Jump to content

mbdchampagne

Honorary Members
 View Profile  See their activity

  • Posts

    26

  • Joined

  • Last visited

 Content Type 

Everything posted by mbdchampagne

  1. mbdchampagne
    Hey! That seems to have done it! I will keep trying different searches for a day or so and see if it stays fixed. Thank you so much.
  2. mbdchampagne
    hi thanks for the reply - yes, it only happens in chrome and firefox.
  3. mbdchampagne
    by the way, that Akamai folder doesn't exist - i assume it might have been deleted in a previous scan?
  4. mbdchampagne
    the steps were slightly different than above for my windows 7 64bit system, but i still found the items described in the steps and followed the directions...
  5. mbdchampagne
    ok, so i tried those steps with no result. Youtube Downloader toolbar is actually only on IE and even after I deleted it, I still had the issue. Sorry it took so long, I tried it a couple times. Any other ideas? Thanks for the help.
  6. mbdchampagne
    looking through the history, here are some other places it redirects to: gamezprimet.in 8.26.70.252 myfindhere.in 63.209.69.107 Scour search
  7. mbdchampagne
    so what is next?
  8. mbdchampagne
    i saw the error message about running the x64 for better results so i downloaded that one and got the same results.
  9. mbdchampagne
    yes, i'm through a router - here is the log: SystemLook 30.07.11 by jpshortstuff Log created at 15:16 on 23/07/2012 by dchampagne Administrator - Elevation successful WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results. ========== regfind ========== Searching for "answers" No data found. -= EOF =-
  10. mbdchampagne
    I don't even know what it is- I am hoping screen317 has something that will help today.
  11. mbdchampagne
    good morning. Just wanted to touch bases to see if there is anything else i can try - thanks!
  12. mbdchampagne
    one site that seems to come up frequently is: http://click.get-answers-fast.com/ads-clicktrack/click/jump1.do? for instance: http://click.get-answers-fast.com/ads-clicktrack/click/jump1.do?sid=wol3FdF9QgkwPH9nQZyapRmt%2BuDhe7HskxwuhcAT0xIj5YN5IdCUmw%3D%3D&affiliate=46573&subid=197920-1638-27681&rc=0&terms=ipad%20stuff
  13. mbdchampagne
    update: it is still occurring in Firefox and Chrome, but not in IE. thanks.
  14. mbdchampagne
    Here is the MBR zip file you requested. as an update, still having the same issue... MBR.zip
  15. mbdchampagne
    had this pop up while I was running the last one: Scan type: Auto-Protect Scan Event: Risk Found! Security risk detected: Trojan.Gen.2 File: C:\Users\dchampagne\AppData\Local\Temp\_avast4_\unp121108272.tmp Location: C:\Users\dchampagne\AppData\Local\Temp\_avast4_ Computer: DCHAMPAGNE User: dchampagne Action taken: Pending Side Effects Analysis : Access denied Date found: Thursday, July 19, 2012 6:33:57 PM and here is the log for the aswMBR: aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software Run date: 2012-07-19 18:28:14 ----------------------------- 18:28:14.619 OS Version: Windows x64 6.1.7600 18:28:14.619 Number of processors: 4 586 0x2502 18:28:14.619 ComputerName: DCHAMPAGNE UserName: dchampagne 18:28:16.661 Initialize success 18:32:05.135 AVAST engine defs: 12071902 18:32:34.955 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 18:32:34.959 Disk 0 Vendor: HITACHI_ PC4Z Size: 476940MB BusType: 3 18:32:34.986 Disk 0 MBR read successfully 18:32:34.990 Disk 0 MBR scan 18:32:35.002 Disk 0 unknown MBR code 18:32:35.013 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 1200 MB offset 2048 18:32:35.028 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 465737 MB offset 2459648 18:32:35.061 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 10000 MB offset 956291072 18:32:35.105 Disk 0 scanning C:\Windows\system32\drivers 18:32:46.591 Service scanning 18:33:44.928 Modules scanning 18:33:44.943 Disk 0 trace - called modules: 18:33:46.282 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll 18:33:46.293 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007d8a060] 18:33:46.302 3 CLASSPNP.SYS[fffff88001b1743f] -> nt!IofCallDriver -> [0xfffffa8007a3fa10] 18:33:46.311 5 ACPI.sys[fffff88000f04781] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007a44050] 18:33:49.044 AVAST engine scan C:\Windows 18:33:55.475 AVAST engine scan C:\Windows\system32 18:40:26.746 AVAST engine scan C:\Windows\system32\drivers 18:40:39.180 AVAST engine scan C:\Users\dchampagne 19:29:54.728 AVAST engine scan C:\ProgramData 19:32:00.208 Scan finished successfully 22:19:49.293 Disk 0 MBR has been saved successfully to "C:\Users\dchampagne\Desktop\MBR.dat" 22:19:49.305 The log file has been saved successfully to "C:\Users\dchampagne\Desktop\aswMBR.txt"
  16. mbdchampagne
    TDS log: 18:26:43.0363 7240 TDSS rootkit removing tool 2.7.46.0 Jul 16 2012 22:10:11 18:26:44.0996 7240 ============================================================ 18:26:44.0997 7240 Current date / time: 2012/07/19 18:26:44.0996 18:26:44.0997 7240 SystemInfo: 18:26:44.0997 7240 18:26:44.0997 7240 OS Version: 6.1.7600 ServicePack: 0.0 18:26:44.0997 7240 Product type: Workstation 18:26:44.0997 7240 ComputerName: DCHAMPAGNE 18:26:44.0997 7240 UserName: dchampagne 18:26:44.0997 7240 Windows directory: C:\Windows 18:26:44.0997 7240 System windows directory: C:\Windows 18:26:44.0997 7240 Running under WOW64 18:26:44.0997 7240 Processor architecture: Intel x64 18:26:44.0997 7240 Number of processors: 4 18:26:44.0997 7240 Page size: 0x1000 18:26:44.0997 7240 Boot type: Normal boot 18:26:44.0997 7240 ============================================================ 18:26:45.0938 7240 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xFC59, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040 18:26:45.0943 7240 ============================================================ 18:26:45.0943 7240 \Device\Harddisk0\DR0: 18:26:45.0943 7240 MBR partitions: 18:26:45.0943 7240 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x258000 18:26:45.0943 7240 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x258800, BlocksNum 0x38DA4FF8 18:26:45.0943 7240 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x38FFD800, BlocksNum 0x1388000 18:26:45.0943 7240 ============================================================ 18:26:45.0971 7240 C: <-> \Device\Harddisk0\DR0\Partition1 18:26:46.0021 7240 Q: <-> \Device\Harddisk0\DR0\Partition2 18:26:46.0021 7240 ============================================================ 18:26:46.0021 7240 Initialize success 18:26:46.0021 7240 ============================================================ 18:26:52.0913 5404 ============================================================ 18:26:52.0913 5404 Scan started 18:26:52.0913 5404 Mode: Manual; 18:26:52.0913 5404 ============================================================ 18:26:53.0815 5404 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys 18:26:53.0820 5404 1394ohci - ok 18:26:53.0857 5404 5U877 (df986d28a45acf98a51faccdd39d8d9f) C:\Windows\system32\DRIVERS\5U877.sys 18:26:53.0860 5404 5U877 - ok 18:26:53.0894 5404 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys 18:26:53.0899 5404 ACPI - ok 18:26:53.0914 5404 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys 18:26:53.0926 5404 AcpiPmi - ok 18:26:53.0979 5404 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys 18:26:53.0999 5404 adp94xx - ok 18:26:54.0025 5404 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys 18:26:54.0043 5404 adpahci - ok 18:26:54.0057 5404 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys 18:26:54.0066 5404 adpu320 - ok 18:26:54.0099 5404 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll 18:26:54.0100 5404 AeLookupSvc - ok 18:26:54.0144 5404 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys 18:26:54.0148 5404 AFD - ok 18:26:54.0170 5404 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys 18:26:54.0180 5404 agp440 - ok 18:26:54.0196 5404 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe 18:26:54.0203 5404 ALG - ok 18:26:54.0215 5404 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys 18:26:54.0221 5404 aliide - ok 18:26:54.0225 5404 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys 18:26:54.0233 5404 amdide - ok 18:26:54.0238 5404 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys 18:26:54.0245 5404 AmdK8 - ok 18:26:54.0250 5404 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys 18:26:54.0257 5404 AmdPPM - ok 18:26:54.0275 5404 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys 18:26:54.0282 5404 amdsata - ok 18:26:54.0294 5404 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys 18:26:54.0302 5404 amdsbs - ok 18:26:54.0318 5404 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys 18:26:54.0319 5404 amdxata - ok 18:26:54.0334 5404 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys 18:26:54.0340 5404 AppID - ok 18:26:54.0354 5404 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll 18:26:54.0360 5404 AppIDSvc - ok 18:26:54.0374 5404 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll 18:26:54.0381 5404 Appinfo - ok 18:26:54.0518 5404 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 18:26:54.0519 5404 Apple Mobile Device - ok 18:26:54.0542 5404 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll 18:26:54.0551 5404 AppMgmt - ok 18:26:54.0585 5404 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys 18:26:54.0592 5404 arc - ok 18:26:54.0602 5404 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys 18:26:54.0611 5404 arcsas - ok 18:26:54.0679 5404 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe 18:26:54.0701 5404 aspnet_state - ok 18:26:54.0722 5404 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 18:26:54.0723 5404 AsyncMac - ok 18:26:54.0738 5404 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys 18:26:54.0745 5404 atapi - ok 18:26:54.0794 5404 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll 18:26:54.0829 5404 AudioEndpointBuilder - ok 18:26:54.0835 5404 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll 18:26:54.0838 5404 AudioSrv - ok 18:26:54.0868 5404 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll 18:26:54.0876 5404 AxInstSV - ok 18:26:54.0934 5404 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys 18:26:54.0947 5404 b06bdrv - ok 18:26:54.0971 5404 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 18:26:54.0981 5404 b57nd60a - ok 18:26:55.0090 5404 BBSvc (0d1ea7509f394d8b705b239ee71f5118) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE 18:26:55.0117 5404 BBSvc - ok 18:26:55.0134 5404 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll 18:26:55.0141 5404 BDESVC - ok 18:26:55.0170 5404 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 18:26:55.0171 5404 Beep - ok 18:26:55.0240 5404 BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll 18:26:55.0255 5404 BFE - ok 18:26:55.0307 5404 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\system32\qmgr.dll 18:26:55.0322 5404 BITS - ok 18:26:55.0374 5404 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys 18:26:55.0375 5404 blbdrive - ok 18:26:55.0470 5404 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe 18:26:55.0472 5404 Bonjour Service - ok 18:26:55.0485 5404 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys 18:26:55.0485 5404 bowser - ok 18:26:55.0497 5404 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys 18:26:55.0502 5404 BrFiltLo - ok 18:26:55.0507 5404 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys 18:26:55.0512 5404 BrFiltUp - ok 18:26:55.0536 5404 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys 18:26:55.0542 5404 BridgeMP - ok 18:26:55.0571 5404 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll 18:26:55.0580 5404 Browser - ok 18:26:55.0611 5404 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 18:26:55.0623 5404 Brserid - ok 18:26:55.0630 5404 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 18:26:55.0637 5404 BrSerWdm - ok 18:26:55.0641 5404 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 18:26:55.0646 5404 BrUsbMdm - ok 18:26:55.0650 5404 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 18:26:55.0656 5404 BrUsbSer - ok 18:26:55.0673 5404 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\DRIVERS\BthEnum.sys 18:26:55.0674 5404 BthEnum - ok 18:26:55.0679 5404 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys 18:26:55.0686 5404 BTHMODEM - ok 18:26:55.0701 5404 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys 18:26:55.0702 5404 BthPan - ok 18:26:55.0746 5404 BTHPORT (a51fa9d0e85d5adabef72e67f386309c) C:\Windows\system32\Drivers\BTHport.sys 18:26:55.0752 5404 BTHPORT - ok 18:26:55.0775 5404 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll 18:26:55.0781 5404 bthserv - ok 18:26:55.0792 5404 BTHUSB (f740b9a16b2c06700f2130e19986bf3b) C:\Windows\system32\Drivers\BTHUSB.sys 18:26:55.0793 5404 BTHUSB - ok 18:26:55.0841 5404 btwaudio (6bcfdc2b5b7f66d484486d4bd4b39a6b) C:\Windows\system32\drivers\btwaudio.sys 18:26:55.0842 5404 btwaudio - ok 18:26:55.0872 5404 btwavdt (82dc8b7c626e526681c1bebed2bc3ff9) C:\Windows\system32\DRIVERS\btwavdt.sys 18:26:55.0874 5404 btwavdt - ok 18:26:55.0990 5404 btwdins (c73eb036bfc5a27b9cb87b29f7ed88c3) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe 18:26:55.0994 5404 btwdins - ok 18:26:56.0005 5404 btwl2cap (6149301dc3f81d6f9667a3fbac410975) C:\Windows\system32\DRIVERS\btwl2cap.sys 18:26:56.0006 5404 btwl2cap - ok 18:26:56.0028 5404 btwrchid (28e105ad3b79f440bf94780f507bf66a) C:\Windows\system32\DRIVERS\btwrchid.sys 18:26:56.0028 5404 btwrchid - ok 18:26:56.0074 5404 catchme - ok 18:26:56.0123 5404 CAXHWAZL (48360b88c4bf45850653bb7c86888ed4) C:\Windows\system32\DRIVERS\CAXHWAZL.sys 18:26:56.0126 5404 CAXHWAZL - ok 18:26:56.0217 5404 ccEvtMgr (27d036fb3d22ca8a6662fe960d1a937d) C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe 18:26:56.0218 5404 ccEvtMgr - ok 18:26:56.0221 5404 ccSetMgr (27d036fb3d22ca8a6662fe960d1a937d) C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe 18:26:56.0222 5404 ccSetMgr - ok 18:26:56.0268 5404 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 18:26:56.0274 5404 cdfs - ok 18:26:56.0308 5404 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys 18:26:56.0310 5404 cdrom - ok 18:26:56.0337 5404 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll 18:26:56.0345 5404 CertPropSvc - ok 18:26:56.0362 5404 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys 18:26:56.0369 5404 circlass - ok 18:26:56.0398 5404 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 18:26:56.0400 5404 CLFS - ok 18:26:56.0471 5404 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 18:26:56.0472 5404 clr_optimization_v2.0.50727_32 - ok 18:26:56.0506 5404 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 18:26:56.0513 5404 clr_optimization_v2.0.50727_64 - ok 18:26:56.0572 5404 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 18:26:56.0584 5404 clr_optimization_v4.0.30319_32 - ok 18:26:56.0597 5404 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 18:26:56.0606 5404 clr_optimization_v4.0.30319_64 - ok 18:26:56.0632 5404 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys 18:26:56.0633 5404 CmBatt - ok 18:26:56.0648 5404 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys 18:26:56.0654 5404 cmdide - ok 18:26:56.0687 5404 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys 18:26:56.0690 5404 CNG - ok 18:26:56.0744 5404 CnxtHdAudService (3711b277ad222137d9883e511dc19156) C:\Windows\system32\drivers\CHDRT64.sys 18:26:56.0751 5404 CnxtHdAudService - ok 18:26:56.0775 5404 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys 18:26:56.0775 5404 Compbatt - ok 18:26:56.0802 5404 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys 18:26:56.0803 5404 CompositeBus - ok 18:26:56.0816 5404 COMSysApp - ok 18:26:56.0834 5404 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys 18:26:56.0840 5404 crcdisk - ok 18:26:56.0892 5404 CryptSvc (f02786b66375292e58c8777082d4396d) C:\Windows\system32\cryptsvc.dll 18:26:56.0900 5404 CryptSvc - ok 18:26:56.0965 5404 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys 18:26:56.0968 5404 CSC - ok 18:26:57.0019 5404 CscService (873fbf927c06e5cee04dec617502f8fd) C:\Windows\System32\cscsvc.dll 18:26:57.0023 5404 CscService - ok 18:26:57.0063 5404 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll 18:26:57.0068 5404 DcomLaunch - ok 18:26:57.0090 5404 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll 18:26:57.0097 5404 defragsvc - ok 18:26:57.0144 5404 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys 18:26:57.0145 5404 DfsC - ok 18:26:57.0177 5404 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll 18:26:57.0187 5404 Dhcp - ok 18:26:57.0203 5404 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 18:26:57.0203 5404 discache - ok 18:26:57.0232 5404 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys 18:26:57.0233 5404 Disk - ok 18:26:57.0270 5404 Dnscache (676108c4e3aa6f6b34633748bd0bebd9) C:\Windows\System32\dnsrslvr.dll 18:26:57.0280 5404 Dnscache - ok 18:26:57.0301 5404 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll 18:26:57.0308 5404 dot3svc - ok 18:26:57.0388 5404 DozeSvc (7d353f3087433a4638a7908d6228cdcf) C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE 18:26:57.0389 5404 DozeSvc - ok 18:26:57.0409 5404 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll 18:26:57.0410 5404 DPS - ok 18:26:57.0440 5404 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 18:26:57.0446 5404 drmkaud - ok 18:26:57.0515 5404 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys 18:26:57.0524 5404 DXGKrnl - ok 18:26:57.0555 5404 DzHDD64 (5bdef3faa1bfd9c9c5d3dc972049f0fa) C:\Windows\system32\DRIVERS\DzHDD64.sys 18:26:57.0556 5404 DzHDD64 - ok 18:26:57.0599 5404 e1kexpress (d9c7679dd570a83872b47549351e6b18) C:\Windows\system32\DRIVERS\e1k62x64.sys 18:26:57.0602 5404 e1kexpress - ok 18:26:57.0646 5404 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll 18:26:57.0652 5404 EapHost - ok 18:26:57.0809 5404 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys 18:26:57.0846 5404 ebdrv - ok 18:26:57.0965 5404 eeCtrl (ba6420c1f7070ed8f1ba372844f3e1ec) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys 18:26:57.0979 5404 eeCtrl - ok 18:26:58.0058 5404 EFS (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\System32\lsass.exe 18:26:58.0059 5404 EFS - ok 18:26:58.0144 5404 ehRecvr (b91d81b3b54a54ccafc03733dbc2e29e) C:\Windows\ehome\ehRecvr.exe 18:26:58.0172 5404 ehRecvr - ok 18:26:58.0184 5404 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe 18:26:58.0192 5404 ehSched - ok 18:26:58.0262 5404 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys 18:26:58.0277 5404 elxstor - ok 18:26:58.0407 5404 EraserUtilRebootDrv (1343df3451bc0c442dc69837c6fba21b) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 18:26:58.0419 5404 EraserUtilRebootDrv - ok 18:26:58.0426 5404 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys 18:26:58.0431 5404 ErrDev - ok 18:26:58.0476 5404 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll 18:26:58.0479 5404 EventSystem - ok 18:26:58.0639 5404 EvtEng (51643ee2712d9212e1e53ca7e8d8eb4a) C:\Program Files\Intel\WiFi\bin\EvtEng.exe 18:26:58.0646 5404 EvtEng - ok 18:26:58.0772 5404 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 18:26:58.0778 5404 exfat - ok 18:26:58.0804 5404 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 18:26:58.0805 5404 fastfat - ok 18:26:58.0858 5404 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe 18:26:58.0871 5404 Fax - ok 18:26:58.0889 5404 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys 18:26:58.0896 5404 fdc - ok 18:26:58.0912 5404 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll 18:26:58.0918 5404 fdPHost - ok 18:26:58.0943 5404 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll 18:26:58.0950 5404 FDResPub - ok 18:26:58.0967 5404 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 18:26:58.0968 5404 FileInfo - ok 18:26:59.0039 5404 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 18:26:59.0046 5404 Filetrace - ok 18:26:59.0154 5404 FLEXnet Licensing Service (f76d04f7413b07daa029f6520b64b4e8) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe 18:26:59.0173 5404 FLEXnet Licensing Service - ok 18:26:59.0178 5404 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys 18:26:59.0185 5404 flpydisk - ok 18:26:59.0226 5404 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys 18:26:59.0227 5404 FltMgr - ok 18:26:59.0287 5404 FontCache (8ac4cb4ea61e41009fae9ae7b2b5da3a) C:\Windows\system32\FntCache.dll 18:26:59.0319 5404 FontCache - ok 18:26:59.0373 5404 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 18:26:59.0374 5404 FontCache3.0.0.0 - ok 18:26:59.0403 5404 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 18:26:59.0409 5404 FsDepends - ok 18:26:59.0460 5404 Fs_Rec (d3e3f93d67821a2db2b3d9fac2dc2064) C:\Windows\system32\drivers\Fs_Rec.sys 18:26:59.0461 5404 Fs_Rec - ok 18:26:59.0489 5404 fvevol (b8b2a6e1558f8f5de5ce431c5b2c7b09) C:\Windows\system32\DRIVERS\fvevol.sys 18:26:59.0491 5404 fvevol - ok 18:26:59.0523 5404 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys 18:26:59.0530 5404 gagp30kx - ok 18:26:59.0573 5404 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 18:26:59.0574 5404 GEARAspiWDM - ok 18:26:59.0633 5404 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll 18:26:59.0638 5404 gpsvc - ok 18:26:59.0664 5404 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 18:26:59.0670 5404 hcw85cir - ok 18:26:59.0715 5404 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys 18:26:59.0725 5404 HdAudAddService - ok 18:26:59.0758 5404 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys 18:26:59.0759 5404 HDAudBus - ok 18:26:59.0792 5404 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys 18:26:59.0793 5404 HECIx64 - ok 18:26:59.0797 5404 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys 18:26:59.0804 5404 HidBatt - ok 18:26:59.0822 5404 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys 18:26:59.0829 5404 HidBth - ok 18:26:59.0842 5404 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys 18:26:59.0848 5404 HidIr - ok 18:26:59.0865 5404 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll 18:26:59.0871 5404 hidserv - ok 18:26:59.0888 5404 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys 18:26:59.0889 5404 HidUsb - ok 18:26:59.0914 5404 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll 18:26:59.0920 5404 hkmsvc - ok 18:26:59.0935 5404 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll 18:26:59.0942 5404 HomeGroupListener - ok 18:26:59.0965 5404 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll 18:26:59.0976 5404 HomeGroupProvider - ok 18:26:59.0985 5404 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys 18:26:59.0996 5404 HpSAMD - ok 18:27:00.0122 5404 HsfXAudioService (447256d1c026654c5cd3cc17e7b20631) C:\Windows\SysWOW64\XAudio64.dll 18:27:00.0134 5404 HsfXAudioService - ok 18:27:00.0214 5404 HSF_DPV (f6ac1087a131fbb385400667bea64fbe) C:\Windows\system32\DRIVERS\CAX_DPV.sys 18:27:00.0226 5404 HSF_DPV - ok 18:27:00.0365 5404 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys 18:27:00.0369 5404 HTTP - ok 18:27:00.0392 5404 hwdatacard - ok 18:27:00.0409 5404 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys 18:27:00.0410 5404 hwpolicy - ok 18:27:00.0457 5404 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys 18:27:00.0458 5404 i8042prt - ok 18:27:00.0513 5404 iaStor (073a606333b6f7bbf20aa856df7f0997) C:\Windows\system32\DRIVERS\iaStor.sys 18:27:00.0516 5404 iaStor - ok 18:27:00.0559 5404 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys 18:27:00.0570 5404 iaStorV - ok 18:27:00.0585 5404 IBMPMDRV (3761fab385f1c2f51b2fad48cfabbe9d) C:\Windows\system32\DRIVERS\ibmpmdrv.sys 18:27:00.0586 5404 IBMPMDRV - ok 18:27:00.0594 5404 IBMPMSVC (fc22310f3862e2c7c8722ef4778d5cc3) C:\Windows\system32\ibmpmsvc.exe 18:27:00.0595 5404 IBMPMSVC - ok 18:27:00.0700 5404 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 18:27:00.0725 5404 idsvc - ok 18:27:01.0287 5404 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys 18:27:01.0377 5404 igfx - ok 18:27:01.0496 5404 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys 18:27:01.0509 5404 iirsp - ok 18:27:01.0577 5404 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll 18:27:01.0605 5404 IKEEXT - ok 18:27:01.0647 5404 Impcd (36fdf367a1dabff903e2214023d71368) C:\Windows\system32\DRIVERS\Impcd.sys 18:27:01.0650 5404 Impcd - ok 18:27:01.0672 5404 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys 18:27:01.0683 5404 intelide - ok 18:27:01.0707 5404 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys 18:27:01.0709 5404 intelppm - ok 18:27:01.0725 5404 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll 18:27:01.0735 5404 IPBusEnum - ok 18:27:01.0746 5404 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys 18:27:01.0756 5404 IpFilterDriver - ok 18:27:01.0802 5404 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll 18:27:01.0813 5404 iphlpsvc - ok 18:27:01.0829 5404 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys 18:27:01.0836 5404 IPMIDRV - ok 18:27:01.0845 5404 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 18:27:01.0851 5404 IPNAT - ok 18:27:01.0984 5404 iPod Service (a9ab99ee7d39725eafec82732d2b3271) C:\Program Files\iPod\bin\iPodService.exe 18:27:01.0988 5404 iPod Service - ok 18:27:02.0006 5404 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 18:27:02.0014 5404 IRENUM - ok 18:27:02.0030 5404 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys 18:27:02.0037 5404 isapnp - ok 18:27:02.0059 5404 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys 18:27:02.0070 5404 iScsiPrt - ok 18:27:02.0156 5404 IviRegMgr (213822072085b5bbad9af30ab577d817) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe 18:27:02.0157 5404 IviRegMgr - ok 18:27:02.0177 5404 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys 18:27:02.0178 5404 kbdclass - ok 18:27:02.0198 5404 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys 18:27:02.0200 5404 kbdhid - ok 18:27:02.0216 5404 KeyIso (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe 18:27:02.0217 5404 KeyIso - ok 18:27:02.0235 5404 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys 18:27:02.0236 5404 KSecDD - ok 18:27:02.0255 5404 KSecPkg (bbe1bf6d9b661c354d4857d5fadb943b) C:\Windows\system32\Drivers\ksecpkg.sys 18:27:02.0256 5404 KSecPkg - ok 18:27:02.0267 5404 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 18:27:02.0268 5404 ksthunk - ok 18:27:02.0308 5404 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll 18:27:02.0317 5404 KtmRm - ok 18:27:02.0351 5404 LanmanServer (c926920b8978de6acfe9e15c709e9b57) C:\Windows\System32\srvsvc.dll 18:27:02.0362 5404 LanmanServer - ok 18:27:02.0397 5404 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll 18:27:02.0405 5404 LanmanWorkstation - ok 18:27:02.0500 5404 LENOVO.CAMMUTE (a4aefd644cade44f99ceafa49004426c) C:\Program Files\LENOVO\HOTKEY\CAMMUTE.exe 18:27:02.0500 5404 LENOVO.CAMMUTE - ok 18:27:02.0522 5404 LENOVO.MICMUTE (e9953eeed1653d1cb9ec5c54ff8057db) C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe 18:27:02.0523 5404 LENOVO.MICMUTE - ok 18:27:02.0546 5404 lenovo.smi (5acff5823634bc2c4ebf559c3b33e18e) C:\Windows\system32\DRIVERS\smiifx64.sys 18:27:02.0547 5404 lenovo.smi - ok 18:27:02.0584 5404 LenovoRd (606da892a53fa863b67f8d3f8ff016a0) C:\Windows\system32\Drivers\LenovoRd.sys 18:27:02.0586 5404 LenovoRd - ok 18:27:02.0785 5404 LiveUpdate (e34152d03caaaaa81dd66d803f392522) C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE 18:27:02.0802 5404 LiveUpdate - ok 18:27:02.0905 5404 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 18:27:02.0906 5404 lltdio - ok 18:27:02.0937 5404 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll 18:27:02.0945 5404 lltdsvc - ok 18:27:02.0974 5404 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll 18:27:02.0982 5404 lmhosts - ok 18:27:03.0064 5404 LMS (1c05c59d588a94867671fd07b7062caf) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe 18:27:03.0065 5404 LMS - ok 18:27:03.0097 5404 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys 18:27:03.0104 5404 LSI_FC - ok 18:27:03.0112 5404 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys 18:27:03.0119 5404 LSI_SAS - ok 18:27:03.0125 5404 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys 18:27:03.0132 5404 LSI_SAS2 - ok 18:27:03.0141 5404 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys 18:27:03.0148 5404 LSI_SCSI - ok 18:27:03.0179 5404 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 18:27:03.0180 5404 luafv - ok 18:27:03.0233 5404 Macromedia Licensing Service (04d3a71875699098af856ee5f9f72ac3) C:\Program Files (x86)\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe 18:27:03.0242 5404 Macromedia Licensing Service - ok 18:27:03.0261 5404 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll 18:27:03.0267 5404 Mcx2Svc - ok 18:27:03.0308 5404 mdmxsdk (e4f44ec214b3e381e1fc844a02926666) C:\Windows\system32\DRIVERS\mdmxsdk.sys 18:27:03.0308 5404 mdmxsdk - ok 18:27:03.0313 5404 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys 18:27:03.0321 5404 megasas - ok 18:27:03.0358 5404 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys 18:27:03.0370 5404 MegaSR - ok 18:27:03.0431 5404 Microsoft SharePoint Workspace Audit Service - ok 18:27:03.0459 5404 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 18:27:03.0460 5404 MMCSS - ok 18:27:03.0470 5404 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys 18:27:03.0470 5404 Modem - ok 18:27:03.0498 5404 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 18:27:03.0499 5404 monitor - ok 18:27:03.0512 5404 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys 18:27:03.0513 5404 mouclass - ok 18:27:03.0521 5404 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys 18:27:03.0523 5404 mouhid - ok 18:27:03.0535 5404 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys 18:27:03.0535 5404 mountmgr - ok 18:27:03.0602 5404 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 18:27:03.0627 5404 MozillaMaintenance - ok 18:27:03.0648 5404 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys 18:27:03.0658 5404 mpio - ok 18:27:03.0679 5404 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 18:27:03.0679 5404 mpsdrv - ok 18:27:03.0743 5404 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll 18:27:03.0750 5404 MpsSvc - ok 18:27:03.0765 5404 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys 18:27:03.0771 5404 MRxDAV - ok 18:27:03.0791 5404 mrxsmb (cfdcd8ca87c2a657debc150ac35b5e08) C:\Windows\system32\DRIVERS\mrxsmb.sys 18:27:03.0792 5404 mrxsmb - ok 18:27:03.0814 5404 mrxsmb10 (1bee517b220b7f024f411aec1571dd5a) C:\Windows\system32\DRIVERS\mrxsmb10.sys 18:27:03.0816 5404 mrxsmb10 - ok 18:27:03.0832 5404 mrxsmb20 (6b2d5fef385828b6e485c1c90afb8195) C:\Windows\system32\DRIVERS\mrxsmb20.sys 18:27:03.0833 5404 mrxsmb20 - ok 18:27:03.0862 5404 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys 18:27:03.0870 5404 msahci - ok 18:27:03.0880 5404 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys 18:27:03.0889 5404 msdsm - ok 18:27:03.0906 5404 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe 18:27:03.0913 5404 MSDTC - ok 18:27:04.0116 5404 MsDtsServer100 (f7a0ba64036ea2b3dfb569e4dc9986e7) C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe 18:27:04.0117 5404 MsDtsServer100 - ok 18:27:04.0132 5404 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 18:27:04.0132 5404 Msfs - ok 18:27:04.0151 5404 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 18:27:04.0158 5404 mshidkmdf - ok 18:27:04.0166 5404 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys 18:27:04.0167 5404 msisadrv - ok 18:27:04.0207 5404 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll 18:27:04.0214 5404 MSiSCSI - ok 18:27:04.0218 5404 msiserver - ok 18:27:04.0237 5404 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 18:27:04.0242 5404 MSKSSRV - ok 18:27:04.0251 5404 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 18:27:04.0252 5404 MSPCLOCK - ok 18:27:04.0269 5404 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 18:27:04.0270 5404 MSPQM - ok 18:27:04.0302 5404 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys 18:27:04.0304 5404 MsRPC - ok 18:27:04.0332 5404 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys 18:27:04.0333 5404 mssmbios - ok 18:27:04.0381 5404 MSSQL$SQLEXPRESS - ok 18:27:04.0463 5404 MSSQLFDLauncher (aa511eb28672011a1d832f73e302f0a0) C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe 18:27:04.0464 5404 MSSQLFDLauncher - ok 18:27:04.0472 5404 MSSQLSERVER - ok 18:27:04.0526 5404 MSSQLServerADHelper100 (04ef36eaf5c4dbce424d81b76f1e9231) c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE 18:27:04.0540 5404 MSSQLServerADHelper100 - ok 18:27:04.0615 5404 MSSQLServerOLAPService - ok 18:27:04.0661 5404 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 18:27:04.0672 5404 MSTEE - ok 18:27:04.0677 5404 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys 18:27:04.0688 5404 MTConfig - ok 18:27:04.0718 5404 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 18:27:04.0719 5404 Mup - ok 18:27:04.0770 5404 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll 18:27:04.0777 5404 napagent - ok 18:27:04.0829 5404 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 18:27:04.0832 5404 NativeWifiP - ok 18:27:05.0059 5404 NAVENG (8043d41f881d6ace40b854ad6e32217f) C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20120719.006\ENG64.SYS 18:27:05.0060 5404 NAVENG - ok 18:27:05.0174 5404 NAVEX15 (9a9ab2fc45d701daed465d14980f1305) C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20120719.006\EX64.SYS 18:27:05.0194 5404 NAVEX15 - ok 18:27:05.0356 5404 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys 18:27:05.0363 5404 NDIS - ok 18:27:05.0384 5404 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 18:27:05.0391 5404 NdisCap - ok 18:27:05.0407 5404 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 18:27:05.0408 5404 NdisTapi - ok 18:27:05.0425 5404 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys 18:27:05.0426 5404 Ndisuio - ok 18:27:05.0443 5404 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys 18:27:05.0444 5404 NdisWan - ok 18:27:05.0459 5404 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys 18:27:05.0459 5404 NDProxy - ok 18:27:05.0486 5404 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 18:27:05.0487 5404 NetBIOS - ok 18:27:05.0512 5404 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys 18:27:05.0514 5404 NetBT - ok 18:27:05.0533 5404 Netlogon (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe 18:27:05.0535 5404 Netlogon - ok 18:27:05.0586 5404 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll 18:27:05.0604 5404 Netman - ok 18:27:05.0680 5404 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 18:27:05.0694 5404 NetMsmqActivator - ok 18:27:05.0699 5404 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 18:27:05.0700 5404 NetPipeActivator - ok 18:27:05.0732 5404 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll 18:27:05.0737 5404 netprofm - ok 18:27:05.0742 5404 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 18:27:05.0744 5404 NetTcpActivator - ok 18:27:05.0748 5404 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 18:27:05.0750 5404 NetTcpPortSharing - ok 18:27:06.0213 5404 NETw5s64 (4d85a450edef10c38882182753a49aae) C:\Windows\system32\DRIVERS\NETw5s64.sys 18:27:06.0299 5404 NETw5s64 - ok 18:27:06.0755 5404 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys 18:27:06.0837 5404 netw5v64 - ok 18:27:06.0972 5404 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys 18:27:06.0986 5404 nfrd960 - ok 18:27:07.0035 5404 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll 18:27:07.0040 5404 NlaSvc - ok 18:27:07.0053 5404 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 18:27:07.0054 5404 Npfs - ok 18:27:07.0066 5404 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll 18:27:07.0077 5404 nsi - ok 18:27:07.0090 5404 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 18:27:07.0091 5404 nsiproxy - ok 18:27:07.0211 5404 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys 18:27:07.0231 5404 Ntfs - ok 18:27:07.0348 5404 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 18:27:07.0349 5404 Null - ok 18:27:07.0392 5404 NVHDA (181e7fe39211e04128a30708906627d8) C:\Windows\system32\drivers\nvhda64v.sys 18:27:07.0394 5404 NVHDA - ok 18:27:08.0098 5404 nvlddmkm (04625e1d4821e66c2beab2c7e64ae416) C:\Windows\system32\DRIVERS\nvlddmkm.sys 18:27:08.0316 5404 nvlddmkm - ok 18:27:08.0455 5404 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys 18:27:08.0472 5404 nvraid - ok 18:27:08.0487 5404 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys 18:27:08.0502 5404 nvstor - ok 18:27:08.0559 5404 nvsvc (86f74594f4994ec42cc55712a4713835) C:\Windows\system32\nvvsvc.exe 18:27:08.0565 5404 nvsvc - ok 18:27:08.0577 5404 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys 18:27:08.0591 5404 nv_agp - ok 18:27:08.0614 5404 NxDrv (81ea44152271ec2bb2a0251987d5d13c) C:\Windows\system32\DRIVERS\NxDrv.sys 18:27:08.0615 5404 NxDrv - ok 18:27:08.0637 5404 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys 18:27:08.0647 5404 ohci1394 - ok 18:27:08.0736 5404 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 18:27:08.0789 5404 ose - ok 18:27:09.0203 5404 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 18:27:09.0244 5404 osppsvc - ok 18:27:09.0355 5404 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 18:27:09.0369 5404 p2pimsvc - ok 18:27:09.0418 5404 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll 18:27:09.0432 5404 p2psvc - ok 18:27:09.0477 5404 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys 18:27:09.0490 5404 Parport - ok 18:27:09.0514 5404 partmgr (90061b1acfe8ccaa5345750ffe08d8b8) C:\Windows\system32\drivers\partmgr.sys 18:27:09.0515 5404 partmgr - ok 18:27:09.0535 5404 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll 18:27:09.0549 5404 PcaSvc - ok 18:27:09.0571 5404 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys 18:27:09.0574 5404 pci - ok 18:27:09.0594 5404 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys 18:27:09.0604 5404 pciide - ok 18:27:09.0627 5404 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys 18:27:09.0642 5404 pcmcia - ok 18:27:09.0664 5404 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 18:27:09.0664 5404 pcw - ok 18:27:09.0721 5404 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 18:27:09.0728 5404 PEAUTH - ok 18:27:09.0831 5404 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll 18:27:09.0863 5404 PeerDistSvc - ok 18:27:09.0976 5404 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe 18:27:09.0996 5404 PerfHost - ok 18:27:10.0141 5404 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll 18:27:10.0171 5404 pla - ok 18:27:10.0212 5404 PlugPlay (23157d583244400e1d7fbaee2e4b31b7) C:\Windows\system32\umpnpmgr.dll 18:27:10.0233 5404 PlugPlay - ok 18:27:10.0287 5404 pmxdrv (34bfc6ed31b4e8be940c884b8ac7d9df) C:\Windows\system32\drivers\pmxdrv.sys 18:27:10.0303 5404 pmxdrv - ok 18:27:10.0322 5404 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll 18:27:10.0333 5404 PNRPAutoReg - ok 18:27:10.0361 5404 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 18:27:10.0365 5404 PNRPsvc - ok 18:27:10.0418 5404 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll 18:27:10.0439 5404 PolicyAgent - ok 18:27:10.0459 5404 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll 18:27:10.0474 5404 Power - ok 18:27:10.0565 5404 Power Manager DBC Service (0b6590c8e9b12cd7edc7bb7311efbb30) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE 18:27:10.0567 5404 Power Manager DBC Service - ok 18:27:10.0603 5404 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys 18:27:10.0604 5404 PptpMiniport - ok 18:27:10.0624 5404 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys 18:27:10.0636 5404 Processor - ok 18:27:10.0685 5404 ProfSvc (97293447431311c06703368ad0f6c4be) C:\Windows\system32\profsvc.dll 18:27:10.0703 5404 ProfSvc - ok 18:27:10.0725 5404 ProtectedStorage (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe 18:27:10.0726 5404 ProtectedStorage - ok 18:27:10.0759 5404 psadd (515a7c5a0886fcc60901916785efd549) C:\Windows\system32\DRIVERS\psadd.sys 18:27:10.0761 5404 psadd - ok 18:27:10.0803 5404 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys 18:27:10.0804 5404 Psched - ok 18:27:11.0132 5404 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys 18:27:11.0167 5404 ql2300 - ok 18:27:11.0273 5404 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys 18:27:11.0285 5404 ql40xx - ok 18:27:11.0330 5404 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll 18:27:11.0342 5404 QWAVE - ok 18:27:11.0363 5404 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 18:27:11.0372 5404 QWAVEdrv - ok 18:27:11.0377 5404 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 18:27:11.0389 5404 RasAcd - ok 18:27:11.0420 5404 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 18:27:11.0421 5404 RasAgileVpn - ok 18:27:11.0441 5404 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll 18:27:11.0452 5404 RasAuto - ok 18:27:11.0473 5404 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys 18:27:11.0474 5404 Rasl2tp - ok 18:27:11.0524 5404 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll 18:27:11.0547 5404 RasMan - ok 18:27:11.0569 5404 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 18:27:11.0570 5404 RasPppoe - ok 18:27:11.0587 5404 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 18:27:11.0588 5404 RasSstp - ok 18:27:11.0618 5404 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys 18:27:11.0621 5404 rdbss - ok 18:27:11.0631 5404 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys 18:27:11.0632 5404 rdpbus - ok 18:27:11.0648 5404 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 18:27:11.0649 5404 RDPCDD - ok 18:27:11.0687 5404 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys 18:27:11.0697 5404 RDPDR - ok 18:27:11.0713 5404 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys 18:27:11.0714 5404 RDPENCDD - ok 18:27:11.0724 5404 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 18:27:11.0725 5404 RDPREFMP - ok 18:27:11.0768 5404 RDPWD (447de7e3dea39d422c1504f245b668b1) C:\Windows\system32\drivers\RDPWD.sys 18:27:11.0779 5404 RDPWD - ok 18:27:11.0811 5404 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys 18:27:11.0813 5404 rdyboost - ok 18:27:11.0946 5404 RegSrvc (3b71b5b91e7dca93585d5a86c897adc4) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe 18:27:11.0951 5404 RegSrvc - ok 18:27:11.0985 5404 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll 18:27:11.0993 5404 RemoteAccess - ok 18:27:12.0029 5404 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll 18:27:12.0044 5404 RemoteRegistry - ok 18:27:12.0299 5404 ReportServer (b08d6b6785b947fc97f18027a7a88f86) C:\Program Files\Microsoft SQL Server\MSRS10_50.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe 18:27:12.0319 5404 ReportServer - ok 18:27:12.0468 5404 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys 18:27:12.0471 5404 RFCOMM - ok 18:27:12.0505 5404 rimspci (3dca561aaf776aa2e356fb5b142aa5f8) C:\Windows\system32\DRIVERS\rimspe64.sys 18:27:12.0507 5404 rimspci - ok 18:27:12.0548 5404 RimUsb (ad42432d22940b4215177be113e4919c) C:\Windows\system32\Drivers\RimUsb_AMD64.sys 18:27:12.0558 5404 RimUsb - ok 18:27:12.0613 5404 RimVSerPort (4aafffa67ac4dfa3d9985d78573887e2) C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys 18:27:12.0614 5404 RimVSerPort - ok 18:27:12.0624 5404 ROOTMODEM (388d3dd1a6457280f3badba9f3acd6b1) C:\Windows\system32\Drivers\RootMdm.sys 18:27:12.0625 5404 ROOTMODEM - ok 18:27:12.0655 5404 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll 18:27:12.0669 5404 RpcEptMapper - ok 18:27:12.0693 5404 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe 18:27:12.0703 5404 RpcLocator - ok 18:27:12.0739 5404 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll 18:27:12.0745 5404 RpcSs - ok 18:27:12.0827 5404 RsFx0105 (c9fe05a63c500abe3afa5786504c4d36) C:\Windows\system32\DRIVERS\RsFx0105.sys 18:27:12.0844 5404 RsFx0105 - ok 18:27:12.0892 5404 RsFx0151 (c606c5f712a3761896ceffa4af6b1268) C:\Windows\system32\DRIVERS\RsFx0151.sys 18:27:12.0909 5404 RsFx0151 - ok 18:27:12.0942 5404 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 18:27:12.0944 5404 rspndr - ok 18:27:12.0961 5404 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys 18:27:12.0970 5404 s3cap - ok 18:27:12.0983 5404 SamSs (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe 18:27:12.0985 5404 SamSs - ok 18:27:13.0016 5404 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys 18:27:13.0029 5404 sbp2port - ok 18:27:13.0053 5404 SBRE - ok 18:27:13.0091 5404 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll 18:27:13.0105 5404 SCardSvr - ok 18:27:13.0123 5404 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys 18:27:13.0124 5404 scfilter - ok 18:27:13.0204 5404 Schedule (ec56b171f85c7e855e7b0588ac503eea) C:\Windows\system32\schedsvc.dll 18:27:13.0219 5404 Schedule - ok 18:27:13.0248 5404 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll 18:27:13.0249 5404 SCPolicySvc - ok 18:27:13.0288 5404 sdbus (54e47ad086782d3ae9417c155cdceb9b) C:\Windows\system32\DRIVERS\sdbus.sys 18:27:13.0290 5404 sdbus - ok 18:27:13.0313 5404 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll 18:27:13.0329 5404 SDRSVC - ok 18:27:13.0442 5404 SeaPort (78779ee07231c658b483b1f38b5088df) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE 18:27:13.0445 5404 SeaPort - ok 18:27:13.0482 5404 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 18:27:13.0483 5404 secdrv - ok 18:27:13.0502 5404 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll 18:27:13.0516 5404 seclogon - ok 18:27:13.0533 5404 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll 18:27:13.0536 5404 SENS - ok 18:27:13.0559 5404 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll 18:27:13.0569 5404 SensrSvc - ok 18:27:13.0581 5404 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys 18:27:13.0582 5404 Serenum - ok 18:27:13.0598 5404 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys 18:27:13.0600 5404 Serial - ok 18:27:13.0613 5404 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys 18:27:13.0623 5404 sermouse - ok 18:27:13.0681 5404 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll 18:27:13.0698 5404 SessionEnv - ok 18:27:13.0720 5404 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys 18:27:13.0730 5404 sffdisk - ok 18:27:13.0737 5404 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys 18:27:13.0747 5404 sffp_mmc - ok 18:27:13.0761 5404 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys 18:27:13.0770 5404 sffp_sd - ok 18:27:13.0775 5404 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys 18:27:13.0785 5404 sfloppy - ok 18:27:13.0828 5404 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll 18:27:13.0841 5404 SharedAccess - ok 18:27:13.0881 5404 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll 18:27:13.0900 5404 ShellHWDetection - ok 18:27:13.0932 5404 Shockprf (c45942985943fc4ab8a7ea7a92f29c00) C:\Windows\system32\DRIVERS\Apsx64.sys 18:27:13.0936 5404 Shockprf - ok 18:27:13.0954 5404 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys 18:27:13.0965 5404 SiSRaid2 - ok 18:27:13.0977 5404 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys 18:27:13.0989 5404 SiSRaid4 - ok 18:27:14.0098 5404 SkypeUpdate (ea396139541706b4b433641d62ea53ce) C:\Program Files (x86)\Skype\Updater\Updater.exe 18:27:14.0254 5404 SkypeUpdate - ok 18:27:14.0312 5404 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 18:27:14.0324 5404 Smb - ok 18:27:14.0617 5404 SmcService (ad97b711074cf27da0c00f2c26e1a62c) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe 18:27:14.0646 5404 SmcService - ok 18:27:14.0745 5404 smihlp (c5b1a19b14f19b08ae72fcb20a3075b6) C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys 18:27:14.0757 5404 smihlp - ok 18:27:14.0871 5404 SNAC (91bd8e268d93aaf5f59aac9de84a25bb) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE 18:27:14.0894 5404 SNAC - ok 18:27:15.0011 5404 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe 18:27:15.0023 5404 SNMPTRAP - ok 18:27:15.0228 5404 SONICWALL_NetExtender (9b232bf5a80fad158f0d42ca3ffe76fc) C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEService64.exe 18:27:15.0233 5404 SONICWALL_NetExtender - ok 18:27:15.0261 5404 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 18:27:15.0262 5404 spldr - ok 18:27:15.0313 5404 Spooler (89e8550c5862999fcf482ea562b0e98e) C:\Windows\System32\spoolsv.exe 18:27:15.0320 5404 Spooler - ok 18:27:15.0526 5404 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe 18:27:15.0639 5404 sppsvc - ok 18:27:15.0807 5404 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll 18:27:15.0823 5404 sppuinotify - ok 18:27:15.0984 5404 SQLAgent$SQLEXPRESS (45e65fb17a4cd5facbd3ca16c8334c82) c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE 18:27:16.0025 5404 SQLAgent$SQLEXPRESS - ok 18:27:16.0282 5404 SQLBrowser (7d67c07c63796775cc5492bcfeaff125) c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe 18:27:16.0333 5404 SQLBrowser - ok 18:27:16.0402 5404 SQLSERVERAGENT (3420e0482ad95120b471b7328a8d7d08) C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE 18:27:16.0449 5404 SQLSERVERAGENT - ok 18:27:16.0520 5404 SQLWriter (f98ddfbfe0ee66d4c4b00693512b9527) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe 18:27:16.0522 5404 SQLWriter - ok 18:27:16.0709 5404 SRTSP (32900ac9cfdc578531279886ca16a4df) C:\Windows\system32\Drivers\SRTSP64.SYS 18:27:16.0715 5404 SRTSP - ok 18:27:16.0765 5404 SRTSPL (8929566d1f14685fd78eaf25bee3ecc7) C:\Windows\system32\Drivers\SRTSPL64.SYS 18:27:16.0788 5404 SRTSPL - ok 18:27:16.0800 5404 SRTSPX (cb2fdf47ee67f8cca5362ed9b94fe955) C:\Windows\system32\Drivers\SRTSPX64.SYS 18:27:16.0801 5404 SRTSPX - ok 18:27:16.0845 5404 srv (ec8f67289105bf270498095f14963464) C:\Windows\system32\DRIVERS\srv.sys 18:27:16.0850 5404 srv - ok 18:27:16.0896 5404 srv2 (f773d2ed090b7baa1c1a034f3ca476c8) C:\Windows\system32\DRIVERS\srv2.sys 18:27:16.0900 5404 srv2 - ok 18:27:16.0939 5404 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS 18:27:16.0956 5404 SrvHsfHDA - ok 18:27:17.0062 5404 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS 18:27:17.0096 5404 SrvHsfV92 - ok 18:27:17.0256 5404 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS 18:27:17.0281 5404 SrvHsfWinac - ok 18:27:17.0318 5404 srvnet (26e84d3649019c3244622e654dfcd75b) C:\Windows\system32\DRIVERS\srvnet.sys 18:27:17.0320 5404 srvnet - ok 18:27:17.0353 5404 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll 18:27:17.0368 5404 SSDPSRV - ok 18:27:17.0382 5404 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll 18:27:17.0400 5404 SstpSvc - ok 18:27:17.0415 5404 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys 18:27:17.0427 5404 stexstor - ok 18:27:17.0484 5404 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll 18:27:17.0500 5404 stisvc - ok 18:27:17.0525 5404 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys 18:27:17.0527 5404 storflt - ok 18:27:17.0540 5404 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll 18:27:17.0550 5404 StorSvc - ok 18:27:17.0563 5404 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys 18:27:17.0574 5404 storvsc - ok 18:27:17.0681 5404 SUService (3119e9bc5fad5ea1cd31ae200a1da591) c:\Program Files (x86)\Lenovo\System Update\SUService.exe 18:27:17.0681 5404 SUService - ok 18:27:17.0715 5404 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys 18:27:17.0715 5404 swenum - ok 18:27:17.0770 5404 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll 18:27:17.0786 5404 swprv - ok 18:27:17.0978 5404 Symantec AntiVirus (ba2fb8f8ab24d0279caa98a4c118150e) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe 18:27:17.0999 5404 Symantec AntiVirus - ok 18:27:18.0115 5404 SymEvent (7e4d281982e19abd06728c7ee9ac40a8) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS 18:27:18.0132 5404 SymEvent - ok 18:27:18.0205 5404 SynTP (3c08fb2829a5304825f974b1631dedfa) C:\Windows\system32\DRIVERS\SynTP.sys 18:27:18.0209 5404 SynTP - ok 18:27:18.0336 5404 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll 18:27:18.0391 5404 SysMain - ok 18:27:18.0483 5404 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll 18:27:18.0495 5404 TabletInputService - ok 18:27:18.0528 5404 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll 18:27:18.0546 5404 TapiSrv - ok 18:27:18.0564 5404 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll 18:27:18.0576 5404 TBS - ok 18:27:18.0740 5404 Tcpip (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\drivers\tcpip.sys 18:27:18.0764 5404 Tcpip - ok 18:27:18.0956 5404 TCPIP6 (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\DRIVERS\tcpip.sys 18:27:18.0972 5404 TCPIP6 - ok 18:27:19.0040 5404 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys 18:27:19.0040 5404 tcpipreg - ok 18:27:19.0058 5404 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 18:27:19.0069 5404 TDPIPE - ok 18:27:19.0098 5404 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys 18:27:19.0109 5404 TDTCP - ok 18:27:19.0140 5404 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys 18:27:19.0141 5404 tdx - ok 18:27:19.0381 5404 TeamViewer7 (a4d2ce94b028ef1e437cf4ac3d8ff26c) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe 18:27:19.0403 5404 TeamViewer7 - ok 18:27:19.0568 5404 Teefer2 (13657dc475de564247745bf4da23207c) C:\Windows\system32\DRIVERS\teefer2.sys 18:27:19.0569 5404 Teefer2 - ok 18:27:19.0596 5404 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys 18:27:19.0598 5404 TermDD - ok 18:27:19.0659 5404 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll 18:27:19.0693 5404 TermService - ok 18:27:19.0718 5404 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll 18:27:19.0730 5404 Themes - ok 18:27:19.0867 5404 ThinkVantage Registry Monitor Service (39ac444e07fdbd8c2e8e291a65d515d3) C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe 18:27:19.0877 5404 ThinkVantage Registry Monitor Service - ok 18:27:19.0902 5404 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 18:27:19.0904 5404 THREADORDER - ok 18:27:19.0952 5404 TPDIGIMN (6db3fae611554dc373e266ed50111b1c) C:\Windows\system32\DRIVERS\ApsHM64.sys 18:27:19.0952 5404 TPDIGIMN - ok 18:27:19.0982 5404 TPHDEXLGSVC (47d2009fdc682833ee03b6dcba23fdd2) C:\Windows\system32\TPHDEXLG64.exe 18:27:19.0996 5404 TPHDEXLGSVC - ok 18:27:20.0090 5404 TPHKSVC (12068221ca8264e4d1281520089e195c) C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe 18:27:20.0091 5404 TPHKSVC - ok 18:27:20.0124 5404 TPM (dbcc20c02e8a3e43b03c304a4e40a84f) C:\Windows\system32\drivers\tpm.sys 18:27:20.0126 5404 TPM - ok 18:27:20.0150 5404 TPPWRIF (2c067e01d6bbccc88b233b868e210907) C:\Windows\system32\drivers\Tppwr64v.sys 18:27:20.0151 5404 TPPWRIF - ok 18:27:20.0187 5404 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll 18:27:20.0204 5404 TrkWks - ok 18:27:20.0243 5404 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe 18:27:20.0254 5404 TrustedInstaller - ok 18:27:20.0269 5404 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys 18:27:20.0281 5404 tssecsrv - ok 18:27:20.0318 5404 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys 18:27:20.0319 5404 tunnel - ok 18:27:20.0353 5404 TurboB (53ff5f00eab07e329abe48ae3de4f5d7) C:\Windows\system32\DRIVERS\TurboB.sys 18:27:20.0354 5404 TurboB - ok 18:27:20.0411 5404 TurboBoost (b670df651f00194434adc6b326743709) C:\Program Files\Intel\TurboBoost\TurboBoost.exe 18:27:20.0448 5404 TurboBoost - ok 18:27:20.0639 5404 TVT Backup Service (b56da1aa776c15043d10f82b32aa000d) C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe 18:27:20.0707 5404 TVT Backup Service - ok 18:27:20.0834 5404 TVTI2C (4daae0413cd4e816258838e2fafb3147) C:\Windows\system32\DRIVERS\Tvti2c.sys 18:27:20.0835 5404 TVTI2C - ok 18:27:20.0861 5404 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys 18:27:20.0873 5404 uagp35 - ok 18:27:20.0896 5404 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys 18:27:20.0909 5404 udfs - ok 18:27:20.0962 5404 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe 18:27:20.0975 5404 UI0Detect - ok 18:27:20.0988 5404 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys 18:27:21.0001 5404 uliagpkx - ok 18:27:21.0017 5404 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys 18:27:21.0019 5404 umbus - ok 18:27:21.0025 5404 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys 18:27:21.0035 5404 UmPass - ok 18:27:21.0055 5404 UmRdpService (af0ac98ee5077eb844413eb54287fde3) C:\Windows\System32\umrdp.dll 18:27:21.0071 5404 UmRdpService - ok 18:27:21.0283 5404 UNS (40c7c20d2d1798eeb68eefd606c20689) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe 18:27:21.0305 5404 UNS - ok 18:27:21.0527 5404 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll 18:27:21.0543 5404 upnphost - ok 18:27:21.0621 5404 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys 18:27:21.0622 5404 USBAAPL64 - ok 18:27:21.0651 5404 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys 18:27:21.0653 5404 usbccgp - ok 18:27:21.0676 5404 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys 18:27:21.0688 5404 usbcir - ok 18:27:21.0704 5404 usbehci (cb490987a7f6928a04bb838e3bd8a936) C:\Windows\system32\DRIVERS\usbehci.sys 18:27:21.0705 5404 usbehci - ok 18:27:21.0743 5404 usbhub (18124ef0a881a00ee222d02a3ee30270) C:\Windows\system32\DRIVERS\usbhub.sys 18:27:21.0748 5404 usbhub - ok 18:27:21.0768 5404 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys 18:27:21.0778 5404 usbohci - ok 18:27:21.0792 5404 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys 18:27:21.0802 5404 usbprint - ok 18:27:21.0822 5404 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS 18:27:21.0834 5404 USBSTOR - ok 18:27:21.0839 5404 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys 18:27:21.0852 5404 usbuhci - ok 18:27:21.0887 5404 usbvideo (d501e12614b00a3252073101d6a1a74b) C:\Windows\system32\Drivers\usbvideo.sys 18:27:21.0900 5404 usbvideo - ok 18:27:21.0933 5404 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll 18:27:21.0946 5404 UxSms - ok 18:27:21.0967 5404 VaultSvc (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe 18:27:21.0969 5404 VaultSvc - ok 18:27:21.0998 5404 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys 18:27:22.0000 5404 vdrvroot - ok 18:27:22.0037 5404 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe 18:27:22.0054 5404 vds - ok 18:27:22.0061 5404 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 18:27:22.0070 5404 vga - ok 18:27:22.0088 5404 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 18:27:22.0089 5404 VgaSave - ok 18:27:22.0109 5404 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys 18:27:22.0132 5404 vhdmp - ok 18:27:22.0137 5404 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys 18:27:22.0148 5404 viaide - ok 18:27:22.0168 5404 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys 18:27:22.0182 5404 vmbus - ok 18:27:22.0188 5404 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys 18:27:22.0197 5404 VMBusHID - ok 18:27:22.0220 5404 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys 18:27:22.0221 5404 volmgr - ok 18:27:22.0257 5404 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys 18:27:22.0260 5404 volmgrx - ok 18:27:22.0295 5404 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys 18:27:22.0299 5404 volsnap - ok 18:27:22.0336 5404 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys 18:27:22.0350 5404 vsmraid - ok 18:27:22.0477 5404 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe 18:27:22.0507 5404 VSS - ok 18:27:22.0619 5404 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys 18:27:22.0620 5404 vwifibus - ok 18:27:22.0652 5404 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys 18:27:22.0653 5404 vwififlt - ok 18:27:22.0700 5404 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll 18:27:22.0706 5404 W32Time - ok 18:27:22.0733 5404 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys 18:27:22.0746 5404 WacomPen - ok 18:27:22.0776 5404 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys 18:27:22.0777 5404 WANARP - ok 18:27:22.0785 5404 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys 18:27:22.0786 5404 Wanarpv6 - ok 18:27:22.0886 5404 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe 18:27:22.0917 5404 wbengine - ok 18:27:23.0039 5404 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll 18:27:23.0055 5404 WbioSrvc - ok 18:27:23.0090 5404 wcncsvc (8321c2ca3b62b61b293cda3451984468) C:\Windows\System32\wcncsvc.dll 18:27:23.0105 5404 wcncsvc - ok 18:27:23.0126 5404 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll 18:27:23.0137 5404 WcsPlugInService - ok 18:27:23.0178 5404 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys 18:27:23.0189 5404 Wd - ok 18:27:23.0245 5404 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 18:27:23.0253 5404 Wdf01000 - ok 18:27:23.0274 5404 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 18:27:23.0290 5404 WdiServiceHost - ok 18:27:23.0294 5404 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 18:27:23.0298 5404 WdiSystemHost - ok 18:27:23.0326 5404 WebClient (8a438cbb8c032a0c798b0c642ffbe572) C:\Windows\System32\webclnt.dll 18:27:23.0351 5404 WebClient - ok 18:27:23.0375 5404 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll 18:27:23.0389 5404 Wecsvc - ok 18:27:23.0413 5404 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll 18:27:23.0426 5404 wercplsupport - ok 18:27:23.0453 5404 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll 18:27:23.0463 5404 WerSvc - ok 18:27:23.0491 5404 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 18:27:23.0493 5404 WfpLwf - ok 18:27:23.0511 5404 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 18:27:23.0521 5404 WIMMount - ok 18:27:23.0586 5404 winachsf (1edbbf412a382550af6eb35f5e46928e) C:\Windows\system32\DRIVERS\CAX_CNXT.sys 18:27:23.0596 5404 winachsf - ok 18:27:23.0638 5404 WinDefend - ok 18:27:23.0652 5404 WinHttpAutoProxySvc - ok 18:27:23.0711 5404 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll 18:27:23.0730 5404 Winmgmt - ok 18:27:23.0886 5404 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll 18:27:23.0932 5404 WinRM - ok 18:27:24.0057 5404 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUSB.sys 18:27:24.0058 5404 WinUsb - ok 18:27:24.0133 5404 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll 18:27:24.0146 5404 Wlansvc - ok 18:27:24.0439 5404 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 18:27:24.0459 5404 wlidsvc - ok 18:27:24.0585 5404 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys 18:27:24.0586 5404 WmiAcpi - ok 18:27:24.0643 5404 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe 18:27:24.0659 5404 wmiApSrv - ok 18:27:24.0711 5404 WMPNetworkSvc - ok 18:27:24.0742 5404 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll 18:27:24.0753 5404 WPCSvc - ok 18:27:24.0773 5404 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll 18:27:24.0788 5404 WPDBusEnum - ok 18:27:24.0816 5404 WPS (6cab753b203f39b4ce05ff10013de2ef) C:\Windows\system32\drivers\wpsdrvnt.sys 18:27:24.0825 5404 WPS - ok 18:27:24.0872 5404 WpsHelper (d9b5a13804b7d97770c42da484a9d86e) C:\Windows\system32\drivers\WpsHelper.sys 18:27:24.0900 5404 WpsHelper - ok 18:27:24.0943 5404 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 18:27:24.0952 5404 ws2ifsl - ok 18:27:24.0977 5404 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll 18:27:24.0990 5404 wscsvc - ok 18:27:24.0994 5404 WSearch - ok 18:27:25.0193 5404 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll 18:27:25.0225 5404 wuauserv - ok 18:27:25.0338 5404 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys 18:27:25.0340 5404 WudfPf - ok 18:27:25.0371 5404 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys 18:27:25.0373 5404 WUDFRd - ok 18:27:25.0402 5404 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll 18:27:25.0414 5404 wudfsvc - ok 18:27:25.0452 5404 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll 18:27:25.0464 5404 WwanSvc - ok 18:27:25.0499 5404 XAudio (e8f3fa126a06f8e7088f63757112a186) C:\Windows\system32\DRIVERS\XAudio64.sys 18:27:25.0500 5404 XAudio - ok 18:27:25.0530 5404 MBR (0x1B8) (14156fcf2cd2733b0f4bdf9d93cc00b2) \Device\Harddisk0\DR0 18:27:25.0829 5404 \Device\Harddisk0\DR0 - ok 18:27:25.0834 5404 Boot (0x1200) (0a74415b72e67e770f122af0aacb13b3) \Device\Harddisk0\DR0\Partition0 18:27:25.0836 5404 \Device\Harddisk0\DR0\Partition0 - ok 18:27:25.0847 5404 Boot (0x1200) (a0cc1d350a10342a493721b22a861d53) \Device\Harddisk0\DR0\Partition1 18:27:25.0849 5404 \Device\Harddisk0\DR0\Partition1 - ok 18:27:25.0880 5404 Boot (0x1200) (40aaa4536e91a47a5c6e2f49190495f5) \Device\Harddisk0\DR0\Partition2 18:27:25.0883 5404 \Device\Harddisk0\DR0\Partition2 - ok 18:27:25.0884 5404 ============================================================ 18:27:25.0884 5404 Scan finished 18:27:25.0884 5404 ============================================================ 18:27:25.0900 7828 Detected object count: 0 18:27:25.0900 7828 Actual detected object count: 0 running the other one now.
  17. mbdchampagne
    yes, all browsers, and it takes me to various pages. usually loosely related to my search. for example, a search for bahamas will redirect to a travel site. a search for ipad accessories takes me to a "you won an ipad" page.
  18. mbdchampagne
    ok, here is the log from ESET: C:\Program Files (x86)\YouTube Downloader Toolbar\IE\5.6\youtubedownloaderToolbarIE.dll a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined C:\Users\dchampagne\Downloads\cnet2_cuteftp_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined and here is the Checkup log: Results of screen317's Security Check version 0.99.43 Windows 7 x64 (UAC is disabled!) Out of date service pack!! Internet Explorer 8 Out of date! ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Symantec Endpoint Protection WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Spybot - Search & Destroy Malwarebytes Anti-Malware version 1.62.0.1300 Java 6 Update 32 Java version out of Date! Adobe Reader 9 Adobe Reader out of Date! Mozilla Firefox 13.0.1 Firefox out of Date! Google Chrome 20.0.1132.47 Google Chrome 20.0.1132.57 Google Chrome plugins... ````````Process Check: objlist.exe by Laurent```````` Norton ccSvcHst.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 1% ````````````````````End of Log`````````````````````` still having the same issue. thanks!
  19. mbdchampagne
    I am running the first one now, up to 28%. Then I'll run the next one and report back. I am still getting hijacked when I search in any browser - its not every time, but it's consistent. I'll check again after these are done running, thanks again for your help.
  20. mbdchampagne
    Thanks - here is the log for MWAM: Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Database version: v2012.07.19.11 Windows 7 x64 NTFS Internet Explorer 8.0.7600.16385 dchampagne :: DCHAMPAGNE [administrator] 7/19/2012 1:49:32 PM mbam-log-2012-07-19 (13-49-32).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 197379 Time elapsed: 3 minute(s), 7 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) and here is the log for ComboFix: ComboFix 12-07-19.02 - dchampagne 07/19/2012 13:56:55.1.4 - x64 Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.8052.4596 [GMT -4:00] Running from: c:\users\dchampagne\Desktop\ComboFix.exe AV: Symantec Endpoint Protection *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855} FW: Symantec Endpoint Protection *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E} SP: Symantec Endpoint Protection *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\install.exe Q:\Autorun.inf . . ((((((((((((((((((((((((( Files Created from 2012-06-19 to 2012-07-19 ))))))))))))))))))))))))))))))) . . 2012-07-19 18:05 . 2012-07-19 18:05 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-07-17 16:43 . 2012-07-17 16:43 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8D37FB42-A874-4C61-AD02-60AF31AB8E6F}\offreg.dll 2012-07-17 16:27 . 2012-07-17 16:27 -------- d-----w- c:\windows\en 2012-07-17 16:21 . 2012-07-17 16:21 -------- d-----w- c:\program files\Windows Live 2012-07-17 16:18 . 2009-09-04 21:44 69464 ----a-w- c:\windows\SysWow64\XAPOFX1_3.dll 2012-07-17 16:18 . 2009-09-04 21:44 515416 ----a-w- c:\windows\SysWow64\XAudio2_5.dll 2012-07-17 16:18 . 2009-09-04 21:29 453456 ----a-w- c:\windows\SysWow64\d3dx10_42.dll 2012-07-17 16:18 . 2009-09-04 21:29 523088 ----a-w- c:\windows\system32\d3dx10_42.dll 2012-07-17 16:17 . 2010-08-11 05:19 3860992 ----a-w- c:\windows\system32\UIRibbon.dll 2012-07-17 16:17 . 2010-08-11 05:13 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll 2012-07-17 16:17 . 2010-08-11 04:44 2983424 ----a-w- c:\windows\SysWow64\UIRibbon.dll 2012-07-17 16:17 . 2010-08-11 04:35 1164800 ----a-w- c:\windows\SysWow64\UIRibbonRes.dll 2012-07-17 16:16 . 2010-05-23 10:15 1619456 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL 2012-07-17 16:16 . 2010-05-23 10:11 196608 ----a-w- c:\windows\SysWow64\mfreadwrite.dll 2012-07-17 16:16 . 2010-05-23 08:37 1888256 ----a-w- c:\windows\system32\WMVDECOD.DLL 2012-07-17 16:16 . 2010-05-23 08:35 257024 ----a-w- c:\windows\system32\mfreadwrite.dll 2012-07-17 16:16 . 2010-05-23 08:35 206848 ----a-w- c:\windows\system32\mfps.dll 2012-07-17 16:16 . 2010-05-23 10:11 3181568 ----a-w- c:\windows\SysWow64\mf.dll 2012-07-17 16:16 . 2010-05-23 08:35 4068864 ----a-w- c:\windows\system32\mf.dll 2012-07-17 16:14 . 2012-07-17 16:14 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\364ea9351cd64370f\MeshBetaRemover.exe 2012-07-17 15:51 . 2012-07-16 06:40 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8D37FB42-A874-4C61-AD02-60AF31AB8E6F}\mpengine.dll 2012-07-17 15:51 . 2012-05-31 16:25 279656 ------w- c:\windows\system32\MpSigStub.exe 2012-07-17 15:50 . 2012-07-17 15:50 -------- d-----w- c:\programdata\GFI Software 2012-07-16 21:24 . 2012-07-16 21:24 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help 2012-07-16 21:17 . 2012-04-17 05:38 851968 ----a-w- c:\windows\system32\jscript.dll 2012-07-16 21:10 . 2012-05-02 05:32 208896 ----a-w- c:\windows\system32\profsvc.dll 2012-07-16 21:10 . 2012-05-04 10:52 5505392 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-07-16 21:10 . 2012-05-04 10:08 3958128 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-07-16 21:10 . 2012-05-04 10:08 3902320 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-07-16 21:09 . 2012-05-15 01:32 3144192 ----a-w- c:\windows\system32\win32k.sys 2012-07-16 21:09 . 2012-04-28 03:50 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-07-16 21:09 . 2012-04-07 12:18 3213824 ----a-w- c:\windows\system32\msi.dll 2012-07-16 21:09 . 2012-04-07 11:34 2342400 ----a-w- c:\windows\SysWow64\msi.dll 2012-07-16 21:07 . 2012-04-24 05:59 182272 ----a-w- c:\windows\system32\cryptsvc.dll 2012-07-16 21:07 . 2012-04-24 05:59 1460224 ----a-w- c:\windows\system32\crypt32.dll 2012-07-16 21:07 . 2012-04-24 05:59 140288 ----a-w- c:\windows\system32\cryptnet.dll 2012-07-16 21:07 . 2012-04-24 04:47 139264 ----a-w- c:\windows\SysWow64\cryptsvc.dll 2012-07-16 21:07 . 2012-04-24 04:47 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll 2012-07-16 21:07 . 2012-04-24 04:47 1156608 ----a-w- c:\windows\SysWow64\crypt32.dll 2012-07-16 19:50 . 2012-07-16 19:50 -------- d-----w- c:\users\dchampagne\AppData\Roaming\Malwarebytes 2012-07-16 19:47 . 2012-07-16 19:47 -------- d-----w- c:\programdata\Malwarebytes 2012-07-16 19:47 . 2012-07-16 19:51 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-07-16 19:47 . 2012-07-03 17:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-07-16 18:26 . 2011-09-29 16:16 119416 ------w- c:\windows\system32\drivers\SbFwIm.sys 2012-07-16 14:24 . 2012-07-16 14:24 7450888 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\c0b8ae7a1cd635e11\bingbarsetup.exe 2012-07-16 14:24 . 2012-07-16 14:24 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\b1e067c31cd635e10\DSETUP.dll 2012-07-16 14:24 . 2012-07-16 14:24 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\b1e067c31cd635e10\DXSETUP.exe 2012-07-16 14:24 . 2012-07-16 14:24 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\b1e067c31cd635e10\dsetup32.dll 2012-07-16 14:24 . 2012-07-16 14:24 94040 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\af44761a1cd635e0f\DSETUP.dll 2012-07-16 14:24 . 2012-07-16 14:24 525656 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\af44761a1cd635e0f\DXSETUP.exe 2012-07-16 14:24 . 2012-07-16 14:24 1691480 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\af44761a1cd635e0f\dsetup32.dll 2012-07-16 14:23 . 2012-07-19 14:03 -------- d-----w- c:\users\dchampagne\AppData\Local\Windows Live 2012-07-09 13:08 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-07-09 13:08 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-07-09 13:08 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll 2012-07-09 13:08 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-07-09 13:08 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-07-09 13:08 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe 2012-07-06 13:43 . 2012-07-06 13:44 -------- d-----w- c:\program files\iTunes 2012-07-06 13:43 . 2012-07-06 13:44 -------- d-----w- c:\program files (x86)\iTunes 2012-07-06 13:43 . 2012-07-06 13:43 -------- d-----w- c:\program files\iPod 2012-07-03 20:10 . 2012-07-03 20:10 -------- d-----w- c:\users\dchampagne\AppData\Local\DDMSettings 2012-07-03 20:04 . 2012-07-03 20:04 -------- d-----w- c:\users\dchampagne\AppData\Roaming\DivX 2012-07-03 20:03 . 2012-07-03 20:03 -------- d-----w- c:\program files (x86)\Common Files\PX Storage Engine 2012-07-03 20:03 . 2012-07-03 20:03 -------- d-----w- c:\program files\DivX 2012-07-03 20:03 . 2012-07-03 20:03 -------- d-----w- c:\program files (x86)\Common Files\DivX Shared 2012-07-03 20:00 . 2012-07-03 20:04 -------- d-----w- c:\program files (x86)\DivX 2012-07-03 19:58 . 2012-07-03 20:09 -------- d-----w- c:\programdata\DivX 2012-06-26 13:47 . 2012-06-26 13:47 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll 2012-06-26 13:47 . 2012-06-26 13:47 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll 2012-06-26 13:47 . 2012-06-26 13:47 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll 2012-06-26 13:47 . 2012-06-26 13:47 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll 2012-06-26 13:47 . 2012-06-26 13:47 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll 2012-06-26 13:47 . 2012-06-26 13:47 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll 2012-06-26 13:47 . 2012-06-26 13:47 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll 2012-06-26 13:46 . 2012-06-26 13:47 -------- d-----w- c:\program files (x86)\QuickTime . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-07-17 16:20 . 2011-03-28 22:36 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2012-07-16 21:17 . 2012-06-01 15:06 58957832 ----a-w- c:\windows\system32\MRT.exe 2012-06-28 15:46 . 2012-04-30 19:32 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-06-28 15:46 . 2012-04-30 19:32 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-06-01 15:03 . 2012-04-17 14:26 2144864 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll 2012-05-05 21:58 . 2012-05-05 21:58 8769696 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe 2012-05-04 15:00 . 2012-05-04 15:00 476960 ----a-w- c:\windows\SysWow64\npdeployJava1.dll 2012-05-04 15:00 . 2012-05-04 15:00 472864 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-04-26 15:54 . 2012-04-16 19:02 172592 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-14 22:58 94208 ----a-w- c:\users\dchampagne\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-14 22:58 94208 ----a-w- c:\users\dchampagne\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-14 22:58 94208 ----a-w- c:\users\dchampagne\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-14 22:58 94208 ----a-w- c:\users\dchampagne\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-03 17417392] "OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2010-12-21 718720] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "RotateImage"="c:\program files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe" [2008-10-30 55808] "PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2010-01-05 1101672] "Message Center Plus"="c:\program files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe" [2009-05-28 49976] "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] "ccApp"="c:\program files (x86)\Common Files\Symantec Shared\ccApp.exe" [2009-10-14 115560] "Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2012-03-27 40376] "Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2012-03-26 640440] "AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776] "IMSS"="c:\program files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" [2009-10-01 111640] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280] . c:\users\dchampagne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\dchampagne\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2009-8-11 1080608] Digital Line Detect.lnk - c:\program files (x86)\Digital Line Detect\DLG.exe [2010-3-8 50688] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "mixer4"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-03 160944] R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-04-01 183560] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-12-28 31124344] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-18 113120] R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368] R3 pmxdrv;pmxdrv;c:\windows\system32\drivers\pmxdrv.sys [2010-03-08 38536] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864] R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-09-30 126392] R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2010-04-03 59744] R4 RsFx0105;RsFx0105 Driver;c:\windows\system32\DRIVERS\RsFx0105.sys [2011-09-23 311144] R4 RsFx0151;RsFx0151 Driver;c:\windows\system32\DRIVERS\RsFx0151.sys [2011-06-18 313696] R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-09-23 431464] S0 DzHDD64;DzHDD64;c:\windows\System32\DRIVERS\DzHDD64.sys [2010-01-05 30320] S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys [2009-10-09 23592] S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys [2008-05-12 15400] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 DozeSvc;Lenovo Doze Mode Service;c:\program files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2010-01-05 161128] S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136] S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\LENOVO\HOTKEY\CAMMUTE.exe [2009-11-09 54632] S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2009-11-17 44984] S2 MsDtsServer100;SQL Server Integration Services 10.0;c:\program files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe [2011-06-18 210784] S2 ReportServer;SQL Server Reporting Services (MSSQLSERVER);c:\program files\Microsoft SQL Server\MSRS10_50.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2011-06-18 2180960] S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys [2009-10-26 61952] S2 smihlp;SMI Helper Driver (smihlp);c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [2009-03-13 13840] S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-03-19 2666880] S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2009-11-16 62904] S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2009-09-30 12728] S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-12-09 2320920] S3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys [2009-10-27 161664] S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 35104] S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [2009-06-30 292864] S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [2009-12-01 293040] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-05-30 138912] S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344] S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-26 151936] S3 LenovoRd;LenovoRd;c:\windows\system32\Drivers\LenovoRd.sys [2009-05-11 118016] S3 MSSQLFDLauncher;SQL Full-text Filter Daemon Launcher (MSSQLSERVER);c:\program files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe [2010-04-03 32096] S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2009-09-15 6952960] S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2009-11-11 84584] S3 NxDrv;SonicWALL NetExtender Adapter;c:\windows\system32\DRIVERS\NxDrv.sys [2010-10-27 24264] S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184] S3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2010-01-05 75112] S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys [2009-09-24 41536] S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736] . . Contents of the 'Scheduled Tasks' folder . 2012-07-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2051102694-2188014494-960542640-8627Core.job - c:\users\dchampagne\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-17 20:27] . 2012-07-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2051102694-2188014494-960542640-8627UA.job - c:\users\dchampagne\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-17 20:27] . 2012-07-19 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job - c:\program files\PC-Doctor\pcdlauncher.exe [2009-11-14 07:29] . 2012-04-18 c:\windows\Tasks\SystemToolsDailyTest.job - c:\program files\PC-Doctor\pcdr5cuiw32.exe [2009-11-14 07:30] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-14 22:58 97792 ----a-w- c:\users\dchampagne\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-14 22:58 97792 ----a-w- c:\users\dchampagne\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-14 22:58 97792 ----a-w- c:\users\dchampagne\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-14 22:58 97792 ----a-w- c:\users\dchampagne\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2009-11-17 69568] "TpShocks"="TpShocks.exe" [2009-12-11 380776] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-12-03 16414312] "SonicWALLNetExtender"="c:\program files (x86)\SonicWALL\SSL-VPN\NetExtender\NEGui.exe" [2011-05-04 1099648] "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-02-22 500208] "SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-07-16 307768] "nwiz"="nwiz.exe" [2009-12-03 1712744] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.com/ mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = <local> IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105 IE: Send image to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm Trusted Zone: atpworldtour.com\vpn TCP: DhcpNameServer = 10.1.0.5 10.104.0.5 FF - ProfilePath - c:\users\dchampagne\AppData\Roaming\Mozilla\Firefox\Profiles\3wdfz54w.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p= FF - prefs.js: network.proxy.type - 0 . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) Wow6432Node-HKCU-Run-Adobe - c:\users\dchampagne\AppData\Local\Akamai\Adobe\rtfzrvfnz.dll Wow6432Node-HKU-Default-Run-Adobe - c:\users\dchampagne\AppData\Local\Akamai\Adobe\rtfzrvfnz.dll SafeBoot-Symantec Antvirus Toolbar-Locked - (no file) HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe HKLM-Run-AcWin7Hlpr - c:\program files (x86)\Lenovo\Access Connections\AcTBenabler.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-07-19 14:09:02 ComboFix-quarantined-files.txt 2012-07-19 18:09 . Pre-Run: 259,646,210,048 bytes free Post-Run: 259,168,931,840 bytes free . - - End Of File - - F44F5F1F074E156EE297861CB6D4AD02 and here is the log for DDS: . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 8.0.7600.16385 Run by dchampagne at 14:11:52 on 2012-07-19 Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.8052.3986 [GMT -4:00] . AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8} FW: Symantec Endpoint Protection *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\ibmpmsvc.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\WUDFHost.exe C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\WLANExt.exe C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe C:\Windows\system32\conhost.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\PROGRA~1\Lenovo\HOTKEY\tpnumlk.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE C:\Program Files\Intel\WiFi\bin\EvtEng.exe C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Program Files\LENOVO\HOTKEY\CAMMUTE.exe C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\sqlservr.exe C:\Program Files\Microsoft SQL Server\MSAS10_50.MSSQLSERVER\OLAP\bin\msmdsrv.exe C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe C:\Program Files\Microsoft SQL Server\MSRS10_50.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEService64.exe C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe C:\Windows\system32\svchost.exe -k bthsvcs C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\fdhost.exe C:\Windows\system32\conhost.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\nvvsvc.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe C:\Windows\system32\svchost.exe -k HsfXAudioService C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe c:\Program Files (x86)\Lenovo\System Update\SUService.exe C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\svchost.exe -k WbioSvcGroup C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe C:\Program Files (x86)\TeamViewer\Version7\tv_x64.exe C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SmcGui.exe C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe C:\Windows\System32\TpShocks.exe C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEGui.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe C:\Program Files\Lenovo\Zoom\TpScrex.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe C:\Program Files (x86)\Digital Line Detect\DLG.exe C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe C:\Windows\system32\rundll32.exe C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe C:\Windows\system32\wuauclt.exe C:\Program Files\ThinkPad\Bluetooth Software\BluetoothHeadsetProxy.exe C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe C:\Windows\system32\conhost.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe C:\Windows\system32\conhost.exe C:\Program Files (x86)\Microsoft\BingBar\BingBar.exe C:\Program Files (x86)\Microsoft\BingBar\BingApp.exe C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE C:\Program Files (x86)\Adobe\Adobe Fireworks CS5\Fireworks.exe C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe C:\Windows\system32\PrintIsolationHost.exe C:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\Ssms.exe C:\Windows\system32\WUDFHost.exe C:\Windows\notepad.exe C:\Windows\system32\notepad.exe C:\Users\dchampagne\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\dchampagne\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\dchampagne\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\dchampagne\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\dchampagne\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\dchampagne\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\dchampagne\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\dchampagne\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\dchampagne\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\dchampagne\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\dchampagne\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\dchampagne\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\dchampagne\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\SysWOW64\rundll32.exe C:\Users\dchampagne\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\DllHost.exe C:\Program Files (x86)\Common Files\Symantec Shared\COH\coh64.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ uInternet Settings,ProxyOverride = <local> BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun uRun: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" mRun: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe mRun: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor mRun: [Message Center Plus] C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe /start mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices mRun: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe" mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [iMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" StartupFolder: C:\Users\DCHAMP~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\dchampagne\AppData\Roaming\Dropbox\bin\Dropbox.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\ThinkPad\Bluetooth Software\BTTray.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\DIGITA~1.LNK - C:\Program Files (x86)\Digital Line Detect\DLG.exe mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105 IE: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll Trusted Zone: atpworldtour.com\vpn DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab DPF: {6EEFD7B1-B26C-440D-B55A-1EC677189F30} - hxxps://vpn.atpworldtour.com/NELX.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab TCP: DhcpNameServer = 10.1.0.5 10.104.0.5 TCP: Interfaces\{238CD47E-977D-42B0-8B46-1419AB0F99F8} : DhcpNameServer = 10.1.0.5 10.104.0.5 10.104.0.6 TCP: Interfaces\{238CD47E-977D-42B0-8B46-1419AB0F99F8}\05C61697562737F5C4F657E6765613 : DhcpNameServer = 195.238.2.21 195.238.2.22 8.8.8.8 TCP: Interfaces\{238CD47E-977D-42B0-8B46-1419AB0F99F8}\0727563737F527F6F6D613 : DhcpNameServer = 195.238.2.21 195.238.2.22 8.8.8.8 TCP: Interfaces\{238CD47E-977D-42B0-8B46-1419AB0F99F8}\144435C483635323 : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{238CD47E-977D-42B0-8B46-1419AB0F99F8}\64249402355525655494C4C414E43454026514E40213334333 : DhcpNameServer = 192.168.1.254 TCP: Interfaces\{369B1172-3EBA-4D23-99A1-902405013925} : DhcpNameServer = 10.1.0.5 10.104.0.5 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL LSA: Notification Packages = scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll BHO-X64: Increase performance and video formats for your HTML5 <video> - No File BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL BHO-X64: URLRedirectionBHO - No File BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll BHO-X64: SmartSelect - No File TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File mRun-x64: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe mRun-x64: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor mRun-x64: [Message Center Plus] C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe /start mRun-x64: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices mRun-x64: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe" mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun-x64: [iMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\dchampagne\AppData\Roaming\Mozilla\Firefox\Profiles\3wdfz54w.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p= FF - prefs.js: network.proxy.type - 0 FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Users\dchampagne\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll FF - plugin: C:\Windows\SysWOW64\npmproxy.dll . ============= SERVICES / DRIVERS =============== . R0 DzHDD64;DzHDD64;C:\Windows\system32\DRIVERS\DzHDD64.sys --> C:\Windows\system32\DRIVERS\DzHDD64.sys [?] R0 TPDIGIMN;TPDIGIMN;C:\Windows\system32\DRIVERS\ApsHM64.sys --> C:\Windows\system32\DRIVERS\ApsHM64.sys [?] R1 lenovo.smi;Lenovo System Interface Driver;C:\Windows\system32\DRIVERS\smiifx64.sys --> C:\Windows\system32\DRIVERS\smiifx64.sys [?] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 DozeSvc;Lenovo Doze Mode Service;C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2010-3-8 161128] R2 HsfXAudioService;HsfXAudioService;C:\Windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992] R2 LENOVO.CAMMUTE;Lenovo Camera Mute;C:\Program Files\Lenovo\HOTKEY\cammute.exe [2009-12-9 54632] R2 LENOVO.MICMUTE;Lenovo Microphone Mute;C:\Program Files\Lenovo\HOTKEY\micmute.exe [2009-12-9 44984] R2 MsDtsServer100;SQL Server Integration Services 10.0;C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe [2011-6-17 210784] R2 ReportServer;SQL Server Reporting Services (MSSQLSERVER);C:\Program Files\Microsoft SQL Server\MSRS10_50.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2011-6-17 2180960] R2 rimspci;rimspci;C:\Windows\system32\DRIVERS\rimspe64.sys --> C:\Windows\system32\DRIVERS\rimspe64.sys [?] R2 smihlp;SMI Helper Driver (smihlp);C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [2009-3-13 13840] R2 Symantec AntiVirus;Symantec Endpoint Protection;C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe [2009-10-14 2477304] R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-4-16 2666880] R2 TPHKSVC;On Screen Display;C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe [2009-12-9 62904] R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?] R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-3-8 2320920] R3 5U877;USB Video Device;C:\Windows\system32\DRIVERS\5U877.sys --> C:\Windows\system32\DRIVERS\5U877.sys [?] R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?] R3 CAXHWAZL;CAXHWAZL;C:\Windows\system32\DRIVERS\CAXHWAZL.sys --> C:\Windows\system32\DRIVERS\CAXHWAZL.sys [?] R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;C:\Windows\system32\DRIVERS\e1k62x64.sys --> C:\Windows\system32\DRIVERS\e1k62x64.sys [?] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-6-1 138912] R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?] R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?] R3 LenovoRd;LenovoRd;C:\Windows\system32\Drivers\LenovoRd.sys --> C:\Windows\system32\Drivers\LenovoRd.sys [?] R3 MSSQLFDLauncher;SQL Full-text Filter Daemon Launcher (MSSQLSERVER);C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe [2010-4-3 32096] R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?] R3 NxDrv;SonicWALL NetExtender Adapter;C:\Windows\system32\DRIVERS\NxDrv.sys --> C:\Windows\system32\DRIVERS\NxDrv.sys [?] R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] R3 Power Manager DBC Service;Power Manager DBC Service;C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe [2010-3-8 75112] R3 TVTI2C;Lenovo SM bus driver;C:\Windows\system32\DRIVERS\Tvti2c.sys --> C:\Windows\system32\DRIVERS\Tvti2c.sys [?] R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-3 160944] S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-4-1 183560] S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-12-27 31124344] S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-4 113120] S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?] S3 pmxdrv;pmxdrv;\??\C:\Windows\system32\drivers\pmxdrv.sys --> C:\Windows\system32\drivers\pmxdrv.sys [?] S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?] S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?] S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?] S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992] S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-9-29 126392] S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2010-4-3 59744] S4 RsFx0105;RsFx0105 Driver;C:\Windows\system32\DRIVERS\RsFx0105.sys --> C:\Windows\system32\DRIVERS\RsFx0105.sys [?] S4 RsFx0151;RsFx0151 Driver;C:\Windows\system32\DRIVERS\RsFx0151.sys --> C:\Windows\system32\DRIVERS\RsFx0151.sys [?] S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-9-22 431464] . =============== Created Last 30 ================ . 2012-07-19 17:54:58 98816 ----a-w- C:\Windows\sed.exe 2012-07-19 17:54:58 518144 ----a-w- C:\Windows\SWREG.exe 2012-07-19 17:54:58 256000 ----a-w- C:\Windows\PEV.exe 2012-07-19 17:54:58 208896 ----a-w- C:\Windows\MBR.exe 2012-07-19 14:02:57 -------- d-----w- C:\Users\dchampagne\AppData\Local\{62F3CF1B-84B0-49B1-84AC-768CFA31C7C0} 2012-07-19 02:02:21 -------- d-----w- C:\Users\dchampagne\AppData\Local\{62BDD537-D2B3-40F8-BA8C-C0F8E99A2DEE} 2012-07-18 13:07:56 -------- d-----w- C:\Users\dchampagne\AppData\Local\{1621A8BC-0E33-4B36-A547-0F11141F0E7D} 2012-07-17 18:30:55 -------- d-----w- C:\Users\dchampagne\AppData\Local\{19B71D2D-1399-49EE-A457-B26954032ECB} 2012-07-17 18:30:42 -------- d-----w- C:\Users\dchampagne\AppData\Local\{9F470903-E905-40FB-99D4-0DCCF1436066} 2012-07-17 16:43:45 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8D37FB42-A874-4C61-AD02-60AF31AB8E6F}\offreg.dll 2012-07-17 16:27:27 -------- d-----w- C:\Windows\en 2012-07-17 16:18:39 69464 ----a-w- C:\Windows\SysWow64\XAPOFX1_3.dll 2012-07-17 16:18:39 515416 ----a-w- C:\Windows\SysWow64\XAudio2_5.dll 2012-07-17 16:18:37 523088 ----a-w- C:\Windows\System32\d3dx10_42.dll 2012-07-17 16:18:37 453456 ----a-w- C:\Windows\SysWow64\d3dx10_42.dll 2012-07-17 16:17:39 3860992 ----a-w- C:\Windows\System32\UIRibbon.dll 2012-07-17 16:17:39 2983424 ----a-w- C:\Windows\SysWow64\UIRibbon.dll 2012-07-17 16:17:39 1164800 ----a-w- C:\Windows\SysWow64\UIRibbonRes.dll 2012-07-17 16:17:39 1164800 ----a-w- C:\Windows\System32\UIRibbonRes.dll 2012-07-17 16:16:48 257024 ----a-w- C:\Windows\System32\mfreadwrite.dll 2012-07-17 16:16:48 206848 ----a-w- C:\Windows\System32\mfps.dll 2012-07-17 16:16:48 196608 ----a-w- C:\Windows\SysWow64\mfreadwrite.dll 2012-07-17 16:16:48 1888256 ----a-w- C:\Windows\System32\WMVDECOD.DLL 2012-07-17 16:16:48 1619456 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL 2012-07-17 16:16:47 4068864 ----a-w- C:\Windows\System32\mf.dll 2012-07-17 16:16:47 3181568 ----a-w- C:\Windows\SysWow64\mf.dll 2012-07-17 16:14:16 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\364ea9351cd64370f\MeshBetaRemover.exe 2012-07-17 15:51:07 8669240 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll 2012-07-17 15:51:00 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8D37FB42-A874-4C61-AD02-60AF31AB8E6F}\mpengine.dll 2012-07-17 15:51:00 279656 ------w- C:\Windows\System32\MpSigStub.exe 2012-07-17 15:50:18 -------- d-----w- C:\ProgramData\GFI Software 2012-07-16 21:10:27 208896 ----a-w- C:\Windows\System32\profsvc.dll 2012-07-16 21:10:09 5505392 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-07-16 21:10:09 3958128 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-07-16 21:10:09 3902320 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2012-07-16 21:09:58 3144192 ----a-w- C:\Windows\System32\win32k.sys 2012-07-16 21:09:51 204800 ----a-w- C:\Windows\System32\drivers\rdpwd.sys 2012-07-16 21:09:40 3213824 ----a-w- C:\Windows\System32\msi.dll 2012-07-16 21:09:40 2342400 ----a-w- C:\Windows\SysWow64\msi.dll 2012-07-16 21:07:52 182272 ----a-w- C:\Windows\System32\cryptsvc.dll 2012-07-16 21:07:52 1460224 ----a-w- C:\Windows\System32\crypt32.dll 2012-07-16 21:07:52 140288 ----a-w- C:\Windows\System32\cryptnet.dll 2012-07-16 21:07:52 139264 ----a-w- C:\Windows\SysWow64\cryptsvc.dll 2012-07-16 21:07:52 1156608 ----a-w- C:\Windows\SysWow64\crypt32.dll 2012-07-16 21:07:52 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll 2012-07-16 19:50:29 -------- d-----w- C:\Users\dchampagne\AppData\Roaming\Malwarebytes 2012-07-16 19:47:27 -------- d-----w- C:\ProgramData\Malwarebytes 2012-07-16 19:47:26 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-07-16 19:47:26 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-07-16 18:26:51 119416 ------w- C:\Windows\System32\drivers\SbFwIm.sys 2012-07-16 14:24:49 7450888 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\c0b8ae7a1cd635e11\bingbarsetup.exe 2012-07-16 14:24:23 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\b1e067c31cd635e10\DSETUP.dll 2012-07-16 14:24:23 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\b1e067c31cd635e10\DXSETUP.exe 2012-07-16 14:24:23 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\b1e067c31cd635e10\dsetup32.dll 2012-07-16 14:24:20 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\af44761a1cd635e0f\DSETUP.dll 2012-07-16 14:24:20 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\af44761a1cd635e0f\DXSETUP.exe 2012-07-16 14:24:20 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\af44761a1cd635e0f\dsetup32.dll 2012-07-16 14:23:23 -------- d-----w- C:\Users\dchampagne\AppData\Local\Windows Live 2012-07-16 14:23:22 -------- d-----w- C:\Users\dchampagne\AppData\Local\{0B45EDB6-308D-40CF-BAAD-9C813F581E4D} 2012-07-16 14:21:50 15128 ----a-w- C:\Users\dchampagne\AppData\Roaming\Microsoft\IdentityCRL\Production\ppcrlconfig.dll 2012-07-09 13:08:46 2622464 ----a-w- C:\Windows\System32\wucltux.dll 2012-07-09 13:08:10 36864 ----a-w- C:\Windows\System32\wuapp.exe 2012-07-09 13:08:10 186752 ----a-w- C:\Windows\System32\wuwebv.dll 2012-07-06 13:43:55 -------- d-----w- C:\Program Files\iTunes 2012-07-06 13:43:55 -------- d-----w- C:\Program Files\iPod 2012-07-06 13:43:55 -------- d-----w- C:\Program Files (x86)\iTunes 2012-07-03 20:10:21 -------- d-----w- C:\Users\dchampagne\AppData\Local\DDMSettings 2012-07-03 20:03:47 -------- d-----w- C:\Program Files (x86)\Common Files\PX Storage Engine 2012-07-03 20:03:21 -------- d-----w- C:\Program Files\DivX 2012-07-03 20:03:04 -------- d-----w- C:\Program Files (x86)\Common Files\DivX Shared 2012-07-03 20:00:48 -------- d-----w- C:\Program Files (x86)\DivX 2012-07-03 19:58:31 -------- d-----w- C:\ProgramData\DivX 2012-06-26 13:47:35 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll 2012-06-26 13:47:35 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll 2012-06-26 13:47:35 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll 2012-06-26 13:47:35 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll 2012-06-26 13:47:35 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll 2012-06-26 13:47:35 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll 2012-06-26 13:47:35 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll . ==================== Find3M ==================== . 2012-06-28 15:46:32 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-06-28 15:46:32 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-05-15 03:56:59 1197568 ----a-w- C:\Windows\System32\wininet.dll 2012-05-15 03:08:48 981504 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-05-05 21:58:37 8769696 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe 2012-05-04 15:00:26 476960 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll 2012-05-04 15:00:26 472864 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2012-04-26 15:54:16 172592 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS 2012-04-26 05:34:38 76288 ----a-w- C:\Windows\System32\rdpwsx.dll 2012-04-26 05:34:37 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll 2012-04-26 05:28:32 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe . ============= FINISH: 14:12:12.71 ===============
  21. mbdchampagne
    let me know if you can help, or if it is necessary to purchase the software before you can.
  22. mbdchampagne
    this is my personal computer - it was a corporate machine before i retired it to use as a personal machine.
  23. mbdchampagne
    no, i'm using the free version.
  24. mbdchampagne
    Thank you for your reply! Sorry for attaching instead of pasting. I will check back frequently now because I believe the notification emails are being caught in the corporate email filter. Some additional information: the hijack is appearing in IE, Firefox, AND Chrome. Here is the log from the MBAM quick scan: Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Database version: v2012.07.19.10 Windows 7 x64 NTFS Internet Explorer 8.0.7600.16385 dchampagne :: DCHAMPAGNE [administrator] 7/19/2012 9:42:59 AM mbam-log-2012-07-19 (09-42-59).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 197018 Time elapsed: 3 minute(s), 32 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) and here is the DDS.txt: . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 8.0.7600.16385 Run by dchampagne at 9:47:15 on 2012-07-19 Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.8052.4241 [GMT -4:00] . AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8} FW: Symantec Endpoint Protection *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\ibmpmsvc.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\WUDFHost.exe C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\WLANExt.exe C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe C:\Windows\system32\conhost.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\PROGRA~1\Lenovo\HOTKEY\tpnumlk.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE C:\Program Files\Intel\WiFi\bin\EvtEng.exe C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Program Files\LENOVO\HOTKEY\CAMMUTE.exe C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\sqlservr.exe C:\Program Files\Microsoft SQL Server\MSAS10_50.MSSQLSERVER\OLAP\bin\msmdsrv.exe C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe C:\Program Files\Microsoft SQL Server\MSRS10_50.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEService64.exe C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe C:\Windows\system32\svchost.exe -k bthsvcs C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\fdhost.exe C:\Windows\system32\conhost.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\nvvsvc.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe C:\Windows\system32\svchost.exe -k HsfXAudioService C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe c:\Program Files (x86)\Lenovo\System Update\SUService.exe C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\svchost.exe -k WbioSvcGroup C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe C:\Program Files (x86)\TeamViewer\Version7\tv_x64.exe C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SmcGui.exe C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe C:\Windows\System32\TpShocks.exe C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEGui.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe C:\Program Files\Lenovo\Zoom\TpScrex.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Users\dchampagne\AppData\Local\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe C:\Program Files (x86)\Digital Line Detect\DLG.exe C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe C:\Windows\SysWOW64\rundll32.exe C:\Windows\system32\rundll32.exe C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe C:\Users\dchampagne\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Windows\system32\wuauclt.exe C:\Program Files\ThinkPad\Bluetooth Software\BluetoothHeadsetProxy.exe C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe C:\Windows\system32\conhost.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe C:\Windows\system32\conhost.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe C:\Program Files (x86)\Microsoft\BingBar\BingBar.exe C:\Program Files (x86)\Microsoft\BingBar\BingApp.exe C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE C:\Windows\splwow64.exe C:\Program Files (x86)\Adobe\Adobe Fireworks CS5\Fireworks.exe C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe C:\Windows\system32\PrintIsolationHost.exe C:\Users\dchampagne\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\dchampagne\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\dchampagne\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\dchampagne\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\dchampagne\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\dchampagne\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\dchampagne\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\dchampagne\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\dchampagne\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uWindow Title = Microsoft Internet Explorer provided by ATP Tour uStart Page = hxxp://www.google.com/ uDefault_Page_URL = hxxp://lenovo.msn.com uInternet Settings,ProxyOverride = <local> uURLSearchHooks: YouTube Downloader Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\5.6\youtubedownloaderToolbarIE.dll mWinlogon: Userinit=userinit.exe, BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO: YouTube Downloader Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\5.6\youtubedownloaderToolbarIE.dll BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll TB: YouTube Downloader Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\5.6\youtubedownloaderToolbarIE.dll TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File uRun: [Google Update] "C:\Users\dchampagne\AppData\Local\Google\Update\GoogleUpdate.exe" /c uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun uRun: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" uRun: [Adobe] rundll32.exe "C:\Users\dchampagne\AppData\Local\Akamai\Adobe\rtfzrvfnz.dll",CreateInstance uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background mRun: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe mRun: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor mRun: [Message Center Plus] C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe /start mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices mRun: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe" mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" mRun: [<NO NAME>] mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [iMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" dRun: [Adobe] rundll32.exe "C:\Users\dchampagne\AppData\Local\Akamai\Adobe\rtfzrvfnz.dll",CreateInstance StartupFolder: C:\Users\DCHAMP~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\dchampagne\AppData\Roaming\Dropbox\bin\Dropbox.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\ThinkPad\Bluetooth Software\BTTray.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\DIGITA~1.LNK - C:\Program Files (x86)\Digital Line Detect\DLG.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105 IE: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll Trusted Zone: atpworldtour.com\vpn DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab DPF: {6EEFD7B1-B26C-440D-B55A-1EC677189F30} - hxxps://vpn.atpworldtour.com/NELX.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab TCP: DhcpNameServer = 10.1.0.5 10.104.0.5 10.104.0.6 TCP: Interfaces\{238CD47E-977D-42B0-8B46-1419AB0F99F8} : DhcpNameServer = 10.1.0.5 10.104.0.5 10.104.0.6 TCP: Interfaces\{238CD47E-977D-42B0-8B46-1419AB0F99F8}\05C61697562737F5C4F657E6765613 : DhcpNameServer = 195.238.2.21 195.238.2.22 8.8.8.8 TCP: Interfaces\{238CD47E-977D-42B0-8B46-1419AB0F99F8}\0727563737F527F6F6D613 : DhcpNameServer = 195.238.2.21 195.238.2.22 8.8.8.8 TCP: Interfaces\{238CD47E-977D-42B0-8B46-1419AB0F99F8}\144435C483635323 : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{238CD47E-977D-42B0-8B46-1419AB0F99F8}\64249402355525655494C4C414E43454026514E40213334333 : DhcpNameServer = 192.168.1.254 TCP: Interfaces\{369B1172-3EBA-4D23-99A1-902405013925} : DhcpNameServer = 10.1.0.5 10.104.0.5 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL LSA: Notification Packages = scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll IFEO: sethc.exe - C:\windows\system32\cmd.exe BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll BHO-X64: Increase performance and video formats for your HTML5 <video> - No File BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL BHO-X64: URLRedirectionBHO - No File BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO-X64: YouTube Downloader Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\5.6\youtubedownloaderToolbarIE.dll BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll BHO-X64: SmartSelect - No File TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll TB-X64: YouTube Downloader Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\5.6\youtubedownloaderToolbarIE.dll TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File mRun-x64: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe mRun-x64: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor mRun-x64: [Message Center Plus] C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe /start mRun-x64: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices mRun-x64: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe" mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" mRun-x64: [(Default)] mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun-x64: [iMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL IFEO-X64: sethc.exe - C:\windows\system32\cmd.exe . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\dchampagne\AppData\Roaming\Mozilla\Firefox\Profiles\3wdfz54w.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p= FF - prefs.js: network.proxy.type - 0 FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Users\dchampagne\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll FF - plugin: C:\Windows\SysWOW64\npmproxy.dll . ============= SERVICES / DRIVERS =============== . R0 DzHDD64;DzHDD64;C:\Windows\system32\DRIVERS\DzHDD64.sys --> C:\Windows\system32\DRIVERS\DzHDD64.sys [?] R0 TPDIGIMN;TPDIGIMN;C:\Windows\system32\DRIVERS\ApsHM64.sys --> C:\Windows\system32\DRIVERS\ApsHM64.sys [?] R1 lenovo.smi;Lenovo System Interface Driver;C:\Windows\system32\DRIVERS\smiifx64.sys --> C:\Windows\system32\DRIVERS\smiifx64.sys [?] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 DozeSvc;Lenovo Doze Mode Service;C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2010-3-8 161128] R2 HsfXAudioService;HsfXAudioService;C:\Windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992] R2 LENOVO.CAMMUTE;Lenovo Camera Mute;C:\Program Files\Lenovo\HOTKEY\cammute.exe [2009-12-9 54632] R2 LENOVO.MICMUTE;Lenovo Microphone Mute;C:\Program Files\Lenovo\HOTKEY\micmute.exe [2009-12-9 44984] R2 MsDtsServer100;SQL Server Integration Services 10.0;C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe [2011-6-17 210784] R2 ReportServer;SQL Server Reporting Services (MSSQLSERVER);C:\Program Files\Microsoft SQL Server\MSRS10_50.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2011-6-17 2180960] R2 rimspci;rimspci;C:\Windows\system32\DRIVERS\rimspe64.sys --> C:\Windows\system32\DRIVERS\rimspe64.sys [?] R2 smihlp;SMI Helper Driver (smihlp);C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [2009-3-13 13840] R2 Symantec AntiVirus;Symantec Endpoint Protection;C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe [2009-10-14 2477304] R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-4-16 2666880] R2 TPHKSVC;On Screen Display;C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe [2009-12-9 62904] R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?] R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-3-8 2320920] R3 5U877;USB Video Device;C:\Windows\system32\DRIVERS\5U877.sys --> C:\Windows\system32\DRIVERS\5U877.sys [?] R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?] R3 CAXHWAZL;CAXHWAZL;C:\Windows\system32\DRIVERS\CAXHWAZL.sys --> C:\Windows\system32\DRIVERS\CAXHWAZL.sys [?] R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;C:\Windows\system32\DRIVERS\e1k62x64.sys --> C:\Windows\system32\DRIVERS\e1k62x64.sys [?] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-6-1 138912] R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?] R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?] R3 LenovoRd;LenovoRd;C:\Windows\system32\Drivers\LenovoRd.sys --> C:\Windows\system32\Drivers\LenovoRd.sys [?] R3 MSSQLFDLauncher;SQL Full-text Filter Daemon Launcher (MSSQLSERVER);C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe [2010-4-3 32096] R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?] R3 NxDrv;SonicWALL NetExtender Adapter;C:\Windows\system32\DRIVERS\NxDrv.sys --> C:\Windows\system32\DRIVERS\NxDrv.sys [?] R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] R3 Power Manager DBC Service;Power Manager DBC Service;C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe [2010-3-8 75112] R3 TVTI2C;Lenovo SM bus driver;C:\Windows\system32\DRIVERS\Tvti2c.sys --> C:\Windows\system32\DRIVERS\Tvti2c.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-3 160944] S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-4-1 183560] S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-12-27 31124344] S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-4 113120] S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?] S3 pmxdrv;pmxdrv;\??\C:\Windows\system32\drivers\pmxdrv.sys --> C:\Windows\system32\drivers\pmxdrv.sys [?] S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?] S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?] S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?] S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992] S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-9-29 126392] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?] S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2010-4-3 59744] S4 RsFx0105;RsFx0105 Driver;C:\Windows\system32\DRIVERS\RsFx0105.sys --> C:\Windows\system32\DRIVERS\RsFx0105.sys [?] S4 RsFx0151;RsFx0151 Driver;C:\Windows\system32\DRIVERS\RsFx0151.sys --> C:\Windows\system32\DRIVERS\RsFx0151.sys [?] S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-9-22 431464] . =============== Created Last 30 ================ . 2012-07-19 02:02:21 -------- d-----w- C:\Users\dchampagne\AppData\Local\{62BDD537-D2B3-40F8-BA8C-C0F8E99A2DEE} 2012-07-18 13:07:56 -------- d-----w- C:\Users\dchampagne\AppData\Local\{1621A8BC-0E33-4B36-A547-0F11141F0E7D} 2012-07-17 18:30:55 -------- d-----w- C:\Users\dchampagne\AppData\Local\{19B71D2D-1399-49EE-A457-B26954032ECB} 2012-07-17 18:30:42 -------- d-----w- C:\Users\dchampagne\AppData\Local\{9F470903-E905-40FB-99D4-0DCCF1436066} 2012-07-17 16:43:45 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8D37FB42-A874-4C61-AD02-60AF31AB8E6F}\offreg.dll 2012-07-17 16:27:27 -------- d-----w- C:\Windows\en 2012-07-17 16:18:39 69464 ----a-w- C:\Windows\SysWow64\XAPOFX1_3.dll 2012-07-17 16:18:39 515416 ----a-w- C:\Windows\SysWow64\XAudio2_5.dll 2012-07-17 16:18:37 523088 ----a-w- C:\Windows\System32\d3dx10_42.dll 2012-07-17 16:18:37 453456 ----a-w- C:\Windows\SysWow64\d3dx10_42.dll 2012-07-17 16:17:39 3860992 ----a-w- C:\Windows\System32\UIRibbon.dll 2012-07-17 16:17:39 2983424 ----a-w- C:\Windows\SysWow64\UIRibbon.dll 2012-07-17 16:17:39 1164800 ----a-w- C:\Windows\SysWow64\UIRibbonRes.dll 2012-07-17 16:17:39 1164800 ----a-w- C:\Windows\System32\UIRibbonRes.dll 2012-07-17 16:16:48 257024 ----a-w- C:\Windows\System32\mfreadwrite.dll 2012-07-17 16:16:48 206848 ----a-w- C:\Windows\System32\mfps.dll 2012-07-17 16:16:48 196608 ----a-w- C:\Windows\SysWow64\mfreadwrite.dll 2012-07-17 16:16:48 1888256 ----a-w- C:\Windows\System32\WMVDECOD.DLL 2012-07-17 16:16:48 1619456 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL 2012-07-17 16:16:47 4068864 ----a-w- C:\Windows\System32\mf.dll 2012-07-17 16:16:47 3181568 ----a-w- C:\Windows\SysWow64\mf.dll 2012-07-17 16:14:16 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\364ea9351cd64370f\MeshBetaRemover.exe 2012-07-17 15:51:07 8669240 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll 2012-07-17 15:51:00 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8D37FB42-A874-4C61-AD02-60AF31AB8E6F}\mpengine.dll 2012-07-17 15:51:00 279656 ------w- C:\Windows\System32\MpSigStub.exe 2012-07-17 15:50:18 -------- d-----w- C:\ProgramData\GFI Software 2012-07-16 21:10:27 208896 ----a-w- C:\Windows\System32\profsvc.dll 2012-07-16 21:10:09 5505392 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-07-16 21:10:09 3958128 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-07-16 21:10:09 3902320 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2012-07-16 21:09:58 3144192 ----a-w- C:\Windows\System32\win32k.sys 2012-07-16 21:09:51 204800 ----a-w- C:\Windows\System32\drivers\rdpwd.sys 2012-07-16 21:09:40 3213824 ----a-w- C:\Windows\System32\msi.dll 2012-07-16 21:09:40 2342400 ----a-w- C:\Windows\SysWow64\msi.dll 2012-07-16 21:07:52 182272 ----a-w- C:\Windows\System32\cryptsvc.dll 2012-07-16 21:07:52 1460224 ----a-w- C:\Windows\System32\crypt32.dll 2012-07-16 21:07:52 140288 ----a-w- C:\Windows\System32\cryptnet.dll 2012-07-16 21:07:52 139264 ----a-w- C:\Windows\SysWow64\cryptsvc.dll 2012-07-16 21:07:52 1156608 ----a-w- C:\Windows\SysWow64\crypt32.dll 2012-07-16 21:07:52 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll 2012-07-16 19:50:29 -------- d-----w- C:\Users\dchampagne\AppData\Roaming\Malwarebytes 2012-07-16 19:47:27 -------- d-----w- C:\ProgramData\Malwarebytes 2012-07-16 19:47:26 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-07-16 19:47:26 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-07-16 18:26:51 119416 ------w- C:\Windows\System32\drivers\SbFwIm.sys 2012-07-16 14:24:49 7450888 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\c0b8ae7a1cd635e11\bingbarsetup.exe 2012-07-16 14:24:23 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\b1e067c31cd635e10\DSETUP.dll 2012-07-16 14:24:23 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\b1e067c31cd635e10\DXSETUP.exe 2012-07-16 14:24:23 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\b1e067c31cd635e10\dsetup32.dll 2012-07-16 14:24:20 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\af44761a1cd635e0f\DSETUP.dll 2012-07-16 14:24:20 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\af44761a1cd635e0f\DXSETUP.exe 2012-07-16 14:24:20 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\af44761a1cd635e0f\dsetup32.dll 2012-07-16 14:23:23 -------- d-----w- C:\Users\dchampagne\AppData\Local\Windows Live 2012-07-16 14:23:22 -------- d-----w- C:\Users\dchampagne\AppData\Local\{0B45EDB6-308D-40CF-BAAD-9C813F581E4D} 2012-07-16 14:21:50 15128 ----a-w- C:\Users\dchampagne\AppData\Roaming\Microsoft\IdentityCRL\Production\ppcrlconfig.dll 2012-07-09 13:08:46 2622464 ----a-w- C:\Windows\System32\wucltux.dll 2012-07-09 13:08:10 36864 ----a-w- C:\Windows\System32\wuapp.exe 2012-07-09 13:08:10 186752 ----a-w- C:\Windows\System32\wuwebv.dll 2012-07-06 13:43:55 -------- d-----w- C:\Program Files\iTunes 2012-07-06 13:43:55 -------- d-----w- C:\Program Files\iPod 2012-07-06 13:43:55 -------- d-----w- C:\Program Files (x86)\iTunes 2012-07-03 20:10:21 -------- d-----w- C:\Users\dchampagne\AppData\Local\DDMSettings 2012-07-03 20:03:47 -------- d-----w- C:\Program Files (x86)\Common Files\PX Storage Engine 2012-07-03 20:03:21 -------- d-----w- C:\Program Files\DivX 2012-07-03 20:03:04 -------- d-----w- C:\Program Files (x86)\Common Files\DivX Shared 2012-07-03 20:00:48 -------- d-----w- C:\Program Files (x86)\DivX 2012-07-03 19:58:31 -------- d-----w- C:\ProgramData\DivX 2012-06-26 13:47:35 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll 2012-06-26 13:47:35 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll 2012-06-26 13:47:35 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll 2012-06-26 13:47:35 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll 2012-06-26 13:47:35 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll 2012-06-26 13:47:35 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll 2012-06-26 13:47:35 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll . ==================== Find3M ==================== . 2012-06-28 15:46:32 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-06-28 15:46:32 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-05-15 03:56:59 1197568 ----a-w- C:\Windows\System32\wininet.dll 2012-05-15 03:08:48 981504 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-05-05 21:58:37 8769696 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe 2012-05-04 15:00:26 476960 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll 2012-05-04 15:00:26 472864 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2012-04-26 15:54:16 172592 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS 2012-04-26 05:34:38 76288 ----a-w- C:\Windows\System32\rdpwsx.dll 2012-04-26 05:34:37 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll 2012-04-26 05:28:32 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe . ============= FINISH: 9:48:07.96 ===============
  25. mbdchampagne
    Hi, I am having trouble removing something that keeps hijacking my browser. I tried running malwarebytes anti-malware, spybot, and adaware, all in safe mode, and they all found issues and deleted them, but they keep coming back. Please help! I've attached the DDS file as well. Thank you for your time! Danny I screwed up and the attach.txt file didn't get attached to the other topic, so I am reposting. sorry for the confusion. Attach.txt DDS.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.