Jump to content

Windows Command Processor infection


Recommended Posts

Hello, I have an infection on my machine. Running Windows 7. After watching a streaming video, I began getting a 'Windows Command Processor is requesting your permission' pop-up, which I am unable to close. When I restart the machine, the pop-up appears just after Windows restarts.

I have ran MBAM but nothing is found. I ran Windows Defender Offline...two threats were found and removed, but the problem remains.

The virus is preventing me from downloading or running MBAB, but I was able to run it in Chamelon mode.

Here are the requested logs from DDS:

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 9.0.8112.16421

Run by 107267 at 21:13:39 on 2012-04-15

Microsoft Windows 7 Enterprise 6.1.7601.1.1252.61.1033.18.2996.1631 [GMT 10:00]

.

AV: Symantec Endpoint Protection *Enabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Symantec Endpoint Protection *Enabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Symantec Endpoint Protection *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\ibmpmsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe

C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\conhost.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe

C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe

C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe

C:\Program Files\ca\sc\CAM\bin\cam.exe

C:\PROGRA~1\Lenovo\HOTKEY\tpnumlk.exe

C:\Program Files\ca\sc\CsamSockAdapter\bin\csampmux.exe

C:\Program Files\ca\DSM\bin\caf.exe

C:\Program Files\Intel\WiFi\bin\EvtEng.exe

C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

C:\Windows\system32\svchost.exe -k HsfXAudioService

C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe

C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe

C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe

C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe

C:\Program Files\Notes\nsd.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\System32\svchost.exe -k HPZ12

C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\ca\DSM\Bin\cfsmsmd.exe

C:\Program Files\Citrix\ICA Client\ssonsvr.exe

C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe

C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe

C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe

C:\Windows\system32\taskhost.exe

C:\Program Files\ca\DSM\Bin\ccnfagent.exe

C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe

C:\Program Files\Lenovo\Zoom\TpScrex.exe

C:\Program Files\ca\DSM\Bin\cfnotsrvd.exe

C:\Program Files\ca\DSM\Bin\ccsmagtd.exe

C:\Program Files\ca\DSM\Bin\rcHost.exe

C:\Program Files\ca\DSM\Bin\amswmagt.exe

C:\Program Files\ca\DSM\Bin\cfftplugin.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Integrated Camera Driver\RCIMGDIR.exe

C:\Windows\System32\TpShocks.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe

C:\Program Files\ca\DSM\bin\cfSysTray.exe

C:\Program Files\Citrix\ICA Client\concentr.exe

C:\Users\107267\AppData\Local\fwepddko\ndvcngtf.exe

C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Program Files\Citrix\ICA Client\WFCRUN32.EXE

C:\Program Files\WinZip\WZQKPICK.EXE

C:\Program Files\Citrix\ICA Client\PNAMAIN.EXE

C:\PROGRA~1\ThinkPad\UTILIT~1\SCHTASK.exe

C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Windows\system32\igfxext.exe

C:\Windows\system32\SearchIndexer.exe

C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\UserAccountControlSettings.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\consent.exe

C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

C:\Program Files\Lenovo\System Update\SUService.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\Macromed\Flash\FlashUtil10h_ActiveX.exe

C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\SearchFilterHost.exe

\\?\C:\Windows\system32\wbem\WMIADAP.EXE

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = https://www.google.com.au/

uDefault_Page_URL = about:blank

mDefault_Page_URL = Http://intranet.rcleurope.com

uInternet Settings,ProxyOverride = 12.42.128.*;172.18.128.137;10.*.*.*;172.16.*.*;*.rccl.com;*.royalcaribbean.com;*.celebrity-cruises.com;*.celebritycruises.com;*.cruisingpower.com;intranet;1a.amadeusprintservices.com;prod1.centra.com;ap-docmgmt;*.sourcingservice.com;119.225.1.34;<local>

uInternet Settings,ProxyServer = ausproxy.aus.rccl.com:8080

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

uRun: [skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun

uRun: [NdvCngtf] c:\users\107267\appdata\local\fwepddko\ndvcngtf.exe

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [Client Access Service] c:\program files\ibm\client access\cwbsvstr.exe

mRun: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

mRun: [RotateImage] c:\program files\integrated camera driver\RCIMGDIR.exe

mRun: [TpShocks] TpShocks.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [PWMTRV] rundll32 c:\progra~1\thinkpad\utilit~1\PWMTR32V.DLL,PwrMgrBkGndMonitor

mRun: [LENOVO.TPKNRRES] c:\program files\lenovo\communications utility\TPKNRRES.exe

mRun: [CAF_SystemTray] "c:\program files\ca\dsm\bin\cfSysTray.exe"

mRun: [DsmSxplog] "c:\program files\ca\dsm\bin\sxpstub.exe"

mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup

mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

StartupFolder: c:\users\107267\appdata\roaming\microsoft\windows\start menu\programs\startup\ndvcngtf.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\thinkpad\bluetooth software\BTTray.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\online~1.lnk - c:\windows\installer\{0f1f7a90-e71b-4e45-a066-2891619f22e1}\pnaico.exe.20FBBF0A_A7E5_4BDE_9798_9811C3D135AC.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\winzip~1.lnk - c:\windows\installer\{fdcc0996-eb13-45d6-846d-013f1c8dc6bd}\IconFDCC0996.exe

uPolicies-explorer: DisallowRun = 1 (0x1)

uPolicies-disallowrun: 1 = autorun.pif

uPolicies-disallowrun: 2 = hupigon.exe

uPolicies-system: NoDispSettingsPage = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: dontdisplaylockeduserid = 3 (0x3)

IE: Send image to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll

Trusted Zone: amadeus.com

Trusted Zone: amadeusvista.com

Trusted Zone: azamaraclubcruises.co.uk

Trusted Zone: azamaraclubcruises.com

Trusted Zone: cdfcroisieresdefrance.fr

Trusted Zone: celebritycruises.co.uk

Trusted Zone: celebritycruises.com

Trusted Zone: concursolutions.com

Trusted Zone: crusingpower.com

Trusted Zone: localhost

Trusted Zone: pullmantur.es

Trusted Zone: rccl.com

Trusted Zone: rccl.com\colonial

Trusted Zone: rcleurope.com

Trusted Zone: rclinvestor.com

Trusted Zone: royalcaribbean.co.uk

Trusted Zone: royalcaribbean.com

Trusted Zone: specialtydining.com

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {B1D21FC5-A742-4261-86F2-C7B7F1A31C5D} - hxxp://new.stage.eone.rccl.com/jde/axctls/jdewebctlsU.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {F9E542CE-C16A-47FA-B7A8-D88E5F1C5719} - hxxp://new.stage.eone.rccl.com/jde/axctls/jdeexpimpU.cab

TCP: DhcpNameServer = 192.168.0.1 203.134.12.90

TCP: Interfaces\{15E7702C-B836-49ED-B4F7-D42A117612E3} : DhcpNameServer = 192.168.0.1 203.134.12.90

TCP: Interfaces\{15E7702C-B836-49ED-B4F7-D42A117612E3}\051657C6E4F5251697D6F6E6469437D49774F646 : DhcpNameServer = 192.168.10.1

Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: igfxcui - igfxdev.dll

.

================= FIREFOX ===================

.

FF - ProfilePath -

.

============= SERVICES / DRIVERS ===============

.

R0 DozeHDD;DozeHDD;c:\windows\system32\drivers\DOZEHDD.SYS [2012-2-29 25968]

R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2011-3-29 20592]

R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2012-2-29 13680]

R1 Teefer3;Symantec Endpoint Protection Firewall;c:\windows\system32\drivers\Teefer3.sys [2011-12-2 43936]

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]

R2 CA-MessageQueuing;CA Message Queuing Server;c:\program files\ca\sc\cam\bin\cam.exe [2012-3-2 185672]

R2 CA-SAM-Pmux;CA Connection Broker;c:\program files\ca\sc\csamsockadapter\bin\CSAMPmux.exe [2011-7-6 169288]

R2 caf;CA DSM r12 Common Application Framework;c:\program files\ca\dsm\bin\CAF.exe [2010-4-26 208648]

R2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe -k HsfXAudioService [2009-7-14 20992]

R2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\lenovo\communications utility\CamMute.exe [2012-2-29 50536]

R2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\lenovo\hotkey\micmute.exe [2012-2-29 101736]

R2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\lenovo\communications utility\TPKNRSVC.exe [2012-2-29 74088]

R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\lenovo\virtscrl\lvvsst.exe [2012-2-29 127336]

R2 Lotus Notes Diagnostics;Lotus Notes Diagnostics;c:\program files\notes\nsd.exe [2010-8-12 3417480]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-4-15 654408]

R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032]

R2 rimspci;rimspci;c:\windows\system32\drivers\rimspe86.sys [2012-3-1 48640]

R2 risdpcie;risdpcie;c:\windows\system32\drivers\risdpe86.sys [2012-3-1 59904]

R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2011-12-2 1846592]

R2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\lenovo\hotkey\tphkload.exe [2012-2-29 131432]

R2 TPHKSVC;On Screen Display;c:\program files\lenovo\hotkey\TPHKSVC.exe [2012-2-29 142696]

R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\cisco\cisco anyconnect vpn client\vpnagent.exe [2009-12-18 497856]

R3 5U877;USB Video Device;c:\windows\system32\drivers\5U877.sys [2012-2-29 132864]

R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2012-3-1 45736]

R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2012-2-29 29472]

R3 DozeSvc;Lenovo Doze Mode Service;c:\program files\thinkpad\utilities\DOZESVC.EXE [2012-2-29 292200]

R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k6232.sys [2012-3-1 215208]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-4-13 106104]

R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2012-3-1 132480]

R3 IntcDAud;Intel® Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2012-3-1 269824]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-4-15 22344]

R3 NETwNs32;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETwNs32.sys [2011-8-3 7517696]

R3 rcSmCard;rcSmCard;c:\windows\system32\drivers\rcSmCard.sys [2010-4-26 26128]

R3 rcVidCap;rcVidCap;c:\windows\system32\drivers\rcVidMpt.sys [2010-4-26 9872]

S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-4-5 158856]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]

S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 62464]

S3 netvsc;netvsc;c:\windows\system32\drivers\netvsc60.sys [2010-11-21 126464]

S3 NETwNx32;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit;c:\windows\system32\drivers\NETwNx32.sys [2012-3-1 7391104]

S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-10 4640000]

S3 Power Manager DBC Service;Power Manager DBC Service;c:\program files\thinkpad\utilities\PWMDBSVC.exe [2012-2-29 89152]

S3 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files\thinkpad\utilities\PWMEWSVC.exe [2012-2-29 175168]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 15872]

S3 rixdpcie;rixdpcie;c:\windows\system32\drivers\rixdpe86.sys [2012-3-1 38912]

S3 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2009-9-24 1124848]

S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]

S3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys [2010-11-21 77184]

S3 SynthVid;SynthVid;c:\windows\system32\drivers\VMBusVideoM.sys [2010-11-21 19456]

S3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 25600]

S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-21 52224]

S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 27264]

S3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 112640]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-10-16 1343400]

.

=============== Created Last 30 ================

.

2012-04-15 09:38:32 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-04-15 09:38:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-04-15 08:56:55 -------- d-sh--w- C:\found.000

2012-04-14 13:11:11 -------- d-----w- c:\users\107267\appdata\roaming\Malwarebytes

2012-04-14 13:11:11 -------- d-----w- c:\programdata\Malwarebytes

2012-04-14 11:58:05 -------- d-----w- c:\users\107267\appdata\local\fwepddko

2012-04-14 07:55:21 -------- d-----r- c:\program files\Skype

2012-04-14 07:41:50 -------- d-----w- c:\users\107267\appdata\local\Google

2012-04-14 07:40:48 -------- d-----w- c:\users\107267\appdata\local\Deployment

2012-04-14 07:40:48 -------- d-----w- c:\users\107267\appdata\local\Apps

2012-04-14 07:24:13 -------- d-----w- c:\users\107267\appdata\local\Broadcom

2012-04-13 07:03:25 -------- d-----w- c:\users\107267\appdata\roaming\PwrMgr

2012-04-13 07:00:21 -------- d-----w- c:\users\107267\appdata\roaming\smkits

2012-04-13 07:00:04 -------- d-----w- c:\users\107267\appdata\local\Cisco

2012-04-13 06:57:06 -------- d-----w- c:\users\107267\appdata\local\RSA

2012-04-13 06:48:27 -------- d-----w- c:\users\107267\appdata\roaming\CA

2012-04-13 06:33:12 -------- d-----w- c:\users\107267\appdata\roaming\IBM

2012-04-13 06:32:52 -------- d-----w- c:\users\107267\appdata\local\Symantec

2012-04-13 06:32:48 -------- d-----w- c:\users\107267\appdata\roaming\Intel

2012-04-13 06:32:48 -------- d-----w- c:\users\107267\appdata\local\VirtualStore

2012-04-13 06:28:48 -------- d-sh--w- c:\windows\system32\%APPDATA%

2012-04-13 06:28:47 162048 ----a-w- c:\windows\system32\drivers\wpshelper.sys

2012-04-13 06:27:23 99744 ----a-w- c:\windows\system32\drivers\SysPlant.sys

2012-04-13 06:27:23 357792 ----a-w- c:\windows\system32\Sysfer.dll

2012-04-13 06:27:05 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

2012-04-13 06:26:57 503808 ----a-w- c:\windows\system32\MSVCP71.DLL

2012-04-13 06:26:57 348160 ----a-w- c:\windows\system32\MSVCR71.DLL

2012-04-13 06:26:57 1060864 ----a-w- c:\windows\system32\MFC71.DL1

2012-04-13 06:26:40 -------- d-----w- c:\programdata\Symantec

2012-04-13 06:26:40 -------- d-----w- c:\program files\Symantec

2012-04-13 06:26:40 -------- d-----w- c:\program files\common files\Symantec Shared

2012-04-13 06:23:37 -------- d-----w- c:\programdata\Uninstall

2012-04-13 06:22:05 -------- d-----w- c:\program files\Roxio

2012-04-13 06:22:05 -------- d-----w- c:\program files\common files\SureThing Shared

2012-04-13 06:20:26 77824 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2012-04-13 06:20:26 721168 ----a-w- c:\windows\system32\VB40032.DLL

2012-04-13 06:20:26 28672 ----a-w- c:\windows\system32\JAWTAccessBridge.dll

2012-04-13 06:20:26 139264 ----a-w- c:\windows\system32\JavaAccessBridge.dll

2012-04-13 06:20:25 -------- d-----w- c:\program files\Oracle

2012-04-13 06:20:25 -------- d-----w- c:\program files\Microsoft Visual Studio .NET

2012-04-13 06:03:09 311296 ----a-w- c:\program files\internet explorer\plugins\hyperion\BILauncher.dll

2012-04-13 06:03:09 27820133 ----a-w- c:\program files\internet explorer\plugins\hyperion\9.3.1\axbqs32.dll

2012-04-13 06:03:09 14233712 ----a-w- c:\program files\internet explorer\plugins\hyperion\8.3\axbqs32.dll

2012-04-13 06:03:04 57344 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\ctor.dll

2012-04-13 06:03:04 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\DotNetInstaller.exe

2012-04-13 06:03:04 32768 ----a-w- c:\program files\common files\installshield\professional\runtime\Objectps.dll

2012-04-13 06:03:04 237568 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iscript.dll

2012-04-13 06:03:04 155648 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iuser.dll

2012-04-13 06:03:03 696320 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iKernel.dll

2012-04-13 06:03:03 282756 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\setup.dll

2012-04-13 06:03:03 163972 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iGdi.dll

2012-04-13 05:55:13 -------- d-----w- c:\program files\ScanSoft

2012-04-13 05:50:33 -------- d-----w- c:\users\107267\appdata\local\Lotus

2012-04-13 05:42:53 -------- d-----w- c:\users\107267\appdata\local\Apple Computer

2012-04-13 05:40:35 -------- d-----w- C:\Hyperion

2012-04-13 05:28:28 -------- d-----w- C:\AdobeTemp

2012-04-07 04:38:14 -------- d-----w- C:\codec-info

.

==================== Find3M ====================

.

2012-02-22 23:18:36 237072 ------w- c:\windows\system32\MpSigStub.exe

2012-02-10 05:38:43 1077248 ----a-w- c:\windows\system32\DWrite.dll

2012-02-03 03:54:27 2343424 ----a-w- c:\windows\system32\win32k.sys

2012-01-25 05:32:35 58880 ----a-w- c:\windows\system32\rdpwsx.dll

2012-01-25 05:32:34 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-01-25 05:27:51 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe

.

============= FINISH: 21:14:16.58 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Enterprise

Boot Device: \Device\HarddiskVolume2

Install Date: 2/29/2012 10:43:44 AM

System Uptime: 4/15/2012 8:59:06 PM (1 hours ago)

.

Motherboard: LENOVO | | 2522ED2

Processor: Intel® Core i5 CPU M 520 @ 2.40GHz | None | 2400/133mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 149 GiB total, 96.071 GiB free.

D: is CDROM ()

E: is Removable

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e968-e325-11ce-bfc1-08002be10318}

Description: CA IT Client Manager r12 Secure Control Adapter

Device ID: ROOT\DISPLAY\0001

Manufacturer: CA, Inc.

Name: CA IT Client Manager r12 Secure Control Adapter

PNP Device ID: ROOT\DISPLAY\0001

Service: rcVidCap

.

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: adfs

Device ID: ROOT\LEGACY_ADFS\0000

Manufacturer:

Name: adfs

PNP Device ID: ROOT\LEGACY_ADFS\0000

Service: adfs

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows

Device ID: ROOT\NET\0000

Manufacturer: Cisco Systems

Name: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows

PNP Device ID: ROOT\NET\0000

Service: vpnva

.

==== System Restore Points ===================

.

No restore point in system.

.

==== Installed Programs ======================

.

.

32 Bit HP CIO Components Installer

Acrobat.com

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Media Player

Adobe Reader 9.3.4

Adobe Shockwave Player 11.5

CA DSM Agent + Asset Management plugin (English only Edition)

CA DSM Agent + Remote Control plugin (English only Edition)

CA DSM Agent + Software Delivery plugin (English only Edition)

CA Secure Socket Adapter

Cisco AnyConnect VPN Client

Citrix online plug-in

Citrix online plug-in (DV)

Citrix online plug-in (PNA)

Citrix online plug-in (SSON)

Citrix online plug-in (Web)

Conexant 20585 SmartAudio HD

cwbnethlp

Definition update for Microsoft Office 2010 (KB982726) 32-Bit Edition

DirectX 9 Runtime

FireFox

GPL Ghostscript Lite 8.70

HumanConcepts OrgPlus 8 Plug-in

Hyperion Interactive Reporting Web Client

Hyperion Reporting and Analysis Client

IBM i Access for Windows 7.1

IBM i Access for Windows MRI

Integrated Camera Driver Installer Package Ver.1.1.0.48

Intel PROSet Wireless

Intel® Control Center

Intel® Processor Graphics

Intel® PROSet/Wireless WiFi Software

InterVideo WinDVD 8

Java 6 Update 20

JDE ActiveX

Lenovo Auto Scroll Utility

Lenovo Central Audio

Lenovo Patch Utility

Lenovo System Interface Driver

LiveUpdate 3.3 (Symantec Corporation)

Lotus Notes 8.5.2

Malwarebytes Anti-Malware version 1.61.0.1400

Microsoft Office Excel MUI (English) 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Standard 2010

Microsoft Office Word MUI (English) 2010

Microsoft Silverlight

Microsoft Visual C++ 2005 Redistributable

Mozilla Firefox 11.0 (x86 en-US)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

On Screen Display

Oracle10gAdmin

PDF Writer - bioPDF 7.1.0.1195

QuickTime

RICOH R5U230 Media Driver ver.2.06.02.02

Roxio Central Copy

Roxio Central Core

Roxio Central Data

Roxio Central Tools

Roxio Creator Business Edition

Roxio Express Labeler 3

RSA SecurID Software Token

Security Update for Microsoft Excel 2010 (KB2553070)

Security Update for Microsoft Office 2010 (KB2289078)

Security Update for Microsoft Office 2010 (KB2289161)

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft PowerPoint 2010 (KB2519975)

Security Update for Microsoft Publisher 2010 (KB2409055)

Security Update for Microsoft Word 2010 (KB2345000)

Skype™ 5.9

Sonic CinePlayer Decoder Pack

Spelling Dictionaries Support For Adobe Reader 9

Symantec Endpoint Protection

System Update

ThinkPad Bluetooth with Enhanced Data Rate Software

ThinkPad FullScreen Magnifier

ThinkPad Hotkey Features Integration Setup

ThinkPad Modem Adapter

ThinkPad Power Management Driver

ThinkPad Power Manager

ThinkPad UltraNav Driver

ThinkPad UltraNav Utility

ThinkVantage Active Protection System

ThinkVantage Communications Utility

Update for Microsoft Office 2010 (KB2202188)

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft Office 2010 (KB2523113)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft OneNote 2010 (KB2493983)

Update for Microsoft Outlook Social Connector (KB2583935)

WinZip 9 SR1

.

==== Event Viewer Messages From Past Week ========

.

4/15/2012 9:02:18 PM, Error: Microsoft-Windows-TerminalServices-RemoteConnectionManager [1067] - The terminal server cannot register 'TERMSRV' Service Principal Name to be used for server authentication. The following error occured: The specified domain either does not exist or could not be contacted. .

4/15/2012 9:00:25 PM, Error: Microsoft-Windows-GroupPolicy [1129] - The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.

4/15/2012 8:59:40 PM, Error: Service Control Manager [7000] - The adfs service failed to start due to the following error: The system cannot find the file specified.

4/15/2012 8:59:40 PM, Error: Microsoft-Windows-GroupPolicy [1055] - The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following: a) Name Resolution failure on the current domain controller. b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).

4/15/2012 8:59:39 PM, Error: NETLOGON [5719] - This computer was not able to set up a secure session with a domain controller in domain AUS due to the following: There are currently no logon servers available to service the logon request. This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain.

4/15/2012 7:38:35 PM, Error: Microsoft-Windows-DistributedCOM [10000] - Unable to start a DCOM Server: {98D9A6F1-4696-4B5E-A2E8-36B3F9C1E12C}. The error: "2" Happened while starting this command: "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\AcrobatInfo.exe" /PDFShell -Embedding

4/15/2012 6:53:42 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume OSDisk.

4/14/2012 5:37:41 PM, Error: Microsoft-Windows-GroupPolicy [1053] - The processing of Group Policy failed. Windows could not resolve the user name. This could be caused by one of more of the following: a) Name Resolution failure on the current domain controller. b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).

4/14/2012 11:22:19 PM, Error: Service Control Manager [7034] - The LiveUpdate service terminated unexpectedly. It has done this 1 time(s).

4/13/2012 4:27:16 PM, Error: Service Control Manager [7030] - The Symantec Management Client service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

4/13/2012 4:23:17 PM, Error: Service Control Manager [7030] - The RoxMediaDB10 service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

4/11/2012 12:22:51 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service TrustedInstaller with arguments "" in order to run the server: {752073A1-23F2-4396-85F0-8FDB879ED0ED}

4/11/2012 12:22:40 PM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.

4/11/2012 12:22:38 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Modules Installer service to connect.

4/11/2012 12:22:38 PM, Error: Service Control Manager [7000] - The Windows Modules Installer service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

.

==== End Of File ===========================

fyi, this is a work computer.

Link to post
Share on other sites

Welcome to the forum.

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system (don't run any other options)

Post back the report.

MrC

Link to post
Share on other sites

Thanks MrC. Here is the log from RogueKiller:

RogueKiller V7.3.2 [03/20/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating

System: Windows 7 (6.1.7601 Service Pack 1) 32 bits version

Started in : Normal mode

User: 107267 [Admin rights]

Mode: Scan -- Date: 04/16/2012 10:53:43

¤¤¤ Bad processes: 3 ¤¤¤

[sUSP PATH] ndvcngtf.exe -- C:\Users\107267\AppData\Local\fwepddko\ndvcngtf.exe -> KILLED [TermProc]

[sVCHOST] svchost.exe -- C:\Windows\system32\svchost.exe -> KILLED [TermProc]

[sVCHOST] svchost.exe -- C:\Windows\system32\svchost.exe -> KILLED [TermProc]

¤¤¤ Registry Entries: 9 ¤¤¤

[sUSP PATH] HKCU\[...]\Run : NdvCngtf (C:\Users\107267\AppData\Local\fwepddko\ndvcngtf.exe) -> FOUND

[sUSP PATH] HKUS\S-1-5-21-1541481396-3027813910-3587673724-1177[...]\Run : NdvCngtf (C:\Users\107267\AppData\Local\fwepddko\ndvcngtf.exe) -> FOUND

[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (ausproxy.aus.rccl.com:8080) -> FOUND

[HJPOL] HKCU\[...]\Explorer : DisallowRun (1) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[HJ] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

SSDT[13] : NtAlertResumeThread @ 0x82D2DB93 -> HOOKED (Unknown @ 0x86222788)

SSDT[14] : NtAlertThread @ 0x82C80B80 -> HOOKED (Unknown @ 0x86222848)

SSDT[19] : NtAllocateVirtualMemory @ 0x82C79B8C -> HOOKED (Unknown @ 0x8621E6C0)

SSDT[74] : NtCreateMutant @ 0x82C6025A -> HOOKED (Unknown @ 0x86223880)

SSDT[87] : NtCreateThread @ 0x82D2BE36 -> HOOKED (Unknown @ 0x862169B8)

SSDT[131] : NtFreeVirtualMemory @ 0x82B094DB -> HOOKED (Unknown @ 0x86215988)

SSDT[145] : NtImpersonateAnonymousToken @ 0x82C45888 -> HOOKED (Unknown @ 0x86223950)

SSDT[147] : NtImpersonateThread @ 0x82CC97CC -> HOOKED (Unknown @ 0x862226C8)

SSDT[168] : NtMapViewOfSection @ 0x82C964D2 -> HOOKED (Unknown @ 0x8622B748)

SSDT[177] : NtOpenEvent @ 0x82C5FC56 -> HOOKED (Unknown @ 0x862237C0)

SSDT[191] : NtOpenProcessToken @ 0x82CB41CF -> HOOKED (Unknown @ 0x8621E790)

SSDT[199] : NtOpenThreadToken @ 0x82CC84B4 -> HOOKED (Unknown @ 0x8622C6D0)

SSDT[304] : NtResumeThread @ 0x82CC051B -> HOOKED (Unknown @ 0x861D4308)

SSDT[316] : NtSetContextThread @ 0x82D2CF2F -> HOOKED (Unknown @ 0x8622C610)

SSDT[333] : NtSetInformationProcess @ 0x82C8872D -> HOOKED (Unknown @ 0x8622B600)

SSDT[335] : NtSetInformationThread @ 0x82CB9C7F -> HOOKED (Unknown @ 0x86219940)

SSDT[366] : NtSuspendProcess @ 0x82D2DACF -> HOOKED (Unknown @ 0x86223700)

SSDT[367] : NtSuspendThread @ 0x82CE5005 -> HOOKED (Unknown @ 0x86222950)

SSDT[370] : NtTerminateProcess @ 0x82CAAB8D -> HOOKED (Unknown @ 0x8621F750)

SSDT[371] : NtTerminateThread @ 0x82CC8504 -> HOOKED (Unknown @ 0x86219880)

SSDT[385] : NtUnmapViewOfSection @ 0x82CB480A -> HOOKED (Unknown @ 0x8622B6D0)

SSDT[399] : NtWriteVirtualMemory @ 0x82CAF8EA -> HOOKED (Unknown @ 0x86212940)

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: HITACHI HTS725016A9A364 ATA Device +++++

--- User ---

[MBR] e580097e5ff895ed02925a231ce5c21d

[bSP] bd8b6921c3619a601c6bda75acf140fb : Windows 7 MBR Code

Partition table:

0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 152314 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 311941120 | Size: 300 Mo

User = LL1 ... OK!

User = LL2 ... OK!

+++++ PhysicalDrive1: SanDisk Cruzer USB Device +++++

--- User ---

[MBR] 60b9cdbd75eb44d94f3de5a9ee80b5f8

[bSP] 9e3b3c473b1db0daa516427cdae6e1cc : Windows 7 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 16 | Size: 3814 Mo

User = LL1 ... OK!

Error reading LL2 MBR!

Finished : << RKreport[1].txt >>

RKreport[1].txt

Link to post
Share on other sites

Please make sure system restore is running and create a new restore point before you continue:

==== System Restore Points ===================

.

No restore point in system. <---you have no system restore points!!

------------------------------------------------

Run RogueKiller again and click scan

When the scan is completed

Click on Processes and put a check next to these, uncheck the rest and click Delete on the right column.

¤¤¤ Bad processes: 3 ¤¤¤

[sUSP PATH] ndvcngtf.exe -- C:\Users\107267\AppData\Local\fwepddko\ndvcngtf.exe -> KILLED [TermProc]

---------------------

Next click on Registry Entries and put a check next to these, uncheck the rest.

Now click delete on the right column.

¤¤¤ Registry Entries: 9 ¤¤¤

[sUSP PATH] HKCU\[...]\Run : NdvCngtf (C:\Users\107267\AppData\Local\fwepddko\ndvcngtf.exe) -> FOUND

[sUSP PATH] HKUS\S-1-5-21-1541481396-3027813910-3587673724-1177[...]\Run : NdvCngtf (C:\Users\107267\AppData\Local\fwepddko\ndvcngtf.exe) -> FOUND

[HJPOL] HKCU\[...]\Explorer : DisallowRun (1) -> FOUND

--------------------------

Next.........

Please make sure system restore is running and create a new restore point before continuing.

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

tdss_1.jpg

-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

tdss_2.jpg

------------------------

Click the Start Scan button.

tdss_3.jpg

-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose delete.

tdss_4.jpg

----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

tdss_5.jpg

--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

MrC

Link to post
Share on other sites

Ok processes completed. System restore points created as instructed. It's a new computer, this is why I hadn't set one up yet.

Here is the log from TSSKiller:

14:26:59.0538 3600 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05

14:27:01.0566 3600 ============================================================

14:27:01.0566 3600 Current date / time: 2012/04/16 14:27:01.0566

14:27:01.0566 3600 SystemInfo:

14:27:01.0566 3600

14:27:01.0566 3600 OS Version: 6.1.7601 ServicePack: 1.0

14:27:01.0566 3600 Product type: Workstation

14:27:01.0566 3600 ComputerName: AUSR86LF42T410

14:27:01.0566 3600 UserName: 107267

14:27:01.0566 3600 Windows directory: C:\Windows

14:27:01.0566 3600 System windows directory: C:\Windows

14:27:01.0566 3600 Processor architecture: Intel x86

14:27:01.0566 3600 Number of processors: 4

14:27:01.0566 3600 Page size: 0x1000

14:27:01.0566 3600 Boot type: Normal boot

14:27:01.0566 3600 ============================================================

14:27:02.0549 3600 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x50C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050

14:27:02.0549 3600 \Device\Harddisk0\DR0:

14:27:02.0549 3600 MBR used

14:27:02.0549 3600 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1297D000

14:27:02.0549 3600 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1297D800, BlocksNum 0x96000

14:27:02.0580 3600 Initialize success

14:27:02.0580 3600 ============================================================

14:27:34.0822 9276 ============================================================

14:27:34.0822 9276 Scan started

14:27:34.0822 9276 Mode: Manual; SigCheck; TDLFS;

14:27:34.0822 9276 ============================================================

14:27:35.0212 9276 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\DRIVERS\1394ohci.sys

14:27:35.0305 9276 1394ohci - ok

14:27:35.0352 9276 5U877 (400e37a671ffc7ff3e713b72c4e23d3f) C:\Windows\system32\DRIVERS\5U877.sys

14:27:35.0399 9276 5U877 - ok

14:27:35.0430 9276 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys

14:27:35.0461 9276 ACPI - ok

14:27:35.0555 9276 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys

14:27:35.0602 9276 AcpiPmi - ok

14:27:35.0617 9276 adfs - ok

14:27:35.0649 9276 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\drivers\adp94xx.sys

14:27:35.0680 9276 adp94xx - ok

14:27:35.0695 9276 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\drivers\adpahci.sys

14:27:35.0711 9276 adpahci - ok

14:27:35.0727 9276 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\drivers\adpu320.sys

14:27:35.0742 9276 adpu320 - ok

14:27:35.0773 9276 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll

14:27:35.0820 9276 AeLookupSvc - ok

14:27:35.0898 9276 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys

14:27:35.0961 9276 AFD - ok

14:27:35.0992 9276 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys

14:27:36.0007 9276 agp440 - ok

14:27:36.0039 9276 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\drivers\djsvs.sys

14:27:36.0054 9276 aic78xx - ok

14:27:36.0085 9276 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe

14:27:36.0117 9276 ALG - ok

14:27:36.0195 9276 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys

14:27:36.0210 9276 aliide - ok

14:27:36.0335 9276 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys

14:27:36.0351 9276 amdagp - ok

14:27:36.0366 9276 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys

14:27:36.0382 9276 amdide - ok

14:27:36.0413 9276 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\drivers\amdk8.sys

14:27:36.0460 9276 AmdK8 - ok

14:27:36.0491 9276 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\drivers\amdppm.sys

14:27:36.0522 9276 AmdPPM - ok

14:27:36.0569 9276 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys

14:27:36.0584 9276 amdsata - ok

14:27:36.0600 9276 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\drivers\amdsbs.sys

14:27:36.0616 9276 amdsbs - ok

14:27:36.0694 9276 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys

14:27:36.0709 9276 amdxata - ok

14:27:36.0756 9276 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys

14:27:36.0803 9276 AppID - ok

14:27:36.0834 9276 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll

14:27:36.0865 9276 AppIDSvc - ok

14:27:36.0881 9276 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll

14:27:36.0928 9276 Appinfo - ok

14:27:36.0974 9276 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll

14:27:36.0990 9276 AppMgmt - ok

14:27:37.0037 9276 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\drivers\arc.sys

14:27:37.0068 9276 arc - ok

14:27:37.0084 9276 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\drivers\arcsas.sys

14:27:37.0084 9276 arcsas - ok

14:27:37.0115 9276 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys

14:27:37.0224 9276 AsyncMac - ok

14:27:37.0302 9276 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys

14:27:37.0318 9276 atapi - ok

14:27:37.0364 9276 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll

14:27:37.0427 9276 AudioEndpointBuilder - ok

14:27:37.0427 9276 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll

14:27:37.0458 9276 Audiosrv - ok

14:27:37.0505 9276 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll

14:27:37.0536 9276 AxInstSV - ok

14:27:37.0645 9276 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\drivers\bxvbdx.sys

14:27:37.0676 9276 b06bdrv - ok

14:27:37.0723 9276 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys

14:27:37.0739 9276 b57nd60x - ok

14:27:37.0801 9276 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll

14:27:37.0832 9276 BDESVC - ok

14:27:37.0926 9276 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys

14:27:37.0973 9276 Beep - ok

14:27:38.0004 9276 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll

14:27:38.0051 9276 BFE - ok

14:27:38.0082 9276 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\System32\qmgr.dll

14:27:38.0129 9276 BITS - ok

14:27:38.0207 9276 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys

14:27:38.0238 9276 blbdrive - ok

14:27:38.0254 9276 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys

14:27:38.0285 9276 bowser - ok

14:27:38.0300 9276 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\BrFiltLo.sys

14:27:38.0332 9276 BrFiltLo - ok

14:27:38.0347 9276 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\BrFiltUp.sys

14:27:38.0363 9276 BrFiltUp - ok

14:27:38.0410 9276 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll

14:27:38.0456 9276 Browser - ok

14:27:38.0550 9276 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys

14:27:38.0565 9276 Brserid - ok

14:27:38.0597 9276 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys

14:27:38.0628 9276 BrSerWdm - ok

14:27:38.0643 9276 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys

14:27:38.0675 9276 BrUsbMdm - ok

14:27:38.0690 9276 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys

14:27:38.0721 9276 BrUsbSer - ok

14:27:38.0768 9276 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\DRIVERS\BthEnum.sys

14:27:38.0799 9276 BthEnum - ok

14:27:38.0877 9276 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\drivers\bthmodem.sys

14:27:38.0924 9276 BTHMODEM - ok

14:27:38.0940 9276 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys

14:27:38.0955 9276 BthPan - ok

14:27:38.0987 9276 BTHPORT (c2fbf6d271d9a94d839c416bf186ead9) C:\Windows\system32\Drivers\BTHport.sys

14:27:39.0018 9276 BTHPORT - ok

14:27:39.0065 9276 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll

14:27:39.0111 9276 bthserv - ok

14:27:39.0143 9276 BTHUSB (c81e9413a25a439f436b1d4b6a0cf9e9) C:\Windows\system32\Drivers\BTHUSB.sys

14:27:39.0158 9276 BTHUSB - ok

14:27:39.0236 9276 btusbflt (f549c3fb145a4928e40bb1518b2034dc) C:\Windows\system32\drivers\btusbflt.sys

14:27:39.0267 9276 btusbflt - ok

14:27:39.0330 9276 btwaudio (f8b4f60768328faa2ffe2727f66809f8) C:\Windows\system32\drivers\btwaudio.sys

14:27:39.0345 9276 btwaudio - ok

14:27:39.0377 9276 btwavdt (fa7446dd38de84d4988d1f2ebb854589) C:\Windows\system32\drivers\btwavdt.sys

14:27:39.0392 9276 btwavdt - ok

14:27:39.0486 9276 btwdins (5c24aec670b9cce7f2af6de74677ceb4) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe

14:27:39.0517 9276 btwdins - ok

14:27:39.0611 9276 btwl2cap (aafd7cb76ba61fbb08e302da208c974a) C:\Windows\system32\DRIVERS\btwl2cap.sys

14:27:39.0611 9276 btwl2cap - ok

14:27:39.0657 9276 btwrchid (d5862fbc1cbc0404614fd9d85c8d880e) C:\Windows\system32\DRIVERS\btwrchid.sys

14:27:39.0657 9276 btwrchid - ok

14:27:39.0782 9276 CA-MessageQueuing (3eac989be9af1228d0455afffbeee539) C:\Program Files\ca\sc\CAM\bin\cam.exe

14:27:39.0798 9276 CA-MessageQueuing - ok

14:27:39.0813 9276 CA-SAM-Pmux (974019262e249c7103fb30c4214c29e4) C:\Program Files\ca\sc\CsamSockAdapter\bin\csampmux.exe

14:27:39.0829 9276 CA-SAM-Pmux - ok

14:27:39.0891 9276 caf (d1f7a3aaed8b7a55233b9831a5c2401e) C:\Program Files\ca\DSM\bin\caf.exe

14:27:39.0907 9276 caf - ok

14:27:40.0001 9276 ccEvtMgr (73f7e0619d6ce8480f3a575619fc974f) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

14:27:40.0016 9276 ccEvtMgr - ok

14:27:40.0032 9276 ccSetMgr (73f7e0619d6ce8480f3a575619fc974f) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

14:27:40.0047 9276 ccSetMgr - ok

14:27:40.0141 9276 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys

14:27:40.0188 9276 cdfs - ok

14:27:40.0219 9276 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys

14:27:40.0250 9276 cdrom - ok

14:27:40.0297 9276 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll

14:27:40.0313 9276 CertPropSvc - ok

14:27:40.0344 9276 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\drivers\circlass.sys

14:27:40.0359 9276 circlass - ok

14:27:40.0391 9276 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys

14:27:40.0391 9276 CLFS - ok

14:27:40.0484 9276 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

14:27:40.0500 9276 clr_optimization_v2.0.50727_32 - ok

14:27:40.0562 9276 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys

14:27:40.0593 9276 CmBatt - ok

14:27:40.0640 9276 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys

14:27:40.0656 9276 cmdide - ok

14:27:40.0718 9276 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys

14:27:40.0749 9276 CNG - ok

14:27:40.0812 9276 CnxtHdAudService (2fe437862d0caa879b3c01ef353edda7) C:\Windows\system32\drivers\CHDRT32.sys

14:27:40.0827 9276 CnxtHdAudService - ok

14:27:40.0874 9276 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys

14:27:40.0874 9276 Compbatt - ok

14:27:40.0921 9276 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\DRIVERS\CompositeBus.sys

14:27:40.0952 9276 CompositeBus - ok

14:27:40.0999 9276 COMSysApp - ok

14:27:41.0030 9276 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\drivers\crcdisk.sys

14:27:41.0046 9276 crcdisk - ok

14:27:41.0092 9276 CryptSvc (a585bebf7d054bd9618eda0922d5484a) C:\Windows\system32\cryptsvc.dll

14:27:41.0124 9276 CryptSvc - ok

14:27:41.0155 9276 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys

14:27:41.0186 9276 CSC - ok

14:27:41.0217 9276 CscService (15f93b37f6801943360d9eb42485d5d3) C:\Windows\System32\cscsvc.dll

14:27:41.0248 9276 CscService - ok

14:27:41.0295 9276 Cwbrxd (4066adcf86d3bab629366d10dcc40cb2) C:\Windows\cwbrxd.exe

14:27:41.0311 9276 Cwbrxd ( UnsignedFile.Multi.Generic ) - warning

14:27:41.0311 9276 Cwbrxd - detected UnsignedFile.Multi.Generic (1)

14:27:41.0389 9276 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll

14:27:41.0451 9276 DcomLaunch - ok

14:27:41.0482 9276 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll

14:27:41.0514 9276 defragsvc - ok

14:27:41.0560 9276 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys

14:27:41.0607 9276 DfsC - ok

14:27:41.0638 9276 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll

14:27:41.0670 9276 Dhcp - ok

14:27:41.0732 9276 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys

14:27:41.0763 9276 discache - ok

14:27:41.0779 9276 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\drivers\disk.sys

14:27:41.0794 9276 Disk - ok

14:27:41.0810 9276 dmvsc (2a958ef85db1b61ffca65044fa4bce9e) C:\Windows\system32\drivers\dmvsc.sys

14:27:41.0826 9276 dmvsc - ok

14:27:41.0857 9276 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll

14:27:41.0888 9276 Dnscache - ok

14:27:41.0919 9276 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll

14:27:41.0966 9276 dot3svc - ok

14:27:42.0075 9276 DozeHDD (6d279bb0de1d8e34f454e1b353f4d738) C:\Windows\system32\DRIVERS\DozeHDD.sys

14:27:42.0091 9276 DozeHDD - ok

14:27:42.0138 9276 DozeSvc (01e2180c3d72cb0adcc43fb83d18942a) C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE

14:27:42.0153 9276 DozeSvc - ok

14:27:42.0184 9276 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll

14:27:42.0231 9276 DPS - ok

14:27:42.0278 9276 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys

14:27:42.0309 9276 drmkaud - ok

14:27:42.0403 9276 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys

14:27:42.0434 9276 DXGKrnl - ok

14:27:42.0496 9276 e1kexpress (b0587c35e8c72a6fdf1782972efea03b) C:\Windows\system32\DRIVERS\e1k6232.sys

14:27:42.0512 9276 e1kexpress - ok

14:27:42.0543 9276 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll

14:27:42.0590 9276 EapHost - ok

14:27:42.0746 9276 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\drivers\evbdx.sys

14:27:42.0808 9276 ebdrv - ok

14:27:42.0917 9276 eeCtrl (75e8b69f28c813675b16db357f20720f) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys

14:27:42.0949 9276 eeCtrl - ok

14:27:43.0011 9276 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe

14:27:43.0042 9276 EFS - ok

14:27:43.0105 9276 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe

14:27:43.0136 9276 ehRecvr - ok

14:27:43.0167 9276 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe

14:27:43.0198 9276 ehSched - ok

14:27:43.0292 9276 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\drivers\elxstor.sys

14:27:43.0307 9276 elxstor - ok

14:27:43.0463 9276 EraserUtilRebootDrv (720b18d76de9e603b626dfcd6f1fca7c) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

14:27:43.0479 9276 EraserUtilRebootDrv - ok

14:27:43.0557 9276 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys

14:27:43.0604 9276 ErrDev - ok

14:27:43.0651 9276 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll

14:27:43.0697 9276 EventSystem - ok

14:27:43.0775 9276 EvtEng (b6c691d8cae275ed9b2782e62626f36a) C:\Program Files\Intel\WiFi\bin\EvtEng.exe

14:27:43.0822 9276 EvtEng - ok

14:27:43.0916 9276 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys

14:27:43.0947 9276 exfat - ok

14:27:43.0978 9276 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys

14:27:44.0025 9276 fastfat - ok

14:27:44.0072 9276 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe

14:27:44.0103 9276 Fax - ok

14:27:44.0181 9276 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\drivers\fdc.sys

14:27:44.0212 9276 fdc - ok

14:27:44.0228 9276 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll

14:27:44.0275 9276 fdPHost - ok

14:27:44.0306 9276 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll

14:27:44.0337 9276 FDResPub - ok

14:27:44.0353 9276 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys

14:27:44.0353 9276 FileInfo - ok

14:27:44.0384 9276 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys

14:27:44.0415 9276 Filetrace - ok

14:27:44.0431 9276 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\drivers\flpydisk.sys

14:27:44.0462 9276 flpydisk - ok

14:27:44.0493 9276 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys

14:27:44.0509 9276 FltMgr - ok

14:27:44.0540 9276 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll

14:27:44.0587 9276 FontCache - ok

14:27:44.0680 9276 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

14:27:44.0696 9276 FontCache3.0.0.0 - ok

14:27:44.0758 9276 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys

14:27:44.0774 9276 FsDepends - ok

14:27:44.0805 9276 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys

14:27:44.0805 9276 Fs_Rec - ok

14:27:44.0820 9276 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys

14:27:44.0836 9276 fvevol - ok

14:27:44.0867 9276 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\drivers\gagp30kx.sys

14:27:44.0883 9276 gagp30kx - ok

14:27:44.0914 9276 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll

14:27:44.0961 9276 gpsvc - ok

14:27:45.0008 9276 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys

14:27:45.0008 9276 hcw85cir - ok

14:27:45.0070 9276 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\DRIVERS\HDAudBus.sys

14:27:45.0101 9276 HDAudBus - ok

14:27:45.0164 9276 HECI (a88485dc6a7136c10d9a6c7e38fdfe3c) C:\Windows\system32\DRIVERS\HECI.sys

14:27:45.0210 9276 HECI - ok

14:27:45.0226 9276 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\drivers\HidBatt.sys

14:27:45.0257 9276 HidBatt - ok

14:27:45.0304 9276 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\drivers\hidbth.sys

14:27:45.0351 9276 HidBth - ok

14:27:45.0413 9276 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\drivers\hidir.sys

14:27:45.0460 9276 HidIr - ok

14:27:45.0491 9276 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\system32\hidserv.dll

14:27:45.0538 9276 hidserv - ok

14:27:45.0600 9276 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys

14:27:45.0632 9276 HidUsb - ok

14:27:45.0678 9276 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll

14:27:45.0710 9276 hkmsvc - ok

14:27:45.0756 9276 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll

14:27:45.0788 9276 HomeGroupListener - ok

14:27:45.0819 9276 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll

14:27:45.0866 9276 HomeGroupProvider - ok

14:27:45.0928 9276 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys

14:27:45.0944 9276 HpSAMD - ok

14:27:46.0006 9276 HsfXAudioService (bfbdbca42710795c4446c54243970fd1) C:\Windows\system32\XAudio32.dll

14:27:46.0037 9276 HsfXAudioService - ok

14:27:46.0084 9276 HSF_DPV (caaa4433360fd337cf68a1b0719f9cc1) C:\Windows\system32\DRIVERS\HSX_DPV.sys

14:27:46.0100 9276 HSF_DPV - ok

14:27:46.0224 9276 HSXHWAZL (cb049fa2ce718f7468be50f3d7192370) C:\Windows\system32\DRIVERS\HSXHWAZL.sys

14:27:46.0240 9276 HSXHWAZL - ok

14:27:46.0287 9276 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys

14:27:46.0318 9276 HTTP - ok

14:27:46.0365 9276 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys

14:27:46.0365 9276 hwpolicy - ok

14:27:46.0427 9276 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys

14:27:46.0474 9276 i8042prt - ok

14:27:46.0505 9276 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys

14:27:46.0536 9276 iaStorV - ok

14:27:46.0583 9276 IBMPMDRV (e3ffc8cb45b3f55264ee10f084b2731b) C:\Windows\system32\DRIVERS\ibmpmdrv.sys

14:27:46.0583 9276 IBMPMDRV - ok

14:27:46.0630 9276 IBMPMSVC (5565982522ee9d4e8921feb304d4226f) C:\Windows\system32\ibmpmsvc.exe

14:27:46.0646 9276 IBMPMSVC - ok

14:27:46.0724 9276 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

14:27:46.0770 9276 idsvc - ok

14:27:47.0020 9276 igfx (387ce9ae43e98cf469c51664b7173b1c) C:\Windows\system32\DRIVERS\igdkmd32.sys

14:27:47.0145 9276 igfx - ok

14:27:47.0238 9276 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\drivers\iirsp.sys

14:27:47.0254 9276 iirsp - ok

14:27:47.0301 9276 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll

14:27:47.0379 9276 IKEEXT - ok

14:27:47.0410 9276 Impcd (e3c36ac5ae87ec970ae8ea2a93d59ae1) C:\Windows\system32\DRIVERS\Impcd.sys

14:27:47.0441 9276 Impcd - ok

14:27:47.0535 9276 IntcDAud (5576ad2f0039d2bccca3567fc0bf981c) C:\Windows\system32\DRIVERS\IntcDAud.sys

14:27:47.0581 9276 IntcDAud - ok

14:27:47.0597 9276 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys

14:27:47.0613 9276 intelide - ok

14:27:47.0628 9276 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys

14:27:47.0644 9276 intelppm - ok

14:27:47.0675 9276 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll

14:27:47.0706 9276 IPBusEnum - ok

14:27:47.0722 9276 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys

14:27:47.0753 9276 IpFilterDriver - ok

14:27:47.0800 9276 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll

14:27:47.0831 9276 iphlpsvc - ok

14:27:47.0909 9276 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys

14:27:47.0940 9276 IPMIDRV - ok

14:27:47.0956 9276 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys

14:27:47.0987 9276 IPNAT - ok

14:27:48.0018 9276 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys

14:27:48.0049 9276 IRENUM - ok

14:27:48.0065 9276 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys

14:27:48.0081 9276 isapnp - ok

14:27:48.0096 9276 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys

14:27:48.0112 9276 iScsiPrt - ok

14:27:48.0205 9276 IviRegMgr (213822072085b5bbad9af30ab577d817) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

14:27:48.0221 9276 IviRegMgr - ok

14:27:48.0299 9276 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys

14:27:48.0315 9276 kbdclass - ok

14:27:48.0346 9276 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys

14:27:48.0377 9276 kbdhid - ok

14:27:48.0424 9276 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe

14:27:48.0439 9276 KeyIso - ok

14:27:48.0455 9276 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys

14:27:48.0455 9276 KSecDD - ok

14:27:48.0471 9276 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys

14:27:48.0486 9276 KSecPkg - ok

14:27:48.0517 9276 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll

14:27:48.0595 9276 KtmRm - ok

14:27:48.0689 9276 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\system32\srvsvc.dll

14:27:48.0751 9276 LanmanServer - ok

14:27:48.0814 9276 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll

14:27:48.0860 9276 LanmanWorkstation - ok

14:27:48.0954 9276 LENOVO.CAMMUTE (cab9c6c37fd0f9612b269349116504b6) C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe

14:27:48.0970 9276 LENOVO.CAMMUTE - ok

14:27:49.0032 9276 LENOVO.MICMUTE (340288b3b2edc8afd5ff127df85142a7) C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe

14:27:49.0048 9276 LENOVO.MICMUTE - ok

14:27:49.0141 9276 lenovo.smi (9aac267a225f3caebb9e633f7eb16e4b) C:\Windows\system32\DRIVERS\smiif32.sys

14:27:49.0141 9276 lenovo.smi - ok

14:27:49.0157 9276 LENOVO.TPKNRSVC (04b5f7f44ccb2fab615c67ed0e6c8323) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe

14:27:49.0157 9276 LENOVO.TPKNRSVC - ok

14:27:49.0172 9276 Lenovo.VIRTSCRLSVC (158b67696ec8602ce71f9aa4f14aa96f) C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe

14:27:49.0188 9276 Lenovo.VIRTSCRLSVC - ok

14:27:49.0328 9276 LiveUpdate (3aa70dcfb4ecb5fcfe6b9ff7cec3a5ea) C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

14:27:49.0375 9276 LiveUpdate - ok

14:27:49.0484 9276 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys

14:27:49.0547 9276 lltdio - ok

14:27:49.0578 9276 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll

14:27:49.0609 9276 lltdsvc - ok

14:27:49.0609 9276 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll

14:27:49.0656 9276 lmhosts - ok

14:27:49.0781 9276 Lotus Notes Diagnostics (731fd0367064d15989dff8a6f826e881) C:\Program Files\Notes\nsd.exe

14:27:49.0843 9276 Lotus Notes Diagnostics - ok

14:27:49.0921 9276 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\drivers\lsi_fc.sys

14:27:49.0952 9276 LSI_FC - ok

14:27:49.0952 9276 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\drivers\lsi_sas.sys

14:27:49.0968 9276 LSI_SAS - ok

14:27:49.0984 9276 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\drivers\lsi_sas2.sys

14:27:49.0999 9276 LSI_SAS2 - ok

14:27:49.0999 9276 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\drivers\lsi_scsi.sys

14:27:50.0015 9276 LSI_SCSI - ok

14:27:50.0030 9276 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys

14:27:50.0077 9276 luafv - ok

14:27:50.0140 9276 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys

14:27:50.0171 9276 MBAMProtector - ok

14:27:50.0233 9276 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

14:27:50.0249 9276 MBAMService - ok

14:27:50.0327 9276 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll

14:27:50.0342 9276 Mcx2Svc - ok

14:27:50.0405 9276 mdmxsdk (a027de1e6c11bd2daf61f6f276b2299f) C:\Windows\system32\DRIVERS\mdmxsdk.sys

14:27:50.0420 9276 mdmxsdk - ok

14:27:50.0452 9276 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\drivers\megasas.sys

14:27:50.0467 9276 megasas - ok

14:27:50.0483 9276 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\drivers\MegaSR.sys

14:27:50.0498 9276 MegaSR - ok

14:27:50.0514 9276 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll

14:27:50.0561 9276 MMCSS - ok

14:27:50.0576 9276 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys

14:27:50.0608 9276 Modem - ok

14:27:50.0686 9276 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys

14:27:50.0732 9276 monitor - ok

14:27:50.0826 9276 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys

14:27:50.0842 9276 mouclass - ok

14:27:50.0873 9276 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys

14:27:50.0904 9276 mouhid - ok

14:27:50.0951 9276 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys

14:27:50.0966 9276 mountmgr - ok

14:27:50.0966 9276 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys

14:27:50.0982 9276 mpio - ok

14:27:50.0997 9276 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys

14:27:51.0044 9276 mpsdrv - ok

14:27:51.0075 9276 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll

14:27:51.0107 9276 MpsSvc - ok

14:27:51.0185 9276 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys

14:27:51.0200 9276 MRxDAV - ok

14:27:51.0231 9276 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys

14:27:51.0263 9276 mrxsmb - ok

14:27:51.0294 9276 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys

14:27:51.0309 9276 mrxsmb10 - ok

14:27:51.0325 9276 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys

14:27:51.0341 9276 mrxsmb20 - ok

14:27:51.0372 9276 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys

14:27:51.0387 9276 msahci - ok

14:27:51.0387 9276 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys

14:27:51.0403 9276 msdsm - ok

14:27:51.0434 9276 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe

14:27:51.0465 9276 MSDTC - ok

14:27:51.0543 9276 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys

14:27:51.0575 9276 Msfs - ok

14:27:51.0699 9276 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys

14:27:51.0746 9276 mshidkmdf - ok

14:27:51.0871 9276 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys

14:27:51.0918 9276 msisadrv - ok

14:27:52.0011 9276 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll

14:27:52.0089 9276 MSiSCSI - ok

14:27:52.0230 9276 msiserver - ok

14:27:52.0355 9276 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys

14:27:52.0433 9276 MSKSSRV - ok

14:27:52.0495 9276 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys

14:27:52.0557 9276 MSPCLOCK - ok

14:27:52.0823 9276 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys

14:27:52.0901 9276 MSPQM - ok

14:27:52.0979 9276 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys

14:27:52.0994 9276 MsRPC - ok

14:27:53.0306 9276 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys

14:27:53.0322 9276 mssmbios - ok

14:27:53.0384 9276 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys

14:27:53.0431 9276 MSTEE - ok

14:27:53.0556 9276 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\drivers\MTConfig.sys

14:27:53.0587 9276 MTConfig - ok

14:27:53.0634 9276 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys

14:27:53.0649 9276 Mup - ok

14:27:53.0774 9276 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll

14:27:53.0868 9276 napagent - ok

14:27:54.0055 9276 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys

14:27:54.0086 9276 NativeWifiP - ok

14:27:54.0258 9276 NAVENG (862f55824ac81295837b0ab63f91071f) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20111130.002\NAVENG.SYS

14:27:54.0273 9276 NAVENG - ok

14:27:54.0429 9276 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20111130.002\NAVEX15.SYS

14:27:54.0507 9276 NAVEX15 - ok

14:27:54.0710 9276 NDIS (3723262737d90f58059ceda7373b0387) C:\Windows\system32\drivers\ndis.sys

14:27:54.0741 9276 NDIS - ok

14:27:54.0960 9276 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys

14:27:55.0006 9276 NdisCap - ok

14:27:55.0162 9276 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys

14:27:55.0225 9276 NdisTapi - ok

14:27:55.0381 9276 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys

14:27:55.0427 9276 Ndisuio - ok

14:27:55.0615 9276 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys

14:27:55.0677 9276 NdisWan - ok

14:27:55.0895 9276 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys

14:27:55.0942 9276 NDProxy - ok

14:27:56.0098 9276 Net Driver HPZ12 (90eb97c8dbf11bb0016c51946ac5ecd6) C:\Windows\system32\HPZinw12.dll

14:27:56.0129 9276 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning

14:27:56.0129 9276 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)

14:27:56.0270 9276 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys

14:27:56.0332 9276 NetBIOS - ok

14:27:56.0410 9276 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys

14:27:56.0441 9276 NetBT - ok

14:27:56.0551 9276 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe

14:27:56.0582 9276 Netlogon - ok

14:27:56.0691 9276 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll

14:27:56.0738 9276 Netman - ok

14:27:56.0785 9276 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll

14:27:56.0831 9276 netprofm - ok

14:27:56.0909 9276 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

14:27:56.0925 9276 NetTcpPortSharing - ok

14:27:56.0987 9276 netvsc (104be93f0607c6aa0d85319581f96ec2) C:\Windows\system32\DRIVERS\netvsc60.sys

14:27:57.0019 9276 netvsc - ok

14:27:57.0159 9276 NETwNs32 (5c979c481981e04919ecbb3b88d54b34) C:\Windows\system32\DRIVERS\NETwNs32.sys

14:27:57.0268 9276 NETwNs32 - ok

14:27:57.0471 9276 NETwNx32 (32e6902485c5add8e4c6cd21545d5133) C:\Windows\system32\DRIVERS\NETwNx32.sys

14:27:57.0580 9276 NETwNx32 ( UnsignedFile.Multi.Generic ) - warning

14:27:57.0580 9276 NETwNx32 - detected UnsignedFile.Multi.Generic (1)

14:27:57.0674 9276 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\drivers\nfrd960.sys

14:27:57.0674 9276 nfrd960 - ok

14:27:57.0705 9276 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll

14:27:57.0798 9276 NlaSvc - ok

14:27:57.0798 9276 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys

14:27:57.0845 9276 Npfs - ok

14:27:57.0876 9276 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll

14:27:57.0908 9276 nsi - ok

14:27:57.0908 9276 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys

14:27:57.0954 9276 nsiproxy - ok

14:27:57.0986 9276 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys

14:27:58.0017 9276 Ntfs - ok

14:27:58.0095 9276 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys

14:27:58.0126 9276 Null - ok

14:27:58.0142 9276 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys

14:27:58.0157 9276 nvraid - ok

14:27:58.0157 9276 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys

14:27:58.0173 9276 nvstor - ok

14:27:58.0188 9276 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys

14:27:58.0204 9276 nv_agp - ok

14:27:58.0235 9276 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys

14:27:58.0266 9276 ohci1394 - ok

14:27:58.0360 9276 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

14:27:58.0376 9276 ose - ok

14:27:58.0485 9276 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

14:27:58.0656 9276 osppsvc - ok

14:27:58.0719 9276 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll

14:27:58.0766 9276 p2pimsvc - ok

14:27:58.0781 9276 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll

14:27:58.0812 9276 p2psvc - ok

14:27:58.0875 9276 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\drivers\parport.sys

14:27:58.0890 9276 Parport - ok

14:27:58.0906 9276 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys

14:27:58.0922 9276 partmgr - ok

14:27:58.0937 9276 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\drivers\parvdm.sys

14:27:58.0968 9276 Parvdm - ok

14:27:58.0984 9276 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll

14:27:59.0000 9276 PcaSvc - ok

14:27:59.0015 9276 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys

14:27:59.0031 9276 pci - ok

14:27:59.0046 9276 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys

14:27:59.0062 9276 pciide - ok

14:27:59.0124 9276 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\drivers\pcmcia.sys

14:27:59.0140 9276 pcmcia - ok

14:27:59.0156 9276 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys

14:27:59.0156 9276 pcw - ok

14:27:59.0187 9276 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys

14:27:59.0234 9276 PEAUTH - ok

14:27:59.0280 9276 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll

14:27:59.0327 9276 PeerDistSvc - ok

14:27:59.0374 9276 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll

14:27:59.0436 9276 pla - ok

14:27:59.0499 9276 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll

14:27:59.0545 9276 PlugPlay - ok

14:27:59.0592 9276 Pml Driver HPZ12 (f0efaf6000e9fcbd77f769d527ce5f9d) C:\Windows\system32\HPZipm12.dll

14:27:59.0608 9276 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning

14:27:59.0608 9276 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)

14:27:59.0639 9276 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll

14:27:59.0670 9276 PNRPAutoReg - ok

14:27:59.0701 9276 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll

14:27:59.0717 9276 PNRPsvc - ok

14:27:59.0764 9276 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll

14:27:59.0795 9276 PolicyAgent - ok

14:27:59.0857 9276 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll

14:27:59.0904 9276 Power - ok

14:27:59.0998 9276 Power Manager DBC Service (ebf8a077be308c0c6d55d90f89a43547) C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE

14:28:00.0013 9276 Power Manager DBC Service - ok

14:28:00.0076 9276 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys

14:28:00.0123 9276 PptpMiniport - ok

14:28:00.0138 9276 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\drivers\processr.sys

14:28:00.0169 9276 Processor - ok

14:28:00.0232 9276 ProfSvc (43ca4ccc22d52fb58e8988f0198851d0) C:\Windows\system32\profsvc.dll

14:28:00.0279 9276 ProfSvc - ok

14:28:00.0310 9276 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe

14:28:00.0325 9276 ProtectedStorage - ok

14:28:00.0372 9276 psadd (651d3abc1d82d61b6cfb40cb947b3db3) C:\Windows\system32\DRIVERS\psadd.sys

14:28:00.0403 9276 psadd - ok

14:28:00.0466 9276 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys

14:28:00.0528 9276 Psched - ok

14:28:00.0622 9276 PwmEWSvc (254de0e4fb8822ca9e5495dcac3bf11c) C:\Program Files\ThinkPad\Utilities\PWMEWSVC.EXE

14:28:00.0653 9276 PwmEWSvc - ok

14:28:00.0731 9276 PxHelp20 (40fedd328f98245ad201cf5f9f311724) C:\Windows\system32\Drivers\PxHelp20.sys

14:28:00.0747 9276 PxHelp20 - ok

14:28:00.0793 9276 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\drivers\ql2300.sys

14:28:00.0825 9276 ql2300 - ok

14:28:00.0871 9276 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\drivers\ql40xx.sys

14:28:00.0887 9276 ql40xx - ok

14:28:00.0918 9276 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll

14:28:00.0965 9276 QWAVE - ok

14:28:01.0027 9276 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys

14:28:01.0059 9276 QWAVEdrv - ok

14:28:01.0074 9276 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys

14:28:01.0105 9276 RasAcd - ok

14:28:01.0137 9276 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys

14:28:01.0168 9276 RasAgileVpn - ok

14:28:01.0183 9276 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll

14:28:01.0215 9276 RasAuto - ok

14:28:01.0246 9276 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys

14:28:01.0277 9276 Rasl2tp - ok

14:28:01.0324 9276 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll

14:28:01.0355 9276 RasMan - ok

14:28:01.0433 9276 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys

14:28:01.0480 9276 RasPppoe - ok

14:28:01.0480 9276 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys

14:28:01.0511 9276 RasSstp - ok

14:28:01.0558 9276 rcSmCard (fa0192d67d676f360ef1bbb1b3b30070) C:\Windows\system32\DRIVERS\rcSmCard.sys

14:28:01.0558 9276 rcSmCard - ok

14:28:01.0589 9276 rcVidCap (c05b281d5bd452ccc0d61378757d134f) C:\Windows\system32\DRIVERS\rcVidMpt.sys

14:28:01.0589 9276 rcVidCap - ok

14:28:01.0604 9276 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys

14:28:01.0636 9276 rdbss - ok

14:28:01.0651 9276 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys

14:28:01.0682 9276 rdpbus - ok

14:28:01.0698 9276 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys

14:28:01.0729 9276 RDPCDD - ok

14:28:01.0760 9276 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys

14:28:01.0776 9276 RDPDR - ok

14:28:01.0870 9276 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys

14:28:01.0916 9276 RDPENCDD - ok

14:28:01.0932 9276 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys

14:28:01.0963 9276 RDPREFMP - ok

14:28:01.0979 9276 RdpVideoMiniport (68a0387f58e226deee23d9715955572a) C:\Windows\system32\drivers\rdpvideominiport.sys

14:28:02.0010 9276 RdpVideoMiniport - ok

14:28:02.0026 9276 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys

14:28:02.0057 9276 RDPWD - ok

14:28:02.0088 9276 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys

14:28:02.0088 9276 rdyboost - ok

14:28:02.0197 9276 regi (001b4278407f4303efc902a2b16f2453) C:\Windows\system32\drivers\regi.sys

14:28:02.0213 9276 regi - ok

14:28:02.0322 9276 RegSrvc (6c47ac711f5fb55c5387a85d50ab4703) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

14:28:02.0353 9276 RegSrvc - ok

14:28:02.0416 9276 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll

14:28:02.0447 9276 RemoteAccess - ok

14:28:02.0494 9276 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll

14:28:02.0525 9276 RemoteRegistry - ok

14:28:02.0587 9276 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys

14:28:02.0618 9276 RFCOMM - ok

14:28:02.0634 9276 rimspci (e891f07815af88075705ef6a248711f6) C:\Windows\system32\DRIVERS\rimspe86.sys

14:28:02.0650 9276 rimspci - ok

14:28:02.0665 9276 risdpcie (5312f15dbeb47d906dca2e334dc4c97d) C:\Windows\system32\DRIVERS\risdpe86.sys

14:28:02.0681 9276 risdpcie - ok

14:28:02.0696 9276 rixdpcie (6a60626412129c713cc30c81870a8095) C:\Windows\system32\drivers\rixdpe86.sys

14:28:02.0728 9276 rixdpcie - ok

14:28:02.0915 9276 RoxMediaDB10 (b2a212fd6be89f4d7f835fb85bb24195) C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe

14:28:02.0962 9276 RoxMediaDB10 - ok

14:28:03.0024 9276 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll

14:28:03.0102 9276 RpcEptMapper - ok

14:28:03.0133 9276 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe

14:28:03.0164 9276 RpcLocator - ok

14:28:03.0196 9276 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll

14:28:03.0242 9276 RpcSs - ok

14:28:03.0305 9276 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys

14:28:03.0352 9276 rspndr - ok

14:28:03.0414 9276 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys

14:28:03.0445 9276 s3cap - ok

14:28:03.0476 9276 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe

14:28:03.0492 9276 SamSs - ok

14:28:03.0523 9276 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys

14:28:03.0539 9276 sbp2port - ok

14:28:03.0570 9276 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll

14:28:03.0617 9276 SCardSvr - ok

14:28:03.0632 9276 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys

14:28:03.0679 9276 scfilter - ok

14:28:03.0710 9276 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll

14:28:03.0757 9276 Schedule - ok

14:28:03.0819 9276 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll

14:28:03.0866 9276 SCPolicySvc - ok

14:28:03.0897 9276 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll

14:28:03.0929 9276 SDRSVC - ok

14:28:03.0991 9276 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

14:28:04.0038 9276 secdrv - ok

14:28:04.0053 9276 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll

14:28:04.0100 9276 seclogon - ok

14:28:04.0131 9276 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll

14:28:04.0163 9276 SENS - ok

14:28:04.0225 9276 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll

14:28:04.0241 9276 SensrSvc - ok

14:28:04.0272 9276 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys

14:28:04.0287 9276 Serenum - ok

14:28:04.0287 9276 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys

14:28:04.0319 9276 Serial - ok

14:28:04.0334 9276 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\drivers\sermouse.sys

14:28:04.0350 9276 sermouse - ok

14:28:04.0365 9276 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll

14:28:04.0397 9276 SessionEnv - ok

14:28:04.0443 9276 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys

14:28:04.0490 9276 sffdisk - ok

14:28:04.0506 9276 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys

14:28:04.0521 9276 sffp_mmc - ok

14:28:04.0537 9276 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys

14:28:04.0553 9276 sffp_sd - ok

14:28:04.0553 9276 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\drivers\sfloppy.sys

14:28:04.0584 9276 sfloppy - ok

14:28:04.0631 9276 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll

14:28:04.0662 9276 SharedAccess - ok

14:28:04.0740 9276 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll

14:28:04.0787 9276 ShellHWDetection - ok

14:28:04.0849 9276 Shockprf (1624530d05155f4e5a4736531523bff5) C:\Windows\system32\DRIVERS\Apsx86.sys

14:28:04.0849 9276 Shockprf - ok

14:28:04.0880 9276 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys

14:28:04.0896 9276 sisagp - ok

14:28:04.0927 9276 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\drivers\SiSRaid2.sys

14:28:04.0943 9276 SiSRaid2 - ok

14:28:04.0958 9276 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\drivers\sisraid4.sys

14:28:04.0958 9276 SiSRaid4 - ok

14:28:05.0021 9276 SkypeUpdate (68ea68d03bf58389fe6ad2b38fad798c) C:\Program Files\Skype\Updater\Updater.exe

14:28:05.0052 9276 SkypeUpdate - ok

14:28:05.0130 9276 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys

14:28:05.0177 9276 Smb - ok

14:28:05.0286 9276 SmcService (9672e993c5f09bb15adb757a8af7765e) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe

14:28:05.0317 9276 SmcService - ok

14:28:05.0379 9276 SNAC (229b0890af1a54e2f57099542cd18642) C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE

14:28:05.0411 9276 SNAC - ok

14:28:05.0473 9276 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe

14:28:05.0504 9276 SNMPTRAP - ok

14:28:05.0613 9276 SPBBCDrv (e87cf104f12c92401c4d33c50a3d5dc8) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys

14:28:05.0644 9276 SPBBCDrv - ok

14:28:05.0691 9276 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys

14:28:05.0722 9276 spldr - ok

14:28:05.0738 9276 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe

14:28:05.0800 9276 Spooler - ok

14:28:05.0894 9276 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe

14:28:05.0972 9276 sppsvc - ok

14:28:06.0050 9276 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll

14:28:06.0112 9276 sppuinotify - ok

14:28:06.0190 9276 SRTSP (14389e87d0d2e25b12bf2cc74cfaee07) C:\Windows\system32\Drivers\SRTSP.SYS

14:28:06.0206 9276 SRTSP - ok

14:28:06.0253 9276 SRTSPL (aed0f68c185fe698a21cefcd76f0b8a4) C:\Windows\system32\Drivers\SRTSPL.SYS

14:28:06.0268 9276 SRTSPL - ok

14:28:06.0315 9276 SRTSPX (0e2ca6326726477fe29863808bbad413) C:\Windows\system32\Drivers\SRTSPX.SYS

14:28:06.0315 9276 SRTSPX - ok

14:28:06.0362 9276 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys

14:28:06.0393 9276 srv - ok

14:28:06.0424 9276 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys

14:28:06.0456 9276 srv2 - ok

14:28:06.0518 9276 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys

14:28:06.0549 9276 srvnet - ok

14:28:06.0627 9276 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll

14:28:06.0658 9276 SSDPSRV - ok

14:28:06.0674 9276 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll

14:28:06.0705 9276 SstpSvc - ok

14:28:06.0736 9276 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\drivers\stexstor.sys

14:28:06.0736 9276 stexstor - ok

14:28:06.0768 9276 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll

14:28:06.0814 9276 StiSvc - ok

14:28:06.0924 9276 stllssvr (ff5eb78af7dfb68c2fb363537aaf753e) C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

14:28:06.0939 9276 stllssvr - ok

14:28:07.0033 9276 StorSvc (0bf669f0a910beda4a32258d363af2a5) C:\Windows\system32\storsvc.dll

14:28:07.0064 9276 StorSvc - ok

14:28:07.0126 9276 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys

14:28:07.0142 9276 storvsc - ok

14:28:07.0189 9276 SUService (6ea2f517373771cac5188e82617c9c0b) C:\Program Files\Lenovo\System Update\SUService.exe

14:28:07.0204 9276 SUService ( UnsignedFile.Multi.Generic ) - warning

14:28:07.0204 9276 SUService - detected UnsignedFile.Multi.Generic (1)

14:28:07.0220 9276 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys

14:28:07.0236 9276 swenum - ok

14:28:07.0251 9276 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll

14:28:07.0298 9276 swprv - ok

14:28:07.0407 9276 Symantec AntiVirus (409ebed03f66e3941e33e412795e6c2c) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe

14:28:07.0454 9276 Symantec AntiVirus - ok

14:28:07.0516 9276 SymEvent (ab33c3b196197ca467cbdda717860dba) C:\Windows\system32\Drivers\SYMEVENT.SYS

14:28:07.0532 9276 SymEvent - ok

14:28:07.0579 9276 Synth3dVsc (f2ad8960812fd111e20e84659ef19d43) C:\Windows\system32\drivers\Synth3dVsc.sys

14:28:07.0594 9276 Synth3dVsc - ok

14:28:07.0625 9276 SynthVid (04990c25043705985f1ec40bf704aaac) C:\Windows\system32\DRIVERS\VMBusVideoM.sys

14:28:07.0641 9276 SynthVid - ok

14:28:07.0703 9276 SynTP (b41404ee2aacfb08dd1b3a6afa0b62eb) C:\Windows\system32\DRIVERS\SynTP.sys

14:28:07.0719 9276 SynTP - ok

14:28:07.0766 9276 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll

14:28:07.0813 9276 SysMain - ok

14:28:07.0875 9276 SysPlant (e2433edc2fd23f7d7272d6e74f22bd79) C:\Windows\SYSTEM32\Drivers\SysPlant.sys

14:28:07.0891 9276 SysPlant - ok

14:28:07.0922 9276 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll

14:28:07.0953 9276 TabletInputService - ok

14:28:07.0984 9276 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll

14:28:08.0015 9276 TapiSrv - ok

14:28:08.0047 9276 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll

14:28:08.0078 9276 TBS - ok

14:28:08.0140 9276 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys

14:28:08.0187 9276 Tcpip - ok

14:28:08.0249 9276 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys

14:28:08.0281 9276 TCPIP6 - ok

14:28:08.0327 9276 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys

14:28:08.0374 9276 tcpipreg - ok

14:28:08.0405 9276 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys

14:28:08.0421 9276 TDPIPE - ok

14:28:08.0437 9276 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys

14:28:08.0483 9276 TDTCP - ok

14:28:08.0483 9276 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys

14:28:08.0515 9276 tdx - ok

14:28:08.0624 9276 Teefer3 (8f9bf086fed2c7c076a7a4b8e8a24fe9) C:\Windows\system32\DRIVERS\Teefer3.sys

14:28:08.0639 9276 Teefer3 - ok

14:28:08.0671 9276 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\DRIVERS\termdd.sys

14:28:08.0686 9276 TermDD - ok

14:28:08.0717 9276 terminpt (052306fd76793d5d5ab5d9891fd1adbb) C:\Windows\system32\drivers\terminpt.sys

14:28:08.0749 9276 terminpt - ok

14:28:08.0780 9276 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll

14:28:08.0827 9276 TermService - ok

14:28:08.0873 9276 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll

14:28:08.0905 9276 Themes - ok

14:28:08.0936 9276 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll

14:28:08.0983 9276 THREADORDER - ok

14:28:09.0045 9276 TPDIGIMN (d2378fbbd668d9fe9b6b5e3139d506d3) C:\Windows\system32\DRIVERS\ApsHM86.sys

14:28:09.0045 9276 TPDIGIMN - ok

14:28:09.0076 9276 TPHDEXLGSVC (a34a1e6b5461273846d30f5898602a72) C:\Windows\system32\TPHDEXLG.exe

14:28:09.0092 9276 TPHDEXLGSVC - ok

14:28:09.0185 9276 TPHKLOAD (9cd364ecb3a10b24c7cac8ff89993a67) C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe

14:28:09.0201 9276 TPHKLOAD - ok

14:28:09.0232 9276 TPHKSVC (c04bb65441913ab621c58a8bd3169b23) C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe

14:28:09.0248 9276 TPHKSVC - ok

14:28:09.0326 9276 TPM (5ad05191dc8b444a7ba4d79b76c42a30) C:\Windows\system32\drivers\tpm.sys

14:28:09.0357 9276 TPM - ok

14:28:09.0404 9276 TPPWRIF (c16ec6a5390904d3971179553852025b) C:\Windows\system32\drivers\Tppwr32v.sys

14:28:09.0419 9276 TPPWRIF - ok

14:28:09.0451 9276 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll

14:28:09.0482 9276 TrkWks - ok

14:28:09.0513 9276 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe

14:28:09.0544 9276 TrustedInstaller - ok

14:28:09.0575 9276 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys

14:28:09.0591 9276 tssecsrv - ok

14:28:09.0607 9276 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys

14:28:09.0622 9276 TsUsbFlt - ok

14:28:09.0700 9276 TsUsbGD (01246f0baad7b68ec0f472aa41e33282) C:\Windows\system32\drivers\TsUsbGD.sys

14:28:09.0716 9276 TsUsbGD - ok

14:28:09.0762 9276 tsusbhub (045acb987c650d8186c6b4a692223860) C:\Windows\system32\drivers\tsusbhub.sys

14:28:09.0778 9276 tsusbhub - ok

14:28:09.0809 9276 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys

14:28:09.0856 9276 tunnel - ok

14:28:09.0872 9276 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\drivers\uagp35.sys

14:28:09.0887 9276 uagp35 - ok

14:28:09.0903 9276 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys

14:28:09.0934 9276 udfs - ok

14:28:09.0965 9276 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe

14:28:09.0996 9276 UI0Detect - ok

14:28:10.0090 9276 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys

14:28:10.0106 9276 uliagpkx - ok

14:28:10.0152 9276 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\DRIVERS\umbus.sys

14:28:10.0168 9276 umbus - ok

14:28:10.0184 9276 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\drivers\umpass.sys

14:28:10.0215 9276 UmPass - ok

14:28:10.0230 9276 UmRdpService (409994a8eaceee4e328749c0353527a0) C:\Windows\System32\umrdp.dll

14:28:10.0262 9276 UmRdpService - ok

14:28:10.0293 9276 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll

14:28:10.0355 9276 upnphost - ok

14:28:10.0355 9276 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys

14:28:10.0371 9276 usbccgp - ok

14:28:10.0464 9276 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys

14:28:10.0496 9276 usbcir - ok

14:28:10.0527 9276 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys

14:28:10.0558 9276 usbehci - ok

14:28:10.0605 9276 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys

14:28:10.0620 9276 usbhub - ok

14:28:10.0683 9276 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys

14:28:10.0730 9276 usbohci - ok

14:28:10.0761 9276 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\drivers\usbprint.sys

14:28:10.0776 9276 usbprint - ok

14:28:10.0808 9276 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS

14:28:10.0823 9276 USBSTOR - ok

14:28:10.0901 9276 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys

14:28:10.0917 9276 usbuhci - ok

14:28:10.0964 9276 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\system32\Drivers\usbvideo.sys

14:28:10.0995 9276 usbvideo - ok

14:28:11.0010 9276 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll

14:28:11.0026 9276 UxSms - ok

14:28:11.0073 9276 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe

14:28:11.0088 9276 VaultSvc - ok

14:28:11.0120 9276 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys

14:28:11.0120 9276 vdrvroot - ok

14:28:11.0151 9276 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe

14:28:11.0198 9276 vds - ok

14:28:11.0260 9276 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys

14:28:11.0307 9276 vga - ok

14:28:11.0322 9276 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys

14:28:11.0354 9276 VgaSave - ok

14:28:11.0369 9276 VGPU - ok

14:28:11.0385 9276 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys

14:28:11.0400 9276 vhdmp - ok

14:28:11.0432 9276 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys

14:28:11.0447 9276 viaagp - ok

14:28:11.0463 9276 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\drivers\viac7.sys

14:28:11.0494 9276 ViaC7 - ok

14:28:11.0525 9276 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys

14:28:11.0541 9276 viaide - ok

14:28:11.0556 9276 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys

14:28:11.0572 9276 VMBusHID - ok

14:28:11.0634 9276 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys

14:28:11.0650 9276 volmgr - ok

14:28:11.0697 9276 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys

14:28:11.0712 9276 volmgrx - ok

14:28:11.0728 9276 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys

14:28:11.0728 9276 volsnap - ok

14:28:11.0790 9276 vpnagent (5ea22cb6b100212837a97f281edb3c47) C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe

14:28:11.0821 9276 vpnagent - ok

14:28:11.0853 9276 vpnva (e1f2333a88ec4a5c8ea6be357323b72d) C:\Windows\system32\DRIVERS\vpnva.sys

14:28:11.0868 9276 vpnva - ok

14:28:11.0899 9276 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\drivers\vsmraid.sys

14:28:11.0915 9276 vsmraid - ok

14:28:12.0102 9276 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe

14:28:12.0211 9276 VSS - ok

14:28:12.0383 9276 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys

14:28:12.0414 9276 vwifibus - ok

14:28:12.0445 9276 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys

14:28:12.0477 9276 vwififlt - ok

14:28:12.0523 9276 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll

14:28:12.0555 9276 W32Time - ok

14:28:12.0601 9276 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\drivers\wacompen.sys

14:28:12.0617 9276 WacomPen - ok

14:28:12.0757 9276 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys

14:28:12.0820 9276 WANARP - ok

14:28:12.0820 9276 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys

14:28:12.0851 9276 Wanarpv6 - ok

14:28:12.0929 9276 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe

14:28:12.0976 9276 WatAdminSvc - ok

14:28:13.0069 9276 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe

14:28:13.0101 9276 wbengine - ok

14:28:13.0132 9276 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll

14:28:13.0147 9276 WbioSrvc - ok

14:28:13.0179 9276 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll

14:28:13.0194 9276 wcncsvc - ok

14:28:13.0210 9276 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll

14:28:13.0241 9276 WcsPlugInService - ok

14:28:13.0319 9276 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\drivers\wd.sys

14:28:13.0335 9276 Wd - ok

14:28:13.0350 9276 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys

14:28:13.0366 9276 Wdf01000 - ok

14:28:13.0428 9276 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll

14:28:13.0459 9276 WdiServiceHost - ok

14:28:13.0475 9276 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll

14:28:13.0491 9276 WdiSystemHost - ok

14:28:13.0522 9276 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll

14:28:13.0553 9276 WebClient - ok

14:28:13.0584 9276 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll

14:28:13.0615 9276 Wecsvc - ok

14:28:13.0662 9276 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll

14:28:13.0709 9276 wercplsupport - ok

14:28:13.0725 9276 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll

14:28:13.0756 9276 WerSvc - ok

14:28:13.0818 9276 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys

14:28:13.0865 9276 WfpLwf - ok

14:28:13.0896 9276 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys

14:28:13.0896 9276 WIMMount - ok

14:28:13.0927 9276 winachsf (bc43a66ed6898f405a4acf6179a5f9b1) C:\Windows\system32\DRIVERS\HSX_CNXT.sys

14:28:13.0943 9276 winachsf - ok

14:28:14.0036 9276 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll

14:28:14.0099 9276 WinDefend - ok

14:28:14.0099 9276 WinHttpAutoProxySvc - ok

14:28:14.0192 9276 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll

14:28:14.0239 9276 Winmgmt - ok

14:28:14.0380 9276 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll

14:28:14.0489 9276 WinRM - ok

14:28:14.0551 9276 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll

14:28:14.0645 9276 Wlansvc - ok

14:28:14.0785 9276 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys

14:28:14.0801 9276 WmiAcpi - ok

14:28:14.0848 9276 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe

14:28:14.0894 9276 wmiApSrv - ok

14:28:15.0050 9276 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe

14:28:15.0082 9276 WMPNetworkSvc - ok

14:28:15.0175 9276 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll

14:28:15.0206 9276 WPCSvc - ok

14:28:15.0222 9276 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll

14:28:15.0238 9276 WPDBusEnum - ok

14:28:15.0331 9276 WPS (5b873300a1802a6d254af59943f6c1a2) C:\Windows\system32\drivers\wpsdrvnt.sys

14:28:15.0347 9276 WPS - ok

14:28:15.0409 9276 WpsHelper (ff983a25ae6f7d3f87f26bf51f02a201) C:\Windows\system32\drivers\WpsHelper.sys

14:28:15.0409 9276 WpsHelper - ok

14:28:15.0503 9276 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys

14:28:15.0565 9276 ws2ifsl - ok

14:28:15.0596 9276 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\System32\wscsvc.dll

14:28:15.0612 9276 wscsvc - ok

14:28:15.0612 9276 WSearch - ok

14:28:15.0690 9276 wuauserv (3026418a50c5b4761befa632cedb7406) C:\Windows\system32\wuaueng.dll

14:28:15.0768 9276 wuauserv - ok

14:28:15.0815 9276 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys

14:28:15.0862 9276 WudfPf - ok

14:28:15.0986 9276 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys

14:28:16.0033 9276 WUDFRd - ok

14:28:16.0095 9276 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll

14:28:16.0127 9276 wudfsvc - ok

14:28:16.0158 9276 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll

14:28:16.0189 9276 WwanSvc - ok

14:28:16.0251 9276 XAudio (311faffb280fca0d4a7739e2474eac9f) C:\Windows\system32\DRIVERS\XAudio32.sys

14:28:16.0267 9276 XAudio - ok

14:28:16.0298 9276 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

14:28:16.0454 9276 \Device\Harddisk0\DR0 - ok

14:28:16.0485 9276 Boot (0x1200) (500a01d39808765925b81bcdd53495e8) \Device\Harddisk0\DR0\Partition0

14:28:16.0501 9276 \Device\Harddisk0\DR0\Partition0 - ok

14:28:16.0501 9276 Boot (0x1200) (67efa989ebacaf4500036a5f9ef9ca76) \Device\Harddisk0\DR0\Partition1

14:28:16.0501 9276 \Device\Harddisk0\DR0\Partition1 - ok

14:28:16.0501 9276 ============================================================

14:28:16.0501 9276 Scan finished

14:28:16.0501 9276 ============================================================

14:28:16.0517 1252 Detected object count: 5

14:28:16.0517 1252 Actual detected object count: 5

14:29:22.0545 1252 Cwbrxd ( UnsignedFile.Multi.Generic ) - skipped by user

14:29:22.0545 1252 Cwbrxd ( UnsignedFile.Multi.Generic ) - User select action: Skip

14:29:22.0561 1252 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user

14:29:22.0561 1252 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip

14:29:22.0561 1252 NETwNx32 ( UnsignedFile.Multi.Generic ) - skipped by user

14:29:22.0561 1252 NETwNx32 ( UnsignedFile.Multi.Generic ) - User select action: Skip

14:29:22.0561 1252 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user

14:29:22.0561 1252 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip

14:29:22.0561 1252 SUService ( UnsignedFile.Multi.Generic ) - skipped by user

14:29:22.0561 1252 SUService ( UnsignedFile.Multi.Generic ) - User select action: Skip

Link to post
Share on other sites

A couple of things to note...

First, seems like progress is being made. The pop-up no longer overrides other activity. It still remains flashing in my system tray but it is allowing my system to function whereas prior, it did not.

Second, on the malwarebytes download page, I am re-directed to majorgeeks.com website...on my other machine I am brought to cnet/download.com site. I did not proceed on the majorgeeks site.

Link to post
Share on other sites

Both of those sites are OK.

--------------------

Next.......

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Please include the C:\ComboFix.txt in your next reply for further review.

Note:

If you get the message Illegal operation attempted on registry key that has been marked for deletion. after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites

Ok all done with ComboFix. Below is the log.

Note, you may see some Symantec Endpoint items in the log. I disabled it in the system tray, but I think there was still a background process.

Combofix restarted my computer (I imagine this is normal). It appears to have removed the infection. I will wait for your analysis to be sure, but I am not seeing the pop-up any more. So far, so good.

Thanks again mate!

ComboFix 12-04-16.01 - 107267 04/16/2012 22:35:42.1.4 - x86

Microsoft Windows 7 Enterprise 6.1.7601.1.1252.61.1033.18.2996.1628 [GMT 10:00]

Running from: c:\users\107267\Desktop\ComboFix.exe

AV: Symantec Endpoint Protection *Enabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

FW: Symantec Endpoint Protection *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

SP: Symantec Endpoint Protection *Enabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\install.exe

c:\programdata\Roaming

c:\users\107267\AppData\Local\bwwuiukr.log

c:\users\107267\AppData\Local\dpnrutou.log

c:\users\107267\AppData\Local\fwepddko\ndvcngtf.exe

c:\users\107267\AppData\Local\heghados.log

c:\users\107267\AppData\Local\pudhkcgb.log

c:\users\107267\AppData\Local\quswijjr.log

c:\users\107267\AppData\Local\tnqoqxsv.log

c:\users\107267\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ndvcngtf.exe

c:\users\107267\g2mdlhlpx.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-03-16 to 2012-04-16 )))))))))))))))))))))))))))))))

.

.

2012-04-16 12:42 . 2012-04-16 12:42 -------- d-----w- c:\users\ITAdmin\AppData\Local\temp

2012-04-16 12:42 . 2012-04-16 12:42 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-04-16 12:42 . 2012-04-16 12:42 -------- d-----w- c:\users\Administrator\AppData\Local\temp

2012-04-16 12:42 . 2012-04-16 12:42 -------- d-----w- c:\users\119327\AppData\Local\temp

2012-04-16 12:42 . 2012-04-16 12:42 -------- d-----w- c:\users\venausdp.AUS\AppData\Local\temp

2012-04-15 09:38 . 2012-04-15 09:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-04-15 09:38 . 2012-04-04 05:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-04-15 08:56 . 2012-04-15 08:56 -------- d-----w- C:\found.000

2012-04-14 13:11 . 2012-04-14 13:11 -------- d-----w- c:\programdata\Malwarebytes

2012-04-14 07:55 . 2012-04-14 07:55 -------- d-----w- c:\program files\Common Files\Skype

2012-04-14 07:55 . 2012-04-14 07:55 -------- d-----r- c:\program files\Skype

2012-04-14 07:55 . 2012-04-14 07:55 -------- d-----w- c:\programdata\Skype

2012-04-13 06:28 . 2012-04-13 06:28 -------- d-sh--w- c:\windows\system32\%APPDATA%

2012-04-13 06:28 . 2012-04-16 04:25 167936 ----a-w- c:\windows\system32\drivers\wpshelper.sys

2012-04-13 06:27 . 2011-12-02 00:33 99744 ----a-w- c:\windows\system32\drivers\SysPlant.sys

2012-04-13 06:27 . 2011-12-02 00:33 357792 ----a-w- c:\windows\system32\Sysfer.dll

2012-04-13 06:27 . 2012-04-13 06:27 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

2012-04-13 06:26 . 2007-03-21 09:39 1060864 ----a-w- c:\windows\system32\MFC71.DL1

2012-04-13 06:26 . 2007-03-21 09:33 503808 ----a-w- c:\windows\system32\MSVCP71.DLL

2012-04-13 06:26 . 2007-03-21 09:33 348160 ----a-w- c:\windows\system32\MSVCR71.DLL

2012-04-13 06:26 . 2012-04-13 06:29 -------- d-----w- c:\program files\Common Files\Symantec Shared

2012-04-13 06:26 . 2012-04-13 06:28 -------- d-----w- c:\programdata\Symantec

2012-04-13 06:26 . 2012-04-13 06:27 -------- d-----w- c:\program files\Symantec

2012-04-13 06:23 . 2012-04-13 06:23 -------- d-----w- c:\programdata\Uninstall

2012-04-13 06:23 . 2012-04-13 06:23 -------- d-----w- c:\programdata\InstallShield

2012-04-13 06:23 . 2012-04-13 06:23 -------- d-----w- c:\programdata\Sonic

2012-04-13 06:23 . 2012-04-13 06:23 -------- d-----w- c:\users\Default\AppData\Local\Programs

2012-04-13 06:22 . 2012-04-13 06:22 -------- d-----w- c:\programdata\Roxio

2012-04-13 06:22 . 2012-04-13 06:23 -------- d-----w- c:\program files\Roxio

2012-04-13 06:22 . 2012-04-13 06:22 -------- d-----w- c:\program files\Common Files\SureThing Shared

2012-04-13 06:20 . 2004-01-22 17:52 77824 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2012-04-13 06:20 . 2004-01-22 17:52 28672 ----a-w- c:\windows\system32\JAWTAccessBridge.dll

2012-04-13 06:20 . 2004-01-22 17:52 139264 ----a-w- c:\windows\system32\JavaAccessBridge.dll

2012-04-13 06:20 . 2003-05-22 11:57 721168 ----a-w- c:\windows\system32\VB40032.DLL

2012-04-13 06:20 . 2012-04-13 06:20 -------- d-----w- c:\program files\Oracle

2012-04-13 06:20 . 2012-04-13 06:20 -------- d-----w- c:\program files\Microsoft Visual Studio .NET

2012-04-13 05:55 . 2012-04-13 05:55 -------- d-----w- c:\program files\ScanSoft

2012-04-13 05:51 . 2012-04-13 05:51 -------- d-----w- c:\users\Administrator\AppData\Local\Lotus

2012-04-13 05:40 . 2012-04-13 05:41 -------- d-----w- C:\Hyperion

2012-04-13 05:28 . 2012-04-13 05:36 -------- d-----w- C:\AdobeTemp

2012-04-13 05:25 . 2012-04-16 12:42 -------- d-----w- c:\users\107267

2012-04-13 05:25 . 2012-04-13 05:25 -------- d---a-w- C:\RestoreData

2012-04-09 23:10 . 2012-04-10 00:12 -------- d-----w- c:\users\119575

2012-04-07 04:42 . 2012-04-07 04:42 453 ----a-w- C:\user.js

2012-04-07 04:38 . 2012-04-13 05:48 -------- d-----w- C:\codec-info

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-03-14 23:57 . 2012-03-14 23:57 86528 ----a-w- c:\windows\system32\iesysprep.dll

2012-03-14 23:57 . 2012-03-14 23:57 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2012-03-14 23:57 . 2012-03-14 23:57 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2012-03-14 23:57 . 2012-03-14 23:57 74752 ----a-w- c:\windows\system32\iesetup.dll

2012-03-14 23:57 . 2012-03-14 23:57 63488 ----a-w- c:\windows\system32\tdc.ocx

2012-03-14 23:57 . 2012-03-14 23:57 48640 ----a-w- c:\windows\system32\mshtmler.dll

2012-03-14 23:57 . 2012-03-14 23:57 420864 ----a-w- c:\windows\system32\vbscript.dll

2012-03-14 23:57 . 2012-03-14 23:57 367104 ----a-w- c:\windows\system32\html.iec

2012-03-14 23:57 . 2012-03-14 23:57 35840 ----a-w- c:\windows\system32\imgutil.dll

2012-03-14 23:57 . 2012-03-14 23:57 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-03-14 23:57 . 2012-03-14 23:57 23552 ----a-w- c:\windows\system32\licmgr10.dll

2012-03-14 23:57 . 2012-03-14 23:57 1797632 ----a-w- c:\windows\system32\jscript9.dll

2012-03-14 23:57 . 2012-03-14 23:57 161792 ----a-w- c:\windows\system32\msls31.dll

2012-03-14 23:57 . 2012-03-14 23:57 152064 ----a-w- c:\windows\system32\wextract.exe

2012-03-14 23:57 . 2012-03-14 23:57 150528 ----a-w- c:\windows\system32\iexpress.exe

2012-03-14 23:57 . 2012-03-14 23:57 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2012-03-14 23:57 . 2012-03-14 23:57 1427456 ----a-w- c:\windows\system32\inetcpl.cpl

2012-03-14 23:57 . 2012-03-14 23:57 11776 ----a-w- c:\windows\system32\mshta.exe

2012-03-14 23:57 . 2012-03-14 23:57 1126912 ----a-w- c:\windows\system32\wininet.dll

2012-03-14 23:57 . 2012-03-14 23:57 110592 ----a-w- c:\windows\system32\IEAdvpack.dll

2012-03-14 23:57 . 2012-03-14 23:57 101888 ----a-w- c:\windows\system32\admparse.dll

2012-02-22 23:18 . 2011-10-15 17:39 237072 ------w- c:\windows\system32\MpSigStub.exe

2012-02-19 14:05 . 2012-03-14 23:58 6552120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7923A67D-A651-4C37-8D4D-083FDED8299B}\mpengine.dll

2012-02-10 05:38 . 2012-03-14 23:55 1077248 ----a-w- c:\windows\system32\DWrite.dll

2012-02-03 03:54 . 2012-03-14 23:55 2343424 ----a-w- c:\windows\system32\win32k.sys

2012-01-25 05:32 . 2012-03-14 23:55 58880 ----a-w- c:\windows\system32\rdpwsx.dll

2012-01-25 05:32 . 2012-03-14 23:55 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-01-25 05:27 . 2012-03-14 23:55 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe

2012-03-13 04:39 . 2012-03-14 23:47 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-04-05 17356424]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]

"Client Access Service"="c:\program files\IBM\Client Access\cwbsvstr.exe" [2010-01-15 14336]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-11-17 2307368]

"RotateImage"="c:\program files\Integrated Camera Driver\RCIMGDIR.exe" [2008-10-30 31744]

"TpShocks"="TpShocks.exe" [2011-03-29 337256]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-01 143640]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-01 177432]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-01 176408]

"PWMTRV"="c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2011-11-30 1322048]

"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2010-07-27 62312]

"CAF_SystemTray"="c:\program files\ca\DSM\bin\cfSysTray.exe" [2010-04-26 84232]

"DsmSxplog"="c:\program files\ca\DSM\Bin\sxpstub.exe" [2010-04-26 25352]

"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2010-10-12 304568]

"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2011-12-02 115624]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2011-1-24 804128]

Online plug-in.lnk - c:\windows\Installer\{0F1F7A90-E71B-4E45-A066-2891619F22E1}\pnaico.exe.20FBBF0A_A7E5_4BDE_9798_9811C3D135AC.exe [2012-3-2 77824]

WinZip Quick Pick.lnk - c:\windows\Installer\{FDCC0996-EB13-45D6-846D-013F1C8DC6BD}\IconFDCC0996.exe [2011-10-16 157696]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"dontdisplaylockeduserid"= 3 (0x3)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

R2 caf;CA DSM r12 Common Application Framework;c:\program files\ca\DSM\bin\caf.exe service [x]

R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-04-05 158856]

R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]

R3 DozeSvc;Lenovo Doze Mode Service;c:\program files\ThinkPad\Utilities\DOZESVC.EXE [2011-11-30 292200]

R3 netvsc;netvsc;c:\windows\system32\DRIVERS\netvsc60.sys [2010-11-20 126464]

R3 NETwNx32;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit;c:\windows\system32\DRIVERS\NETwNx32.sys [2011-01-06 7391104]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]

R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.EXE [2011-11-30 89152]

R3 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files\ThinkPad\Utilities\PWMEWSVC.EXE [2011-11-30 175168]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]

R3 rixdpcie;rixdpcie;c:\windows\system32\drivers\rixdpe86.sys [2009-09-28 38912]

R3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-09-23 1124848]

R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys [2010-11-20 77184]

R3 SynthVid;SynthVid;c:\windows\system32\DRIVERS\VMBusVideoM.sys [2010-11-20 19456]

R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-20 25600]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]

R3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-10-15 1343400]

S0 DozeHDD;DozeHDD;c:\windows\System32\DRIVERS\DozeHDD.sys [2011-11-30 25968]

S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM86.sys [2011-03-29 20592]

S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiif32.sys [2010-09-07 13680]

S1 Teefer3;Symantec Endpoint Protection Firewall;c:\windows\system32\DRIVERS\Teefer3.sys [2011-12-02 43936]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]

S2 CA-SAM-Pmux;CA Connection Broker;c:\program files\ca\sc\CsamSockAdapter\bin\csampmux.exe [2011-07-06 169288]

S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 20992]

S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [2010-07-27 50536]

S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2011-07-12 101736]

S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [2010-07-27 74088]

S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2011-07-12 127336]

S2 Lotus Notes Diagnostics;Lotus Notes Diagnostics;c:\program files\Notes\nsd.exe [2010-08-11 3417480]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]

S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 11032]

S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe86.sys [2009-10-26 48640]

S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe86.sys [2011-06-15 59904]

S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [2011-07-12 131432]

S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2011-07-12 142696]

S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2009-12-17 497856]

S3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys [2011-05-23 132864]

S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-04-09 45736]

S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]

S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k6232.sys [2010-07-22 215208]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-11-30 106104]

S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 132480]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-06-14 269824]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 22344]

S3 NETwNs32;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETwNs32.sys [2011-08-03 7517696]

S3 rcSmCard;rcSmCard;c:\windows\system32\DRIVERS\rcSmCard.sys [2010-04-26 26128]

S3 rcVidCap;rcVidCap;c:\windows\system32\DRIVERS\rcVidMpt.sys [2010-04-26 9872]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HsfXAudioService REG_MULTI_SZ HsfXAudioService

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

.

Contents of the 'Scheduled Tasks' folder

.

2012-04-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1541481396-3027813910-3587673724-2262Core.job

- c:\users\venauslm\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-15 00:00]

.

2012-04-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1541481396-3027813910-3587673724-2262UA.job

- c:\users\venauslm\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-15 00:00]

.

.

------- Supplementary Scan -------

.

uStart Page = https://www.google.com.au/

uInternet Settings,ProxyOverride = 12.42.128.*;172.18.128.137;10.*.*.*;172.16.*.*;*.rccl.com;*.royalcaribbean.com;*.celebrity-cruises.com;*.celebritycruises.com;*.cruisingpower.com;intranet;1a.amadeusprintservices.com;prod1.centra.com;ap-docmgmt;*.sourcingservice.com;119.225.1.34;<local>

uInternet Settings,ProxyServer = ausproxy.aus.rccl.com:8080

IE: Send image to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm

Trusted Zone: amadeus.com

Trusted Zone: amadeusvista.com

Trusted Zone: azamaraclubcruises.co.uk

Trusted Zone: azamaraclubcruises.com

Trusted Zone: cdfcroisieresdefrance.fr

Trusted Zone: celebritycruises.co.uk

Trusted Zone: celebritycruises.com

Trusted Zone: concursolutions.com

Trusted Zone: crusingpower.com

Trusted Zone: localhost

Trusted Zone: pullmantur.es

Trusted Zone: rccl.com

Trusted Zone: rccl.com\colonial

Trusted Zone: rcleurope.com

Trusted Zone: rclinvestor.com

Trusted Zone: royalcaribbean.co.uk

Trusted Zone: royalcaribbean.com

Trusted Zone: specialtydining.com

TCP: DhcpNameServer = 192.168.0.1 203.134.12.90

DPF: {B1D21FC5-A742-4261-86F2-C7B7F1A31C5D} - hxxp://new.stage.eone.rccl.com/jde/axctls/jdewebctlsU.cab

DPF: {F9E542CE-C16A-47FA-B7A8-D88E5F1C5719} - hxxp://new.stage.eone.rccl.com/jde/axctls/jdeexpimpU.cab

FF - ProfilePath -

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

HKCU-Run-NdvCngtf - c:\users\107267\AppData\Local\fwepddko\ndvcngtf.exe

SafeBoot-Symantec Antvirus

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'Explorer.exe'(3052)

c:\program files\ThinkPad\Utilities\PWMTR32V.DLL

c:\progra~1\ThinkPad\UTILIT~1\US\PWMRT32V.DLL

c:\progra~1\ThinkPad\UTILIT~1\PWMIF32V.DLL

c:\program files\ThinkPad\Bluetooth Software\btncopy.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\ibmpmsvc.exe

c:\program files\Symantec\Symantec Endpoint Protection\Smc.exe

c:\program files\Common Files\Symantec Shared\ccSvcHst.exe

c:\windows\system32\WLANExt.exe

c:\windows\system32\conhost.exe

c:\program files\ThinkPad\Bluetooth Software\btwdins.exe

c:\program files\ca\sc\CAM\bin\cam.exe

c:\progra~1\Lenovo\HOTKEY\tpnumlk.exe

c:\program files\Intel\WiFi\bin\EvtEng.exe

c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe

c:\program files\Symantec\Symantec Endpoint Protection\Rtvscan.exe

c:\windows\system32\wbem\unsecapp.exe

c:\program files\Citrix\ICA Client\ssonsvr.exe

c:\progra~1\LENOVO\VIRTSCRL\virtscrl.exe

c:\program files\LENOVO\HOTKEY\tposdsvc.exe

c:\progra~1\Lenovo\HOTKEY\tpnumlkd.exe

c:\windows\system32\taskhost.exe

c:\program files\Lenovo\HOTKEY\TPONSCR.exe

c:\program files\Lenovo\Zoom\TpScrex.exe

c:\program files\Symantec\Symantec Endpoint Protection\SmcGui.exe

c:\windows\system32\conhost.exe

c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

c:\windows\system32\sppsvc.exe

c:\program files\Lenovo\System Update\SUService.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\\?\c:\windows\system32\wbem\WMIADAP.EXE

.

**************************************************************************

.

Completion time: 2012-04-16 22:48:52 - machine was rebooted

ComboFix-quarantined-files.txt 2012-04-16 12:48

.

Pre-Run: 102,365,892,608 bytes free

Post-Run: 105,055,432,704 bytes free

.

- - End Of File - - 96DF6F0BBC85963BCC7ECD9850E74F66

Link to post
Share on other sites

Ok MBAM found nothing, looks good...

Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org

Database version: v2012.04.16.02

Windows 7 Service Pack 1 x86 NTFS

Internet Explorer 9.0.8112.16421

107267 :: AUSR86LF42T410 [administrator]

4/16/2012 11:14:33 PM

mbam-log-2012-04-16 (23-14-33).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 339554

Time elapsed: 3 minute(s), 9 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

Great :)

A little clean up to do.............

Please Uninstall ComboFix:

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

---------------------------------

Please download OTL from one of the links below:

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com

Save it to your desktop.

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any other programs or logs you can manually delete.

-------------------------------

You have out date Java on the system, older versions are vulnerable to malware.

Please go to your control panels add/remove programs and uninstall these:

Java™ 6 Update 20

Then download and install the latest version Java™ 6 Update 31.

http://www.java.com/...load/manual.jsp <---latest version

http://www.java.com/...d/installed.jsp <---verify your Java

-----------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites

Something has gone terribly wrong! Last night all seemed fine. The machine was shut down and this morning, I encountered some functionality problems.

First, the Caps Lock functionality was reversed. When it was off, letters were capitalized, and when it was on, they were lower-case.

I restarted the machine, but once the login screen appeared (press cntrl+alt+del to sign on), I can not advance. Cntrl+alt+del is not doing anything.

I rebooted the machine again manually holding the power button, then I get an error immediately upon reboot:

ERROR 0210: Stuck Key 2A

Press <F1> to Setup

However, pressing F1 does nothing at all.

Any ideas???

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.