Need help removing Win32/Toolbar.Widgi

Solved
By themom
May 6, 2012
  1. After my laptop started freezing repeatedly, I ran Eset and found Win32/Toolbar.Widgi

    Can you advise me how to remove it (and anythig else found in those logs?) - Thank you!


    Below are pasted logs from Eset, Malware Bytes, GMER, and DDS

    Eset:

    C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.5 a variant of Win32/Toolbar.Widgi application
    C:\Program Files (x86)\PDFCreator\Toolbar\pdfforge Toolbar_setup.exe Win32/Toolbar.Widgi application
    C:\Users\Phyllis\Downloads\cnet2_Greenshot-INSTALLER-0_8_0-0627_exe.exe a variant of Win32/InstallCore.D application
    C:\Users\Phyllis\Downloads\PDFCreator-1_2_3_setup.exe Win32/Toolbar.Widgi application

    Malwarebytes: Found nothing
    Malwarebytes Anti-Malware 1.61.0.1400
    www.malwarebytes.org

    Database version: v2012.05.03.08

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Phyllis :: NFS [administrator]

    5/3/2012 8:10:59 PM
    mbam-log-2012-05-03 (20-10-59).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 235314
    Time elapsed: 3 minute(s), 31 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 0
    (No malicious items detected)

    (end)

    GMER:

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-05-05 19:01:52
    Windows 6.1.7601 Service Pack 1
    Running: 8wl99lew.exe


    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\cc52af7e7e28
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\cc52af7e7e28 (not active ControlSet)

    ---- EOF - GMER 1.0.15 ----


    DDS Attach
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 6/17/2011 7:50:01 PM
    System Uptime: 5/5/2012 12:18:59 PM (7 hours ago)
    .
    Motherboard: LENOVO | | 4177CTO
    Processor: Intel(R) Core(TM) i5-2410M CPU @ 2.30GHz | CPU | 2301/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 449 GiB total, 387.659 GiB free.
    Q: is FIXED (NTFS) - 16 GiB total, 7.124 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP97: 4/8/2012 6:06:47 PM - Windows Update
    RP98: 4/10/2012 6:59:55 PM - Windows Update
    RP99: 4/15/2012 9:30:36 PM - Windows Update
    RP100: 4/19/2012 4:54:48 PM - Windows Update
    RP101: 4/23/2012 11:58:58 PM - Windows Update
    RP102: 4/27/2012 6:42:02 PM - Windows Update
    RP103: 4/30/2012 11:40:44 PM - Windows Update
    RP104: 5/1/2012 7:56:27 AM - Windows Update
    RP105: 5/5/2012 11:48:32 AM - Windows Update
    RP106: 5/5/2012 12:03:47 PM - Windows Update
    .
    ==== Installed Programs ======================
    .
    .
    Adobe Flash Player 10 ActiveX
    Adobe Reader 9.4.6
    avast! Free Antivirus
    Burn.Now 4.5
    Canon Easy-PhotoPrint EX
    Canon IJ Network Scanner Selector EX
    Canon IJ Network Tool
    Canon MP Navigator EX 4.1
    Canon MX880 series User Registration
    Canon My Printer
    Canon Solution Menu EX
    Canon Speed Dial Utility
    Corel Burn.Now Lenovo Edition
    Corel DVD MovieFactory 7
    Corel DVD MovieFactory Lenovo Edition
    Corel WinDVD
    Create Recovery Media
    D3DX10
    Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
    Direct DiscRecorder
    ESET Online Scanner v3
    GoToMeeting 4.8.0.723
    Integrated Camera Driver Installer Package Ver.1.1.0.1134
    Integrated Camera TWAIN
    Intel(R) Control Center
    Intel(R) Identity Protection Technology 1.0.71.0
    Intel(R) Processor Graphics
    Java Auto Updater
    Java(TM) 6 Update 31
    join.me
    Junk Mail filter update
    Lenovo User Guide
    Lenovo Warranty Information
    Lenovo Welcome
    Malwarebytes Anti-Malware version 1.61.0.1400
    Mesh Runtime
    Message Center Plus
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Home and Student 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Single Image 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft SQL Server PowerPivot for Excel (32-bit)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Mozilla Firefox 12.0 (x86 en-US)
    Mozilla Maintenance Service
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    PDFCreator
    RapidBoot
    RICOH Media Driver v2.10.18.02
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft Office 2010 (KB2553091)
    Security Update for Microsoft Office 2010 (KB2553096)
    Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
    Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
    Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
    Security Update for Microsoft Visio Viewer 2010 (KB2597170) 32-Bit Edition
    System Update
    ThinkPad Power Manager
    ThinkPad UltraNav Utility
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2494150)
    Update for Microsoft Office 2010 (KB2553065)
    Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2566458)
    Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
    Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
    Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Installer
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    .
    ==== Event Viewer Messages From Past Week ========
    .
    5/5/2012 12:30:55 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for

    the Windows Error Reporting Service service to connect.
    5/5/2012 12:15:45 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for

    a transaction response from the TPHKSVC service.
    5/5/2012 12:15:15 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for

    a transaction response from the TPHKLOAD service.
    5/5/2012 12:14:45 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for

    a transaction response from the Spooler service.
    5/5/2012 12:14:41 PM, Error: Service Control Manager [7022] - The NitroPDFReaderDriverCreatorReadSpool2 service hung on

    starting.
    5/5/2012 12:14:15 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for

    a transaction response from the MsMpSvc service.
    5/5/2012 12:12:16 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to

    update signatures. New Signature Version: Previous Signature Version: 1.125.1093.0 Update Source:

    Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus

    Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8304.0

    Error code: 0x8024001e Error description: An unexpected problem occurred while checking for updates. For

    information on installing or troubleshooting updates, see Help and Support.
    5/5/2012 12:12:15 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has

    encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description:

    Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to

    low resource conditions.
    5/3/2012 8:07:16 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network

    Location Awareness service which failed to start because of the following error: The dependency service or group failed to

    start.
    5/3/2012 8:07:15 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the

    service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    5/3/2012 8:07:15 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the

    service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    5/3/2012 8:07:14 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the

    service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    5/3/2012 8:07:14 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the

    service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    5/3/2012 8:07:13 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the

    service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    5/3/2012 8:07:02 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the

    service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    5/3/2012 8:06:50 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to

    load: AFD aswRdr aswSnx aswSP aswTdi DfsC discache lenovo.smi MpFilter NetBIOS NetBT nsiproxy Psched rdbss spldr tdx

    TPPWRIF vwififlt Wanarpv6 WfpLwf
    5/3/2012 8:06:43 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store

    Interface Service service which failed to start because of the following error: The dependency service or group failed to

    start.
    5/3/2012 8:06:43 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary

    Function Driver for Winsock service which failed to start because of the following error: A device attached to the system

    is not functioning.
    5/3/2012 8:06:43 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on

    the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to

    the system is not functioning.
    5/3/2012 8:06:43 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB

    MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or

    group failed to start.
    5/3/2012 8:06:43 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB

    MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or

    group failed to start.
    5/3/2012 8:06:43 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the

    NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is

    not functioning.
    5/3/2012 8:06:43 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network

    Store Interface Service service which failed to start because of the following error: The dependency service or group

    failed to start.
    5/3/2012 8:06:43 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI

    Support Driver service which failed to start because of the following error: A device attached to the system is not

    functioning.
    5/3/2012 8:06:43 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function

    Driver for Winsock service which failed to start because of the following error: A device attached to the system is not

    functioning.
    5/2/2012 8:59:38 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has

    encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description:

    Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to

    low resource conditions.
    5/2/2012 8:59:38 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has

    encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description:

    Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to

    low resource conditions.
    5/2/2012 8:32:10 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the

    service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
    5/2/2012 8:32:02 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the

    service stisvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
    5/1/2012 7:53:30 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has

    encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description:

    Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the

    latest definition updates in order to enable real-time protection.
    4/30/2012 8:28:43 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has

    encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description:

    Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the

    latest definition updates in order to enable real-time protection.
    4/30/2012 11:30:46 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has

    encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description:

    Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the

    latest definition updates in order to enable real-time protection.
    4/29/2012 8:55:13 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has

    encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description:

    Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the

    latest definition updates in order to enable real-time protection.
    4/28/2012 5:36:58 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has

    encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description:

    Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the

    latest definition updates in order to enable real-time protection.
    .
    ==== End Of File ===========================


    DDS File


    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
    Run by Phyllis at 19:08:33 on 2012-05-05
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3983.1906 [GMT -4:00]
    .
    AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
    SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\ibmpmsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    c:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\Windows\system32\WLANExt.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
    C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
    C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
    C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
    C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
    C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
    C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
    C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    C:\Windows\SysWOW64\SAsrv.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Windows\System32\TpShocks.exe
    C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
    C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe
    C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
    C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
    C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\rundll32.exe
    C:\PROGRA~1\Lenovo\Zoom\TPSCREX.EXE
    C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
    C:\Windows\system32\rundll32.exe
    C:\PROGRA~1\Lenovo\Zoom\TPSCREX.EXE
    C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE
    C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Windows\system32\rundll32.exe
    C:\Windows\SysWOW64\RunDll32.exe
    C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe
    C:\Windows\splwow64.exe
    C:\Windows\system32\DllHost.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\Lenovo\System Update\SUService.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe
    C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    C:\Windows\system32\taskmgr.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Users\Phyllis\Downloads\8wl99lew.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://lenovo.msn.com
    uDefault_Page_URL = hxxp://lenovo.msn.com
    mWinlogon: Userinit=userinit.exe
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    mRun: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
    mRun: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
    mRun: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
    mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\ThinkPad\Bluetooth Software\BTTray.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{3FE6FCD2-9F2A-4308-AE95-1143E7E2F843} : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{3FE6FCD2-9F2A-4308-AE95-1143E7E2F843}\C696E6B6379737 : DhcpNameServer = 209.18.47.61 209.18.47.62
    TCP: Interfaces\{A591355A-969F-4A51-B9ED-0402AF95838B} : DhcpNameServer = 192.168.6.1 64.134.255.2 64.134.255.10
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live

    \WindowsLiveLogin.dll
    BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
    BHO-X64: URLRedirectionBHO - No File
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    mRun-x64: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
    mRun-x64: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun-x64: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
    mRun-x64: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
    mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Phyllis\AppData\Roaming\Mozilla\Firefox\Profiles\o0rm330n.default\
    FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
    FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 DzHDD64;DzHDD64;C:\Windows\system32\DRIVERS\DzHDD64.sys --> C:\Windows\system32\DRIVERS\DzHDD64.sys [?]
    R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
    R0 TPDIGIMN;TPDIGIMN;C:\Windows\system32\DRIVERS\ApsHM64.sys --> C:\Windows\system32\DRIVERS\ApsHM64.sys [?]
    R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
    R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
    R1 lenovo.smi;Lenovo System Interface Driver;C:\Windows\system32\DRIVERS\smiifx64.sys --> C:\Windows\system32\DRIVERS\smiifx64.sys [?]
    R1 PHCORE;PHCORE;C:\Program Files\Lenovo\RapidBoot\PHCORE64.sys [2010-12-3 31592]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
    R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
    R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-4-12 44768]
    R2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2010-11-29 210896]
    R2 LENOVO.CAMMUTE;Lenovo Camera Mute;C:\Program Files\Lenovo\Communications Utility\CamMute.exe [2011-6-11 40808]
    R2 LENOVO.MICMUTE;Lenovo Microphone Mute;C:\Program Files\Lenovo\HOTKEY\micmute.exe [2010-12-29 45496]
    R2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe [2011-6-11 59240]
    R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe [2010-12-29 93032]
    R2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe [2011-10-10

    341296]
    R2 risdxc;risdxc;C:\Windows\system32\DRIVERS\risdxc64.sys --> C:\Windows\system32\DRIVERS\risdxc64.sys [?]
    R2 SAService;Conexant SmartAudio service;C:\Windows\System32\SASrv.exe [2011-6-11 446592]
    R2 TPHKLOAD;Lenovo Hotkey Client Loader;C:\Program Files\Lenovo\HOTKEY\tphkload.exe [2010-12-29 114024]
    R2 TPHKSVC;On Screen Display;C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe [2010-12-29 64440]
    R3 5U877;USB Video Device;C:\Windows\system32\DRIVERS\5U877.sys --> C:\Windows\system32\DRIVERS\5U877.sys [?]
    R3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C;C:\Windows\system32\DRIVERS\e1c62x64.sys --> C:\Windows\system32\DRIVERS\e1c62x64.sys [?]
    R3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
    R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
    R3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS

    \NETwNs64.sys [?]
    R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    R3 TVTI2C;Lenovo SM bus driver;C:\Windows\system32\DRIVERS\Tvti2c.sys --> C:\Windows\system32\DRIVERS\Tvti2c.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 HyperW7Svc;HyperW7 Service;C:\Program Files\Lenovo\RapidBoot\HyperW7Svc64.exe [2010-12-3 116072]
    S3 BTWAMPFL;BTWAMPFL;C:\Windows\system32\DRIVERS\btwampfl.sys --> C:\Windows\system32\DRIVERS\btwampfl.sys [?]
    S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
    S3 DozeSvc;Lenovo Doze Mode Service;C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2011-6-11 477032]
    S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-3 129976]
    S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
    S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
    S3 PCDSRVC{127174DC-C366ED8B-06020101}_0;PCDSRVC{127174DC-C366ED8B-06020101}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\PC-Doctor\pcdsrvc_x64.pkms

    [2010-12-9 25072]
    S3 pmxdrv;pmxdrv;\??\C:\Windows\system32\drivers\pmxdrv.sys --> C:\Windows\system32\drivers\pmxdrv.sys [?]
    S3 Power Manager DBC Service;Power Manager DBC Service;C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe [2011-6-11 79208]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    .
    =============== Created Last 30 ================
    .
    .
    ==================== Find3M ====================
    .
    2012-04-04 19:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-03-21 00:44:12 98688 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
    2012-03-21 00:44:12 203888 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
    2012-03-09 23:39:11 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2012-03-06 23:15:19 41184 ----a-w- C:\Windows\avastSS.scr
    2012-03-06 23:04:06 819032 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
    2012-03-06 23:02:20 53080 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
    2012-03-06 23:01:52 69976 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
    2012-03-01 06:46:16 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
    2012-03-01 06:38:27 220672 ----a-w- C:\Windows\System32\wintrust.dll
    2012-03-01 06:33:50 81408 ----a-w- C:\Windows\System32\imagehlp.dll
    2012-03-01 06:28:47 5120 ----a-w- C:\Windows\System32\wmi.dll
    2012-03-01 05:37:41 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
    2012-03-01 05:33:23 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
    2012-03-01 05:29:16 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
    2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll
    2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll
    2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
    2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2012-02-17 06:38:26 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
    2012-02-17 05:34:22 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
    2012-02-17 04:58:24 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
    2012-02-17 04:57:32 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
    2012-02-14 16:09:44 1070352 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
    2012-02-10 06:36:07 1544192 ----a-w- C:\Windows\System32\DWrite.dll
    2012-02-10 05:38:43 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
    .
    ============= FINISH: 19:11:04.82 ===============
  2. Broni

    Broni Malware Annihilator Posts: 46,143   +251

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =================================================================

    Please disable "word wrap" in Notepad because your logs are hard to read.

    Did you allow Eset to remove it?

    You're running two AV programs, MSE and Avast.
    One of them has to go.
    Your choice.

    Then....

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    =========================================================

    Download Bootkit Remover to your desktop.

    • Unzip downloaded file to your Desktop.
    • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.
  3. themom

    themom Newcomer, in training Topic Starter Posts: 19

    Thanks for your prompt reply!

    I just shut off Real Time Protection in MS Security Essentials (not sure how to permanently get rid of MS SEssentials otherwise). I then followed your directions.

    Bootcleaner said there is a rootkit - see below. Please let me know what to do next. Thanks.

    AswMBR results:

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-05-06 16:14:33
    -----------------------------
    16:14:33.580 OS Version: Windows x64 6.1.7601 Service Pack 1
    16:14:33.580 Number of processors: 4 586 0x2A07
    16:14:33.581 ComputerName: NFS UserName:
    16:14:34.741 Initialize success
    16:14:35.667 AVAST engine defs: 12050600
    16:14:52.856 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    16:14:52.858 Disk 0 Vendor: ST950042 0003 Size: 476940MB BusType: 3
    16:14:52.922 Disk 0 MBR read successfully
    16:14:52.924 Disk 0 MBR scan
    16:14:52.926 Disk 0 unknown MBR code
    16:14:52.932 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 1200 MB offset 2048
    16:14:52.943 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 459737 MB offset 2459648
    16:14:52.975 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 16000 MB offset 944003072
    16:14:53.012 Disk 0 scanning C:\Windows\system32\drivers
    16:15:04.295 Service scanning
    16:15:18.414 Modules scanning
    16:15:18.419 Disk 0 trace - called modules:
    16:15:18.467 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
    16:15:18.534 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005fd7060]
    16:15:18.537 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> [0xfffffa80036a6040]
    16:15:18.541 5 ACPI.sys[fffff88000f837a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80044da050]
    16:15:19.262 AVAST engine scan C:\Windows
    16:15:21.085 AVAST engine scan C:\Windows\system32
    16:17:21.121 AVAST engine scan C:\Windows\system32\drivers
    16:17:34.967 AVAST engine scan C:\Users\Phyllis
    16:19:46.826 AVAST engine scan C:\ProgramData
    16:21:46.482 Scan finished successfully
    16:22:53.527 Disk 0 MBR has been saved successfully to "C:\Users\Phyllis\Desktop\MBR.dat"
    16:22:53.532 The log file has been saved successfully to "C:\Users\Phyllis\Desktop\aswMBR.txt"






    Bootkit Remover results

    Bootkit Remover
    (c) 2009 Esage Lab
    www.esagelab.com

    Program version: 1.2.0.1
    OS Version: Microsoft Windows 7 Home Premium Edition Service Pack 1 (build 7601)
    , 64-bit

    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`4b100000

    Size Device Name MBR Status
    --------------------------------------------
    465 GB \\.\PhysicalDrive0 Controlled by rootkit!

    Boot code on some of your physical disks is hidden by a rootkit.
    To disinfect the master boot sector, use the following command:
    remover.exe fix <device_name>
    To inspect the boot code manually, dump the master boot sector:
    remover.exe dump <device_name> [output_file]


    Done;
    Press any key to quit...
  4. Broni

    Broni Malware Annihilator Posts: 46,143   +251

    You didn't answer my question...
    I ran Eset and found Win32/Toolbar.Widgi
    Did you allow Eset to remove it?

    ==========================================================

    Means you have UNINSTALL one of your AV programs completely.

    [​IMG]
  5. themom

    themom Newcomer, in training Topic Starter Posts: 19

    You are right. I did not answer. Sorry.

    I did not allow Eset to remove it - I had read previously to uncheck the "remove" box before starting.

    What should I do now?
  6. themom

    themom Newcomer, in training Topic Starter Posts: 19

    I just uninstalled MSE also.
  7. Broni

    Broni Malware Annihilator Posts: 46,143   +251

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
  8. themom

    themom Newcomer, in training Topic Starter Posts: 19

    Thanks. Here's the report (below, in 2 parts since it was too big to post in one post). The scan said "No Threats Found".
    What should I do next?

    17:43:59.0764 6120 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
    17:44:00.0011 6120 ============================================================
    17:44:00.0011 6120 Current date / time: 2012/05/06 17:44:00.0011
    17:44:00.0011 6120 SystemInfo:
    17:44:00.0011 6120
    17:44:00.0011 6120 OS Version: 6.1.7601 ServicePack: 1.0
    17:44:00.0011 6120 Product type: Workstation
    17:44:00.0011 6120 ComputerName: NFS
    17:44:00.0011 6120 UserName: Phyllis
    17:44:00.0011 6120 Windows directory: C:\Windows
    17:44:00.0011 6120 System windows directory: C:\Windows
    17:44:00.0011 6120 Running under WOW64
    17:44:00.0011 6120 Processor architecture: Intel x64
    17:44:00.0011 6120 Number of processors: 4
    17:44:00.0011 6120 Page size: 0x1000
    17:44:00.0011 6120 Boot type: Normal boot
    17:44:00.0011 6120 ============================================================
    17:44:00.0370 6120 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    17:44:00.0376 6120 ============================================================
    17:44:00.0376 6120 \Device\Harddisk0\DR0:
    17:44:00.0378 6120 MBR partitions:
    17:44:00.0378 6120 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x258000
    17:44:00.0378 6120 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x258800, BlocksNum 0x381ECFF8
    17:44:00.0378 6120 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x38445800, BlocksNum 0x1F40000
    17:44:00.0378 6120 ============================================================
    17:44:00.0411 6120 C: <-> \Device\Harddisk0\DR0\Partition1
    17:44:00.0462 6120 Q: <-> \Device\Harddisk0\DR0\Partition2
    17:44:00.0462 6120 ============================================================
    17:44:00.0462 6120 Initialize success
    17:44:00.0462 6120 ============================================================
    17:44:29.0919 4652 ============================================================
    17:44:29.0919 4652 Scan started
    17:44:29.0919 4652 Mode: Manual;
    17:44:29.0919 4652 ============================================================
    17:44:30.0231 4652 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\DRIVERS\1394ohci.sys
    17:44:30.0240 4652 1394ohci - ok
    17:44:30.0283 4652 5U877 (fe2ed67c35700fefd3fa0916ac82215d) C:\Windows\system32\DRIVERS\5U877.sys
    17:44:30.0295 4652 5U877 - ok
    17:44:30.0332 4652 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
    17:44:30.0346 4652 ACPI - ok
    17:44:30.0364 4652 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
    17:44:30.0366 4652 AcpiPmi - ok
    17:44:30.0406 4652 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
    17:44:30.0422 4652 adp94xx - ok
    17:44:30.0448 4652 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
    17:44:30.0462 4652 adpahci - ok
    17:44:30.0483 4652 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
    17:44:30.0487 4652 adpu320 - ok
    17:44:30.0511 4652 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
    17:44:30.0514 4652 AeLookupSvc - ok
    17:44:30.0571 4652 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
    17:44:30.0587 4652 AFD - ok
    17:44:30.0599 4652 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
    17:44:30.0602 4652 agp440 - ok
    17:44:30.0614 4652 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
    17:44:30.0617 4652 ALG - ok
    17:44:30.0627 4652 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
    17:44:30.0629 4652 aliide - ok
    17:44:30.0638 4652 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
    17:44:30.0641 4652 amdide - ok
    17:44:30.0657 4652 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
    17:44:30.0660 4652 AmdK8 - ok
    17:44:30.0674 4652 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
    17:44:30.0676 4652 AmdPPM - ok
    17:44:30.0713 4652 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
    17:44:30.0715 4652 amdsata - ok
    17:44:30.0746 4652 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
    17:44:30.0756 4652 amdsbs - ok
    17:44:30.0777 4652 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
    17:44:30.0779 4652 amdxata - ok
    17:44:30.0794 4652 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
    17:44:30.0796 4652 AppID - ok
    17:44:30.0814 4652 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
    17:44:30.0816 4652 AppIDSvc - ok
    17:44:30.0831 4652 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
    17:44:30.0833 4652 Appinfo - ok
    17:44:30.0846 4652 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
    17:44:30.0849 4652 arc - ok
    17:44:30.0859 4652 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
    17:44:30.0862 4652 arcsas - ok
    17:44:30.0901 4652 aswFsBlk (b9da213b5271db5fce962d827e6d620d) C:\Windows\system32\drivers\aswFsBlk.sys
    17:44:30.0903 4652 aswFsBlk - ok
    17:44:30.0954 4652 aswMonFlt (21c9835d0e5ad2ff0f16134bcb32cc71) C:\Windows\system32\drivers\aswMonFlt.sys
    17:44:30.0956 4652 aswMonFlt - ok
    17:44:30.0977 4652 aswRdr (1b96a5867abd4fa6135d8298fcccf9c6) C:\Windows\System32\Drivers\aswrdr2.sys
    17:44:30.0979 4652 aswRdr - ok
    17:44:31.0032 4652 aswSnx (6e98bb288696777a3a8a07a52b0eaee9) C:\Windows\system32\drivers\aswSnx.sys
    17:44:31.0051 4652 aswSnx - ok
    17:44:31.0076 4652 aswSP (d9fb49f16e4eb02efecae8cbfe4bcb4c) C:\Windows\system32\drivers\aswSP.sys
    17:44:31.0091 4652 aswSP - ok
    17:44:31.0111 4652 aswTdi (7352bb9a564b94bbd7c9cbf165f55006) C:\Windows\system32\drivers\aswTdi.sys
    17:44:31.0114 4652 aswTdi - ok
    17:44:31.0125 4652 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
    17:44:31.0127 4652 AsyncMac - ok
    17:44:31.0147 4652 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
    17:44:31.0149 4652 atapi - ok
    17:44:31.0207 4652 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
    17:44:31.0238 4652 AudioEndpointBuilder - ok
    17:44:31.0244 4652 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
    17:44:31.0247 4652 AudioSrv - ok
    17:44:31.0323 4652 avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    17:44:31.0324 4652 avast! Antivirus - ok
    17:44:31.0348 4652 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
    17:44:31.0350 4652 AxInstSV - ok
    17:44:31.0395 4652 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
    17:44:31.0407 4652 b06bdrv - ok
    17:44:31.0436 4652 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
    17:44:31.0449 4652 b57nd60a - ok
    17:44:31.0492 4652 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
    17:44:31.0495 4652 BDESVC - ok
    17:44:31.0513 4652 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
    17:44:31.0515 4652 Beep - ok
    17:44:31.0567 4652 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
    17:44:31.0598 4652 BFE - ok
    17:44:31.0653 4652 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
    17:44:31.0688 4652 BITS - ok
    17:44:31.0725 4652 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
    17:44:31.0728 4652 blbdrive - ok
    17:44:31.0761 4652 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
    17:44:31.0763 4652 bowser - ok
    17:44:31.0781 4652 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
    17:44:31.0784 4652 BrFiltLo - ok
    17:44:31.0799 4652 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
    17:44:31.0800 4652 BrFiltUp - ok
    17:44:31.0821 4652 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
    17:44:31.0824 4652 Browser - ok
    17:44:31.0851 4652 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
    17:44:31.0863 4652 Brserid - ok
    17:44:31.0876 4652 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
    17:44:31.0878 4652 BrSerWdm - ok
    17:44:31.0891 4652 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
    17:44:31.0893 4652 BrUsbMdm - ok
    17:44:31.0902 4652 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
    17:44:31.0904 4652 BrUsbSer - ok
    17:44:31.0947 4652 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
    17:44:31.0948 4652 BthEnum - ok
    17:44:31.0962 4652 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
    17:44:31.0965 4652 BTHMODEM - ok
    17:44:31.0990 4652 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
    17:44:31.0992 4652 BthPan - ok
    17:44:32.0039 4652 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
    17:44:32.0058 4652 BTHPORT - ok
    17:44:32.0094 4652 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
    17:44:32.0098 4652 bthserv - ok
    17:44:32.0116 4652 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
    17:44:32.0118 4652 BTHUSB - ok
    17:44:32.0169 4652 BTWAMPFL (8834f87a6a745872894df8223201a6c3) C:\Windows\system32\DRIVERS\btwampfl.sys
    17:44:32.0181 4652 BTWAMPFL - ok
    17:44:32.0197 4652 btwaudio (9863d82ecbec6106d377ed73680d99d8) C:\Windows\system32\drivers\btwaudio.sys
    17:44:32.0207 4652 btwaudio - ok
    17:44:32.0224 4652 btwavdt (3432dd66ae75ab2de6d0527ad78dbfc7) C:\Windows\system32\DRIVERS\btwavdt.sys
    17:44:32.0227 4652 btwavdt - ok
    17:44:32.0327 4652 btwdins (eb4afe08fb39bb444f221d7d501e0915) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
    17:44:32.0359 4652 btwdins - ok
    17:44:32.0373 4652 btwl2cap (382dc5a631ced0462ea09b7eb898bdbf) C:\Windows\system32\DRIVERS\btwl2cap.sys
    17:44:32.0375 4652 btwl2cap - ok
    17:44:32.0387 4652 btwrchid (13a9c2cedd44c175e6ca39a536795ca6) C:\Windows\system32\DRIVERS\btwrchid.sys
    17:44:32.0389 4652 btwrchid - ok
    17:44:32.0417 4652 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
    17:44:32.0419 4652 cdfs - ok
    17:44:32.0447 4652 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
    17:44:32.0451 4652 cdrom - ok
    17:44:32.0493 4652 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
    17:44:32.0496 4652 CertPropSvc - ok
    17:44:32.0516 4652 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
    17:44:32.0518 4652 circlass - ok
    17:44:32.0548 4652 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
    17:44:32.0562 4652 CLFS - ok
    17:44:32.0634 4652 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    17:44:32.0637 4652 clr_optimization_v2.0.50727_32 - ok
    17:44:32.0685 4652 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    17:44:32.0688 4652 clr_optimization_v2.0.50727_64 - ok
    17:44:32.0734 4652 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    17:44:32.0737 4652 clr_optimization_v4.0.30319_32 - ok
    17:44:32.0785 4652 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    17:44:32.0788 4652 clr_optimization_v4.0.30319_64 - ok
    17:44:32.0807 4652 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
    17:44:32.0810 4652 CmBatt - ok
    17:44:32.0823 4652 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
    17:44:32.0825 4652 cmdide - ok
    17:44:32.0860 4652 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
    17:44:32.0871 4652 CNG - ok
    17:44:32.0968 4652 CnxtHdAudService (f50620115a751eff437cbaba0403600a) C:\Windows\system32\drivers\CHDRT64.sys
    17:44:33.0011 4652 CnxtHdAudService - ok
    17:44:33.0108 4652 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
    17:44:33.0109 4652 Compbatt - ok
    17:44:33.0136 4652 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
    17:44:33.0138 4652 CompositeBus - ok
    17:44:33.0141 4652 COMSysApp - ok
    17:44:33.0153 4652 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
    17:44:33.0155 4652 crcdisk - ok
    17:44:33.0191 4652 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
    17:44:33.0195 4652 CryptSvc - ok
    17:44:33.0239 4652 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
    17:44:33.0257 4652 DcomLaunch - ok
    17:44:33.0292 4652 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
    17:44:33.0307 4652 defragsvc - ok
    17:44:33.0325 4652 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
    17:44:33.0327 4652 DfsC - ok
    17:44:33.0355 4652 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
    17:44:33.0370 4652 Dhcp - ok
    17:44:33.0383 4652 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
    17:44:33.0386 4652 discache - ok
    17:44:33.0408 4652 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
    17:44:33.0411 4652 Disk - ok
    17:44:33.0435 4652 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
    17:44:33.0438 4652 Dnscache - ok
    17:44:33.0478 4652 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
    17:44:33.0493 4652 dot3svc - ok
    17:44:33.0566 4652 DozeSvc (e6987f7818154791a6937bcc6655599b) C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE
    17:44:33.0583 4652 DozeSvc - ok
    17:44:33.0605 4652 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
    17:44:33.0610 4652 DPS - ok
    17:44:33.0632 4652 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
    17:44:33.0634 4652 drmkaud - ok
    17:44:33.0693 4652 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
    17:44:33.0730 4652 DXGKrnl - ok
    17:44:33.0762 4652 DzHDD64 (ce4cffd9f64b86bceb1c343fc9924d72) C:\Windows\system32\DRIVERS\DzHDD64.sys
    17:44:33.0764 4652 DzHDD64 - ok
    17:44:33.0808 4652 e1cexpress (dc1776d086aa9733b1929a3d979d9fdd) C:\Windows\system32\DRIVERS\e1c62x64.sys
    17:44:33.0823 4652 e1cexpress - ok
    17:44:33.0848 4652 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
    17:44:33.0853 4652 EapHost - ok
    17:44:34.0031 4652 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
    17:44:34.0090 4652 ebdrv - ok
    17:44:34.0194 4652 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
    17:44:34.0207 4652 EFS - ok
    17:44:34.0287 4652 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
    17:44:34.0321 4652 ehRecvr - ok
    17:44:34.0337 4652 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
    17:44:34.0340 4652 ehSched - ok
    17:44:34.0403 4652 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
    17:44:34.0420 4652 elxstor - ok
    17:44:34.0434 4652 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
    17:44:34.0436 4652 ErrDev - ok
    17:44:34.0477 4652 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
    17:44:34.0489 4652 EventSystem - ok
    17:44:34.0689 4652 EvtEng (8b6c9924b0d333dbf76086b8258a0891) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    17:44:34.0738 4652 EvtEng - ok
    17:44:34.0820 4652 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
    17:44:34.0828 4652 exfat - ok
    17:44:34.0853 4652 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
    17:44:34.0861 4652 fastfat - ok
    17:44:34.0920 4652 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
    17:44:34.0939 4652 Fax - ok
    17:44:34.0956 4652 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
    17:44:34.0958 4652 fdc - ok
    17:44:34.0974 4652 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
    17:44:34.0977 4652 fdPHost - ok
    17:44:34.0996 4652 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
    17:44:34.0999 4652 FDResPub - ok
    17:44:35.0013 4652 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
    17:44:35.0016 4652 FileInfo - ok
    17:44:35.0030 4652 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
    17:44:35.0032 4652 Filetrace - ok
    17:44:35.0044 4652 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
    17:44:35.0045 4652 flpydisk - ok
    17:44:35.0067 4652 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
    17:44:35.0081 4652 FltMgr - ok
    17:44:35.0146 4652 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
    17:44:35.0177 4652 FontCache - ok
    17:44:35.0243 4652 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    17:44:35.0245 4652 FontCache3.0.0.0 - ok
    17:44:35.0273 4652 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
    17:44:35.0276 4652 FsDepends - ok
    17:44:35.0300 4652 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
    17:44:35.0301 4652 Fs_Rec - ok
    17:44:35.0322 4652 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
    17:44:35.0326 4652 fvevol - ok
    17:44:35.0337 4652 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
    17:44:35.0340 4652 gagp30kx - ok
    17:44:35.0397 4652 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
    17:44:35.0415 4652 gpsvc - ok
    17:44:35.0434 4652 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
    17:44:35.0437 4652 hcw85cir - ok
    17:44:35.0478 4652 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
    17:44:35.0491 4652 HdAudAddService - ok
    17:44:35.0517 4652 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
    17:44:35.0520 4652 HDAudBus - ok
    17:44:35.0535 4652 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
    17:44:35.0537 4652 HidBatt - ok
    17:44:35.0555 4652 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
    17:44:35.0558 4652 HidBth - ok
    17:44:35.0584 4652 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
    17:44:35.0586 4652 HidIr - ok
    17:44:35.0601 4652 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
    17:44:35.0604 4652 hidserv - ok
    17:44:35.0622 4652 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
    17:44:35.0623 4652 HidUsb - ok
    17:44:35.0654 4652 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
    17:44:35.0658 4652 hkmsvc - ok
    17:44:35.0679 4652 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
    17:44:35.0694 4652 HomeGroupListener - ok
    17:44:35.0720 4652 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
    17:44:35.0735 4652 HomeGroupProvider - ok
    17:44:35.0754 4652 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
    17:44:35.0758 4652 HpSAMD - ok
    17:44:35.0798 4652 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
    17:44:35.0821 4652 HTTP - ok
    17:44:35.0836 4652 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
    17:44:35.0838 4652 hwpolicy - ok
    17:44:35.0910 4652 HyperW7Svc (9149907ff8681ad6475607eebf62dd2f) C:\Program Files\Lenovo\RapidBoot\HyperW7Svc64.exe
    17:44:35.0913 4652 HyperW7Svc - ok
    17:44:35.0926 4652 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
    17:44:35.0928 4652 i8042prt - ok
    17:44:35.0977 4652 iaStor (d7921d5a870b11cc1adab198a519d50a) C:\Windows\system32\drivers\iaStor.sys
    17:44:35.0980 4652 iaStor - ok
    17:44:36.0030 4652 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
    17:44:36.0042 4652 iaStorV - ok
    17:44:36.0069 4652 IBMPMDRV (29ed470689b7c597a9701d6a4c57a578) C:\Windows\system32\DRIVERS\ibmpmdrv.sys
    17:44:36.0071 4652 IBMPMDRV - ok
    17:44:36.0086 4652 IBMPMSVC (bc7af43eec24e995d770ec92a441d5d8) C:\Windows\system32\ibmpmsvc.exe
    17:44:36.0089 4652 IBMPMSVC - ok
    17:44:36.0191 4652 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    17:44:36.0211 4652 idsvc - ok
    17:44:36.0715 4652 igfx (66dc0ce2d1867b8178eaa0e11930dbd7) C:\Windows\system32\DRIVERS\igdkmd64.sys
    17:44:36.0938 4652 igfx - ok
    17:44:37.0046 4652 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
    17:44:37.0048 4652 iirsp - ok
    17:44:37.0104 4652 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
    17:44:37.0122 4652 IKEEXT - ok
    17:44:37.0161 4652 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
    17:44:37.0175 4652 IntcDAud - ok
    17:44:37.0187 4652 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
    17:44:37.0189 4652 intelide - ok
    17:44:37.0203 4652 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
    17:44:37.0205 4652 intelppm - ok
    17:44:37.0223 4652 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
    17:44:37.0226 4652 IPBusEnum - ok
    17:44:37.0246 4652 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    17:44:37.0248 4652 IpFilterDriver - ok
    17:44:37.0285 4652 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
    17:44:37.0304 4652 iphlpsvc - ok
    17:44:37.0320 4652 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
    17:44:37.0323 4652 IPMIDRV - ok
    17:44:37.0339 4652 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
    17:44:37.0342 4652 IPNAT - ok
    17:44:37.0359 4652 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
    17:44:37.0361 4652 IRENUM - ok
    17:44:37.0371 4652 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
    17:44:37.0374 4652 isapnp - ok
    17:44:37.0396 4652 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
    17:44:37.0409 4652 iScsiPrt - ok
    17:44:37.0476 4652 jhi_service (3b794ca0de73790420deba3c759f1502) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
    17:44:37.0485 4652 jhi_service - ok
    17:44:37.0505 4652 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
    17:44:37.0507 4652 kbdclass - ok
    17:44:37.0527 4652 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
    17:44:37.0529 4652 kbdhid - ok
    17:44:37.0544 4652 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    17:44:37.0547 4652 KeyIso - ok
    17:44:37.0559 4652 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
    17:44:37.0562 4652 KSecDD - ok
    17:44:37.0588 4652 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
    17:44:37.0591 4652 KSecPkg - ok
    17:44:37.0604 4652 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
    17:44:37.0606 4652 ksthunk - ok
    17:44:37.0649 4652 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
    17:44:37.0663 4652 KtmRm - ok
    17:44:37.0694 4652 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
    17:44:37.0710 4652 LanmanServer - ok
    17:44:37.0740 4652 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
    17:44:37.0751 4652 LanmanWorkstation - ok
    17:44:37.0831 4652 LENOVO.CAMMUTE (45675fff153adb349b74d1d5878bd33a) C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
    17:44:37.0834 4652 LENOVO.CAMMUTE - ok
    17:44:37.0872 4652 LENOVO.MICMUTE (fce735941da27929dbfc1918f286ffd8) C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
    17:44:37.0875 4652 LENOVO.MICMUTE - ok
    17:44:37.0890 4652 lenovo.smi (2b9d8555dc004e240082d18e7725ce20) C:\Windows\system32\DRIVERS\smiifx64.sys
    17:44:37.0893 4652 lenovo.smi - ok
    17:44:37.0910 4652 LENOVO.TPKNRSVC (25d2aaff167f435227148aaa77a79863) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
    17:44:37.0912 4652 LENOVO.TPKNRSVC - ok
    17:44:37.0926 4652 Lenovo.VIRTSCRLSVC (6f2cc57eb5836d2ac9bd37f3554d55f8) C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
    17:44:37.0929 4652 Lenovo.VIRTSCRLSVC - ok
    17:44:37.0956 4652 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
    17:44:37.0959 4652 lltdio - ok
    17:44:37.0999 4652 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
    17:44:38.0013 4652 lltdsvc - ok
    17:44:38.0034 4652 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
    17:44:38.0036 4652 lmhosts - ok
    17:44:38.0066 4652 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
    17:44:38.0069 4652 LSI_FC - ok
    17:44:38.0091 4652 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
    17:44:38.0095 4652 LSI_SAS - ok
    17:44:38.0110 4652 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
    17:44:38.0112 4652 LSI_SAS2 - ok
    17:44:38.0135 4652 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
    17:44:38.0138 4652 LSI_SCSI - ok
    17:44:38.0159 4652 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
    17:44:38.0162 4652 luafv - ok
    17:44:38.0179 4652 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
    17:44:38.0183 4652 Mcx2Svc - ok
    17:44:38.0198 4652 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
    17:44:38.0201 4652 megasas - ok
    17:44:38.0225 4652 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
    17:44:38.0238 4652 MegaSR - ok
    17:44:38.0263 4652 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
    17:44:38.0265 4652 MEIx64 - ok
    17:44:38.0291 4652 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
    17:44:38.0295 4652 MMCSS - ok
    17:44:38.0305 4652 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
    17:44:38.0308 4652 Modem - ok
    17:44:38.0320 4652 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
    17:44:38.0322 4652 monitor - ok
    17:44:38.0343 4652 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
    17:44:38.0345 4652 mouclass - ok
    17:44:38.0370 4652 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
    17:44:38.0372 4652 mouhid - ok
    17:44:38.0383 4652 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
    17:44:38.0386 4652 mountmgr - ok
    17:44:38.0459 4652 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    17:44:38.0462 4652 MozillaMaintenance - ok
    17:44:38.0488 4652 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
    17:44:38.0491 4652 mpio - ok
    17:44:38.0504 4652 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
    17:44:38.0507 4652 mpsdrv - ok
    17:44:38.0551 4652 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
    17:44:38.0588 4652 MpsSvc - ok
    17:44:38.0612 4652 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
    17:44:38.0616 4652 MRxDAV - ok
    17:44:38.0644 4652 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
    17:44:38.0653 4652 mrxsmb - ok
    17:44:38.0694 4652 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    17:44:38.0707 4652 mrxsmb10 - ok
    17:44:38.0729 4652 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    17:44:38.0732 4652 mrxsmb20 - ok
    17:44:38.0748 4652 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
    17:44:38.0750 4652 msahci - ok
    17:44:38.0766 4652 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
    17:44:38.0769 4652 msdsm - ok
    17:44:38.0788 4652 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
    17:44:38.0799 4652 MSDTC - ok
    17:44:38.0820 4652 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
    17:44:38.0823 4652 Msfs - ok
    17:44:38.0843 4652 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
    17:44:38.0845 4652 mshidkmdf - ok
    17:44:38.0855 4652 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
    17:44:38.0857 4652 msisadrv - ok
    17:44:38.0878 4652 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
    17:44:38.0890 4652 MSiSCSI - ok
    17:44:38.0892 4652 msiserver - ok
    17:44:38.0918 4652 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
    17:44:38.0920 4652 MSKSSRV - ok
    17:44:38.0932 4652 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
    17:44:38.0934 4652 MSPCLOCK - ok
    17:44:38.0948 4652 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
    17:44:38.0950 4652 MSPQM - ok
    17:44:38.0982 4652 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
    17:44:38.0996 4652 MsRPC - ok
    17:44:39.0011 4652 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
    17:44:39.0013 4652 mssmbios - ok
    17:44:39.0029 4652 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
    17:44:39.0031 4652 MSTEE - ok
    17:44:39.0041 4652 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
    17:44:39.0043 4652 MTConfig - ok
    17:44:39.0059 4652 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
    17:44:39.0062 4652 Mup - ok

    (to be continued)
  9. themom

    themom Newcomer, in training Topic Starter Posts: 19

    Continued report below

    17:43:59.0764 6120 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
    17:44:00.0011 6120 ============================================================
    17:44:00.0011 6120 Current date / time: 2012/05/06 17:44:00.0011
    17:44:00.0011 6120 SystemInfo:
    17:44:00.0011 6120
    17:44:00.0011 6120 OS Version: 6.1.7601 ServicePack: 1.0
    17:44:00.0011 6120 Product type: Workstation
    17:44:00.0011 6120 ComputerName: NFS
    17:44:00.0011 6120 UserName: Phyllis
    17:44:00.0011 6120 Windows directory: C:\Windows
    17:44:00.0011 6120 System windows directory: C:\Windows
    17:44:00.0011 6120 Running under WOW64
    17:44:00.0011 6120 Processor architecture: Intel x64
    17:44:00.0011 6120 Number of processors: 4
    17:44:00.0011 6120 Page size: 0x1000
    17:44:00.0011 6120 Boot type: Normal boot
    17:44:00.0011 6120 ============================================================
    17:44:00.0370 6120 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    17:44:00.0376 6120 ============================================================
    17:44:00.0376 6120 \Device\Harddisk0\DR0:
    17:44:00.0378 6120 MBR partitions:
    17:44:00.0378 6120 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x258000
    17:44:00.0378 6120 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x258800, BlocksNum 0x381ECFF8
    17:44:00.0378 6120 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x38445800, BlocksNum 0x1F40000
    17:44:00.0378 6120 ============================================================
    17:44:00.0411 6120 C: <-> \Device\Harddisk0\DR0\Partition1
    17:44:00.0462 6120 Q: <-> \Device\Harddisk0\DR0\Partition2
    17:44:00.0462 6120 ============================================================
    17:44:00.0462 6120 Initialize success
    17:44:00.0462 6120 ============================================================
    17:44:29.0919 4652 ============================================================
    17:44:29.0919 4652 Scan started
    17:44:29.0919 4652 Mode: Manual;
    17:44:29.0919 4652 ============================================================
    17:44:30.0231 4652 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\DRIVERS\1394ohci.sys
    17:44:30.0240 4652 1394ohci - ok
    17:44:30.0283 4652 5U877 (fe2ed67c35700fefd3fa0916ac82215d) C:\Windows\system32\DRIVERS\5U877.sys
    17:44:30.0295 4652 5U877 - ok
    17:44:30.0332 4652 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
    17:44:30.0346 4652 ACPI - ok
    17:44:30.0364 4652 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
    17:44:30.0366 4652 AcpiPmi - ok
    17:44:30.0406 4652 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
    17:44:30.0422 4652 adp94xx - ok
    17:44:30.0448 4652 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
    17:44:30.0462 4652 adpahci - ok
    17:44:30.0483 4652 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
    17:44:30.0487 4652 adpu320 - ok
    17:44:30.0511 4652 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
    17:44:30.0514 4652 AeLookupSvc - ok
    17:44:30.0571 4652 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
    17:44:30.0587 4652 AFD - ok
    17:44:30.0599 4652 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
    17:44:30.0602 4652 agp440 - ok
    17:44:30.0614 4652 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
    17:44:30.0617 4652 ALG - ok
    17:44:30.0627 4652 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
    17:44:30.0629 4652 aliide - ok
    17:44:30.0638 4652 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
    17:44:30.0641 4652 amdide - ok
    17:44:30.0657 4652 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
    17:44:30.0660 4652 AmdK8 - ok
    17:44:30.0674 4652 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
    17:44:30.0676 4652 AmdPPM - ok
    17:44:30.0713 4652 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
    17:44:30.0715 4652 amdsata - ok
    17:44:30.0746 4652 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
    17:44:30.0756 4652 amdsbs - ok
    17:44:30.0777 4652 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
    17:44:30.0779 4652 amdxata - ok
    17:44:30.0794 4652 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
    17:44:30.0796 4652 AppID - ok
    17:44:30.0814 4652 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
    17:44:30.0816 4652 AppIDSvc - ok
    17:44:30.0831 4652 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
    17:44:30.0833 4652 Appinfo - ok
    17:44:30.0846 4652 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
    17:44:30.0849 4652 arc - ok
    17:44:30.0859 4652 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
    17:44:30.0862 4652 arcsas - ok
    17:44:30.0901 4652 aswFsBlk (b9da213b5271db5fce962d827e6d620d) C:\Windows\system32\drivers\aswFsBlk.sys
    17:44:30.0903 4652 aswFsBlk - ok
    17:44:30.0954 4652 aswMonFlt (21c9835d0e5ad2ff0f16134bcb32cc71) C:\Windows\system32\drivers\aswMonFlt.sys
    17:44:30.0956 4652 aswMonFlt - ok
    17:44:30.0977 4652 aswRdr (1b96a5867abd4fa6135d8298fcccf9c6) C:\Windows\System32\Drivers\aswrdr2.sys
    17:44:30.0979 4652 aswRdr - ok
    17:44:31.0032 4652 aswSnx (6e98bb288696777a3a8a07a52b0eaee9) C:\Windows\system32\drivers\aswSnx.sys
    17:44:31.0051 4652 aswSnx - ok
    17:44:31.0076 4652 aswSP (d9fb49f16e4eb02efecae8cbfe4bcb4c) C:\Windows\system32\drivers\aswSP.sys
    17:44:31.0091 4652 aswSP - ok
    17:44:31.0111 4652 aswTdi (7352bb9a564b94bbd7c9cbf165f55006) C:\Windows\system32\drivers\aswTdi.sys
    17:44:31.0114 4652 aswTdi - ok
    17:44:31.0125 4652 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
    17:44:31.0127 4652 AsyncMac - ok
    17:44:31.0147 4652 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
    17:44:31.0149 4652 atapi - ok
    17:44:31.0207 4652 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
    17:44:31.0238 4652 AudioEndpointBuilder - ok
    17:44:31.0244 4652 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
    17:44:31.0247 4652 AudioSrv - ok
    17:44:31.0323 4652 avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    17:44:31.0324 4652 avast! Antivirus - ok
    17:44:31.0348 4652 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
    17:44:31.0350 4652 AxInstSV - ok
    17:44:31.0395 4652 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
    17:44:31.0407 4652 b06bdrv - ok
    17:44:31.0436 4652 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
    17:44:31.0449 4652 b57nd60a - ok
    17:44:31.0492 4652 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
    17:44:31.0495 4652 BDESVC - ok
    17:44:31.0513 4652 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
    17:44:31.0515 4652 Beep - ok
    17:44:31.0567 4652 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
    17:44:31.0598 4652 BFE - ok
    17:44:31.0653 4652 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
    17:44:31.0688 4652 BITS - ok
    17:44:31.0725 4652 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
    17:44:31.0728 4652 blbdrive - ok
    17:44:31.0761 4652 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
    17:44:31.0763 4652 bowser - ok
    17:44:31.0781 4652 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
    17:44:31.0784 4652 BrFiltLo - ok
    17:44:31.0799 4652 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
    17:44:31.0800 4652 BrFiltUp - ok
    17:44:31.0821 4652 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
    17:44:31.0824 4652 Browser - ok
    17:44:31.0851 4652 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
    17:44:31.0863 4652 Brserid - ok
    17:44:31.0876 4652 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
    17:44:31.0878 4652 BrSerWdm - ok
    17:44:31.0891 4652 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
    17:44:31.0893 4652 BrUsbMdm - ok
    17:44:31.0902 4652 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
    17:44:31.0904 4652 BrUsbSer - ok
    17:44:31.0947 4652 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
    17:44:31.0948 4652 BthEnum - ok
    17:44:31.0962 4652 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
    17:44:31.0965 4652 BTHMODEM - ok
    17:44:31.0990 4652 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
    17:44:31.0992 4652 BthPan - ok
    17:44:32.0039 4652 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
    17:44:32.0058 4652 BTHPORT - ok
    17:44:32.0094 4652 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
    17:44:32.0098 4652 bthserv - ok
    17:44:32.0116 4652 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
    17:44:32.0118 4652 BTHUSB - ok
    17:44:32.0169 4652 BTWAMPFL (8834f87a6a745872894df8223201a6c3) C:\Windows\system32\DRIVERS\btwampfl.sys
    17:44:32.0181 4652 BTWAMPFL - ok
    17:44:32.0197 4652 btwaudio (9863d82ecbec6106d377ed73680d99d8) C:\Windows\system32\drivers\btwaudio.sys
    17:44:32.0207 4652 btwaudio - ok
    17:44:32.0224 4652 btwavdt (3432dd66ae75ab2de6d0527ad78dbfc7) C:\Windows\system32\DRIVERS\btwavdt.sys
    17:44:32.0227 4652 btwavdt - ok
    17:44:32.0327 4652 btwdins (eb4afe08fb39bb444f221d7d501e0915) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
    17:44:32.0359 4652 btwdins - ok
    17:44:32.0373 4652 btwl2cap (382dc5a631ced0462ea09b7eb898bdbf) C:\Windows\system32\DRIVERS\btwl2cap.sys
    17:44:32.0375 4652 btwl2cap - ok
    17:44:32.0387 4652 btwrchid (13a9c2cedd44c175e6ca39a536795ca6) C:\Windows\system32\DRIVERS\btwrchid.sys
    17:44:32.0389 4652 btwrchid - ok
    17:44:32.0417 4652 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
    17:44:32.0419 4652 cdfs - ok
    17:44:32.0447 4652 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
    17:44:32.0451 4652 cdrom - ok
    17:44:32.0493 4652 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
    17:44:32.0496 4652 CertPropSvc - ok
    17:44:32.0516 4652 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
    17:44:32.0518 4652 circlass - ok
    17:44:32.0548 4652 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
    17:44:32.0562 4652 CLFS - ok
    17:44:32.0634 4652 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    17:44:32.0637 4652 clr_optimization_v2.0.50727_32 - ok
    17:44:32.0685 4652 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    17:44:32.0688 4652 clr_optimization_v2.0.50727_64 - ok
    17:44:32.0734 4652 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    17:44:32.0737 4652 clr_optimization_v4.0.30319_32 - ok
    17:44:32.0785 4652 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    17:44:32.0788 4652 clr_optimization_v4.0.30319_64 - ok
    17:44:32.0807 4652 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
    17:44:32.0810 4652 CmBatt - ok
    17:44:32.0823 4652 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
    17:44:32.0825 4652 cmdide - ok
    17:44:32.0860 4652 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
    17:44:32.0871 4652 CNG - ok
    17:44:32.0968 4652 CnxtHdAudService (f50620115a751eff437cbaba0403600a) C:\Windows\system32\drivers\CHDRT64.sys
    17:44:33.0011 4652 CnxtHdAudService - ok
    17:44:33.0108 4652 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
    17:44:33.0109 4652 Compbatt - ok
    17:44:33.0136 4652 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
    17:44:33.0138 4652 CompositeBus - ok
    17:44:33.0141 4652 COMSysApp - ok
    17:44:33.0153 4652 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
    17:44:33.0155 4652 crcdisk - ok
    17:44:33.0191 4652 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
    17:44:33.0195 4652 CryptSvc - ok
    17:44:33.0239 4652 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
    17:44:33.0257 4652 DcomLaunch - ok
    17:44:33.0292 4652 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
    17:44:33.0307 4652 defragsvc - ok
    17:44:33.0325 4652 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
    17:44:33.0327 4652 DfsC - ok
    17:44:33.0355 4652 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
    17:44:33.0370 4652 Dhcp - ok
    17:44:33.0383 4652 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
    17:44:33.0386 4652 discache - ok
    17:44:33.0408 4652 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
    17:44:33.0411 4652 Disk - ok
    17:44:33.0435 4652 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
    17:44:33.0438 4652 Dnscache - ok
    17:44:33.0478 4652 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
    17:44:33.0493 4652 dot3svc - ok
    17:44:33.0566 4652 DozeSvc (e6987f7818154791a6937bcc6655599b) C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE
    17:44:33.0583 4652 DozeSvc - ok
    17:44:33.0605 4652 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
    17:44:33.0610 4652 DPS - ok
    17:44:33.0632 4652 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
    17:44:33.0634 4652 drmkaud - ok
    17:44:33.0693 4652 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
    17:44:33.0730 4652 DXGKrnl - ok
    17:44:33.0762 4652 DzHDD64 (ce4cffd9f64b86bceb1c343fc9924d72) C:\Windows\system32\DRIVERS\DzHDD64.sys
    17:44:33.0764 4652 DzHDD64 - ok
    17:44:33.0808 4652 e1cexpress (dc1776d086aa9733b1929a3d979d9fdd) C:\Windows\system32\DRIVERS\e1c62x64.sys
    17:44:33.0823 4652 e1cexpress - ok
    17:44:33.0848 4652 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
    17:44:33.0853 4652 EapHost - ok
    17:44:34.0031 4652 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
    17:44:34.0090 4652 ebdrv - ok
    17:44:34.0194 4652 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
    17:44:34.0207 4652 EFS - ok
    17:44:34.0287 4652 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
    17:44:34.0321 4652 ehRecvr - ok
    17:44:34.0337 4652 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
    17:44:34.0340 4652 ehSched - ok
    17:44:34.0403 4652 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
    17:44:34.0420 4652 elxstor - ok
    17:44:34.0434 4652 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
    17:44:34.0436 4652 ErrDev - ok
    17:44:34.0477 4652 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
    17:44:34.0489 4652 EventSystem - ok
    17:44:34.0689 4652 EvtEng (8b6c9924b0d333dbf76086b8258a0891) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    17:44:34.0738 4652 EvtEng - ok
    17:44:34.0820 4652 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
    17:44:34.0828 4652 exfat - ok
    17:44:34.0853 4652 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
    17:44:34.0861 4652 fastfat - ok
    17:44:34.0920 4652 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
    17:44:34.0939 4652 Fax - ok
    17:44:34.0956 4652 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
    17:44:34.0958 4652 fdc - ok
    17:44:34.0974 4652 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
    17:44:34.0977 4652 fdPHost - ok
    17:44:34.0996 4652 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
    17:44:34.0999 4652 FDResPub - ok
    17:44:35.0013 4652 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
    17:44:35.0016 4652 FileInfo - ok
    17:44:35.0030 4652 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
    17:44:35.0032 4652 Filetrace - ok
    17:44:35.0044 4652 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
    17:44:35.0045 4652 flpydisk - ok
    17:44:35.0067 4652 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
    17:44:35.0081 4652 FltMgr - ok
    17:44:35.0146 4652 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
    17:44:35.0177 4652 FontCache - ok
    17:44:35.0243 4652 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    17:44:35.0245 4652 FontCache3.0.0.0 - ok
    17:44:35.0273 4652 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
    17:44:35.0276 4652 FsDepends - ok
    17:44:35.0300 4652 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
    17:44:35.0301 4652 Fs_Rec - ok
    17:44:35.0322 4652 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
    17:44:35.0326 4652 fvevol - ok
    17:44:35.0337 4652 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
    17:44:35.0340 4652 gagp30kx - ok
    17:44:35.0397 4652 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
    17:44:35.0415 4652 gpsvc - ok
    17:44:35.0434 4652 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
    17:44:35.0437 4652 hcw85cir - ok
    17:44:35.0478 4652 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
    17:44:35.0491 4652 HdAudAddService - ok
    17:44:35.0517 4652 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
    17:44:35.0520 4652 HDAudBus - ok
    17:44:35.0535 4652 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
    17:44:35.0537 4652 HidBatt - ok
    17:44:35.0555 4652 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
    17:44:35.0558 4652 HidBth - ok
    17:44:35.0584 4652 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
    17:44:35.0586 4652 HidIr - ok
    17:44:35.0601 4652 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
    17:44:35.0604 4652 hidserv - ok
    17:44:35.0622 4652 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
    17:44:35.0623 4652 HidUsb - ok
    17:44:35.0654 4652 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
    17:44:35.0658 4652 hkmsvc - ok
    17:44:35.0679 4652 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
    17:44:35.0694 4652 HomeGroupListener - ok
    17:44:35.0720 4652 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
    17:44:35.0735 4652 HomeGroupProvider - ok
    17:44:35.0754 4652 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
    17:44:35.0758 4652 HpSAMD - ok
    17:44:35.0798 4652 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
    17:44:35.0821 4652 HTTP - ok
    17:44:35.0836 4652 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
    17:44:35.0838 4652 hwpolicy - ok
    17:44:35.0910 4652 HyperW7Svc (9149907ff8681ad6475607eebf62dd2f) C:\Program Files\Lenovo\RapidBoot\HyperW7Svc64.exe
    17:44:35.0913 4652 HyperW7Svc - ok
    17:44:35.0926 4652 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
    17:44:35.0928 4652 i8042prt - ok
    17:44:35.0977 4652 iaStor (d7921d5a870b11cc1adab198a519d50a) C:\Windows\system32\drivers\iaStor.sys
    17:44:35.0980 4652 iaStor - ok
    17:44:36.0030 4652 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
    17:44:36.0042 4652 iaStorV - ok
    17:44:36.0069 4652 IBMPMDRV (29ed470689b7c597a9701d6a4c57a578) C:\Windows\system32\DRIVERS\ibmpmdrv.sys
    17:44:36.0071 4652 IBMPMDRV - ok
    17:44:36.0086 4652 IBMPMSVC (bc7af43eec24e995d770ec92a441d5d8) C:\Windows\system32\ibmpmsvc.exe
    17:44:36.0089 4652 IBMPMSVC - ok
    17:44:36.0191 4652 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    17:44:36.0211 4652 idsvc - ok
    17:44:36.0715 4652 igfx (66dc0ce2d1867b8178eaa0e11930dbd7) C:\Windows\system32\DRIVERS\igdkmd64.sys
    17:44:36.0938 4652 igfx - ok
    17:44:37.0046 4652 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
    17:44:37.0048 4652 iirsp - ok
    17:44:37.0104 4652 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
    17:44:37.0122 4652 IKEEXT - ok
    17:44:37.0161 4652 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
    17:44:37.0175 4652 IntcDAud - ok
    17:44:37.0187 4652 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
    17:44:37.0189 4652 intelide - ok
    17:44:37.0203 4652 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
    17:44:37.0205 4652 intelppm - ok
    17:44:37.0223 4652 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
    17:44:37.0226 4652 IPBusEnum - ok
    17:44:37.0246 4652 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    17:44:37.0248 4652 IpFilterDriver - ok
    17:44:37.0285 4652 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
    17:44:37.0304 4652 iphlpsvc - ok
    17:44:37.0320 4652 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
    17:44:37.0323 4652 IPMIDRV - ok
    17:44:37.0339 4652 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
    17:44:37.0342 4652 IPNAT - ok
    17:44:37.0359 4652 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
    17:44:37.0361 4652 IRENUM - ok
    17:44:37.0371 4652 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
    17:44:37.0374 4652 isapnp - ok
    17:44:37.0396 4652 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
    17:44:37.0409 4652 iScsiPrt - ok
    17:44:37.0476 4652 jhi_service (3b794ca0de73790420deba3c759f1502) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
    17:44:37.0485 4652 jhi_service - ok
    17:44:37.0505 4652 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
    17:44:37.0507 4652 kbdclass - ok
    17:44:37.0527 4652 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
    17:44:37.0529 4652 kbdhid - ok
    17:44:37.0544 4652 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    17:44:37.0547 4652 KeyIso - ok
    17:44:37.0559 4652 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
    17:44:37.0562 4652 KSecDD - ok
    17:44:37.0588 4652 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
    17:44:37.0591 4652 KSecPkg - ok
    17:44:37.0604 4652 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
    17:44:37.0606 4652 ksthunk - ok
    17:44:37.0649 4652 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
    17:44:37.0663 4652 KtmRm - ok
    17:44:37.0694 4652 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
    17:44:37.0710 4652 LanmanServer - ok
    17:44:37.0740 4652 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
    17:44:37.0751 4652 LanmanWorkstation - ok
    17:44:37.0831 4652 LENOVO.CAMMUTE (45675fff153adb349b74d1d5878bd33a) C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
    17:44:37.0834 4652 LENOVO.CAMMUTE - ok
    17:44:37.0872 4652 LENOVO.MICMUTE (fce735941da27929dbfc1918f286ffd8) C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
    17:44:37.0875 4652 LENOVO.MICMUTE - ok
    17:44:37.0890 4652 lenovo.smi (2b9d8555dc004e240082d18e7725ce20) C:\Windows\system32\DRIVERS\smiifx64.sys
    17:44:37.0893 4652 lenovo.smi - ok
    17:44:37.0910 4652 LENOVO.TPKNRSVC (25d2aaff167f435227148aaa77a79863) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
    17:44:37.0912 4652 LENOVO.TPKNRSVC - ok
    17:44:37.0926 4652 Lenovo.VIRTSCRLSVC (6f2cc57eb5836d2ac9bd37f3554d55f8) C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
    17:44:37.0929 4652 Lenovo.VIRTSCRLSVC - ok
    17:44:37.0956 4652 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
    17:44:37.0959 4652 lltdio - ok
    17:44:37.0999 4652 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
    17:44:38.0013 4652 lltdsvc - ok
    17:44:38.0034 4652 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
    17:44:38.0036 4652 lmhosts - ok
    17:44:38.0066 4652 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
    17:44:38.0069 4652 LSI_FC - ok
    17:44:38.0091 4652 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
    17:44:38.0095 4652 LSI_SAS - ok
    17:44:38.0110 4652 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
    17:44:38.0112 4652 LSI_SAS2 - ok
    17:44:38.0135 4652 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
    17:44:38.0138 4652 LSI_SCSI - ok
    17:44:38.0159 4652 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
    17:44:38.0162 4652 luafv - ok
    17:44:38.0179 4652 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
    17:44:38.0183 4652 Mcx2Svc - ok
    17:44:38.0198 4652 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
    17:44:38.0201 4652 megasas - ok
    17:44:38.0225 4652 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
    17:44:38.0238 4652 MegaSR - ok
    17:44:38.0263 4652 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
    17:44:38.0265 4652 MEIx64 - ok
    17:44:38.0291 4652 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
    17:44:38.0295 4652 MMCSS - ok
    17:44:38.0305 4652 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
    17:44:38.0308 4652 Modem - ok
    17:44:38.0320 4652 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
    17:44:38.0322 4652 monitor - ok
    17:44:38.0343 4652 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
    17:44:38.0345 4652 mouclass - ok
    17:44:38.0370 4652 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
    17:44:38.0372 4652 mouhid - ok
    17:44:38.0383 4652 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
    17:44:38.0386 4652 mountmgr - ok
    17:44:38.0459 4652 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    17:44:38.0462 4652 MozillaMaintenance - ok
    17:44:38.0488 4652 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
    17:44:38.0491 4652 mpio - ok
    17:44:38.0504 4652 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
    17:44:38.0507 4652 mpsdrv - ok
    17:44:38.0551 4652 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
    17:44:38.0588 4652 MpsSvc - ok
    17:44:38.0612 4652 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
    17:44:38.0616 4652 MRxDAV - ok
    17:44:38.0644 4652 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
    17:44:38.0653 4652 mrxsmb - ok
    17:44:38.0694 4652 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    17:44:38.0707 4652 mrxsmb10 - ok
    17:44:38.0729 4652 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    17:44:38.0732 4652 mrxsmb20 - ok
    17:44:38.0748 4652 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
    17:44:38.0750 4652 msahci - ok
    17:44:38.0766 4652 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
    17:44:38.0769 4652 msdsm - ok
    17:44:38.0788 4652 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
    17:44:38.0799 4652 MSDTC - ok
    17:44:38.0820 4652 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
    17:44:38.0823 4652 Msfs - ok
    17:44:38.0843 4652 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
    17:44:38.0845 4652 mshidkmdf - ok
    17:44:38.0855 4652 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
    17:44:38.0857 4652 msisadrv - ok
    17:44:38.0878 4652 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
    17:44:38.0890 4652 MSiSCSI - ok
    17:44:38.0892 4652 msiserver - ok
    17:44:38.0918 4652 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
    17:44:38.0920 4652 MSKSSRV - ok
    17:44:38.0932 4652 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
    17:44:38.0934 4652 MSPCLOCK - ok
    17:44:38.0948 4652 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
    17:44:38.0950 4652 MSPQM - ok
    17:44:38.0982 4652 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
    17:44:38.0996 4652 MsRPC - ok
    17:44:39.0011 4652 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
    17:44:39.0013 4652 mssmbios - ok
    17:44:39.0029 4652 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
    17:44:39.0031 4652 MSTEE - ok
    17:44:39.0041 4652 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
    17:44:39.0043 4652 MTConfig - ok
    17:44:39.0059 4652 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
    17:44:39.0062 4652 Mup - ok
    17:44:39.0100 4652 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
    17:44:39.0117 4652 napagent - ok
    17:44:39.0154 4652 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
    17:44:39.0168 4652 NativeWifiP - ok
    17:44:39.0230 4652 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
    17:44:39.0288 4652 NDIS - ok
    17:44:39.0310 4652 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
    17:44:39.0312 4652 NdisCap - ok
    17:44:39.0338 4652 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
    17:44:39.0340 4652 NdisTapi - ok
    17:44:39.0361 4652 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
    17:44:39.0363 4652 Ndisuio - ok
    17:44:39.0380 4652 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
    17:44:39.0390 4652 NdisWan - ok
    17:44:39.0415 4652 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
    17:44:39.0417 4652 NDProxy - ok
    17:44:39.0425 4652 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
    17:44:39.0428 4652 NetBIOS - ok
    17:44:39.0446 4652 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
    17:44:39.0459 4652 NetBT - ok
    17:44:39.0483 4652 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    17:44:39.0485 4652 Netlogon - ok
    17:44:39.0526 4652 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
    17:44:39.0540 4652 Netman - ok
    17:44:39.0562 4652 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
    17:44:39.0577 4652 netprofm - ok
    17:44:39.0631 4652 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
    17:44:39.0633 4652 NetTcpPortSharing - ok
    17:44:39.0966 4652 NETwNs64 (5d262402b0634c998f8cbcead7dd8676) C:\Windows\system32\DRIVERS\NETwNs64.sys
    17:44:40.0127 4652 NETwNs64 - ok
    17:44:40.0209 4652 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
    17:44:40.0212 4652 nfrd960 - ok
    17:44:40.0303 4652 NitroReaderDriverReadSpool2 (f7f0dfced28c897e43ef72502f967ca4) C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe
    17:44:40.0316 4652 NitroReaderDriverReadSpool2 - ok
    17:44:40.0356 4652 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
    17:44:40.0370 4652 NlaSvc - ok
    17:44:40.0387 4652 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
    17:44:40.0389 4652 Npfs - ok
    17:44:40.0412 4652 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
    17:44:40.0416 4652 nsi - ok
    17:44:40.0430 4652 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
    17:44:40.0433 4652 nsiproxy - ok
    17:44:40.0524 4652 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
    17:44:40.0559 4652 Ntfs - ok
    17:44:40.0631 4652 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
    17:44:40.0633 4652 Null - ok
    17:44:40.0671 4652 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
    17:44:40.0674 4652 nvraid - ok
    17:44:40.0704 4652 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
    17:44:40.0707 4652 nvstor - ok
    17:44:40.0733 4652 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
    17:44:40.0736 4652 nv_agp - ok
    17:44:40.0754 4652 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
    17:44:40.0757 4652 ohci1394 - ok
    17:44:40.0850 4652 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    17:44:40.0861 4652 ose - ok
    17:44:41.0137 4652 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    17:44:41.0227 4652 osppsvc - ok
    17:44:41.0328 4652 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
    17:44:41.0343 4652 p2pimsvc - ok
    17:44:41.0385 4652 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
    17:44:41.0406 4652 p2psvc - ok
    17:44:41.0445 4652 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
    17:44:41.0449 4652 Parport - ok
    17:44:41.0464 4652 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
    17:44:41.0467 4652 partmgr - ok
    17:44:41.0486 4652 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
    17:44:41.0501 4652 PcaSvc - ok
    17:44:41.0586 4652 PCDSRVC{127174DC-C366ED8B-06020101}_0 (7317a0b550f7ac0223b7070897670476) c:\program files\pc-doctor\pcdsrvc_x64.pkms
    17:44:41.0589 4652 PCDSRVC{127174DC-C366ED8B-06020101}_0 - ok
    17:44:41.0609 4652 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
    17:44:41.0619 4652 pci - ok
    17:44:41.0636 4652 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
    17:44:41.0639 4652 pciide - ok
    17:44:41.0664 4652 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
    17:44:41.0673 4652 pcmcia - ok
    17:44:41.0688 4652 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
    17:44:41.0691 4652 pcw - ok
    17:44:41.0734 4652 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
    17:44:41.0765 4652 PEAUTH - ok
    17:44:41.0833 4652 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
    17:44:41.0836 4652 PerfHost - ok
    17:44:41.0880 4652 PHCORE (18eea095af22ac5fa16fc27fb98c82d3) C:\Program Files\Lenovo\RapidBoot\PHCORE64.SYS
    17:44:41.0882 4652 PHCORE - ok
    17:44:41.0957 4652 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
    17:44:42.0021 4652 pla - ok
    17:44:42.0068 4652 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
    17:44:42.0084 4652 PlugPlay - ok
    17:44:42.0138 4652 pmxdrv (0bee791c7c7ace453c134e73633c497d) C:\Windows\system32\drivers\pmxdrv.sys
    17:44:42.0141 4652 pmxdrv - ok
    17:44:42.0158 4652 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
    17:44:42.0162 4652 PNRPAutoReg - ok
    17:44:42.0190 4652 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
    17:44:42.0194 4652 PNRPsvc - ok
    17:44:42.0237 4652 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
    17:44:42.0255 4652 PolicyAgent - ok
    17:44:42.0292 4652 Power (a2cca4fb273e6050f17a0a416cff2fcd) C:\Windows\system32\umpo.dll
    17:44:42.0308 4652 Power - ok
    17:44:42.0363 4652 Power Manager DBC Service (af7186cf9909bef0d86097175175178f) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
    17:44:42.0366 4652 Power Manager DBC Service - ok
    17:44:42.0405 4652 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
    17:44:42.0407 4652 PptpMiniport - ok
    17:44:42.0424 4652 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
    17:44:42.0426 4652 Processor - ok
    17:44:42.0457 4652 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
    17:44:42.0472 4652 ProfSvc - ok
    17:44:42.0495 4652 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    17:44:42.0497 4652 ProtectedStorage - ok
    17:44:42.0530 4652 psadd (a70ad30223866947e39bc221df4c2306) C:\Windows\system32\DRIVERS\psadd.sys
    17:44:42.0533 4652 psadd - ok
    17:44:42.0550 4652 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
    17:44:42.0553 4652 Psched - ok
    17:44:42.0589 4652 PSI_SVC_2 (f036cfb275d0c55f4e45fbbf5f98b3c8) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
    17:44:42.0594 4652 PSI_SVC_2 - ok
    17:44:42.0669 4652 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
    17:44:42.0714 4652 ql2300 - ok
    17:44:42.0802 4652 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
    17:44:42.0805 4652 ql40xx - ok
    17:44:42.0834 4652 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
    17:44:42.0848 4652 QWAVE - ok
    17:44:42.0861 4652 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
    17:44:42.0864 4652 QWAVEdrv - ok
    17:44:42.0875 4652 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
    17:44:42.0877 4652 RasAcd - ok
    17:44:42.0898 4652 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
    17:44:42.0900 4652 RasAgileVpn - ok
    17:44:42.0927 4652 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
    17:44:42.0931 4652 RasAuto - ok
    17:44:42.0948 4652 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
    17:44:42.0951 4652 Rasl2tp - ok
    17:44:42.0982 4652 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
    17:44:42.0996 4652 RasMan - ok
    17:44:43.0017 4652 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
    17:44:43.0019 4652 RasPppoe - ok
    17:44:43.0036 4652 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
    17:44:43.0039 4652 RasSstp - ok
    17:44:43.0067 4652 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
    17:44:43.0082 4652 rdbss - ok
    17:44:43.0097 4652 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
    17:44:43.0100 4652 rdpbus - ok
    17:44:43.0117 4652 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
    17:44:43.0119 4652 RDPCDD - ok
    17:44:43.0133 4652 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
    17:44:43.0135 4652 RDPENCDD - ok
    17:44:43.0161 4652 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
    17:44:43.0163 4652 RDPREFMP - ok
    17:44:43.0194 4652 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
    17:44:43.0203 4652 RDPWD - ok
    17:44:43.0224 4652 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
    17:44:43.0233 4652 rdyboost - ok
    17:44:43.0314 4652 RegSrvc (189c5a8d2098e0aa14fd157a954b34fc) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    17:44:43.0333 4652 RegSrvc - ok
    17:44:43.0360 4652 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
    17:44:43.0364 4652 RemoteAccess - ok
    17:44:43.0396 4652 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
    17:44:43.0407 4652 RemoteRegistry - ok
    17:44:43.0459 4652 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
    17:44:43.0462 4652 RFCOMM - ok
    17:44:43.0488 4652 risdxc (ff501f212e5d5a97f8339928320f269e) C:\Windows\system32\DRIVERS\risdxc64.sys
    17:44:43.0490 4652 risdxc - ok
    17:44:43.0518 4652 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
    17:44:43.0523 4652 RpcEptMapper - ok
    17:44:43.0535 4652 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
    17:44:43.0538 4652 RpcLocator - ok
    17:44:43.0569 4652 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
    17:44:43.0573 4652 RpcSs - ok
    17:44:43.0605 4652 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
    17:44:43.0608 4652 rspndr - ok

    (will have to do a 3d post to fit it all)
  10. themom

    themom Newcomer, in training Topic Starter Posts: 19

    3d continued - this picks up where last one left off


    17:44:43.0633 4652 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    17:44:43.0635 4652 SamSs - ok
    17:44:43.0638 4652 SAService - ok
    17:44:43.0656 4652 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
    17:44:43.0659 4652 sbp2port - ok
    17:44:43.0685 4652 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
    17:44:43.0700 4652 SCardSvr - ok
    17:44:43.0716 4652 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
    17:44:43.0718 4652 scfilter - ok
    17:44:43.0776 4652 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
    17:44:43.0799 4652 Schedule - ok
    17:44:43.0830 4652 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
    17:44:43.0831 4652 SCPolicySvc - ok
    17:44:43.0854 4652 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
    17:44:43.0866 4652 SDRSVC - ok
    17:44:43.0897 4652 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
    17:44:43.0899 4652 secdrv - ok
    17:44:43.0917 4652 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
    17:44:43.0921 4652 seclogon - ok
    17:44:43.0949 4652 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
    17:44:43.0953 4652 SENS - ok
    17:44:43.0979 4652 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
    17:44:43.0983 4652 SensrSvc - ok
    17:44:43.0995 4652 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
    17:44:43.0997 4652 Serenum - ok
    17:44:44.0015 4652 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
    17:44:44.0018 4652 Serial - ok
    17:44:44.0027 4652 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
    17:44:44.0029 4652 sermouse - ok
    17:44:44.0048 4652 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
    17:44:44.0053 4652 SessionEnv - ok
    17:44:44.0062 4652 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
    17:44:44.0065 4652 sffdisk - ok
    17:44:44.0074 4652 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
    17:44:44.0076 4652 sffp_mmc - ok
    17:44:44.0086 4652 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
    17:44:44.0088 4652 sffp_sd - ok
    17:44:44.0102 4652 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
    17:44:44.0104 4652 sfloppy - ok
    17:44:44.0143 4652 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
    17:44:44.0157 4652 SharedAccess - ok
    17:44:44.0186 4652 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
    17:44:44.0199 4652 ShellHWDetection - ok
    17:44:44.0226 4652 Shockprf (e2fc046d4edabfe3b5ef7da06406277d) C:\Windows\system32\DRIVERS\Apsx64.sys
    17:44:44.0229 4652 Shockprf - ok
    17:44:44.0244 4652 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
    17:44:44.0247 4652 SiSRaid2 - ok
    17:44:44.0265 4652 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
    17:44:44.0268 4652 SiSRaid4 - ok
    17:44:44.0299 4652 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
    17:44:44.0302 4652 Smb - ok
    17:44:44.0346 4652 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
    17:44:44.0350 4652 SNMPTRAP - ok
    17:44:44.0362 4652 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
    17:44:44.0365 4652 spldr - ok
    17:44:44.0400 4652 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
    17:44:44.0417 4652 Spooler - ok
    17:44:44.0561 4652 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
    17:44:44.0616 4652 sppsvc - ok
    17:44:44.0707 4652 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
    17:44:44.0710 4652 sppuinotify - ok
    17:44:44.0757 4652 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
    17:44:44.0774 4652 srv - ok
    17:44:44.0802 4652 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
    17:44:44.0815 4652 srv2 - ok
    17:44:44.0846 4652 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
    17:44:44.0855 4652 srvnet - ok
    17:44:44.0886 4652 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
    17:44:44.0902 4652 SSDPSRV - ok
    17:44:44.0916 4652 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
    17:44:44.0920 4652 SstpSvc - ok
    17:44:44.0941 4652 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
    17:44:44.0943 4652 stexstor - ok
    17:44:44.0991 4652 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
    17:44:45.0009 4652 stisvc - ok
    17:44:45.0065 4652 SUService (266d6be20b40b7dc0949f5108e838b5e) C:\Program Files (x86)\Lenovo\System Update\SUService.exe
    17:44:45.0068 4652 SUService - ok
    17:44:45.0079 4652 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
    17:44:45.0082 4652 swenum - ok
    17:44:45.0118 4652 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
    17:44:45.0137 4652 swprv - ok
    17:44:45.0221 4652 SynTP (b49fa98afad439cd7e33164c3a19bb88) C:\Windows\system32\DRIVERS\SynTP.sys
    17:44:45.0259 4652 SynTP - ok
    17:44:45.0407 4652 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
    17:44:45.0447 4652 SysMain - ok
    17:44:45.0493 4652 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
    17:44:45.0498 4652 TabletInputService - ok
    17:44:45.0528 4652 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
    17:44:45.0534 4652 TapiSrv - ok
    17:44:45.0557 4652 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
    17:44:45.0562 4652 TBS - ok
    17:44:45.0678 4652 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
    17:44:45.0714 4652 Tcpip - ok
    17:44:45.0867 4652 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
    17:44:45.0876 4652 TCPIP6 - ok
    17:44:45.0946 4652 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
    17:44:45.0948 4652 tcpipreg - ok
    17:44:45.0963 4652 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
    17:44:45.0966 4652 TDPIPE - ok
    17:44:45.0980 4652 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
    17:44:45.0983 4652 TDTCP - ok
    17:44:46.0008 4652 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
    17:44:46.0011 4652 tdx - ok
    17:44:46.0021 4652 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
    17:44:46.0023 4652 TermDD - ok
    17:44:46.0065 4652 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
    17:44:46.0087 4652 TermService - ok
    17:44:46.0100 4652 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
    17:44:46.0103 4652 Themes - ok
    17:44:46.0129 4652 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
    17:44:46.0133 4652 THREADORDER - ok
    17:44:46.0159 4652 TPDIGIMN (55b7fe3e1d3b616bdc4e9ea48d92d6e6) C:\Windows\system32\DRIVERS\ApsHM64.sys
    17:44:46.0161 4652 TPDIGIMN - ok
    17:44:46.0175 4652 TPHDEXLGSVC (f0684c62ed8fd3061cd488ecfc851022) C:\Windows\system32\TPHDEXLG64.exe
    17:44:46.0179 4652 TPHDEXLGSVC - ok
    17:44:46.0242 4652 TPHKLOAD (63626012e44caaa162677b57b6dcb542) C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
    17:44:46.0246 4652 TPHKLOAD - ok
    17:44:46.0273 4652 TPHKSVC (9e6e4a9789f76593cc5a6a5af8fc5929) C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
    17:44:46.0276 4652 TPHKSVC - ok
    17:44:46.0307 4652 TPM (dbcc20c02e8a3e43b03c304a4e40a84f) C:\Windows\system32\drivers\tpm.sys
    17:44:46.0310 4652 TPM - ok
    17:44:46.0330 4652 TPPWRIF (7165b5a9b4867f64a6d6935f57d4196b) C:\Windows\system32\drivers\Tppwr64v.sys
    17:44:46.0331 4652 TPPWRIF - ok
    17:44:46.0367 4652 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
    17:44:46.0372 4652 TrkWks - ok
    17:44:46.0417 4652 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
    17:44:46.0420 4652 TrustedInstaller - ok
    17:44:46.0436 4652 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
    17:44:46.0439 4652 tssecsrv - ok
    17:44:46.0452 4652 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
    17:44:46.0455 4652 TsUsbFlt - ok
    17:44:46.0468 4652 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
    17:44:46.0471 4652 TsUsbGD - ok
    17:44:46.0491 4652 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
    17:44:46.0494 4652 tunnel - ok
    17:44:46.0512 4652 TVTI2C (4daae0413cd4e816258838e2fafb3147) C:\Windows\system32\DRIVERS\Tvti2c.sys
    17:44:46.0514 4652 TVTI2C - ok
    17:44:46.0536 4652 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
    17:44:46.0538 4652 uagp35 - ok
    17:44:46.0567 4652 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
    17:44:46.0582 4652 udfs - ok
    17:44:46.0604 4652 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
    17:44:46.0607 4652 UI0Detect - ok
    17:44:46.0715 4652 UleadBurningHelper (be788a747457e6916586c410ec0111e7) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    17:44:46.0718 4652 UleadBurningHelper - ok
    17:44:46.0740 4652 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
    17:44:46.0742 4652 uliagpkx - ok
    17:44:46.0775 4652 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
    17:44:46.0777 4652 umbus - ok
    17:44:46.0787 4652 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
    17:44:46.0790 4652 UmPass - ok
    17:44:46.0818 4652 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
    17:44:46.0833 4652 upnphost - ok
    17:44:46.0865 4652 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
    17:44:46.0867 4652 usbccgp - ok
    17:44:46.0887 4652 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
    17:44:46.0890 4652 usbcir - ok
    17:44:46.0909 4652 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
    17:44:46.0911 4652 usbehci - ok
    17:44:46.0941 4652 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
    17:44:46.0955 4652 usbhub - ok
    17:44:46.0971 4652 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
    17:44:46.0974 4652 usbohci - ok
    17:44:46.0987 4652 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
    17:44:46.0989 4652 usbprint - ok
    17:44:47.0012 4652 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    17:44:47.0015 4652 USBSTOR - ok
    17:44:47.0026 4652 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
    17:44:47.0029 4652 usbuhci - ok
    17:44:47.0064 4652 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
    17:44:47.0074 4652 usbvideo - ok
    17:44:47.0088 4652 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
    17:44:47.0093 4652 UxSms - ok
    17:44:47.0132 4652 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    17:44:47.0134 4652 VaultSvc - ok
    17:44:47.0158 4652 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
    17:44:47.0160 4652 vdrvroot - ok
    17:44:47.0197 4652 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
    17:44:47.0216 4652 vds - ok
    17:44:47.0229 4652 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
    17:44:47.0232 4652 vga - ok
    17:44:47.0243 4652 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
    17:44:47.0246 4652 VgaSave - ok
    17:44:47.0271 4652 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
    17:44:47.0280 4652 vhdmp - ok
    17:44:47.0297 4652 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
    17:44:47.0301 4652 viaide - ok
    17:44:47.0314 4652 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
    17:44:47.0316 4652 volmgr - ok
    17:44:47.0345 4652 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
    17:44:47.0359 4652 volmgrx - ok
    17:44:47.0380 4652 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
    17:44:47.0395 4652 volsnap - ok
    17:44:47.0421 4652 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
    17:44:47.0430 4652 vsmraid - ok
    17:44:47.0510 4652 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
    17:44:47.0562 4652 VSS - ok
    17:44:47.0640 4652 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
    17:44:47.0642 4652 vwifibus - ok
    17:44:47.0662 4652 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
    17:44:47.0664 4652 vwififlt - ok
    17:44:47.0702 4652 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
    17:44:47.0716 4652 W32Time - ok
    17:44:47.0734 4652 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
    17:44:47.0737 4652 WacomPen - ok
    17:44:47.0766 4652 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    17:44:47.0768 4652 WANARP - ok
    17:44:47.0771 4652 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    17:44:47.0772 4652 Wanarpv6 - ok
    17:44:47.0862 4652 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
    17:44:47.0889 4652 WatAdminSvc - ok
    17:44:47.0964 4652 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
    17:44:47.0992 4652 wbengine - ok
    17:44:48.0083 4652 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
    17:44:48.0098 4652 WbioSrvc - ok
    17:44:48.0127 4652 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
    17:44:48.0140 4652 wcncsvc - ok
    17:44:48.0156 4652 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
    17:44:48.0160 4652 WcsPlugInService - ok
    17:44:48.0196 4652 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
    17:44:48.0199 4652 Wd - ok
    17:44:48.0238 4652 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
    17:44:48.0256 4652 Wdf01000 - ok
    17:44:48.0269 4652 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
    17:44:48.0273 4652 WdiServiceHost - ok
    17:44:48.0277 4652 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
    17:44:48.0281 4652 WdiSystemHost - ok
    17:44:48.0308 4652 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
    17:44:48.0321 4652 WebClient - ok
    17:44:48.0345 4652 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
    17:44:48.0350 4652 Wecsvc - ok
    17:44:48.0369 4652 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
    17:44:48.0374 4652 wercplsupport - ok
    17:44:48.0405 4652 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
    17:44:48.0409 4652 WerSvc - ok
    17:44:48.0436 4652 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
    17:44:48.0438 4652 WfpLwf - ok
    17:44:48.0452 4652 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
    17:44:48.0454 4652 WIMMount - ok
    17:44:48.0474 4652 WinDefend - ok
    17:44:48.0481 4652 WinHttpAutoProxySvc - ok
    17:44:48.0527 4652 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
    17:44:48.0535 4652 Winmgmt - ok
    17:44:48.0646 4652 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
    17:44:48.0692 4652 WinRM - ok
    17:44:48.0809 4652 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
    17:44:48.0834 4652 Wlansvc - ok
    17:44:48.0905 4652 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
    17:44:48.0907 4652 wlcrasvc - ok
    17:44:49.0032 4652 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    17:44:49.0073 4652 wlidsvc - ok
    17:44:49.0137 4652 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
    17:44:49.0139 4652 WmiAcpi - ok
    17:44:49.0191 4652 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
    17:44:49.0199 4652 wmiApSrv - ok
    17:44:49.0225 4652 WMPNetworkSvc - ok
    17:44:49.0240 4652 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
    17:44:49.0244 4652 WPCSvc - ok
    17:44:49.0259 4652 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
    17:44:49.0265 4652 WPDBusEnum - ok
    17:44:49.0283 4652 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
    17:44:49.0285 4652 ws2ifsl - ok
    17:44:49.0301 4652 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
    17:44:49.0306 4652 wscsvc - ok
    17:44:49.0309 4652 WSearch - ok
    17:44:49.0409 4652 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
    17:44:49.0452 4652 wuauserv - ok
    17:44:49.0524 4652 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
    17:44:49.0527 4652 WudfPf - ok
    17:44:49.0547 4652 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
    17:44:49.0551 4652 WUDFRd - ok
    17:44:49.0572 4652 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
    17:44:49.0577 4652 wudfsvc - ok
    17:44:49.0606 4652 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
    17:44:49.0621 4652 WwanSvc - ok
    17:44:49.0654 4652 MBR (0x1B8) (770cce6256b91d6baf8c7736697c4d63) \Device\Harddisk0\DR0
    17:44:49.0697 4652 \Device\Harddisk0\DR0 - ok
    17:44:49.0738 4652 Boot (0x1200) (04d13beb74fc4aa1c9c4bceafbddcd21) \Device\Harddisk0\DR0\Partition0
    17:44:49.0740 4652 \Device\Harddisk0\DR0\Partition0 - ok
    17:44:49.0750 4652 Boot (0x1200) (806391136c27772ee62c429b4efb7bc3) \Device\Harddisk0\DR0\Partition1
    17:44:49.0752 4652 \Device\Harddisk0\DR0\Partition1 - ok
    17:44:49.0781 4652 Boot (0x1200) (2b31fb861962e6211bd842c5262f0a32) \Device\Harddisk0\DR0\Partition2
    17:44:49.0783 4652 \Device\Harddisk0\DR0\Partition2 - ok
    17:44:49.0784 4652 ============================================================
    17:44:49.0784 4652 Scan finished
    17:44:49.0784 4652 ============================================================
    17:44:49.0792 3760 Detected object count: 0
    17:44:49.0792 3760 Actual detected object count: 0
  11. Broni

    Broni Malware Annihilator Posts: 46,143   +251

    Download the FixTDSS.exe

    Save the file to your Windows desktop.
    Close all running programs.
    If you are running Windows XP, turn off System Restore. How to turn off or turn on Windows XP System Restore
    Double-click the FixTDSS.exe file to start the removal tool.
    Click Start to begin the process, and then allow the tool to run.
    OK any security prompts.
    Restart the computer when prompted by the tool.
    After the computer has started, the tool will inform you of the state of infection (make sure to let me know what it said)
    If you are running Windows XP, re-enable System Restore.
     
  12. themom

    themom Newcomer, in training Topic Starter Posts: 19

    Thanks. I am using Windows 7.
    I ran the FixTDSS tool. It restarted my computer and scanned - result said: No infections were found
  13. Broni

    Broni Malware Annihilator Posts: 46,143   +251

    Very well.

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
  14. themom

    themom Newcomer, in training Topic Starter Posts: 19

    Thanks - Downloaded and ran Combofix.

    Here's the report:

    ComboFix 12-05-06.03 - Phyllis 05/06/2012 22:27:52.1.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3983.2626 [GMT -4:00]
    Running from: c:\users\Phyllis\Desktop\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\install.exe
    c:\programdata\Roaming
    c:\users\Phyllis\AppData\Local\assembly\tmp
    c:\windows\system32\Thumbs.db
    Q:\Autorun.inf
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-04-07 to 2012-05-07 )))))))))))))))))))))))))))))))
    .
    .
    2012-05-05 16:54 . 2012-05-05 16:54 -------- d-----w- c:\program files (x86)\ESET
    2012-05-04 00:33 . 2012-05-04 00:33 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
    2012-05-04 00:33 . 2012-05-04 00:33 588728 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
    2012-05-04 00:33 . 2012-05-04 00:33 157352 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
    2012-05-04 00:33 . 2012-05-04 00:33 129976 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
    2012-05-04 00:33 . 2012-05-04 00:33 43960 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
    2012-05-03 03:06 . 2012-05-03 03:06 -------- d-----w- c:\program files (x86)\AppsPro
    2012-04-21 16:38 . 2012-04-21 16:38 -------- d-----w- c:\users\Phyllis\AppData\Local\Diagnostics
    2012-04-18 06:06 . 2012-04-18 06:06 -------- d-----w- c:\users\Phyllis\AppData\Roaming\Greenshot
    2012-04-10 23:00 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
    2012-04-10 23:00 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
    2012-04-10 23:00 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
    2012-04-10 23:00 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
    2012-04-10 23:00 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
    2012-04-10 23:00 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
    2012-04-10 23:00 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
    2012-04-10 22:04 . 2012-04-10 22:04 -------- d--h--w- c:\programdata\CanonIJEGV
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-04-04 19:56 . 2011-12-31 18:42 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-03-09 23:39 . 2011-11-24 13:56 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2012-03-06 23:15 . 2012-01-31 05:15 41184 ----a-w- c:\windows\avastSS.scr
    2012-03-06 23:15 . 2012-01-31 05:15 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe
    2012-03-06 23:15 . 2012-01-31 05:15 258520 ----a-w- c:\windows\system32\aswBoot.exe
    2012-03-06 23:04 . 2012-01-31 05:15 819032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2012-03-06 23:04 . 2012-01-31 05:15 337240 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2012-03-06 23:02 . 2012-02-24 13:18 53080 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
    2012-03-06 23:01 . 2012-01-31 05:15 59224 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2012-03-06 23:01 . 2012-01-31 05:15 69976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2012-03-06 23:01 . 2012-01-31 05:15 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2012-03-02 06:33 . 2012-03-02 06:33 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
    2012-03-02 06:33 . 2012-03-02 06:33 161792 ----a-w- c:\windows\SysWow64\msls31.dll
    2012-03-02 06:33 . 2012-03-02 06:33 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
    2012-03-02 06:33 . 2012-03-02 06:33 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
    2012-03-02 06:33 . 2012-03-02 06:33 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
    2012-03-02 06:33 . 2012-03-02 06:33 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
    2012-03-02 06:33 . 2012-03-02 06:33 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
    2012-03-02 06:33 . 2012-03-02 06:33 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
    2012-03-02 06:33 . 2012-03-02 06:33 367104 ----a-w- c:\windows\SysWow64\html.iec
    2012-03-02 06:33 . 2012-03-02 06:33 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
    2012-03-02 06:33 . 2012-03-02 06:33 152064 ----a-w- c:\windows\SysWow64\wextract.exe
    2012-03-02 06:33 . 2012-03-02 06:33 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
    2012-03-02 06:33 . 2012-03-02 06:33 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
    2012-03-02 06:33 . 2012-03-02 06:33 11776 ----a-w- c:\windows\SysWow64\mshta.exe
    2012-03-02 06:33 . 2012-03-02 06:33 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
    2012-03-02 06:33 . 2012-03-02 06:33 101888 ----a-w- c:\windows\SysWow64\admparse.dll
    2012-03-02 06:33 . 2012-03-02 06:33 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
    2012-03-02 06:33 . 2012-03-02 06:33 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
    2012-03-02 06:33 . 2012-03-02 06:33 76800 ----a-w- c:\windows\system32\tdc.ocx
    2012-03-02 06:33 . 2012-03-02 06:33 49664 ----a-w- c:\windows\system32\imgutil.dll
    2012-03-02 06:33 . 2012-03-02 06:33 48640 ----a-w- c:\windows\system32\mshtmler.dll
    2012-03-02 06:33 . 2012-03-02 06:33 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
    2012-03-02 06:33 . 2012-03-02 06:33 222208 ----a-w- c:\windows\system32\msls31.dll
    2012-03-02 06:33 . 2012-03-02 06:33 173056 ----a-w- c:\windows\system32\ieUnatt.exe
    2012-03-02 06:33 . 2012-03-02 06:33 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
    2012-03-02 06:33 . 2012-03-02 06:33 12288 ----a-w- c:\windows\system32\mshta.exe
    2012-03-02 06:33 . 2012-03-02 06:33 114176 ----a-w- c:\windows\system32\admparse.dll
    2012-03-02 06:33 . 2012-03-02 06:33 111616 ----a-w- c:\windows\system32\iesysprep.dll
    2012-03-02 06:33 . 2012-03-02 06:33 85504 ----a-w- c:\windows\system32\iesetup.dll
    2012-03-02 06:33 . 2012-03-02 06:33 603648 ----a-w- c:\windows\system32\vbscript.dll
    2012-03-02 06:33 . 2012-03-02 06:33 448512 ----a-w- c:\windows\system32\html.iec
    2012-03-02 06:33 . 2012-03-02 06:33 30720 ----a-w- c:\windows\system32\licmgr10.dll
    2012-03-02 06:33 . 2012-03-02 06:33 165888 ----a-w- c:\windows\system32\iexpress.exe
    2012-03-02 06:33 . 2012-03-02 06:33 160256 ----a-w- c:\windows\system32\wextract.exe
    2012-02-17 06:38 . 2012-03-14 01:45 1031680 ----a-w- c:\windows\system32\rdpcore.dll
    2012-02-17 05:34 . 2012-03-14 01:45 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
    2012-02-17 04:58 . 2012-03-14 01:45 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2012-02-17 04:57 . 2012-03-14 01:45 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
    2012-02-14 16:09 . 2012-02-14 16:09 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
    2012-02-10 06:36 . 2012-03-14 01:45 1544192 ----a-w- c:\windows\system32\DWrite.dll
    2012-02-10 05:38 . 2012-03-14 01:45 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "RotateImage"="c:\program files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe" [2008-10-30 55808]
    "PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2011-03-23 1544040]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
    "CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-09-14 1213848]
    "IJNetworkScannerSelectorEX"="c:\program files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe" [2010-09-09 452016]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2010-12-18 1202976]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux1"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 HyperW7Svc;HyperW7 Service;c:\program files\Lenovo\RapidBoot\HyperW7Svc64.exe [2010-12-03 116072]
    R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [x]
    R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
    R3 DozeSvc;Lenovo Doze Mode Service;c:\program files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2011-03-23 477032]
    R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-04 129976]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
    R3 PCDSRVC{127174DC-C366ED8B-06020101}_0;PCDSRVC{127174DC-C366ED8B-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor\pcdsrvc_x64.pkms [2010-12-09 25072]
    R3 pmxdrv;pmxdrv;c:\windows\system32\drivers\pmxdrv.sys [x]
    R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2011-03-23 79208]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
    S0 DzHDD64;DzHDD64;c:\windows\System32\DRIVERS\DzHDD64.sys [x]
    S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys [x]
    S1 aswSnx;aswSnx; [x]
    S1 aswSP;aswSP; [x]
    S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys [x]
    S1 PHCORE;PHCORE;c:\program files\Lenovo\RapidBoot\PHCORE64.SYS [2010-12-03 31592]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
    S2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2010-11-29 210896]
    S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [2011-02-26 40808]
    S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2010-11-24 45496]
    S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [2011-02-26 59240]
    S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2010-04-07 93032]
    S2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe [2011-10-10 341296]
    S2 risdxc;risdxc;c:\windows\system32\DRIVERS\risdxc64.sys [x]
    S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [2010-12-03 114024]
    S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2010-12-02 64440]
    S3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys [x]
    S3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [x]
    S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
    S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
    S3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
    S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys [x]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-05-07 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
    - c:\program files\PC-Doctor\uaclauncher.exe [2010-12-09 22:52]
    .
    2012-05-07 c:\windows\Tasks\SystemToolsDailyTest.job
    - c:\program files\PC-Doctor\pcdrcui.exe [2010-12-09 22:52]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2012-03-06 23:15 135408 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "TpShocks"="TpShocks.exe" [2010-12-09 380776]
    "ForteConfig"="c:\program files\Conexant\ForteConfig\fmapp.exe" [2010-10-26 49056]
    "SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-04-28 307768]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-11 167960]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-11 391704]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-11 418840]
    "LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2011-02-26 41320]
    "ALCKRESI.EXE"="c:\program files\Lenovo\AutoLock\ALCKRESI.EXE" [2010-12-17 281448]
    "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-07-26 2782096]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://lenovo.msn.com
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105
    TCP: DhcpNameServer = 192.168.1.1
    FF - ProfilePath - c:\users\Phyllis\AppData\Roaming\Mozilla\Firefox\Profiles\o0rm330n.default\
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    Toolbar-Locked - (no file)
    HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{127174DC-C366ED8B-06020101}_0]
    "ImagePath"="\??\c:\program files\pc-doctor\pcdsrvc_x64.pkms"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker3"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2012-05-06 22:33:33
    ComboFix-quarantined-files.txt 2012-05-07 02:33
    .
    Pre-Run: 415,676,043,264 bytes free
    Post-Run: 415,306,223,616 bytes free
    .
    - - End Of File - - 58B6E16CA2FA660985E893F81E22E818
  15. Broni

    Broni Malware Annihilator Posts: 46,143   +251

    Looks good.

    Any current issues?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\tasks\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /I " " /c
    dir /b "%systemroot%\*.exe" | find /I " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  16. themom

    themom Newcomer, in training Topic Starter Posts: 19

    Here are the OTL files. I had downloaded OTL earlier today before I contacted you, and ran it, but did not do anything based on that scan.

    The OTL text file is from the scan just now. No Extras file was created just now; so I will paste the Extras log from when I ran it earlier today (into another post - too long to include here). Hope that's not a problem.



    OTL Text file:

    OTL logfile created on: 5/6/2012 11:46:19 PM - Run 2
    OTL by OldTimer - Version 3.2.42.3 Folder = C:\Users\Phyllis\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.89 Gb Total Physical Memory | 2.44 Gb Available Physical Memory | 62.75% Memory free
    7.78 Gb Paging File | 6.24 Gb Available in Paging File | 80.23% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 448.96 Gb Total Space | 386.85 Gb Free Space | 86.17% Space Free | Partition Type: NTFS
    Drive Q: | 15.62 Gb Total Space | 7.12 Gb Free Space | 45.59% Space Free | Partition Type: NTFS

    Computer Name: NFS | User Name: Phyllis | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/05/06 14:41:21 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Phyllis\Desktop\OTL.exe
    PRC - [2012/03/06 19:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
    PRC - [2012/03/06 19:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    PRC - [2011/02/25 21:46:30 | 000,059,240 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
    PRC - [2011/02/25 21:46:28 | 000,041,320 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
    PRC - [2011/02/25 21:46:14 | 000,040,808 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe
    PRC - [2010/12/29 02:18:32 | 000,137,656 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ZOOM\TpScrex.exe
    PRC - [2010/12/29 02:18:14 | 000,259,432 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
    PRC - [2010/12/16 22:36:18 | 000,281,448 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe
    PRC - [2010/12/14 17:07:36 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe
    PRC - [2010/12/01 23:55:56 | 000,064,440 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
    PRC - [2010/11/29 15:10:32 | 000,210,896 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
    PRC - [2010/11/24 03:34:26 | 000,045,496 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\micmute.exe
    PRC - [2010/11/18 19:47:52 | 000,446,592 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\SysWOW64\SASrv.exe
    PRC - [2010/09/14 19:09:52 | 001,213,848 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
    PRC - [2010/09/09 15:38:16 | 000,452,016 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
    PRC - [2010/04/07 01:37:40 | 000,093,032 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
    PRC - [2010/04/01 01:50:46 | 000,043,960 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
    PRC - [2010/03/11 17:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
    PRC - [2008/01/10 15:13:50 | 000,061,440 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe


    ========== Modules (No Company Name) ==========

    MOD - [2010/04/06 12:05:16 | 002,085,888 | ---- | M] () -- C:\Program Files\Lenovo\AutoLock\cv210.dll
    MOD - [2010/04/06 12:04:06 | 002,201,088 | ---- | M] () -- C:\Program Files\Lenovo\AutoLock\cxcore210.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2012/03/06 19:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
    SRV:64bit: - [2011/10/10 09:32:14 | 000,341,296 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe -- (NitroReaderDriverReadSpool2)
    SRV:64bit: - [2011/02/25 21:46:30 | 000,059,240 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe -- (LENOVO.TPKNRSVC)
    SRV:64bit: - [2011/02/25 21:46:14 | 000,040,808 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe -- (LENOVO.CAMMUTE)
    SRV:64bit: - [2010/12/18 18:50:36 | 000,962,848 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe -- (btwdins)
    SRV:64bit: - [2010/12/17 17:41:32 | 001,515,792 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel(R)
    SRV:64bit: - [2010/12/17 17:26:50 | 000,836,880 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel(R)
    SRV:64bit: - [2010/12/15 19:46:46 | 000,047,728 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Windows\SysNative\TPHDEXLG64.exe -- (TPHDEXLGSVC)
    SRV:64bit: - [2010/12/03 16:01:54 | 000,116,072 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\RapidBoot\HyperW7Svc64.exe -- (HyperW7Svc)
    SRV:64bit: - [2010/12/02 22:00:56 | 000,114,024 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\tphkload.exe -- (TPHKLOAD)
    SRV:64bit: - [2010/12/01 23:55:56 | 000,064,440 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
    SRV:64bit: - [2010/11/24 03:34:26 | 000,045,496 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
    SRV:64bit: - [2010/11/12 05:48:50 | 000,045,928 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Windows\SysNative\ibmpmsvc.exe -- (IBMPMSVC)
    SRV:64bit: - [2010/09/22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
    SRV:64bit: - [2010/04/07 01:37:40 | 000,093,032 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe -- (Lenovo.VIRTSCRLSVC)
    SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2012/05/03 20:33:32 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2011/03/23 14:48:00 | 000,477,032 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE -- (DozeSvc)
    SRV - [2011/03/23 14:48:00 | 000,079,208 | ---- | M] (Lenovo) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service)
    SRV - [2010/12/14 17:07:36 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe -- (SUService)
    SRV - [2010/11/29 15:10:32 | 000,210,896 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe -- (jhi_service) Intel(R)
    SRV - [2010/11/18 19:47:52 | 000,446,592 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\SASrv.exe -- (SAService)
    SRV - [2010/03/18 17:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/03/11 17:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
    SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2008/01/10 15:13:50 | 000,061,440 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/03/06 19:04:06 | 000,819,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
    DRV:64bit: - [2012/03/06 19:04:04 | 000,337,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
    DRV:64bit: - [2012/03/06 19:02:20 | 000,053,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
    DRV:64bit: - [2012/03/06 19:01:57 | 000,059,224 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
    DRV:64bit: - [2012/03/06 19:01:52 | 000,069,976 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
    DRV:64bit: - [2012/03/06 19:01:32 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2011/06/11 15:44:12 | 000,031,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pmxdrv.sys -- (pmxdrv)
    DRV:64bit: - [2011/03/23 14:48:00 | 000,031,344 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\DZHDD64.SYS -- (DzHDD64)
    DRV:64bit: - [2011/03/23 14:48:00 | 000,014,960 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\TPPWR64V.SYS -- (TPPWRIF)
    DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2011/03/10 23:10:38 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
    DRV:64bit: - [2011/03/10 23:10:30 | 012,264,384 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2011/02/17 06:25:02 | 001,419,824 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
    DRV:64bit: - [2010/12/21 12:08:48 | 008,505,856 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel(R)
    DRV:64bit: - [2010/12/20 12:31:00 | 000,316,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress) Intel(R)
    DRV:64bit: - [2010/12/18 20:58:00 | 000,425,000 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (BTWAMPFL)
    DRV:64bit: - [2010/12/18 20:57:34 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
    DRV:64bit: - [2010/12/18 20:57:34 | 000,021,416 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
    DRV:64bit: - [2010/12/18 20:57:32 | 000,162,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
    DRV:64bit: - [2010/12/18 20:57:32 | 000,145,960 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
    DRV:64bit: - [2010/12/15 19:45:16 | 000,139,888 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsX64.sys -- (Shockprf)
    DRV:64bit: - [2010/12/15 19:43:00 | 000,023,664 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsHM64.sys -- (TPDIGIMN)
    DRV:64bit: - [2010/12/14 23:12:00 | 000,098,816 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdxc64.sys -- (risdxc)
    DRV:64bit: - [2010/12/09 18:52:42 | 000,025,072 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\PC-Doctor\pcdsrvc_x64.pkms -- (PCDSRVC{127174DC-C366ED8B-06020101}_0)
    DRV:64bit: - [2010/12/03 16:56:26 | 000,167,680 | ---- | M] (Ricoh co.,Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\5U877.sys -- (5U877)
    DRV:64bit: - [2010/12/03 16:01:58 | 000,031,592 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Program Files\Lenovo\RapidBoot\PHCORE64.sys -- (PHCORE)
    DRV:64bit: - [2010/11/23 02:50:12 | 001,567,360 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
    DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
    DRV:64bit: - [2010/11/12 05:48:30 | 000,039,024 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ibmpmdrv.sys -- (IBMPMDRV)
    DRV:64bit: - [2010/11/05 10:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV:64bit: - [2010/10/19 03:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
    DRV:64bit: - [2010/09/07 01:09:36 | 000,015,472 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\smiifx64.sys -- (lenovo.smi)
    DRV:64bit: - [2009/12/02 03:33:30 | 000,040,512 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\psadd.sys -- (psadd)
    DRV:64bit: - [2009/09/24 07:58:38 | 000,041,536 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tvti2c.sys -- (TVTI2C)
    DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/13 19:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
    DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6E38C797-AFC3-4442-98AD-381A75EAE991}
    IE:64bit: - HKLM\..\SearchScopes\{6E38C797-AFC3-4442-98AD-381A75EAE991}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope = {8F70795D-A81A-45A7-AC1C-3666D6ED2C16}
    IE - HKLM\..\SearchScopes\{8F70795D-A81A-45A7-AC1C-3666D6ED2C16}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-1478937716-2209226944-2744063154-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad [binary data]
    IE - HKU\S-1-5-21-1478937716-2209226944-2744063154-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com
    IE - HKU\S-1-5-21-1478937716-2209226944-2744063154-1000\..\SearchScopes,DefaultScope = {8F70795D-A81A-45A7-AC1C-3666D6ED2C16}
    IE - HKU\S-1-5-21-1478937716-2209226944-2744063154-1000\..\SearchScopes\{5A760930-AC1D-460A-84CB-74A6CAAD087D}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=827316&p={searchTerms}
    IE - HKU\S-1-5-21-1478937716-2209226944-2744063154-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - user.js - File not found

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/04/12 16:32:43 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/05/03 20:33:33 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

    [2011/06/17 20:06:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Phyllis\AppData\Roaming\Mozilla\Extensions
    [2012/05/05 18:26:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Phyllis\AppData\Roaming\Mozilla\Firefox\Profiles\o0rm330n.default\extensions
    [2012/03/15 08:19:37 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\Phyllis\AppData\Roaming\Mozilla\Firefox\Profiles\o0rm330n.default\extensions\firefox@ghostery.com
    [2012/05/03 20:33:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2012/05/05 18:26:26 | 000,523,514 | ---- | M] () (No name found) -- C:\USERS\PHYLLIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\O0RM330N.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
    [2012/01/05 20:48:27 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\PHYLLIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\O0RM330N.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
    [2012/01/21 11:22:52 | 000,138,614 | ---- | M] () (No name found) -- C:\USERS\PHYLLIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\O0RM330N.DEFAULT\EXTENSIONS\{D40F5E7B-D2CF-4856-B441-CC613EEFFBE3}.XPI
    [2012/05/03 20:33:33 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2012/05/03 20:33:30 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2012/05/03 20:33:30 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

    O1 HOSTS File: ([2012/05/06 22:31:46 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O4:64bit: - HKLM..\Run: [ALCKRESI.EXE] C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe (Lenovo Group Limited)
    O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
    O4:64bit: - HKLM..\Run: [ForteConfig] C:\Program Files\CONEXANT\ForteConfig\fmapp.exe ()
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe (Lenovo Group Limited)
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
    O4:64bit: - HKLM..\Run: [TpShocks] C:\Windows\SysNative\TpShocks.exe (Lenovo.)
    O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
    O4 - HKLM..\Run: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.)
    O4 - HKLM..\Run: [PWMTRV] C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL (Lenovo Group Limited)
    O4 - HKLM..\Run: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe (Ricoh co.,Ltd.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1478937716-2209226944-2744063154-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1478937716-2209226944-2744063154-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
    O7 - HKU\S-1-5-21-1478937716-2209226944-2744063154-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9:64bit: - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
    O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3FE6FCD2-9F2A-4308-AE95-1143E7E2F843}: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A591355A-969F-4A51-B9ED-0402AF95838B}: DhcpNameServer = 192.168.6.1 64.134.255.2 64.134.255.10
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


    Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.dvacm - C:\Program Files (x86)\Common Files\Ulead Systems\vio\DVACM.acm (Ulead Systems, Inc.)
    Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.mpegacm - C:\Program Files (x86)\Common Files\Ulead Systems\MPEG\MPEGACM.acm (Ulead Systems, Inc.)
    Drivers32: msacm.ulmp3acm - C:\Program Files (x86)\Common Files\Ulead Systems\MPEG\ulmp3acm.acm (Ulead systems)
    Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/05/06 22:33:34 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012/05/06 22:27:06 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/05/06 22:27:06 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/05/06 22:27:06 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/05/06 22:27:02 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2012/05/06 22:27:00 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/05/06 22:17:18 | 004,485,787 | R--- | C] (Swearware) -- C:\Users\Phyllis\Desktop\ComboFix.exe
    [2012/05/06 21:42:26 | 001,932,256 | ---- | C] (Symantec Corporation) -- C:\Users\Phyllis\Desktop\FixTDSS.exe
    [2012/05/06 17:43:36 | 000,000,000 | ---D | C] -- C:\Users\Phyllis\Desktop\tdsskiller
    [2012/05/06 16:52:13 | 000,000,000 | ---D | C] -- C:\Config.Msi
    [2012/05/06 16:25:44 | 000,000,000 | ---D | C] -- C:\Users\Phyllis\Desktop\bootkit_remover
    [2012/05/06 16:13:39 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Phyllis\Desktop\aswMBR.exe
    [2012/05/06 14:41:13 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Phyllis\Desktop\OTL.exe
    [2012/05/05 13:38:25 | 000,000,000 | ---D | C] -- C:\Users\Phyllis\Documents\Computer - maintenance
    [2012/05/05 12:54:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
    [2012/05/03 20:33:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
    [2012/05/03 20:33:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
    [2012/05/02 23:06:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AppsPro
    [2012/04/21 12:38:30 | 000,000,000 | ---D | C] -- C:\Users\Phyllis\AppData\Local\Diagnostics
    [2012/04/18 02:06:46 | 000,000,000 | ---D | C] -- C:\Users\Phyllis\AppData\Roaming\Greenshot
    [2012/04/10 18:04:33 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJEGV

    ========== Files - Modified Within 30 Days ==========

    [2012/05/06 23:42:00 | 000,000,382 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
    [2012/05/06 23:39:00 | 000,000,528 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
    [2012/05/06 22:31:46 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2012/05/06 22:17:21 | 004,485,787 | R--- | M] (Swearware) -- C:\Users\Phyllis\Desktop\ComboFix.exe
    [2012/05/06 21:55:34 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/05/06 21:55:34 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/05/06 21:54:52 | 000,025,767 | ---- | M] () -- C:\Users\Phyllis\Desktop\FixTDSS no inf found.GIF
    [2012/05/06 21:47:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/05/06 21:47:36 | 3132,542,976 | -HS- | M] () -- C:\hiberfil.sys
    [2012/05/06 21:42:27 | 001,932,256 | ---- | M] (Symantec Corporation) -- C:\Users\Phyllis\Desktop\FixTDSS.exe
    [2012/05/06 20:14:32 | 000,624,412 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012/05/06 20:14:32 | 000,106,756 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012/05/06 20:14:31 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012/05/06 17:42:12 | 002,055,783 | ---- | M] () -- C:\Users\Phyllis\Desktop\tdsskiller.zip
    [2012/05/06 16:52:32 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
    [2012/05/06 16:23:25 | 000,044,607 | ---- | M] () -- C:\Users\Phyllis\Desktop\bootkit_remover.zip
    [2012/05/06 16:22:53 | 000,000,512 | ---- | M] () -- C:\Users\Phyllis\Desktop\MBR.dat
    [2012/05/06 16:13:46 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Phyllis\Desktop\aswMBR.exe
    [2012/05/06 14:41:21 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Phyllis\Desktop\OTL.exe
    [2012/05/03 22:42:47 | 000,007,607 | ---- | M] () -- C:\Users\Phyllis\AppData\Local\Resmon.ResmonCfg
    [2012/05/03 20:10:27 | 000,001,124 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/05/01 07:57:17 | 000,744,030 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2012/04/29 23:31:23 | 000,108,565 | ---- | M] () -- C:\Users\Phyllis\Documents\Dont just sit there.pdf
    [2012/04/12 16:32:44 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt

    ========== Files Created - No Company Name ==========

    [2012/05/06 22:27:06 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/05/06 22:27:06 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/05/06 22:27:06 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/05/06 22:27:06 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/05/06 22:27:06 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/05/06 21:54:52 | 000,025,767 | ---- | C] () -- C:\Users\Phyllis\Desktop\FixTDSS no inf found.GIF
    [2012/05/06 17:42:11 | 002,055,783 | ---- | C] () -- C:\Users\Phyllis\Desktop\tdsskiller.zip
    [2012/05/06 16:23:23 | 000,044,607 | ---- | C] () -- C:\Users\Phyllis\Desktop\bootkit_remover.zip
    [2012/05/06 16:22:53 | 000,000,512 | ---- | C] () -- C:\Users\Phyllis\Desktop\MBR.dat
    [2012/05/03 22:42:47 | 000,007,607 | ---- | C] () -- C:\Users\Phyllis\AppData\Local\Resmon.ResmonCfg
    [2012/04/29 23:31:23 | 000,108,565 | ---- | C] () -- C:\Users\Phyllis\Documents\Dont just sit there.pdf
    [2011/07/03 21:27:55 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
    [2011/06/17 21:29:33 | 000,744,030 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2011/06/11 15:48:56 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
    [2011/06/11 15:48:56 | 000,213,332 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
    [2011/06/11 15:48:55 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
    [2011/06/11 15:29:35 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll

    ========== LOP Check ==========

    [2011/06/24 09:45:22 | 000,000,000 | ---D | M] -- C:\Users\Client\AppData\Roaming\PwrMgr
    [2011/06/17 23:47:07 | 000,000,000 | ---D | M] -- C:\Users\Evan\AppData\Roaming\PwrMgr
    [2012/02/13 19:09:06 | 000,000,000 | ---D | M] -- C:\Users\Phyllis\AppData\Roaming\AeroFS
    [2012/01/10 17:22:18 | 000,000,000 | ---D | M] -- C:\Users\Phyllis\AppData\Roaming\AeroFSExec
    [2012/03/07 09:25:00 | 000,000,000 | ---D | M] -- C:\Users\Phyllis\AppData\Roaming\Canon
    [2011/11/30 04:40:43 | 000,000,000 | ---D | M] -- C:\Users\Phyllis\AppData\Roaming\Downloaded Installations
    [2012/04/18 02:06:46 | 000,000,000 | ---D | M] -- C:\Users\Phyllis\AppData\Roaming\Greenshot
    [2012/05/02 21:04:33 | 000,000,000 | ---D | M] -- C:\Users\Phyllis\AppData\Roaming\Nitro PDF
    [2011/09/12 23:44:53 | 000,000,000 | ---D | M] -- C:\Users\Phyllis\AppData\Roaming\pdfforge
    [2011/06/17 23:46:59 | 000,000,000 | ---D | M] -- C:\Users\Phyllis\AppData\Roaming\PwrMgr
    [2012/05/06 23:39:00 | 000,000,528 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
    [2012/03/13 08:04:46 | 000,032,616 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
    [2012/05/06 23:42:00 | 000,000,382 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job

    ========== Purity Check ==========



    ========== Custom Scans ==========

    < %SYSTEMDRIVE%\*.* >
    [2010/11/20 23:23:51 | 000,383,786 | RHS- | M] () -- C:\bootmgr
    [2011/02/15 05:42:44 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
    [2012/05/06 22:33:33 | 000,019,314 | ---- | M] () -- C:\ComboFix.txt
    [2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
    [2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
    [2007/11/07 09:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
    [2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
    [2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
    [2007/11/07 09:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
    [2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
    [2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
    [2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
    [2007/11/07 09:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
    [2012/05/06 21:47:36 | 3132,542,976 | -HS- | M] () -- C:\hiberfil.sys
    [2007/11/07 09:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
    [2007/11/07 09:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
    [2007/11/07 09:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
    [2007/11/07 09:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
    [2007/11/07 09:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
    [2007/11/07 09:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
    [2007/11/07 09:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
    [2007/11/07 09:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
    [2007/11/07 09:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
    [2007/11/07 09:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
    [2006/12/02 02:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
    [2012/05/06 21:47:43 | 4176,723,968 | -HS- | M] () -- C:\pagefile.sys
    [2011/06/11 15:44:08 | 000,000,211 | ---- | M] () -- C:\setup.log
    [2012/05/06 21:44:14 | 000,130,116 | ---- | M] () -- C:\TDSSKiller.2.7.34.0_06.05.2012_17.43.59_log.txt
    [2007/11/07 09:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
    [2007/11/07 09:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
    [2007/11/07 09:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI

    < %systemroot%\Fonts\*.com >
    [2009/07/14 01:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2009/07/14 01:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2009/07/14 01:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2009/07/14 01:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2009/06/10 16:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2012/03/06 19:15:19 | 000,041,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
    [2010/11/10 05:28:46 | 000,301,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2009/07/14 00:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2012/03/02 07:58:31 | 000,000,221 | -HS- | M] () -- C:\Users\Phyllis\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2012/05/06 16:13:46 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Phyllis\Desktop\aswMBR.exe
    [2012/05/06 22:17:21 | 004,485,787 | R--- | M] (Swearware) -- C:\Users\Phyllis\Desktop\ComboFix.exe
    [2012/05/06 21:42:27 | 001,932,256 | ---- | M] (Symantec Corporation) -- C:\Users\Phyllis\Desktop\FixTDSS.exe
    [2012/05/06 14:41:21 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Phyllis\Desktop\OTL.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\tasks\*.* >
    [2012/05/06 23:39:00 | 000,000,528 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
    [2012/05/06 21:47:51 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
    [2012/03/13 08:04:46 | 000,032,616 | ---- | M] () -- C:\Windows\tasks\SCHEDLGU.TXT
    [2012/05/06 23:42:00 | 000,000,382 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >
    [2009/06/10 17:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\ADDINS\FXSEXT.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2011/11/19 12:36:14 | 000,000,402 | -HS- | M] () -- C:\Users\Phyllis\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2011/07/03 21:27:55 | 000,000,952 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /I " " /c >

    < dir /b "%systemroot%\*.exe" | find /I " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

    < End of report >
  17. themom

    themom Newcomer, in training Topic Starter Posts: 19

    Extras file from earlier today


    OTL Extras logfile created on: 5/6/2012 2:43:59 PM - Run 1
    OTL by OldTimer - Version 3.2.42.3 Folder = C:\Users\Phyllis\Downloads
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.89 Gb Total Physical Memory | 1.74 Gb Available Physical Memory | 44.77% Memory free
    7.78 Gb Paging File | 5.62 Gb Available in Paging File | 72.29% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 448.96 Gb Total Space | 387.62 Gb Free Space | 86.34% Space Free | Partition Type: NTFS
    Drive Q: | 15.62 Gb Total Space | 7.12 Gb Free Space | 45.59% Space Free | Partition Type: NTFS

    Computer Name: NFS | User Name: Phyllis | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{14655420-C0FB-492D-84F1-017A986B4AC6}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{2DD21FBE-7204-42E9-A481-C6C8903B6E30}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
    "{2FCA6C6A-AF24-4B83-B329-70A8B84F8E0B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{30FACFC6-E96C-451A-B5B0-B3D9527BDB96}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{3396A476-FD85-4F65-B220-112E9A265500}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{38F99D92-727F-4AB8-B2AE-5702CAE08718}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{67E7EEEA-6ED1-48E1-BFD9-8A57E924632E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{890F3381-6DEC-4049-9A7B-3ABB6DBBBD90}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{8ACA3F09-73CF-4E5B-8116-51FEF865570A}" = rport=137 | protocol=17 | dir=out | app=system |
    "{9C7BB89E-9457-446A-986F-A0699A1F0D7E}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
    "{A4A687AF-284E-4E34-A28F-9FB39770FA3A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{B343CCD3-1863-4557-8D65-42F6896CBDDD}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{B8521A57-6BB6-4585-9C81-9A211A4CC9BD}" = lport=138 | protocol=17 | dir=in | app=system |
    "{D0E7FEC5-1C5D-437C-A5C1-D329BEA90BBD}" = lport=139 | protocol=6 | dir=in | app=system |
    "{D6EBEB11-0833-4989-834D-7F3BADD78714}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{D74DD9D7-5380-4374-AC64-6CCE28662F39}" = rport=139 | protocol=6 | dir=out | app=system |
    "{DA115D48-B7BE-4ABB-A425-656180F1C67D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{E49CB302-497D-4565-A0CE-5E8D3D07E4A6}" = rport=138 | protocol=17 | dir=out | app=system |
    "{E9C40230-0AF5-4E60-BD68-56218117D4D8}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{EC836512-4BAA-4A3B-B998-8624FAE56C5F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{F51CB5F3-5592-4D5C-B113-E2A1852798FE}" = lport=137 | protocol=17 | dir=in | app=system |
    "{F7743B16-B3EA-4AAA-9E0B-0D810CECDF07}" = lport=445 | protocol=6 | dir=in | app=system |
    "{F9B87B66-F5BF-47E7-8E2D-BF977D6A6372}" = rport=445 | protocol=6 | dir=out | app=system |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{00D6ED20-C7F2-4D93-B611-94B245B8345A}" = protocol=6 | dir=in | app=c:\windows\syswow64\java.exe |
    "{0EB56C59-7CF1-4428-BAF2-4C703813F977}" = protocol=17 | dir=in | app=c:\windows\syswow64\java.exe |
    "{1505F7B9-679F-46AC-98E5-D385DC0B9FB7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{1D151B7F-8E99-4704-83FA-0E1E0F4228BF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{20405785-7F8C-45FE-95F6-EEE1B4AB7C7A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{29139DA4-1658-406B-8152-853B75C7186C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{36B56CA6-1158-4178-8E5B-2259D99AD699}" = protocol=6 | dir=in | app=c:\users\phyllis\appdata\roaming\aerofsexec\aerofs.exe |
    "{3F12DFB2-3319-480B-942E-64D77C337E42}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
    "{42858A8D-D71B-49B9-A412-0366453B891F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{4DFE9163-DBA1-4B5F-AC9B-D4E8BA6F2AD1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{4F1A6680-6385-452F-BC54-73005506320F}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
    "{57DB8FD1-46C5-4FDD-A21B-7F4F1B31820E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{5DFC683D-247A-495D-A013-61BB0072A47A}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
    "{682F9EBD-5C64-4B55-82F8-CCDF1B9E5BB9}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{77A76F62-A476-485B-8097-072EEF0065F8}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{786484CA-4B26-4208-951C-D98B772EC6AC}" = protocol=6 | dir=out | app=system |
    "{78CCE524-7941-4F1D-8AD4-CB09280F6651}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
    "{9809F8C8-E8CB-4A21-8F28-C382CD42026C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{A996A951-89EB-4889-92DD-CA4C34D10F4C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{B1C69DC3-14B2-4B75-8967-FE6EAD0582C6}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{B4DA10E7-3842-4039-90FB-8792FC11878A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{B58B37AD-C608-4E78-AC45-E46A56175E4E}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{B9FC1798-75F0-4764-BC34-DB68CF72EF18}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{BA11186A-2201-43DF-8858-3883C3B61D20}" = protocol=17 | dir=in | app=c:\users\phyllis\appdata\roaming\aerofsexec\aerofs.exe |
    "{C5279EFF-924E-4C37-BC7E-469C8DF06B00}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
    "{DC044CA8-5BBA-43E6-8FF7-02DE27C890B4}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{EA9599AB-8E0F-4AA7-9234-C9BC89D94FB1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{F35E919A-4953-4C73-AC55-F63918E84DF9}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "TCP Query User{3B5B2885-3422-4921-A554-B786CB23BB2E}C:\windows\syswow64\java.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\java.exe |
    "UDP Query User{40743DEF-2A6C-4AC6-9914-B9AA904DA27A}C:\windows\syswow64\java.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\java.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{03AC245F-4C64-425C-89CF-7783C1D3AB2C}" = Microsoft Sync Framework 2.0 Provider Services (x64) ENU
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX880_series" = Canon MX880 series MP Drivers
    "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
    "{290D4DB2-F1B4-4B8E-918D-D71EF29A001B}" = Intel(R) PROSet/Wireless WiFi Software
    "{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage Active Protection System
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{57DD35E9-D9BB-4089-BB05-EF933C586CB3}" = Broadcom InConcert Maestro
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
    "{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
    "{88C6A6D9-324C-46E8-BA87-563D14021442}_is1" = ThinkVantage Communications Utility
    "{88DAAF05-5A72-46D2-A7C5-C3759697E943}" = SyncToy 2.1 (x64)
    "{8CCBEC22-D2DB-4DC9-A58A-E1A1F3A38C8A}" = Microsoft Sync Framework 2.0 Core Components (x64) ENU
    "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
    "{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
    "{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
    "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    "{C6C9D5F7-630C-4125-8C4E-94AF77C1896E}" = ThinkPad Bluetooth with Enhanced Data Rate Software
    "{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
    "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
    "{DE5C71F2-F8A3-4689-8675-D61AA170D8E6}" = Nitro PDF Reader 2
    "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
    "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
    "{E224B44B-B5EB-4af3-A80A-A255358E241A}_is1" = ThinkVantage AutoLock
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "0CDBDD444A1F5FFEA227B4E7DCE195F11F08240A" = Windows Driver Package - Intel System (09/10/2010 9.2.0.1011)
    "466E9B20D871055D6D3CDA2CDD1D355E978A61AF" = Windows Driver Package - Lenovo 1.61.00.11 (11/11/2010 1.61.00.11)
    "598E94DC2EBC0E4D1F6240F3E25E1AC6D2D1A0FA" = Windows Driver Package - Ricoh Company SD Host Controller (12/14/2010 6.10.10.25)
    "6D23A494E9A245843FB8584D9307D3E328DF8613" = Windows Driver Package - Intel (e1cexpress) Net (12/21/2010 11.8.84.0)
    "77A943AB876C131591E0EA5DB6AB08D89EE2EA9E" = Windows Driver Package - Synaptics (SynTP) Mouse (02/17/2011 15.2.14.0)
    "90FD26A77B849AE03FF5F07A1CDA7F950406A8D8" = Windows Driver Package - Intel (MEIx64) System (10/19/2010 7.0.0.1144)
    "A513FC5E5A08D4EF27F234E91E0E942A0234210B" = Windows Driver Package - Intel System (09/10/2010 9.2.0.1011)
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
    "CCleaner" = CCleaner
    "CNXT_AUDIO_HDA" = Conexant 20672 SmartAudio HD
    "D97688B8E3830BF9820E15EB8D9552DCBF988CFD" = Windows Driver Package - Intel USB (09/16/2010 9.2.0.1013)
    "DisableAMTPopup" = Disable AMT Profile Synchronization Pop-up for Windows XP/Vista/7
    "EnablePS" = Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7
    "FE1BEBFD475BB832AAF104F5C63348E98A9286DF" = Windows Driver Package - Intel System (10/04/2010 9.2.0.1015)
    "LENOVO.SMIIF" = Lenovo System Interface Driver
    "LenovoAutoScrollUtility" = Lenovo Auto Scroll Utility
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft Security Client" = Microsoft Security Essentials
    "OnScreenDisplay" = On Screen Display
    "PC-Doctor for Windows" = Lenovo ThinkVantage Toolbox
    "Power Management Driver" = ThinkPad Power Management Driver
    "ProInst" = Intel PROSet Wireless
    "SynTPDeinstKey" = ThinkPad UltraNav Driver
    "ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{13F59938-C595-479C-B479-F171AB9AF64F}" = Lenovo User Guide
    "{17CBC505-D1AE-459D-B445-3D2000A85842}" = ThinkPad UltraNav Utility
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{25C64847-B900-48AD-A164-1B4F9B774650}" = System Update
    "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
    "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
    "{2C43790E-8470-1027-82D3-DF319F3C410F}" = Intel(R) Identity Protection Technology 1.0.71.0
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}" = Create Recovery Media
    "{50F68032-B5B7-4513-9116-C978DBD8F27A}" = Corel DVD MovieFactory 7
    "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
    "{5C1F18D2-F6B7-4242-B803-B5A78648185D}" = Corel WinDVD
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
    "{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
    "{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
    "{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
    "{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
    "{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
    "{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
    "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
    "{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
    "{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
    "{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
    "{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
    "{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
    "{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9CA0DEE4-E84B-466F-9B96-FC255F3A929F}" = Integrated Camera TWAIN
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
    "{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Burn.Now 4.5
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.6
    "{B2CA6F37-1602-4823-81B5-0384B6888AA6}" = Integrated Camera Driver Installer Package Ver.1.1.0.1134
    "{B7B3E9B3-FB14-4927-894B-E9124509AF5A}" = Adobe Flash Player 10 ActiveX
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{C83D5AA1-6A1F-4102-8F7F-C0230DD31FC0}" = RapidBoot
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = ThinkPad Power Manager
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{DE9F75EB-87A5-4A4E-B754-DB46FBCC1560}" = Microsoft SQL Server PowerPivot for Excel (32-bit)
    "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
    "{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder
    "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
    "{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}" = Message Center Plus
    "{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}" = Lenovo Warranty Information
    "{FE041B02-234C-4AAA-9511-80DF6482A458}" = RICOH Media Driver v2.10.18.02
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "avast" = avast! Free Antivirus
    "Canon MX880 series User Registration" = Canon MX880 series User Registration
    "Canon_IJ_Network_Scanner_Selector_EX" = Canon IJ Network Scanner Selector EX
    "Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
    "CanonMyPrinter" = Canon My Printer
    "CanonSolutionMenuEX" = Canon Solution Menu EX
    "Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
    "ESET Online Scanner" = ESET Online Scanner v3
    "InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}" = Corel DVD MovieFactory Lenovo Edition
    "InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Corel Burn.Now Lenovo Edition
    "InstallShield_{C83D5AA1-6A1F-4102-8F7F-C0230DD31FC0}" = RapidBoot
    "InstallShield_{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder
    "Lenovo Welcome_is1" = Lenovo Welcome
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
    "Mozilla Firefox 12.0 (x86 en-US)" = Mozilla Firefox 12.0 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "MP Navigator EX 4.1" = Canon MP Navigator EX 4.1
    "Office14.SingleImage" = Microsoft Office Home and Student 2010
    "Speed Dial Utility" = Canon Speed Dial Utility
    "WinLiveSuite" = Windows Live Essentials

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "GoToMeeting" = GoToMeeting 4.8.0.723
    "JoinMe" = join.me

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 4/13/2012 8:29:43 AM | Computer Name = NFS | Source = WinMgmt | ID = 10
    Description =

    Error - 4/14/2012 8:46:01 AM | Computer Name = NFS | Source = WinMgmt | ID = 10
    Description =

    Error - 4/15/2012 9:20:39 PM | Computer Name = NFS | Source = WinMgmt | ID = 10
    Description =

    Error - 4/16/2012 8:32:46 AM | Computer Name = NFS | Source = WinMgmt | ID = 10
    Description =

    Error - 4/16/2012 9:04:33 AM | Computer Name = NFS | Source = SideBySide | ID = 16842824
    Description = Activation context generation failed for "c:\program files\microsoft
    security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft
    security client\MSESysprep.dll" on line 10. The element imaging appears as a child
    of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by
    this version of Windows.

    Error - 4/17/2012 8:27:21 AM | Computer Name = NFS | Source = WinMgmt | ID = 10
    Description =

    Error - 4/17/2012 11:29:37 PM | Computer Name = NFS | Source = WinMgmt | ID = 10
    Description =

    Error - 4/18/2012 7:46:30 AM | Computer Name = NFS | Source = WinMgmt | ID = 10
    Description =

    Error - 4/18/2012 8:57:07 AM | Computer Name = NFS | Source = Application Hang | ID = 1002
    Description = The program EXCEL.EXE version 14.0.6112.5000 stopped interacting with
    Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Action Center control panel. Process ID: 1598 Start
    Time: 01cd1d61e9e0227e Termination Time: 0 Application Path: C:\Program Files (x86)\Microsoft
    Office\Office14\EXCEL.EXE Report Id:

    Error - 4/18/2012 11:03:39 AM | Computer Name = NFS | Source = SideBySide | ID = 16842824
    Description = Activation context generation failed for "c:\program files\microsoft
    security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft
    security client\MSESysprep.dll" on line 10. The element imaging appears as a child
    of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by
    this version of Windows.

    [ System Events ]
    Error - 5/5/2012 12:14:15 PM | Computer Name = NFS | Source = Service Control Manager | ID = 7011
    Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
    response from the MsMpSvc service.

    Error - 5/5/2012 12:14:41 PM | Computer Name = NFS | Source = Service Control Manager | ID = 7022
    Description = The NitroPDFReaderDriverCreatorReadSpool2 service hung on starting.

    Error - 5/5/2012 12:14:45 PM | Computer Name = NFS | Source = Service Control Manager | ID = 7011
    Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
    response from the Spooler service.

    Error - 5/5/2012 12:15:15 PM | Computer Name = NFS | Source = Service Control Manager | ID = 7011
    Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
    response from the TPHKLOAD service.

    Error - 5/5/2012 12:15:45 PM | Computer Name = NFS | Source = Service Control Manager | ID = 7011
    Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
    response from the TPHKSVC service.

    Error - 5/5/2012 12:30:55 PM | Computer Name = NFS | Source = Service Control Manager | ID = 7009
    Description = A timeout was reached (30000 milliseconds) while waiting for the Windows
    Error Reporting Service service to connect.

    Error - 5/5/2012 12:35:36 PM | Computer Name = NFS | Source = DCOM | ID = 10010
    Description =

    Error - 5/5/2012 3:09:33 PM | Computer Name = NFS | Source = DCOM | ID = 10010
    Description =

    Error - 5/5/2012 7:19:17 PM | Computer Name = NFS | Source = BROWSER | ID = 8032
    Description =

    Error - 5/6/2012 2:27:24 AM | Computer Name = NFS | Source = Microsoft Antimalware | ID = 3002
    Description = %%860 Real-Time Protection feature has encountered an error and failed.

    Feature:
    %%834 Error Code: 0x80004005 Error description: Unspecified error Reason: %%838


    < End of report >
  18. Broni

    Broni Malware Annihilator Posts: 46,143   +251

    All clean.

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.


    3. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    4. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  19. themom

    themom Newcomer, in training Topic Starter Posts: 19

    PROBLEM: I ran Security check and FSS (results below.)

    When I ran Temp File Cleaner it deleted me as a User on my computer! Temp File cleaner never re-appeared. SHould I run it again? And how do I get my User status back?

    The screen went blank then went to the User Log in page and only showed the other users on my laptop. My files are still present on the C drive under Users.


    Security Check:

    Results of screen317's Security Check version 0.99.24
    Windows 7 x64 (UAC is enabled)
    Internet Explorer 9
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    avast! Free Antivirus
    ESET Online Scanner v3
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Java(TM) 6 Update 31
    Mozilla Firefox (x86 en-US..)
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    AVAST Software Avast AvastSvc.exe
    AVAST Software Avast AvastUI.exe
    ``````````End of Log````````````





    FSS:

    Farbar Service Scanner Version: 30-04-2012 01
    Ran by Phyllis (administrator) on 07-05-2012 at 19:52:34
    Running from "C:\Users\Phyllis\Desktop"
    Microsoft Windows 7 Home Premium Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Yahoo IP is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Action Center:
    ============

    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============

    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit


    **** End of log ****
  20. Broni

    Broni Malware Annihilator Posts: 46,143   +251

    I've never seen anything like that.
    Shut down computer, wait one minute, start it again.
  21. themom

    themom Newcomer, in training Topic Starter Posts: 19

    I shut and restarted - my User account is BACK!
    My antivirus was off so I turned it back on. Some other security was also off (sorry- can't recall what it was) so I enabled that also.

    Should I run TFC again? Should I first re-run Security Check and FSS?

    Then eset?

    Thanks
  22. Broni

    Broni Malware Annihilator Posts: 46,143   +251

    Just go with Eset.
  23. themom

    themom Newcomer, in training Topic Starter Posts: 19

    Should I uncheck the box that says "remove found threats" or leave it checked?

    Should I check "scan archives"?
  24. Broni

    Broni Malware Annihilator Posts: 46,143   +251

    Just as my instructions say.
  25. themom

    themom Newcomer, in training Topic Starter Posts: 19

    Bad news - the scan is still running but it says the same 2 files are still there variant of win32/toolbar.widgi


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.