagefile: 6992.75 MB
Available Pagefile: 4734.66 MB
Total Virtual: 2047.88 MB
Available Virtual: 1963.18 MB

======================= Partitions =========================

1 Drive c: (SYSTEM) (Fixed) (Total:100.19 GB) (Free:41.2 GB) NTFS ==>[Drive with boot components (obtanied from BCD)]
2 Drive d: (DATA) (Fixed) (Total:187.59 GB) (Free:186.53 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Recovery 10 GB 1024 KB
Partition 2 Primary 100 GB 10 GB
Partition 3 Primary 187 GB 110 GB

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 SERVICEV002 NTFS Partition 10 GB Healthy Hidden

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C SYSTEM NTFS Partition 100 GB Healthy System (partition with boot components)

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D DATA NTFS Partition 187 GB Healthy



****** End Of Log ******
 
That looks fine.

Download the FixTDSS.exe

Save the file to your Windows desktop.
Close all running programs.
If you are running Windows XP, turn off System Restore. How to turn off or turn on Windows XP System Restore
Double-click the FixTDSS.exe file to start the removal tool.
Click Start to begin the process, and then allow the tool to run.
OK any security prompts.
Restart the computer when prompted by the tool.
After the computer has started, the tool will inform you of the state of infection (make sure to let me know what it said)
If you are running Windows XP, re-enable System Restore.
 
Where does it try to fix?

It restarts when I initially run the tool, then it scans.

I didn't get anything asking for a fix.

I am running it again at the moment.
 
Ok, I get a popup that says,

"Backdoor.Tidserv has not been found on your computer"

I click "OK."

Then TDSS Fix Tool says "Procedure Completed."

It disappears after about 30 seconds.
 
Very well.

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode (How to...)

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
ComboFix 12-02-07.01 - Toby 02/07/2012 22:56:27.1.4 - x86
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.1.1033.18.3497.2376 [GMT -5:00]
Running from: c:\users\Toby\Desktop\ComboFix.exe
AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\users\Toby\___.tmp
c:\windows\$NtUninstallKB43229$
c:\windows\$NtUninstallKB43229$\4139144665
c:\windows\$NtUninstallKB43229$\4274476570\@
c:\windows\$NtUninstallKB43229$\4274476570\bckfg.tmp
c:\windows\$NtUninstallKB43229$\4274476570\cfg.ini
c:\windows\$NtUninstallKB43229$\4274476570\Desktop.ini
c:\windows\$NtUninstallKB43229$\4274476570\keywords
c:\windows\$NtUninstallKB43229$\4274476570\kwrd.dll
c:\windows\$NtUninstallKB43229$\4274476570\L\xadqgnnk
c:\windows\$NtUninstallKB43229$\4274476570\lsflt7.ver
c:\windows\$NtUninstallKB43229$\4274476570\U\00000001.@
c:\windows\$NtUninstallKB43229$\4274476570\U\00000002.@
c:\windows\$NtUninstallKB43229$\4274476570\U\00000004.@
c:\windows\$NtUninstallKB43229$\4274476570\U\80000000.@
c:\windows\$NtUninstallKB43229$\4274476570\U\80000004.@
c:\windows\$NtUninstallKB43229$\4274476570\U\80000032.@
c:\windows\system32\Settings
c:\windows\system32\Settings\Settings.ini
.
.
((((((((((((((((((((((((( Files Created from 2012-01-08 to 2012-02-08 )))))))))))))))))))))))))))))))
.
.
2012-02-08 04:04 . 2012-02-08 04:05 -------- d-----w- c:\users\Toby\AppData\Local\temp
2012-02-08 04:04 . 2012-02-08 04:04 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-02-08 04:04 . 2012-02-08 04:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-08 03:53 . 2009-07-13 23:11 80896 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2012-02-07 15:00 . 2012-02-07 15:00 -------- d-----w- c:\windows\Sun
2012-02-07 12:25 . 2012-02-04 23:40 111616 ----a-w- c:\windows\system32\Q2IcLX6bo.com
2012-02-05 06:27 . 2012-02-05 06:27 -------- d-----w- c:\program files\ESET
2012-02-05 06:15 . 2012-02-05 06:15 -------- d-----w- c:\program files\Common Files\Java
2012-02-05 06:14 . 2012-02-05 06:14 -------- d-----w- c:\program files\Oracle
2012-02-05 06:13 . 2011-11-09 00:56 637848 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-02-05 01:42 . 2011-11-05 04:35 981504 ----a-w- c:\windows\system32\wininet.dll
2012-02-05 01:42 . 2011-11-05 04:30 860672 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2012-02-05 01:41 . 2011-11-05 04:30 163328 ----a-w- c:\program files\Internet Explorer\ieproxy.dll
2012-02-05 01:41 . 2011-11-05 02:48 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-05 01:39 . 2012-02-05 04:09 -------- d-----w- c:\programdata\AVAST Software
2012-02-05 01:39 . 2012-02-05 01:39 -------- d-----w- c:\program files\AVAST Software
2012-02-05 01:37 . 2012-02-05 01:37 -------- d-----w- c:\users\Toby\AppData\Local\Broadcom
2012-02-05 01:37 . 2012-02-08 02:46 -------- d-----w- c:\users\Toby\AppData\Roaming\Skype
2012-02-05 01:36 . 2012-02-05 01:36 -------- d-----w- c:\program files\Common Files\Skype
2012-02-05 01:36 . 2012-02-05 01:36 -------- d-----r- c:\program files\Skype
2012-02-05 01:36 . 2012-02-05 01:36 -------- d-----w- c:\programdata\Skype
2012-02-05 01:30 . 2012-02-05 01:30 -------- d-----w- c:\users\Toby\AppData\Roaming\Malwarebytes
2012-02-05 01:30 . 2012-02-05 01:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-05 01:30 . 2012-02-05 01:30 -------- d-----w- c:\programdata\Malwarebytes
2012-02-05 01:30 . 2011-12-10 20:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-05 01:11 . 2011-10-26 04:32 514560 ----a-w- c:\windows\system32\qdvd.dll
2012-02-05 01:11 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\system32\quartz.dll
2012-02-05 00:29 . 2011-11-19 14:01 67072 ----a-w- c:\windows\system32\packager.dll
2012-02-05 00:24 . 2011-11-17 05:38 1288472 ----a-w- c:\windows\system32\ntdll.dll
2012-02-05 00:12 . 2011-11-24 04:25 2342912 ----a-w- c:\windows\system32\win32k.sys
2012-02-05 00:11 . 2011-11-05 04:26 2048 ----a-w- c:\windows\system32\tzres.dll
2012-02-05 00:11 . 2011-10-15 05:38 534528 ----a-w- c:\windows\system32\EncDec.dll
2012-02-05 00:11 . 2011-10-26 04:28 38912 ----a-w- c:\windows\system32\csrsrv.dll
2012-02-05 00:09 . 2011-11-17 05:41 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-02-05 00:09 . 2011-11-17 05:34 224768 ----a-w- c:\windows\system32\schannel.dll
2012-02-05 00:09 . 2011-11-17 05:39 369352 ----a-w- c:\windows\system32\drivers\cng.sys
2012-02-05 00:09 . 2011-11-17 05:32 1038848 ----a-w- c:\windows\system32\lsasrv.dll
2012-02-05 00:09 . 2011-11-17 05:41 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-02-05 00:09 . 2011-11-17 05:29 22528 ----a-w- c:\windows\system32\lsass.exe
2012-02-05 00:09 . 2011-11-17 05:35 314880 ----a-w- c:\windows\system32\webio.dll
2012-02-05 00:09 . 2011-11-17 05:34 100352 ----a-w- c:\windows\system32\sspicli.dll
2012-02-05 00:08 . 2011-11-17 05:34 15872 ----a-w- c:\windows\system32\sspisrv.dll
2012-02-05 00:08 . 2011-11-17 05:34 22016 ----a-w- c:\windows\system32\secur32.dll
2012-02-05 00:08 . 2011-10-26 04:47 3967856 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-02-05 00:08 . 2011-10-26 04:47 3912560 ----a-w- c:\windows\system32\ntoskrnl.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-10 14:15 . 2011-03-18 17:53 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2011-10-28 3077528]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-01-31 17147528]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-03-31 2221352]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"ALCKRESI.EXE"="c:\program files\Lenovo\AutoLock\ALCKRESI.EXE" [2011-02-28 281448]
"RotateImage"="c:\program files\Integrated Camera Driver\RCIMGDIR.exe" [2008-10-30 31744]
"IMSS"="c:\program files\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2011-01-17 112152]
"PWMTRV"="c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2011-03-24 1254760]
"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2011-03-10 41320]
"AcWin7Hlpr"="c:\program files\Lenovo\Access Connections\AcTBenabler.exe" [2010-09-17 31592]
"TpShocks"="TpShocks.exe" [2011-01-14 337256]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2010-06-11 115560]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-11 143384]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-11 176664]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-11 178200]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-09-30 252296]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10q_ActiveX.exe" [2011-05-27 240288]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2010-12-18 890144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2010-12-08 17:16 100176 ----a-w- c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\nvinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
2;2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-01-31 158856]
R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [2010-12-18 367656]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-12-18 33832]
R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x32.sys [x]
R3 DozeSvc;Lenovo Doze Mode Service;c:\program files\ThinkPad\Utilities\DOZESVC.EXE [2011-03-24 292200]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-08-15 130976]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.EXE [2011-03-24 79208]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 SWI32;SWI32;c:\program files\Lenovo\System Update\tvsuhd32.sys [2009-10-22 28224]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-09 1343400]
S0 DozeHDD;DozeHDD;c:\windows\System32\DRIVERS\DozeHDD.sys [2011-03-24 25968]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2011-02-04 20328]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM86.sys [2011-01-13 20592]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiif32.sys [2010-09-07 13680]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;c:\program files\Intel\Services\IPT\jhi_service.exe [2011-02-07 210896]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [2011-03-10 40808]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2010-11-24 45496]
S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [2011-03-10 59240]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2010-04-07 93032]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-02-03 2009704]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-18 11032]
S2 risdxc;risdxc;c:\windows\system32\DRIVERS\risdxc86.sys [2011-03-23 75264]
S2 smihlp;SMI Helper Driver (smihlp);c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [2009-03-13 12560]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-02-03 378472]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [2010-12-03 99328]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2010-12-02 64440]
S3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys [2011-03-04 132096]
S3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c6232.sys [2010-12-21 238760]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-02-03 106104]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-03-11 269824]
S3 MEI;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECI.sys [2010-10-19 41088]
S3 NETwNs32;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETwNs32.sys [2011-01-06 7434240]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-07 c:\windows\Tasks\At1.job
- c:\windows\system32\Q2IcLX6bo.com [2012-02-07 23:40]
.
2012-02-07 c:\windows\Tasks\At10.job
- c:\windows\system32\Q2IcLX6bo.com_ [2012-02-05 23:40]
.
2012-02-07 c:\windows\Tasks\At11.job
- c:\windows\system32\Q2IcLX6bo.com [2012-02-07 23:40]
.
2012-02-07 c:\windows\Tasks\At12.job
- c:\windows\system32\Q2IcLX6bo.com_ [2012-02-05 23:40]
.
2012-02-07 c:\windows\Tasks\At13.job
- c:\windows\system32\Q2IcLX6bo.com [2012-02-07 23:40]
.
2012-02-07 c:\windows\Tasks\At14.job
- c:\windows\system32\Q2IcLX6bo.com_ [2012-02-05 23:40]
.
2012-02-07 c:\windows\Tasks\At15.job
- c:\windows\system32\Q2IcLX6bo.com [2012-02-07 23:40]
.
2012-02-07 c:\windows\Tasks\At16.job
- c:\windows\system32\Q2IcLX6bo.com_ [2012-02-05 23:40]
.
2012-02-07 c:\windows\Tasks\At17.job
- c:\windows\system32\Q2IcLX6bo.com [2012-02-07 23:40]
.
2012-02-07 c:\windows\Tasks\At18.job
- c:\windows\system32\Q2IcLX6bo.com_ [2012-02-05 23:40]
.
2012-02-07 c:\windows\Tasks\At19.job
- c:\windows\system32\Q2IcLX6bo.com [2012-02-07 23:40]
.
2012-02-07 c:\windows\Tasks\At2.job
- c:\windows\system32\Q2IcLX6bo.com_ [2012-02-05 23:40]
.
2012-02-07 c:\windows\Tasks\At20.job
- c:\windows\system32\Q2IcLX6bo.com_ [2012-02-05 23:40]
.
2012-02-07 c:\windows\Tasks\At21.job
- c:\windows\system32\Q2IcLX6bo.com [2012-02-07 23:40]
.
2012-02-07 c:\windows\Tasks\At22.job
- c:\windows\system32\Q2IcLX6bo.com_ [2012-02-05 23:40]
.
2012-02-07 c:\windows\Tasks\At23.job
- c:\windows\system32\Q2IcLX6bo.com [2012-02-07 23:40]
.
2012-02-07 c:\windows\Tasks\At24.job
- c:\windows\system32\Q2IcLX6bo.com_ [2012-02-05 23:40]
.
2012-02-07 c:\windows\Tasks\At25.job
- c:\windows\system32\Q2IcLX6bo.com [2012-02-07 23:40]
.
2012-02-07 c:\windows\Tasks\At26.job
- c:\windows\system32\Q2IcLX6bo.com_ [2012-02-05 23:40]
.
2012-02-07 c:\windows\Tasks\At27.job
- c:\windows\system32\Q2IcLX6bo.com [2012-02-07 23:40]
.
2012-02-07 c:\windows\Tasks\At28.job
- c:\windows\system32\Q2IcLX6bo.com_ [2012-02-05 23:40]
.
2012-02-07 c:\windows\Tasks\At29.job
- c:\windows\system32\Q2IcLX6bo.com [2012-02-07 23:40]
.
2012-02-07 c:\windows\Tasks\At3.job
- c:\windows\system32\Q2IcLX6bo.com [2012-02-07 23:40]
.
2012-02-07 c:\windows\Tasks\At30.job
- c:\windows\system32\Q2IcLX6bo.com_ [2012-02-05 23:40]
.
2012-02-07 c:\windows\Tasks\At31.job
- c:\windows\system32\Q2IcLX6bo.com [2012-02-07 23:40]
.
2012-02-07 c:\windows\Tasks\At32.job
- c:\windows\system32\Q2IcLX6bo.com_ [2012-02-05 23:40]
.
2012-02-07 c:\windows\Tasks\At33.job
- c:\windows\system32\Q2IcLX6bo.com [2012-02-07 23:40]
.
2012-02-07 c:\windows\Tasks\At34.job
- c:\windows\system32\Q2IcLX6bo.com_ [2012-02-05 23:40]
.
2012-02-07 c:\windows\Tasks\At35.job
- c:\windows\system32\Q2IcLX6bo.com [2012-02-07 23:40]
.
2012-02-07 c:\windows\Tasks\At36.job
- c:\windows\system32\Q2IcLX6bo.com_ [2012-02-05 23:40]
.
2012-02-07 c:\windows\Tasks\At37.job
- c:\windows\system32\Q2IcLX6bo.com [2012-02-07 23:40]
.
2012-02-07 c:\windows\Tasks\At38.job
- c:\windows\system32\Q2IcLX6bo.com_ [2012-02-05 23:40]
.
2012-02-08 c:\windows\Tasks\At39.job
- c:\windows\system32\Q2IcLX6bo.com [2012-02-07 23:40]
.
2012-02-07 c:\windows\Tasks\At4.job
- c:\windows\system32\Q2IcLX6bo.com_ [2012-02-05 23:40]
.
2012-02-08 c:\windows\Tasks\At40.job
- c:\windows\system32\Q2IcLX6bo.com_ [2012-02-05 23:40]
.
2012-02-08 c:\windows\Tasks\At41.job
- c:\windows\system32\Q2IcLX6bo.com [2012-02-07 23:40]
.
2012-02-08 c:\windows\Tasks\At42.job
- c:\windows\system32\Q2IcLX6bo.com_ [2012-02-05 23:40]
.
2012-02-08 c:\windows\Tasks\At43.job
- c:\windows\system32\Q2IcLX6bo.com [2012-02-07 23:40]
.
2012-02-08 c:\windows\Tasks\At44.job
- c:\windows\system32\Q2IcLX6bo.com_ [2012-02-05 23:40]
.
2012-02-08 c:\windows\Tasks\At45.job
- c:\windows\system32\Q2IcLX6bo.com [2012-02-07 23:40]
.
2012-02-08 c:\windows\Tasks\At46.job
- c:\windows\system32\Q2IcLX6bo.com_ [2012-02-05 23:40]
.
2012-02-07 c:\windows\Tasks\At47.job
- c:\windows\system32\Q2IcLX6bo.com [2012-02-07 23:40]
.
2012-02-07 c:\windows\Tasks\At48.job
- c:\windows\system32\Q2IcLX6bo.com_ [2012-02-05 23:40]
.
2012-02-07 c:\windows\Tasks\At5.job
- c:\windows\system32\Q2IcLX6bo.com [2012-02-07 23:40]
.
2012-02-07 c:\windows\Tasks\At6.job
- c:\windows\system32\Q2IcLX6bo.com_ [2012-02-05 23:40]
.
2012-02-07 c:\windows\Tasks\At7.job
- c:\windows\system32\Q2IcLX6bo.com [2012-02-07 23:40]
.
2012-02-07 c:\windows\Tasks\At8.job
- c:\windows\system32\Q2IcLX6bo.com_ [2012-02-05 23:40]
.
2012-02-07 c:\windows\Tasks\At9.job
- c:\windows\system32\Q2IcLX6bo.com [2012-02-07 23:40]
.
2012-02-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3701962513-1207299313-1526478886-1006Core.job
- c:\users\Toby\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-29 17:06]
.
2012-02-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3701962513-1207299313-1526478886-1006UA.job
- c:\users\Toby\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-29 17:06]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.uncg.edu/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
FF - ProfilePath - c:\users\Toby\AppData\Roaming\Mozilla\Firefox\Profiles\jy23lgs6.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.uncg.edu/
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
SafeBoot-Symantec Antvirus
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,18,3b,52,45,2b,3e,3b,4b,91,fc,f9,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,18,3b,52,45,2b,3e,3b,4b,91,fc,f9,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(644)
c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\program files\ThinkVantage Fingerprint Software\infql2.dll
.
- - - - - - - > 'Explorer.exe'(4896)
c:\program files\ThinkPad\Utilities\PWMTR32V.DLL
c:\progra~1\ThinkPad\UTILIT~1\US\PWMRT32V.DLL
c:\progra~1\ThinkPad\UTILIT~1\PWMIF32V.DLL
c:\program files\ThinkPad\Bluetooth Software\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Symantec\Symantec Endpoint Protection\Smc.exe
c:\program files\NVIDIA Corporation\Display\NvXDSync.exe
c:\program files\ThinkVantage Fingerprint Software\upeksvr.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\program files\Lenovo\Access Connections\AcPrfMgrSvc.exe
c:\progra~1\Lenovo\HOTKEY\tpnumlk.exe
c:\program files\ThinkPad\Bluetooth Software\btwdins.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\taskhost.exe
c:\progra~1\Lenovo\HOTKEY\tpnumlkd.exe
c:\windows\system32\PnkBstrA.exe
c:\progra~1\LENOVO\VIRTSCRL\virtscrl.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
c:\program files\Lenovo\Access Connections\AcSvc.exe
c:\program files\Symantec\Symantec Endpoint Protection\SmcGui.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\conhost.exe
c:\windows\system32\rundll32.exe
c:\progra~1\Lenovo\Zoom\TPSCREX.EXE
c:\progra~1\Lenovo\HOTKEY\TPONSCR.EXE
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\windows\system32\sppsvc.exe
c:\program files\Lenovo\System Update\SUService.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2012-02-07 23:11:22 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-08 04:11
.
Pre-Run: 43,784,572,928 bytes free
Post-Run: 43,805,360,128 bytes free
.
- - End Of File - - 21A9649FD934CDE7B1FE3E5B70CE3C95
 
1. Please open Notepad (Start>All Programs>Accessories>Notepad).

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code: 
File::
c:\windows\system32\Q2IcLX6bo.com

ClearJavaCache::


3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScript.gif



6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
 
ComboFix 12-02-07.01 - Toby 02/07/2012 23:33:51.2.4 - x86
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.1.1033.18.3497.2187 [GMT -5:00]
Running from: c:\users\Toby\Desktop\ComboFix.exe
Command switches used :: c:\users\Toby\Desktop\CFScript.txt
AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\Q2IcLX6bo.com"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\Q2IcLX6bo.com
.
.
((((((((((((((((((((((((( Files Created from 2012-01-08 to 2012-02-08 )))))))))))))))))))))))))))))))
.
.
2012-02-08 04:38 . 2012-02-08 04:38 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-02-08 04:38 . 2012-02-08 04:38 -------- d-----w- c:\users\UNCG.UNCG-EWYELHZU5M\AppData\Local\temp
2012-02-08 04:38 . 2012-02-08 04:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-08 04:38 . 2012-02-08 04:38 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-02-08 04:04 . 2012-02-08 04:38 -------- d-----w- c:\users\Toby\AppData\Local\temp
2012-02-08 03:53 . 2009-07-13 23:11 80896 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2012-02-07 15:00 . 2012-02-07 15:00 -------- d-----w- c:\windows\Sun
2012-02-05 06:27 . 2012-02-05 06:27 -------- d-----w- c:\program files\ESET
2012-02-05 06:15 . 2012-02-05 06:15 -------- d-----w- c:\program files\Common Files\Java
2012-02-05 06:14 . 2012-02-05 06:14 -------- d-----w- c:\program files\Oracle
2012-02-05 06:13 . 2011-11-09 00:56 637848 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-02-05 01:42 . 2011-11-05 04:35 981504 ----a-w- c:\windows\system32\wininet.dll
2012-02-05 01:42 . 2011-11-05 04:30 860672 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2012-02-05 01:41 . 2011-11-05 04:30 163328 ----a-w- c:\program files\Internet Explorer\ieproxy.dll
2012-02-05 01:41 . 2011-11-05 02:48 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-05 01:41 . 2012-02-04 23:40 111616 ----a-w- c:\windows\system32\Q2IcLX6bo.com_
2012-02-05 01:39 . 2012-02-05 04:09 -------- d-----w- c:\programdata\AVAST Software
2012-02-05 01:39 . 2012-02-05 01:39 -------- d-----w- c:\program files\AVAST Software
2012-02-05 01:37 . 2012-02-05 01:37 -------- d-----w- c:\users\Toby\AppData\Local\Broadcom
2012-02-05 01:37 . 2012-02-08 04:34 -------- d-----w- c:\users\Toby\AppData\Roaming\Skype
2012-02-05 01:36 . 2012-02-05 01:36 -------- d-----w- c:\program files\Common Files\Skype
2012-02-05 01:36 . 2012-02-05 01:36 -------- d-----r- c:\program files\Skype
2012-02-05 01:36 . 2012-02-05 01:36 -------- d-----w- c:\programdata\Skype
2012-02-05 01:30 . 2012-02-05 01:30 -------- d-----w- c:\users\Toby\AppData\Roaming\Malwarebytes
2012-02-05 01:30 . 2012-02-05 01:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-05 01:30 . 2012-02-05 01:30 -------- d-----w- c:\programdata\Malwarebytes
2012-02-05 01:30 . 2011-12-10 20:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-05 01:11 . 2011-10-26 04:32 514560 ----a-w- c:\windows\system32\qdvd.dll
2012-02-05 01:11 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\system32\quartz.dll
2012-02-05 00:29 . 2011-11-19 14:01 67072 ----a-w- c:\windows\system32\packager.dll
2012-02-05 00:24 . 2011-11-17 05:38 1288472 ----a-w- c:\windows\system32\ntdll.dll
2012-02-05 00:12 . 2011-11-24 04:25 2342912 ----a-w- c:\windows\system32\win32k.sys
2012-02-05 00:11 . 2011-11-05 04:26 2048 ----a-w- c:\windows\system32\tzres.dll
2012-02-05 00:11 . 2011-10-15 05:38 534528 ----a-w- c:\windows\system32\EncDec.dll
2012-02-05 00:11 . 2011-10-26 04:28 38912 ----a-w- c:\windows\system32\csrsrv.dll
2012-02-05 00:09 . 2011-11-17 05:41 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-02-05 00:09 . 2011-11-17 05:34 224768 ----a-w- c:\windows\system32\schannel.dll
2012-02-05 00:09 . 2011-11-17 05:39 369352 ----a-w- c:\windows\system32\drivers\cng.sys
2012-02-05 00:09 . 2011-11-17 05:32 1038848 ----a-w- c:\windows\system32\lsasrv.dll
2012-02-05 00:09 . 2011-11-17 05:41 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-02-05 00:09 . 2011-11-17 05:29 22528 ----a-w- c:\windows\system32\lsass.exe
2012-02-05 00:09 . 2011-11-17 05:35 314880 ----a-w- c:\windows\system32\webio.dll
2012-02-05 00:09 . 2011-11-17 05:34 100352 ----a-w- c:\windows\system32\sspicli.dll
2012-02-05 00:08 . 2011-11-17 05:34 15872 ----a-w- c:\windows\system32\sspisrv.dll
2012-02-05 00:08 . 2011-11-17 05:34 22016 ----a-w- c:\windows\system32\secur32.dll
2012-02-05 00:08 . 2011-10-26 04:47 3967856 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-02-05 00:08 . 2011-10-26 04:47 3912560 ----a-w- c:\windows\system32\ntoskrnl.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-10 14:15 . 2011-03-18 17:53 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2011-10-28 3077528]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-01-31 17147528]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-03-31 2221352]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"ALCKRESI.EXE"="c:\program files\Lenovo\AutoLock\ALCKRESI.EXE" [2011-02-28 281448]
"RotateImage"="c:\program files\Integrated Camera Driver\RCIMGDIR.exe" [2008-10-30 31744]
"IMSS"="c:\program files\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2011-01-17 112152]
"PWMTRV"="c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2011-03-24 1254760]
"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2011-03-10 41320]
"AcWin7Hlpr"="c:\program files\Lenovo\Access Connections\AcTBenabler.exe" [2010-09-17 31592]
"TpShocks"="TpShocks.exe" [2011-01-14 337256]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2010-06-11 115560]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-11 143384]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-11 176664]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-11 178200]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-09-30 252296]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10q_ActiveX.exe" [2011-05-27 240288]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2010-12-18 890144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2010-12-08 17:16 100176 ----a-w- c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\nvinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-01-31 158856]
R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [2010-12-18 367656]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-12-18 33832]
R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x32.sys [x]
R3 DozeSvc;Lenovo Doze Mode Service;c:\program files\ThinkPad\Utilities\DOZESVC.EXE [2011-03-24 292200]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-08-15 130976]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.EXE [2011-03-24 79208]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 SWI32;SWI32;c:\program files\Lenovo\System Update\tvsuhd32.sys [2009-10-22 28224]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-09 1343400]
S0 DozeHDD;DozeHDD;c:\windows\System32\DRIVERS\DozeHDD.sys [2011-03-24 25968]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2011-02-04 20328]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM86.sys [2011-01-13 20592]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiif32.sys [2010-09-07 13680]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;c:\program files\Intel\Services\IPT\jhi_service.exe [2011-02-07 210896]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [2011-03-10 40808]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2010-11-24 45496]
S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [2011-03-10 59240]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2010-04-07 93032]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-02-03 2009704]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-18 11032]
S2 risdxc;risdxc;c:\windows\system32\DRIVERS\risdxc86.sys [2011-03-23 75264]
S2 smihlp;SMI Helper Driver (smihlp);c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [2009-03-13 12560]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-02-03 378472]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [2010-12-03 99328]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2010-12-02 64440]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-01-17 2656280]
S3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys [2011-03-04 132096]
S3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c6232.sys [2010-12-21 238760]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-02-03 106104]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-03-11 269824]
S3 MEI;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECI.sys [2010-10-19 41088]
S3 NETwNs32;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETwNs32.sys [2011-01-06 7434240]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-07 c:\windows\Tasks\At10.job
- c:\windows\system32\Q2IcLX6bo.com_ [2012-02-05 23:40]
.
2012-02-07 c:\windows\Tasks\At12.job
- c:\windows\system32\Q2IcLX6bo.com_ [2012-02-05 23:40]
.
2012-02-07 c:\windows\Tasks\At14.job
- c:\windows\system32\Q2IcLX6bo.com_ [2012-02-05 23:40]
.
2012-02-07 c:\windows\Tasks\At16.job
- c:\windows\system32\Q2IcLX6bo.com_ [2012-02-05 23:40]
.
2012-02-07 c:\windows\Tasks\At18.job
- c:\windows\system32\Q2IcLX6bo.com_ [2012-02-05 23:40]
.
2012-02-07 c:\windows\Tasks\At2.job
- c:\windows\system32\Q2IcLX6bo.com_ [2012-02-05 23:40]
.
2012-02-07 c:\windows\Tasks\At20.job
- c:\windows\system32\Q2IcLX6bo.com_ [2012-02-05 23:40]
.
2012-02-07 c:\windows\Tasks\At22.job
- c:\windows\system32\Q2IcLX6bo.com_ [2012-02-05 23:40]
.
2012-02-07 c:\windows\Tasks\At24.job
- c:\windows\system32\Q2IcLX6bo.com_ [2012-02-05 23:40]
.
2012-02-07 c:\windows\Tasks\At26.job
- c:\windows\system32\Q2IcLX6bo.com_ [2012-02-05 23:40]
.
2012-02-07 c:\windows\Tasks\At28.job
- c:\windows\system32\Q2IcLX6bo.com_ [2012-02-05 23:40]
.
2012-02-07 c:\windows\Tasks\At30.job
- c:\windows\system32\Q2IcLX6bo.com_ [2012-02-05 23:40]
.
2012-02-07 c:\windows\Tasks\At32.job
- c:\windows\system32\Q2IcLX6bo.com_ [2012-02-05 23:40]
.
2012-02-07 c:\windows\Tasks\At34.job
- c:\windows\system32\Q2IcLX6bo.com_ [2012-02-05 23:40]
.
2012-02-07 c:\windows\Tasks\At36.job
- c:\windows\system32\Q2IcLX6bo.com_ [2012-02-05 23:40]
.
2012-02-07 c:\windows\Tasks\At38.job
- c:\windows\system32\Q2IcLX6bo.com_ [2012-02-05 23:40]
.
2012-02-07 c:\windows\Tasks\At4.job
- c:\windows\system32\Q2IcLX6bo.com_ [2012-02-05 23:40]
.
2012-02-08 c:\windows\Tasks\At40.job
- c:\windows\system32\Q2IcLX6bo.com_ [2012-02-05 23:40]
.
2012-02-08 c:\windows\Tasks\At42.job
- c:\windows\system32\Q2IcLX6bo.com_ [2012-02-05 23:40]
.
2012-02-08 c:\windows\Tasks\At44.job
- c:\windows\system32\Q2IcLX6bo.com_ [2012-02-05 23:40]
.
2012-02-08 c:\windows\Tasks\At46.job
- c:\windows\system32\Q2IcLX6bo.com_ [2012-02-05 23:40]
.
2012-02-08 c:\windows\Tasks\At48.job
- c:\windows\system32\Q2IcLX6bo.com_ [2012-02-05 23:40]
.
2012-02-07 c:\windows\Tasks\At6.job
- c:\windows\system32\Q2IcLX6bo.com_ [2012-02-05 23:40]
.
2012-02-07 c:\windows\Tasks\At8.job
- c:\windows\system32\Q2IcLX6bo.com_ [2012-02-05 23:40]
.
2012-02-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3701962513-1207299313-1526478886-1006Core.job
- c:\users\Toby\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-29 17:06]
.
2012-02-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3701962513-1207299313-1526478886-1006UA.job
- c:\users\Toby\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-29 17:06]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.uncg.edu/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
FF - ProfilePath - c:\users\Toby\AppData\Roaming\Mozilla\Firefox\Profiles\jy23lgs6.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.uncg.edu/
FF - prefs.js: network.proxy.type - 0
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,18,3b,52,45,2b,3e,3b,4b,91,fc,f9,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,18,3b,52,45,2b,3e,3b,4b,91,fc,f9,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(644)
c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\program files\ThinkVantage Fingerprint Software\infql2.dll
.
Completion time: 2012-02-07 23:40:07
ComboFix-quarantined-files.txt 2012-02-08 04:40
ComboFix2.txt 2012-02-08 04:11
.
Pre-Run: 43,866,247,168 bytes free
Post-Run: 43,593,900,032 bytes free
.
- - End Of File - - C09492930C1941ADAA25A67333343730
 
1. Please open Notepad (Start>All Programs>Accessories>Notepad).

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code: 
File::
c:\windows\system32\Q2IcLX6bo.com_

At::

ClearJavaCache::


3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScript.gif



6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
 
Status
Not open for further replies.

Similar threads

wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni
Cal Jeffrey
Blizzard promises quarterly story and content updates for Diablo IV
Replies
6
Views
661
Ohnooze
Ohnooze
Bob O'Donnell
Qualcomm's next-gen Arm SoC runs Windows, can beat Intel and Apple in some applications...
Replies
18
Views
661
hwertz
hwertz

Latest posts

Back