Jump to content
ShawnD

New Case from ShawnD

Recommended Posts

Welcome to the forum........can you tell me what your concerns are?

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system (don't run any other options, they're not all bad!!!!!!!)

Post back the report.

MrC

Share this post


Link to post
Share on other sites

MrCharlie-

I am pretty sure my 12-year old son downloaded PC Optimizer malware. I attempted removal on my own,however, I now have several problems that lead me to think I have some other virus:

1) Microsoft Internet Explorer 7 will not run at all. I tried to download and install MSIE 8, but I am unable to install it

2) Symantec Endpoint Protection will not run a scan when requested

3) Cannot utilize Windows Explorer Search at all.

4) Cannot run "msconfig" from command prompt

5) Malwarebytes is no longer ipresent in the Start menu. I had to find the executable in the program files to run it.

Here is the RogueKiller Report:

RogueKiller V7.6.3 [07/08/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version

Started in : Normal mode

User: User [Admin rights]

Mode: Scan -- Date: 07/08/2012 12:27:56

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 1 ¤¤¤

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

SSDT[12] : NtAlertResumeThread @ 0x805D4BDC -> HOOKED (Unknown @ 0x86E7F6D0)

SSDT[13] : NtAlertThread @ 0x805D4B8C -> HOOKED (Unknown @ 0x86E55920)

SSDT[17] : NtAllocateVirtualMemory @ 0x805A8AC2 -> HOOKED (Unknown @ 0x86DBA2E8)

SSDT[31] : NtConnectPort @ 0x805A45D8 -> HOOKED (Unknown @ 0x86E78670)

SSDT[43] : NtCreateMutant @ 0x8061758E -> HOOKED (Unknown @ 0x86E7EE90)

SSDT[53] : NtCreateThread @ 0x805D1038 -> HOOKED (Unknown @ 0x86E8D8B0)

SSDT[83] : NtFreeVirtualMemory @ 0x805B2FBA -> HOOKED (Unknown @ 0x86DCF930)

SSDT[89] : NtImpersonateAnonymousToken @ 0x805F9258 -> HOOKED (Unknown @ 0x86E90118)

SSDT[91] : NtImpersonateThread @ 0x805D7860 -> HOOKED (Unknown @ 0x86F38638)

SSDT[108] : NtMapViewOfSection @ 0x805B2042 -> HOOKED (Unknown @ 0x86E78838)

SSDT[114] : NtOpenEvent @ 0x8060EF4C -> HOOKED (Unknown @ 0x86E7E508)

SSDT[123] : NtOpenProcessToken @ 0x805EDF26 -> HOOKED (Unknown @ 0x86E938E8)

SSDT[129] : NtOpenThreadToken @ 0x805EDF44 -> HOOKED (Unknown @ 0x86DD0F38)

SSDT[143] : NtQueryDefaultLocale @ 0x80610BF6 -> HOOKED (SysPlant.sys @ 0xB9D1E830)

SSDT[206] : NtResumeThread @ 0x805D4A18 -> HOOKED (Unknown @ 0x86E93878)

SSDT[213] : NtSetContextThread @ 0x805D2C1A -> HOOKED (Unknown @ 0x86E95650)

SSDT[228] : NtSetInformationProcess @ 0x805CDEA0 -> HOOKED (Unknown @ 0x86BD7808)

SSDT[229] : NtSetInformationThread @ 0x805CC124 -> HOOKED (Unknown @ 0x86E77908)

SSDT[253] : NtSuspendProcess @ 0x805D4AE0 -> HOOKED (Unknown @ 0x86E7E540)

SSDT[254] : NtSuspendThread @ 0x805D4952 -> HOOKED (Unknown @ 0x86E816D0)

SSDT[257] : NtTerminateProcess @ 0x805D22D8 -> HOOKED (Unknown @ 0x86E938B0)

SSDT[258] : NtTerminateThread @ 0x805D24D2 -> HOOKED (Unknown @ 0x89169260)

SSDT[267] : NtUnmapViewOfSection @ 0x805B2E50 -> HOOKED (Unknown @ 0x86E94CF8)

SSDT[277] : NtWriteVirtualMemory @ 0x805B43D4 -> HOOKED (Unknown @ 0x86DCFA00)

S_SSDT[383] : Unknown -> HOOKED (Unknown @ 0x86205720)

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: HITACHI HTS725050A9A364 +++++

--- User ---

[MBR] 8f1f3dc081aeca82612be9c86c30c8fd

[bSP] 25e2b7c3ff0a1f737b922ea57d3a9985 : Lenovo tatooed MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 470433 Mo

1 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 963448832 | Size: 6505 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1].txt >>

RKreport[1].txt

Share this post


Link to post
Share on other sites

OK, lets run some scans......

Please make sure system restore is running and create a new restore point before continuing.

XP <===> Vista & W7

XP users > please back up the registry using ERUNT.

-----------------------------------------

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

tdss_1.jpg

-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

tdss_2.jpg

------------------------

Click the Start Scan button.

tdss_3.jpg

-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose delete.

tdss_4.jpg

----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

tdss_5.jpg

--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

-------------------

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose delete.

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

MrC

Share this post


Link to post
Share on other sites

14:05:40.0531 2956 TDSS rootkit removing tool 2.7.44.0 Jul 2 2012 20:01:08

14:05:42.0531 2956 ============================================================

14:05:42.0531 2956 Current date / time: 2012/07/08 14:05:42.0531

14:05:42.0531 2956 SystemInfo:

14:05:42.0531 2956

14:05:42.0531 2956 OS Version: 5.1.2600 ServicePack: 3.0

14:05:42.0531 2956 Product type: Workstation

14:05:42.0531 2956 ComputerName: ADMINLAP-0459

14:05:42.0531 2956 UserName: User

14:05:42.0531 2956 Windows directory: C:\WINDOWS

14:05:42.0531 2956 System windows directory: C:\WINDOWS

14:05:42.0531 2956 Processor architecture: Intel x86

14:05:42.0531 2956 Number of processors: 2

14:05:42.0531 2956 Page size: 0x1000

14:05:42.0531 2956 Boot type: Normal boot

14:05:42.0531 2956 ============================================================

14:05:43.0125 2956 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

14:05:43.0125 2956 ============================================================

14:05:43.0125 2956 \Device\Harddisk0\DR0:

14:05:43.0125 2956 MBR partitions:

14:05:43.0125 2956 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x396D0800

14:05:43.0125 2956 ============================================================

14:05:43.0156 2956 C: <-> \Device\Harddisk0\DR0\Partition0

14:05:43.0156 2956 ============================================================

14:05:43.0156 2956 Initialize success

14:05:43.0156 2956 ============================================================

14:06:10.0906 3888 ============================================================

14:06:10.0906 3888 Scan started

14:06:10.0906 3888 Mode: Manual; SigCheck; TDLFS;

14:06:10.0906 3888 ============================================================

14:06:12.0625 3888 5U877 (d623af0d0db0f13d32cae34d3f0dad39) C:\WINDOWS\system32\DRIVERS\5U877.sys

14:06:12.0890 3888 5U877 - ok

14:06:12.0890 3888 Abiosdsk - ok

14:06:12.0921 3888 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS

14:06:13.0031 3888 abp480n5 - ok

14:06:13.0062 3888 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

14:06:13.0156 3888 ACPI - ok

14:06:13.0156 3888 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys

14:06:13.0234 3888 ACPIEC - ok

14:06:13.0328 3888 AcPrfMgrSvc (788b88e81af85406fa69c44bf6e0b61f) C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe

14:06:13.0343 3888 AcPrfMgrSvc ( UnsignedFile.Multi.Generic ) - warning

14:06:13.0343 3888 AcPrfMgrSvc - detected UnsignedFile.Multi.Generic (1)

14:06:13.0359 3888 AcSvc (ead243c077ba957c45e4f14223c1a07b) C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe

14:06:13.0406 3888 AcSvc ( UnsignedFile.Multi.Generic ) - warning

14:06:13.0406 3888 AcSvc - detected UnsignedFile.Multi.Generic (1)

14:06:13.0468 3888 AdobeFlashPlayerUpdateSvc (f3cd7b20b27d1772c946df993ff3635c) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

14:06:13.0531 3888 AdobeFlashPlayerUpdateSvc - ok

14:06:13.0562 3888 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys

14:06:13.0640 3888 adpu160m - ok

14:06:13.0671 3888 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

14:06:13.0796 3888 aec - ok

14:06:13.0828 3888 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

14:06:13.0890 3888 AFD - ok

14:06:13.0890 3888 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys

14:06:14.0000 3888 agp440 - ok

14:06:14.0000 3888 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys

14:06:14.0093 3888 agpCPQ - ok

14:06:14.0093 3888 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys

14:06:14.0140 3888 Aha154x - ok

14:06:14.0140 3888 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys

14:06:14.0234 3888 aic78u2 - ok

14:06:14.0250 3888 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys

14:06:14.0343 3888 aic78xx - ok

14:06:14.0375 3888 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll

14:06:14.0468 3888 Alerter - ok

14:06:14.0500 3888 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe

14:06:14.0562 3888 ALG - ok

14:06:14.0578 3888 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys

14:06:14.0671 3888 AliIde - ok

14:06:14.0671 3888 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys

14:06:14.0765 3888 alim1541 - ok

14:06:14.0859 3888 Ambfilt (f6af59d6eee5e1c304f7f73706ad11d8) C:\WINDOWS\system32\drivers\Ambfilt.sys

14:06:14.0921 3888 Ambfilt - ok

14:06:15.0062 3888 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys

14:06:15.0171 3888 amdagp - ok

14:06:15.0171 3888 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys

14:06:15.0218 3888 amsint - ok

14:06:15.0250 3888 ANC (11ab185a7af224800bbfb5b836974a17) C:\WINDOWS\system32\drivers\ANC.SYS

14:06:15.0281 3888 ANC ( UnsignedFile.Multi.Generic ) - warning

14:06:15.0281 3888 ANC - detected UnsignedFile.Multi.Generic (1)

14:06:15.0312 3888 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll

14:06:15.0390 3888 AppMgmt - ok

14:06:15.0406 3888 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

14:06:15.0500 3888 Arp1394 - ok

14:06:15.0500 3888 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys

14:06:15.0593 3888 asc - ok

14:06:15.0609 3888 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys

14:06:15.0656 3888 asc3350p - ok

14:06:15.0656 3888 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys

14:06:15.0750 3888 asc3550 - ok

14:06:15.0859 3888 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

14:06:15.0937 3888 aspnet_state - ok

14:06:15.0953 3888 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

14:06:16.0046 3888 AsyncMac - ok

14:06:16.0062 3888 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

14:06:16.0171 3888 atapi - ok

14:06:16.0171 3888 Atdisk - ok

14:06:16.0171 3888 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

14:06:16.0281 3888 Atmarpc - ok

14:06:16.0296 3888 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll

14:06:16.0421 3888 AudioSrv - ok

14:06:16.0437 3888 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

14:06:16.0531 3888 audstub - ok

14:06:16.0640 3888 BBSvc (01a24b415926bb5f772dbe12459d97de) C:\Program Files\Microsoft\BingBar\BBSvc.EXE

14:06:16.0703 3888 BBSvc - ok

14:06:16.0750 3888 BBUpdate (785de7abda13309d6065305542829e76) C:\Program Files\Microsoft\BingBar\SeaPort.EXE

14:06:16.0796 3888 BBUpdate - ok

14:06:16.0843 3888 BcmSqlStartupSvc (6163664c7e9cd110af70180c126c3fdc) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe

14:06:16.0859 3888 BcmSqlStartupSvc - ok

14:06:16.0875 3888 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

14:06:16.0968 3888 Beep - ok

14:06:17.0015 3888 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll

14:06:17.0125 3888 BITS - ok

14:06:17.0156 3888 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll

14:06:17.0281 3888 Browser - ok

14:06:17.0312 3888 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys

14:06:17.0406 3888 cbidf - ok

14:06:17.0406 3888 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

14:06:17.0500 3888 cbidf2k - ok

14:06:17.0562 3888 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

14:06:17.0671 3888 CCDECODE - ok

14:06:17.0765 3888 ccEvtMgr (673d6de6d6e9d50cd5e9c78f0c916cb8) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

14:06:17.0781 3888 ccEvtMgr - ok

14:06:17.0781 3888 ccSetMgr (673d6de6d6e9d50cd5e9c78f0c916cb8) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

14:06:17.0812 3888 ccSetMgr - ok

14:06:17.0812 3888 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys

14:06:17.0875 3888 cd20xrnt - ok

14:06:17.0906 3888 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

14:06:18.0015 3888 Cdaudio - ok

14:06:18.0046 3888 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

14:06:18.0156 3888 Cdfs - ok

14:06:18.0171 3888 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

14:06:18.0281 3888 Cdrom - ok

14:06:18.0281 3888 Changer - ok

14:06:18.0312 3888 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe

14:06:18.0421 3888 CiSvc - ok

14:06:18.0437 3888 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe

14:06:18.0546 3888 ClipSrv - ok

14:06:18.0656 3888 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

14:06:18.0718 3888 clr_optimization_v2.0.50727_32 - ok

14:06:18.0765 3888 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

14:06:18.0796 3888 clr_optimization_v4.0.30319_32 - ok

14:06:18.0828 3888 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

14:06:18.0937 3888 CmBatt - ok

14:06:18.0953 3888 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys

14:06:19.0046 3888 CmdIde - ok

14:06:19.0078 3888 COH_Mon (6186b6b953bdc884f0f379b84b3e3a98) C:\WINDOWS\system32\Drivers\COH_Mon.sys

14:06:19.0093 3888 COH_Mon - ok

14:06:19.0109 3888 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

14:06:19.0234 3888 Compbatt - ok

14:06:19.0234 3888 COMSysApp - ok

14:06:19.0234 3888 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys

14:06:19.0343 3888 Cpqarray - ok

14:06:19.0359 3888 cpudrv (d01f685f8b4598d144b0cce9ff95d8d5) C:\Program Files\SystemRequirementsLab\cpudrv.sys

14:06:19.0406 3888 cpudrv - ok

14:06:19.0453 3888 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll

14:06:19.0546 3888 CryptSvc - ok

14:06:19.0578 3888 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys

14:06:19.0687 3888 dac2w2k - ok

14:06:19.0687 3888 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys

14:06:19.0781 3888 dac960nt - ok

14:06:19.0843 3888 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll

14:06:19.0859 3888 DcomLaunch - ok

14:06:19.0968 3888 DDNIMSGService (696c496ddab0a608d02894e9d4f62980) C:\Program Files\DDNI\Lenovo Idea Notes\DDNIMSGService.exe

14:06:19.0984 3888 DDNIMSGService ( UnsignedFile.Multi.Generic ) - warning

14:06:19.0984 3888 DDNIMSGService - detected UnsignedFile.Multi.Generic (1)

14:06:20.0000 3888 DDNIService (a767a85632556477021d43259397b21a) C:\Program Files\DDNI\DIBS\DDNIService.exe

14:06:20.0015 3888 DDNIService ( UnsignedFile.Multi.Generic ) - warning

14:06:20.0015 3888 DDNIService - detected UnsignedFile.Multi.Generic (1)

14:06:20.0046 3888 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll

14:06:20.0125 3888 Dhcp - ok

14:06:20.0171 3888 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

14:06:20.0265 3888 Disk - ok

14:06:20.0312 3888 DLABMFSM (5b149ccfe275f4de0b4b8ec6b9f6821e) C:\WINDOWS\system32\DLA\DLABMFSM.SYS

14:06:20.0343 3888 DLABMFSM - ok

14:06:20.0343 3888 DLABOIOM (ad4cb3d783634c90a9d0ce360933a63c) C:\WINDOWS\system32\DLA\DLABOIOM.SYS

14:06:20.0359 3888 DLABOIOM - ok

14:06:20.0359 3888 DLACDBHM (5230cdb7e715f3a3b4a882e254cdd35d) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS

14:06:20.0375 3888 DLACDBHM - ok

14:06:20.0390 3888 DLADResM (93d03238cc3f0ee3c0b3985d110ec575) C:\WINDOWS\system32\DLA\DLADResM.SYS

14:06:20.0406 3888 DLADResM - ok

14:06:20.0421 3888 DLAIFS_M (6a82f77c4a6f5235bf352f0028e2ef52) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS

14:06:20.0437 3888 DLAIFS_M - ok

14:06:20.0437 3888 DLAOPIOM (0e6052c0ada37504896a847231a3907d) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS

14:06:20.0453 3888 DLAOPIOM - ok

14:06:20.0453 3888 DLAPoolM (29670bb4e2b973c5b55a76107d4910b2) C:\WINDOWS\system32\DLA\DLAPoolM.SYS

14:06:20.0468 3888 DLAPoolM - ok

14:06:20.0484 3888 DLARTL_M (77fe51f0f8d86804cb81f6ef6bfb86dd) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS

14:06:20.0500 3888 DLARTL_M - ok

14:06:20.0500 3888 DLAUDFAM (6b087732b86c1d866d69dbbe463ea90a) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS

14:06:20.0515 3888 DLAUDFAM - ok

14:06:20.0531 3888 DLAUDF_M (bbeecb95f2841ae4a3e3690d46d7153d) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS

14:06:20.0546 3888 DLAUDF_M - ok

14:06:20.0546 3888 dmadmin - ok

14:06:20.0593 3888 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

14:06:20.0718 3888 dmboot - ok

14:06:20.0734 3888 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

14:06:20.0843 3888 dmio - ok

14:06:20.0843 3888 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

14:06:20.0953 3888 dmload - ok

14:06:20.0968 3888 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll

14:06:21.0078 3888 dmserver - ok

14:06:21.0125 3888 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

14:06:21.0234 3888 DMusic - ok

14:06:21.0265 3888 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll

14:06:21.0328 3888 Dnscache - ok

14:06:21.0359 3888 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll

14:06:21.0468 3888 Dot3svc - ok

14:06:21.0500 3888 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys

14:06:21.0593 3888 dpti2o - ok

14:06:21.0609 3888 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

14:06:21.0687 3888 drmkaud - ok

14:06:21.0734 3888 DRVMCDB (83106585494d5eb96f59187200c144bd) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS

14:06:21.0750 3888 DRVMCDB - ok

14:06:21.0750 3888 DRVNDDM (ffc371525aa55d1bae18715ebcb8797c) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS

14:06:21.0765 3888 DRVNDDM - ok

14:06:21.0796 3888 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll

14:06:21.0906 3888 EapHost - ok

14:06:22.0000 3888 eeCtrl (fce87ba643d5e9a8b6e0378508d1b22d) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys

14:06:22.0046 3888 eeCtrl - ok

14:06:22.0062 3888 EraserUtilRebootDrv (115dc729465a8c386615207f28875255) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

14:06:22.0093 3888 EraserUtilRebootDrv - ok

14:06:22.0109 3888 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll

14:06:22.0234 3888 ERSvc - ok

14:06:22.0265 3888 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe

14:06:22.0281 3888 Eventlog - ok

14:06:22.0312 3888 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll

14:06:22.0343 3888 EventSystem - ok

14:06:22.0453 3888 EvtEng (a838e1dfbca0059503f88305edcabae1) C:\Program Files\Intel\WiFi\bin\EvtEng.exe

14:06:22.0500 3888 EvtEng - ok

14:06:22.0562 3888 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

14:06:22.0656 3888 Fastfat - ok

14:06:22.0718 3888 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

14:06:22.0781 3888 FastUserSwitchingCompatibility - ok

14:06:22.0796 3888 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys

14:06:22.0906 3888 Fdc - ok

14:06:22.0921 3888 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

14:06:23.0015 3888 Fips - ok

14:06:23.0015 3888 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

14:06:23.0125 3888 Flpydisk - ok

14:06:23.0140 3888 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys

14:06:23.0250 3888 FltMgr - ok

14:06:23.0359 3888 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

14:06:23.0390 3888 FontCache3.0.0.0 - ok

14:06:23.0406 3888 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

14:06:23.0515 3888 Fs_Rec - ok

14:06:23.0531 3888 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

14:06:23.0625 3888 Ftdisk - ok

14:06:23.0640 3888 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

14:06:23.0750 3888 Gpc - ok

14:06:23.0843 3888 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe

14:06:23.0875 3888 gupdate - ok

14:06:23.0875 3888 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe

14:06:23.0906 3888 gupdatem - ok

14:06:23.0921 3888 hamachi (833051c6c6c42117191935f734cfbd97) C:\WINDOWS\system32\DRIVERS\hamachi.sys

14:06:23.0937 3888 hamachi - ok

14:06:24.0046 3888 Hamachi2Svc (f31d7f8a7699575dbb3b3a3ab4aa6216) C:\Program Files\LogMeIn Hamachi\hamachi-2.exe

14:06:24.0109 3888 Hamachi2Svc - ok

14:06:24.0265 3888 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

14:06:24.0359 3888 HDAudBus - ok

14:06:24.0453 3888 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

14:06:24.0562 3888 helpsvc - ok

14:06:24.0562 3888 HidServ - ok

14:06:24.0593 3888 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

14:06:24.0687 3888 HidUsb - ok

14:06:24.0718 3888 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll

14:06:24.0828 3888 hkmsvc - ok

14:06:24.0843 3888 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys

14:06:24.0937 3888 hpn - ok

14:06:24.0968 3888 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

14:06:25.0031 3888 HTTP - ok

14:06:25.0062 3888 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll

14:06:25.0140 3888 HTTPFilter - ok

14:06:25.0187 3888 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys

14:06:25.0281 3888 i2omgmt - ok

14:06:25.0296 3888 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys

14:06:25.0390 3888 i2omp - ok

14:06:25.0421 3888 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

14:06:25.0531 3888 i8042prt - ok

14:06:25.0640 3888 IAANTMON (0e899d0db39617aa0b2f992e7e95b5eb) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

14:06:25.0671 3888 IAANTMON - ok

14:06:25.0984 3888 ialm (f339b2e3a3f63cc14077d614a56a967b) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys

14:06:26.0125 3888 ialm - ok

14:06:26.0296 3888 iaStor (01446278d4563b3013c92830ae6cbb26) C:\WINDOWS\system32\DRIVERS\iaStor.sys

14:06:26.0328 3888 iaStor - ok

14:06:26.0359 3888 IBMPMDRV (7285cd0c2b686e0590f941b48414a9f4) C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys

14:06:26.0375 3888 IBMPMDRV - ok

14:06:26.0390 3888 IBMPMSVC (822675eb6dd6f078316aa6ebc545518c) C:\WINDOWS\system32\ibmpmsvc.exe

14:06:26.0406 3888 IBMPMSVC - ok

14:06:26.0453 3888 IBMTPCHK (3a7dbe81ec5edb96a0a61c7d4af3198d) C:\WINDOWS\system32\Drivers\IBMBLDID.sys

14:06:26.0468 3888 IBMTPCHK ( UnsignedFile.Multi.Generic ) - warning

14:06:26.0468 3888 IBMTPCHK - detected UnsignedFile.Multi.Generic (1)

14:06:26.0578 3888 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

14:06:26.0640 3888 idsvc - ok

14:06:26.0687 3888 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

14:06:26.0796 3888 Imapi - ok

14:06:26.0843 3888 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe

14:06:26.0968 3888 ImapiService - ok

14:06:26.0984 3888 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys

14:06:27.0093 3888 ini910u - ok

14:06:27.0359 3888 IntcAzAudAddService (3ec118d7615d1ce90d0808b4b478378b) C:\WINDOWS\system32\drivers\RtkHDAud.sys

14:06:27.0500 3888 IntcAzAudAddService - ok

14:06:27.0656 3888 IntcHdmiAddService (1a3c5c489a1de481d2ef899807ad172c) C:\WINDOWS\system32\drivers\IntcHdmi.sys

14:06:27.0703 3888 IntcHdmiAddService - ok

14:06:27.0734 3888 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

14:06:27.0828 3888 IntelIde - ok

14:06:27.0843 3888 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

14:06:27.0953 3888 intelppm - ok

14:06:27.0968 3888 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys

14:06:28.0062 3888 Ip6Fw - ok

14:06:28.0078 3888 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

14:06:28.0171 3888 IpFilterDriver - ok

14:06:28.0171 3888 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

14:06:28.0265 3888 IpInIp - ok

14:06:28.0296 3888 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

14:06:28.0390 3888 IpNat - ok

14:06:28.0406 3888 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

14:06:28.0500 3888 IPSec - ok

14:06:28.0500 3888 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

14:06:28.0546 3888 IRENUM - ok

14:06:28.0578 3888 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

14:06:28.0671 3888 isapnp - ok

14:06:28.0703 3888 Iviaspi (4ac11b2250106774f694df2db4ffed61) C:\WINDOWS\system32\drivers\iviaspi.sys

14:06:28.0718 3888 Iviaspi ( UnsignedFile.Multi.Generic ) - warning

14:06:28.0718 3888 Iviaspi - detected UnsignedFile.Multi.Generic (1)

14:06:28.0765 3888 IviRegMgr (213822072085b5bbad9af30ab577d817) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

14:06:28.0781 3888 IviRegMgr - ok

14:06:28.0859 3888 JavaQuickStarterService (5472d771c0197355c1d347f20392b982) C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe

14:06:28.0906 3888 JavaQuickStarterService - ok

14:06:28.0937 3888 JMCR (2137795d207280d5707554aaf936fd19) C:\WINDOWS\system32\DRIVERS\jmcr.sys

14:06:28.0984 3888 JMCR - ok

14:06:29.0015 3888 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

14:06:29.0125 3888 Kbdclass - ok

14:06:29.0171 3888 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

14:06:29.0265 3888 kmixer - ok

14:06:29.0296 3888 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

14:06:29.0359 3888 KSecDD - ok

14:06:29.0406 3888 LanmanServer (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll

14:06:29.0437 3888 LanmanServer - ok

14:06:29.0468 3888 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll

14:06:29.0500 3888 lanmanworkstation - ok

14:06:29.0500 3888 lbrtfdc - ok

14:06:29.0593 3888 LENOVO.MICMUTE (d584216c7767dcfb4b812b9b60a4a4e7) C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe

14:06:29.0625 3888 LENOVO.MICMUTE - ok

14:06:29.0625 3888 lenovo.smi (3c3f7f424e324c6971632c5de5ff458f) C:\WINDOWS\system32\DRIVERS\smiif32.sys

14:06:29.0640 3888 lenovo.smi - ok

14:06:29.0906 3888 LiveUpdate (64c6bf10972885b3260dda2ca328430d) C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

14:06:30.0031 3888 LiveUpdate - ok

14:06:30.0171 3888 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll

14:06:30.0296 3888 LmHosts - ok

14:06:30.0390 3888 McComponentHostService (22a7776c5d8eb5930edf9c8dd0884259) C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe

14:06:30.0484 3888 McComponentHostService - ok

14:06:30.0500 3888 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll

14:06:30.0593 3888 Messenger - ok

14:06:30.0671 3888 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

14:06:30.0750 3888 mnmdd - ok

14:06:30.0765 3888 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe

14:06:30.0875 3888 mnmsrvc - ok

14:06:30.0875 3888 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

14:06:30.0968 3888 Modem - ok

14:06:31.0031 3888 Monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\Monfilt.sys

14:06:31.0093 3888 Monfilt - ok

14:06:31.0234 3888 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

14:06:31.0343 3888 Mouclass - ok

14:06:31.0375 3888 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

14:06:31.0468 3888 mouhid - ok

14:06:31.0515 3888 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

14:06:31.0609 3888 MountMgr - ok

14:06:31.0671 3888 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

14:06:31.0734 3888 MozillaMaintenance - ok

14:06:31.0781 3888 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys

14:06:31.0859 3888 mraid35x - ok

14:06:31.0890 3888 MRxDAV (e3f17e1ea5256709d4e97ef0da04b3c9) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

14:06:31.0921 3888 MRxDAV - ok

14:06:31.0984 3888 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

14:06:32.0031 3888 MRxSmb - ok

14:06:32.0046 3888 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe

14:06:32.0140 3888 MSDTC - ok

14:06:32.0156 3888 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

14:06:32.0250 3888 Msfs - ok

14:06:32.0250 3888 MSIServer - ok

14:06:32.0265 3888 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

14:06:32.0375 3888 MSKSSRV - ok

14:06:32.0390 3888 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

14:06:32.0468 3888 MSPCLOCK - ok

14:06:32.0484 3888 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

14:06:32.0578 3888 MSPQM - ok

14:06:32.0593 3888 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

14:06:32.0687 3888 mssmbios - ok

14:06:32.0750 3888 MSSQL$MSSMLBIZ - ok

14:06:32.0812 3888 MSSQLServerADHelper (1d89eb4e2a99cabd4e81225f4f4c4b25) c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe

14:06:32.0843 3888 MSSQLServerADHelper - ok

14:06:32.0859 3888 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

14:06:32.0953 3888 MSTEE - ok

14:06:33.0000 3888 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

14:06:33.0031 3888 Mup - ok

14:06:33.0031 3888 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

14:06:33.0140 3888 NABTSFEC - ok

14:06:33.0187 3888 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll

14:06:33.0281 3888 napagent - ok

14:06:33.0390 3888 NAVENG (f11033730b38260b6892e837c457fb4b) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120705.036\NAVENG.SYS

14:06:33.0421 3888 NAVENG - ok

14:06:33.0500 3888 NAVEX15 (4e4e7c0259d3bb97de24a636c0e06aba) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120705.036\NAVEX15.SYS

14:06:33.0562 3888 NAVEX15 - ok

14:06:33.0703 3888 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

14:06:33.0796 3888 NDIS - ok

14:06:33.0828 3888 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

14:06:33.0937 3888 NdisIP - ok

14:06:33.0953 3888 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

14:06:33.0984 3888 NdisTapi - ok

14:06:34.0000 3888 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

14:06:34.0078 3888 Ndisuio - ok

14:06:34.0093 3888 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

14:06:34.0203 3888 NdisWan - ok

14:06:34.0234 3888 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

14:06:34.0296 3888 NDProxy - ok

14:06:34.0312 3888 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

14:06:34.0406 3888 NetBIOS - ok

14:06:34.0421 3888 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

14:06:34.0531 3888 NetBT - ok

14:06:34.0562 3888 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe

14:06:34.0671 3888 NetDDE - ok

14:06:34.0671 3888 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe

14:06:34.0765 3888 NetDDEdsdm - ok

14:06:34.0812 3888 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

14:06:34.0890 3888 Netlogon - ok

14:06:34.0921 3888 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll

14:06:35.0031 3888 Netman - ok

14:06:35.0156 3888 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

14:06:35.0171 3888 NetTcpPortSharing - ok

14:06:35.0437 3888 NETw1x32 (6f66be80e4806825f2e78ddf987efe0a) C:\WINDOWS\system32\DRIVERS\NETw1x32.sys

14:06:35.0578 3888 NETw1x32 - ok

14:06:35.0734 3888 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

14:06:35.0843 3888 NIC1394 - ok

14:06:35.0890 3888 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll

14:06:35.0937 3888 Nla - ok

14:06:35.0953 3888 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

14:06:36.0046 3888 Npfs - ok

14:06:36.0109 3888 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

14:06:36.0203 3888 Ntfs - ok

14:06:36.0234 3888 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

14:06:36.0312 3888 NtLmSsp - ok

14:06:36.0375 3888 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll

14:06:36.0484 3888 NtmsSvc - ok

14:06:36.0500 3888 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

14:06:36.0593 3888 Null - ok

14:06:36.0609 3888 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

14:06:36.0687 3888 NwlnkFlt - ok

14:06:36.0703 3888 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

14:06:36.0796 3888 NwlnkFwd - ok

14:06:36.0937 3888 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

14:06:37.0015 3888 odserv - ok

14:06:37.0015 3888 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

14:06:37.0109 3888 ohci1394 - ok

14:06:37.0140 3888 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

14:06:37.0250 3888 ose - ok

14:06:37.0281 3888 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys

14:06:37.0375 3888 Parport - ok

14:06:37.0390 3888 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

14:06:37.0484 3888 PartMgr - ok

14:06:37.0484 3888 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

14:06:37.0578 3888 ParVdm - ok

14:06:37.0593 3888 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

14:06:37.0687 3888 PCI - ok

14:06:37.0687 3888 PCIDump - ok

14:06:37.0703 3888 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

14:06:37.0796 3888 PCIIde - ok

14:06:37.0796 3888 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys

14:06:37.0875 3888 Pcmcia - ok

14:06:37.0890 3888 PDCOMP - ok

14:06:37.0890 3888 PDFRAME - ok

14:06:37.0890 3888 PDRELI - ok

14:06:37.0906 3888 PDRFRAME - ok

14:06:37.0906 3888 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys

14:06:37.0984 3888 perc2 - ok

14:06:38.0000 3888 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys

14:06:38.0093 3888 perc2hib - ok

14:06:38.0125 3888 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe

14:06:38.0140 3888 PlugPlay - ok

14:06:38.0171 3888 pmem (dedef40e1d05842639491365cb2c069e) C:\WINDOWS\System32\drivers\pmemnt.sys

14:06:38.0187 3888 pmem ( UnsignedFile.Multi.Generic ) - warning

14:06:38.0187 3888 pmem - detected UnsignedFile.Multi.Generic (1)

14:06:38.0218 3888 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

14:06:38.0312 3888 PolicyAgent - ok

14:06:38.0406 3888 Power Manager DBC Service (d67fa0592610b40b89f76a78b5a667c7) C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE

14:06:38.0437 3888 Power Manager DBC Service ( UnsignedFile.Multi.Generic ) - warning

14:06:38.0437 3888 Power Manager DBC Service - detected UnsignedFile.Multi.Generic (1)

14:06:38.0468 3888 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

14:06:38.0562 3888 PptpMiniport - ok

14:06:38.0562 3888 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

14:06:38.0656 3888 ProtectedStorage - ok

14:06:38.0687 3888 psadd (f8a25f1dd8b2c332cbc663e3579566e7) C:\WINDOWS\system32\DRIVERS\psadd.sys

14:06:38.0703 3888 psadd - ok

14:06:38.0703 3888 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

14:06:38.0796 3888 PSched - ok

14:06:38.0812 3888 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

14:06:38.0921 3888 Ptilink - ok

14:06:38.0953 3888 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys

14:06:38.0968 3888 PxHelp20 - ok

14:06:39.0000 3888 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys

14:06:39.0093 3888 ql1080 - ok

14:06:39.0109 3888 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys

14:06:39.0187 3888 Ql10wnt - ok

14:06:39.0203 3888 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys

14:06:39.0296 3888 ql12160 - ok

14:06:39.0296 3888 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys

14:06:39.0390 3888 ql1240 - ok

14:06:39.0390 3888 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys

14:06:39.0484 3888 ql1280 - ok

14:06:39.0484 3888 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

14:06:39.0578 3888 RasAcd - ok

14:06:39.0593 3888 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll

14:06:39.0687 3888 RasAuto - ok

14:06:39.0718 3888 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

14:06:39.0796 3888 Rasl2tp - ok

14:06:39.0812 3888 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll

14:06:39.0906 3888 RasMan - ok

14:06:39.0906 3888 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

14:06:40.0000 3888 RasPppoe - ok

14:06:40.0015 3888 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

14:06:40.0093 3888 Raspti - ok

14:06:40.0109 3888 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

14:06:40.0187 3888 Rdbss - ok

14:06:40.0203 3888 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

14:06:40.0281 3888 RDPCDD - ok

14:06:40.0296 3888 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

14:06:40.0390 3888 rdpdr - ok

14:06:40.0421 3888 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys

14:06:40.0453 3888 RDPWD - ok

14:06:40.0468 3888 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe

14:06:40.0578 3888 RDSessMgr - ok

14:06:40.0625 3888 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

14:06:40.0703 3888 redbook - ok

14:06:40.0734 3888 regi (001b4278407f4303efc902a2b16f2453) C:\WINDOWS\system32\drivers\regi.sys

14:06:40.0750 3888 regi - ok

14:06:40.0875 3888 RegSrvc (a720f4df168db04ba46dd3881581578e) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

14:06:40.0906 3888 RegSrvc - ok

14:06:40.0937 3888 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll

14:06:41.0046 3888 RemoteAccess - ok

14:06:41.0062 3888 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll

14:06:41.0156 3888 RemoteRegistry - ok

14:06:41.0265 3888 Roxio UPnP Renderer 10 (ada991d7a02130fa78413281a134330b) C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe

14:06:41.0312 3888 Roxio UPnP Renderer 10 - ok

14:06:41.0343 3888 Roxio Upnp Server 10 (11f07111105072f81c03a437423e88ee) C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe

14:06:41.0406 3888 Roxio Upnp Server 10 - ok

14:06:41.0453 3888 RoxLiveShare10 (7c334636b539fbfa65bd3b6da75b9d30) C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe

14:06:41.0500 3888 RoxLiveShare10 - ok

14:06:41.0578 3888 RoxMediaDB10 (eb9eeb379848f356797eb9ef31114ca5) C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe

14:06:41.0656 3888 RoxMediaDB10 - ok

14:06:41.0703 3888 RoxWatch10 (640e33efb13278bedd3699dfa88185e5) C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe

14:06:41.0750 3888 RoxWatch10 - ok

14:06:41.0890 3888 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe

14:06:41.0984 3888 RpcLocator - ok

14:06:42.0031 3888 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll

14:06:42.0062 3888 RpcSs - ok

14:06:42.0093 3888 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe

14:06:42.0218 3888 RSVP - ok

14:06:42.0281 3888 RTLE8023xp (c6d34a1874cd2b212dc3e788091c64b4) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys

14:06:42.0312 3888 RTLE8023xp - ok

14:06:42.0421 3888 S24EventMonitor (ba859251f3793d6d615d32fa54ce3bc2) C:\Program Files\Intel\WiFi\bin\S24EvMon.exe

14:06:42.0468 3888 S24EventMonitor ( UnsignedFile.Multi.Generic ) - warning

14:06:42.0468 3888 S24EventMonitor - detected UnsignedFile.Multi.Generic (1)

14:06:42.0468 3888 s24trans (96b4494d4734970f47c566e098c4f527) C:\WINDOWS\system32\DRIVERS\s24trans.sys

14:06:42.0500 3888 s24trans - ok

14:06:42.0515 3888 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

14:06:42.0609 3888 SamSs - ok

14:06:42.0640 3888 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe

14:06:42.0750 3888 SCardSvr - ok

14:06:42.0781 3888 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll

14:06:42.0859 3888 Schedule - ok

14:06:42.0906 3888 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys

14:06:42.0984 3888 sdbus - ok

14:06:43.0000 3888 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

14:06:43.0046 3888 Secdrv - ok

14:06:43.0078 3888 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll

14:06:43.0171 3888 seclogon - ok

14:06:43.0171 3888 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll

14:06:43.0281 3888 SENS - ok

14:06:43.0281 3888 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys

14:06:43.0375 3888 Serial - ok

14:06:43.0406 3888 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys

14:06:43.0500 3888 Sfloppy - ok

14:06:43.0546 3888 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll

14:06:43.0656 3888 SharedAccess - ok

14:06:43.0687 3888 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

14:06:43.0703 3888 ShellHWDetection - ok

14:06:43.0734 3888 Shockprf (50fd310ca2ac5275935d595cb77e0487) C:\WINDOWS\system32\DRIVERS\Apsx86.sys

14:06:43.0750 3888 Shockprf - ok

14:06:43.0750 3888 Simbad - ok

14:06:43.0765 3888 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys

14:06:43.0843 3888 sisagp - ok

14:06:43.0875 3888 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

14:06:43.0953 3888 SLIP - ok

14:06:44.0140 3888 SmcService (f4c5eb02f3a5745c557636978e046236) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe

14:06:44.0203 3888 SmcService - ok

14:06:44.0265 3888 SNAC (435b7a0065b433de73c1f2e74a5ffade) C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE

14:06:44.0359 3888 SNAC - ok

14:06:44.0484 3888 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys

14:06:44.0546 3888 Sparrow - ok

14:06:44.0578 3888 SPBBCDrv (38c030777dabfc771dac7873443cfcba) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys

14:06:44.0625 3888 SPBBCDrv - ok

14:06:44.0640 3888 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

14:06:44.0734 3888 splitter - ok

14:06:44.0781 3888 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe

14:06:44.0796 3888 Spooler - ok

14:06:44.0859 3888 SQLBrowser (86ebd8b1f23e743aad21f4d5b4d40985) c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

14:06:44.0890 3888 SQLBrowser - ok

14:06:44.0906 3888 SQLWriter (d89083c4eb02daca8f944b0e05e57f9d) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

14:06:44.0921 3888 SQLWriter - ok

14:06:44.0953 3888 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

14:06:45.0000 3888 sr - ok

14:06:45.0046 3888 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll

14:06:45.0093 3888 srservice - ok

14:06:45.0109 3888 SRTSP (11564fd80e0d2fc80b904a5bcbf8d761) C:\WINDOWS\system32\Drivers\SRTSP.SYS

14:06:45.0125 3888 SRTSP - ok

14:06:45.0156 3888 SRTSPL (c668edee729925635c254b04e70f9493) C:\WINDOWS\system32\Drivers\SRTSPL.SYS

14:06:45.0187 3888 SRTSPL - ok

14:06:45.0203 3888 SRTSPX (73d9add286baebdbf636eb53acf64e12) C:\WINDOWS\system32\Drivers\SRTSPX.SYS

14:06:45.0218 3888 SRTSPX - ok

14:06:45.0265 3888 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

14:06:45.0328 3888 Srv - ok

14:06:45.0343 3888 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll

14:06:45.0390 3888 SSDPSRV - ok

14:06:45.0437 3888 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll

14:06:45.0562 3888 stisvc - ok

14:06:45.0593 3888 stllssvr (1d0063597c3666404fcf97698abeb019) C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

14:06:45.0625 3888 stllssvr - ok

14:06:45.0656 3888 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

14:06:45.0734 3888 streamip - ok

14:06:45.0812 3888 SUService (05f8254189e3ef433398ebfb1a61e915) c:\program files\lenovo\system update\suservice.exe

14:06:45.0812 3888 SUService ( UnsignedFile.Multi.Generic ) - warning

14:06:45.0812 3888 SUService - detected UnsignedFile.Multi.Generic (1)

14:06:45.0859 3888 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

14:06:45.0953 3888 swenum - ok

14:06:45.0984 3888 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

14:06:46.0093 3888 swmidi - ok

14:06:46.0093 3888 SwPrv - ok

14:06:46.0265 3888 Symantec AntiVirus (5d843b68b6ab89b89facb53de8847d90) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe

14:06:46.0343 3888 Symantec AntiVirus - ok

14:06:46.0468 3888 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys

14:06:46.0546 3888 symc810 - ok

14:06:46.0578 3888 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys

14:06:46.0671 3888 symc8xx - ok

14:06:46.0687 3888 SymEvent (e03ee3ef1037099554d17bed99545a5e) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS

14:06:46.0703 3888 SymEvent - ok

14:06:46.0734 3888 SYMREDRV (9181892e5af5df8d2ac3d9d2cea48afd) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS

14:06:46.0750 3888 SYMREDRV - ok

14:06:46.0796 3888 SYMTDI (d539f317e6caaa4e08911a84c2180938) C:\WINDOWS\System32\Drivers\SYMTDI.SYS

14:06:46.0812 3888 SYMTDI - ok

14:06:46.0812 3888 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys

14:06:46.0937 3888 sym_hi - ok

14:06:46.0937 3888 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys

14:06:47.0015 3888 sym_u3 - ok

14:06:47.0062 3888 SynTP (d7dc30b8b41e7a913c3fccc0631e72ec) C:\WINDOWS\system32\DRIVERS\SynTP.sys

14:06:47.0078 3888 SynTP - ok

14:06:47.0109 3888 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

14:06:47.0203 3888 sysaudio - ok

14:06:47.0234 3888 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe

14:06:47.0328 3888 SysmonLog - ok

14:06:47.0359 3888 SysPlant (796bd122ccff742854e72fe8e45a7ac9) C:\WINDOWS\system32\Drivers\SysPlant.sys

14:06:47.0375 3888 SysPlant - ok

14:06:47.0390 3888 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll

14:06:47.0484 3888 TapiSrv - ok

14:06:47.0515 3888 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

14:06:47.0562 3888 Tcpip - ok

14:06:47.0593 3888 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

14:06:47.0671 3888 TDPIPE - ok

14:06:47.0703 3888 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

14:06:47.0796 3888 TDTCP - ok

14:06:47.0828 3888 Teefer2 (94fb26d72326851e914b9fd988e1aa47) C:\WINDOWS\system32\DRIVERS\teefer2.sys

14:06:47.0843 3888 Teefer2 - ok

14:06:47.0875 3888 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

14:06:47.0968 3888 TermDD - ok

14:06:48.0000 3888 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll

14:06:48.0093 3888 TermService - ok

14:06:48.0140 3888 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

14:06:48.0156 3888 Themes - ok

14:06:48.0296 3888 ThinkVantage Registry Monitor Service (1c7b8e69bf9557a17a17f2120892acf9) c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe

14:06:48.0343 3888 ThinkVantage Registry Monitor Service - ok

14:06:48.0375 3888 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe

14:06:48.0437 3888 TlntSvr - ok

14:06:48.0468 3888 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys

14:06:48.0546 3888 TosIde - ok

14:06:48.0562 3888 TPDIGIMN (f21a7a174f5ae320e40ced22389a951c) C:\WINDOWS\system32\DRIVERS\ApsHM86.sys

14:06:48.0578 3888 TPDIGIMN - ok

14:06:48.0578 3888 TPHDEXLGSVC (9a7f24cabcd988c85e57b95bc701e0e5) C:\WINDOWS\system32\TPHDEXLG.exe

14:06:48.0609 3888 TPHDEXLGSVC - ok

14:06:48.0640 3888 TPHKDRV (8aef2188630f5ecd79ad9abba630630b) C:\WINDOWS\system32\DRIVERS\TPHKDRV.sys

14:06:48.0703 3888 TPHKDRV - ok

14:06:48.0750 3888 TPHKSVC (3c6a42a8494d74f44f048bb7f9f2db44) C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe

14:06:48.0765 3888 TPHKSVC - ok

14:06:48.0796 3888 TPPWRIF (44672de6cea9569c21c4b7a8d2560750) C:\WINDOWS\system32\drivers\Tppwrif.sys

14:06:48.0796 3888 TPPWRIF ( UnsignedFile.Multi.Generic ) - warning

14:06:48.0796 3888 TPPWRIF - detected UnsignedFile.Multi.Generic (1)

14:06:48.0828 3888 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll

14:06:48.0937 3888 TrkWks - ok

14:06:48.0937 3888 TSMAPIP (f10f36e20448a5500a5f83f67ee4aad4) C:\WINDOWS\system32\drivers\TSMAPIP.SYS

14:06:48.0953 3888 TSMAPIP ( UnsignedFile.Multi.Generic ) - warning

14:06:48.0953 3888 TSMAPIP - detected UnsignedFile.Multi.Generic (1)

14:06:49.0000 3888 TVT Backup Protection Service (1aa675a55e169bc45b5685355bec2c66) C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe

14:06:49.0046 3888 TVT Backup Protection Service ( UnsignedFile.Multi.Generic ) - warning

14:06:49.0046 3888 TVT Backup Protection Service - detected UnsignedFile.Multi.Generic (1)

14:06:49.0109 3888 TVT Backup Service (ff86960cf29eab25cddecc92cbba43d4) C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe

14:06:49.0140 3888 TVT Backup Service ( UnsignedFile.Multi.Generic ) - warning

14:06:49.0140 3888 TVT Backup Service - detected UnsignedFile.Multi.Generic (1)

14:06:49.0296 3888 TVT Scheduler (49851e0177f2044184c125e919d1917c) c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe

14:06:49.0343 3888 TVT Scheduler ( UnsignedFile.Multi.Generic ) - warning

14:06:49.0343 3888 TVT Scheduler - detected UnsignedFile.Multi.Generic (1)

14:06:49.0453 3888 tvtfilter (49258a02a1e8d304ed88b0f1c56b1738) C:\WINDOWS\system32\DRIVERS\tvtfilter.sys

14:06:49.0484 3888 tvtfilter - ok

14:06:49.0562 3888 TVT_UpdateMonitor (22a001f3fbb92e3811c3bfd8fdad3ed3) C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe

14:06:49.0609 3888 TVT_UpdateMonitor ( UnsignedFile.Multi.Generic ) - warning

14:06:49.0609 3888 TVT_UpdateMonitor - detected UnsignedFile.Multi.Generic (1)

14:06:49.0625 3888 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

14:06:49.0734 3888 Udfs - ok

14:06:49.0781 3888 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys

14:06:49.0812 3888 ultra - ok

14:06:49.0859 3888 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

14:06:49.0937 3888 Update - ok

14:06:49.0968 3888 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll

14:06:50.0046 3888 upnphost - ok

14:06:50.0046 3888 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe

14:06:50.0156 3888 UPS - ok

14:06:50.0156 3888 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

14:06:50.0250 3888 usbccgp - ok

14:06:50.0281 3888 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

14:06:50.0375 3888 usbehci - ok

14:06:50.0375 3888 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

14:06:50.0468 3888 usbhub - ok

14:06:50.0484 3888 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

14:06:50.0578 3888 usbprint - ok

14:06:50.0625 3888 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

14:06:50.0703 3888 usbscan - ok

14:06:50.0750 3888 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

14:06:50.0828 3888 USBSTOR - ok

14:06:50.0843 3888 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

14:06:50.0953 3888 usbuhci - ok

14:06:50.0968 3888 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys

14:06:51.0062 3888 usbvideo - ok

14:06:51.0078 3888 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

14:06:51.0156 3888 VgaSave - ok

14:06:51.0187 3888 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys

14:06:51.0265 3888 viaagp - ok

14:06:51.0281 3888 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

14:06:51.0359 3888 ViaIde - ok

14:06:51.0375 3888 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

14:06:51.0484 3888 VolSnap - ok

14:06:51.0515 3888 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe

14:06:51.0578 3888 VSS - ok

14:06:51.0609 3888 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll

14:06:51.0703 3888 W32Time - ok

14:06:51.0718 3888 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

14:06:51.0828 3888 Wanarp - ok

14:06:51.0875 3888 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys

14:06:51.0906 3888 Wdf01000 - ok

14:06:51.0906 3888 WDICA - ok

14:06:51.0953 3888 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

14:06:52.0046 3888 wdmaud - ok

14:06:52.0078 3888 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll

14:06:52.0156 3888 WebClient - ok

14:06:52.0218 3888 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll

14:06:52.0312 3888 winmgmt - ok

14:06:52.0375 3888 WinRM (18f347402da544a780949b8fdf83351b) C:\WINDOWS\system32\WsmSvc.dll

14:06:52.0468 3888 WinRM - ok

14:06:52.0640 3888 wlidsvc (d9250b31b353ee3322c1cad411997e38) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

14:06:52.0750 3888 wlidsvc - ok

14:06:52.0859 3888 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll

14:06:52.0906 3888 WmdmPmSN - ok

14:06:52.0968 3888 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll

14:06:53.0031 3888 Wmi - ok

14:06:53.0078 3888 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys

14:06:53.0171 3888 WmiAcpi - ok

14:06:53.0218 3888 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe

14:06:53.0328 3888 WmiApSrv - ok

14:06:53.0437 3888 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe

14:06:53.0484 3888 WMPNetworkSvc - ok

14:06:53.0609 3888 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

14:06:53.0703 3888 WPFFontCache_v0400 - ok

14:06:53.0890 3888 WPS (c58c48d7e190d3be57316a8e16d0bee9) C:\WINDOWS\system32\drivers\wpsdrvnt.sys

14:06:53.0906 3888 WPS - ok

14:06:53.0921 3888 WpsHelper (ff983a25ae6f7d3f87f26bf51f02a201) C:\WINDOWS\system32\drivers\WpsHelper.sys

14:06:53.0937 3888 WpsHelper - ok

14:06:53.0984 3888 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll

14:06:54.0078 3888 wscsvc - ok

14:06:54.0093 3888 WSearch - ok

14:06:54.0109 3888 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

14:06:54.0203 3888 WSTCODEC - ok

14:06:54.0218 3888 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll

14:06:54.0312 3888 wuauserv - ok

14:06:54.0343 3888 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

14:06:54.0375 3888 WudfPf - ok

14:06:54.0375 3888 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

14:06:54.0390 3888 WudfRd - ok

14:06:54.0406 3888 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll

14:06:54.0421 3888 WudfSvc - ok

14:06:54.0468 3888 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll

14:06:54.0578 3888 WZCSVC - ok

14:06:54.0593 3888 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll

14:06:54.0687 3888 xmlprov - ok

14:06:54.0703 3888 MBR (0x1B8) (77e2c4791176547db7fb69d898e529ab) \Device\Harddisk0\DR0

14:06:55.0093 3888 \Device\Harddisk0\DR0 - ok

14:06:55.0093 3888 Boot (0x1200) (0531eb3e52362ec7a27c5379d704d92a) \Device\Harddisk0\DR0\Partition0

14:06:55.0093 3888 \Device\Harddisk0\DR0\Partition0 - ok

14:06:55.0093 3888 ============================================================

14:06:55.0093 3888 Scan finished

14:06:55.0093 3888 ============================================================

14:06:55.0203 3792 Detected object count: 17

14:06:55.0203 3792 Actual detected object count: 17

14:10:23.0796 3792 AcPrfMgrSvc ( UnsignedFile.Multi.Generic ) - skipped by user

14:10:23.0796 3792 AcPrfMgrSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip

14:10:23.0796 3792 AcSvc ( UnsignedFile.Multi.Generic ) - skipped by user

14:10:23.0796 3792 AcSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip

14:10:23.0796 3792 ANC ( UnsignedFile.Multi.Generic ) - skipped by user

14:10:23.0796 3792 ANC ( UnsignedFile.Multi.Generic ) - User select action: Skip

14:10:23.0796 3792 DDNIMSGService ( UnsignedFile.Multi.Generic ) - skipped by user

14:10:23.0796 3792 DDNIMSGService ( UnsignedFile.Multi.Generic ) - User select action: Skip

14:10:23.0796 3792 DDNIService ( UnsignedFile.Multi.Generic ) - skipped by user

14:10:23.0796 3792 DDNIService ( UnsignedFile.Multi.Generic ) - User select action: Skip

14:10:23.0796 3792 IBMTPCHK ( UnsignedFile.Multi.Generic ) - skipped by user

14:10:23.0796 3792 IBMTPCHK ( UnsignedFile.Multi.Generic ) - User select action: Skip

14:10:23.0796 3792 Iviaspi ( UnsignedFile.Multi.Generic ) - skipped by user

14:10:23.0796 3792 Iviaspi ( UnsignedFile.Multi.Generic ) - User select action: Skip

14:10:23.0812 3792 pmem ( UnsignedFile.Multi.Generic ) - skipped by user

14:10:23.0812 3792 pmem ( UnsignedFile.Multi.Generic ) - User select action: Skip

14:10:23.0812 3792 Power Manager DBC Service ( UnsignedFile.Multi.Generic ) - skipped by user

14:10:23.0812 3792 Power Manager DBC Service ( UnsignedFile.Multi.Generic ) - User select action: Skip

14:10:23.0812 3792 S24EventMonitor ( UnsignedFile.Multi.Generic ) - skipped by user

14:10:23.0812 3792 S24EventMonitor ( UnsignedFile.Multi.Generic ) - User select action: Skip

14:10:23.0812 3792 SUService ( UnsignedFile.Multi.Generic ) - skipped by user

14:10:23.0812 3792 SUService ( UnsignedFile.Multi.Generic ) - User select action: Skip

14:10:23.0812 3792 TPPWRIF ( UnsignedFile.Multi.Generic ) - skipped by user

14:10:23.0812 3792 TPPWRIF ( UnsignedFile.Multi.Generic ) - User select action: Skip

14:10:23.0812 3792 TSMAPIP ( UnsignedFile.Multi.Generic ) - skipped by user

14:10:23.0812 3792 TSMAPIP ( UnsignedFile.Multi.Generic ) - User select action: Skip

14:10:23.0812 3792 TVT Backup Protection Service ( UnsignedFile.Multi.Generic ) - skipped by user

14:10:23.0812 3792 TVT Backup Protection Service ( UnsignedFile.Multi.Generic ) - User select action: Skip

14:10:23.0812 3792 TVT Backup Service ( UnsignedFile.Multi.Generic ) - skipped by user

14:10:23.0812 3792 TVT Backup Service ( UnsignedFile.Multi.Generic ) - User select action: Skip

14:10:23.0812 3792 TVT Scheduler ( UnsignedFile.Multi.Generic ) - skipped by user

14:10:23.0812 3792 TVT Scheduler ( UnsignedFile.Multi.Generic ) - User select action: Skip

14:10:23.0812 3792 TVT_UpdateMonitor ( UnsignedFile.Multi.Generic ) - skipped by user

14:10:23.0812 3792 TVT_UpdateMonitor ( UnsignedFile.Multi.Generic ) - User select action: Skip

Share this post


Link to post
Share on other sites

That scan was clean......

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Share this post


Link to post
Share on other sites

Here is the ComboFix log. The first time I ran ComboFix, it appeared to get to the end of its scan, then the computer rebooted. Upon reboot, I got a message that said "Windows has recovered from a serious error...." I couldn't find a log file for ComboFix, so I ran it again. This time, it ran all the way through and produced the log file that I have attached:

ComboFix 12-07-08.01 - User 07/08/2012 16:22:41.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2937.2178 [GMT -4:00]

Running from: c:\documents and settings\User\My Documents\Downloads\ComboFix.exe

AV: Symantec Endpoint Protection *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}

FW: Symantec Endpoint Protection *Enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Application Data\DragToDiscUserNameD.txt

c:\windows\system32\SET150.tmp

c:\windows\system32\SET151.tmp

c:\windows\system32\SET15A.tmp

c:\windows\system32\SET280.tmp

c:\windows\system32\SET283.tmp

c:\windows\system32\SET2B7.tmp

c:\windows\system32\SET2C3.tmp

c:\windows\system32\SETB6.tmp

c:\windows\system32\Thumbs.db

.

.

((((((((((((((((((((((((( Files Created from 2012-06-08 to 2012-07-08 )))))))))))))))))))))))))))))))

.

.

2012-07-08 18:02 . 2012-07-08 18:03 -------- d-----w- c:\program files\ERUNT

2012-07-08 13:50 . 2012-07-08 13:50 -------- dc-h--w- c:\windows\ie8

2012-07-08 12:44 . 2012-07-08 13:47 -------- d-----w- c:\documents and settings\User\Application Data\Ad-Aware Antivirus

2012-07-08 11:53 . 2012-07-08 11:53 -------- d-----w- C:\59bc010d20ec5a017a79

2012-07-07 01:31 . 2012-07-07 01:31 -------- d-----w- C:\484a609db769287f76

2012-07-06 12:39 . 2012-07-06 12:39 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Optimizer Pro

2012-07-06 12:29 . 2012-07-06 12:29 -------- d-----w- c:\documents and settings\All Users\Application Data\WeCareReminder

2012-07-06 12:29 . 2012-07-06 22:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Tarma Installer

2012-06-30 23:14 . 2012-06-30 23:14 -------- d-----w- c:\program files\LogMeIn Hamachi

2012-06-22 16:32 . 2012-06-22 16:32 -------- d-----w- c:\program files\MapsGalaxy_39EI

2012-06-19 23:31 . 2012-06-19 23:31 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll

2012-06-19 23:31 . 2012-06-19 23:31 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll

2012-06-13 06:49 . 2012-05-11 14:42 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-06-30 23:07 . 2012-05-07 19:13 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-06-30 23:07 . 2011-06-07 13:13 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-06-02 19:19 . 2010-05-19 18:47 22040 ----a-w- c:\windows\system32\wucltui.dll.mui

2012-06-02 19:19 . 2010-05-19 18:47 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui

2012-06-02 19:19 . 2008-07-21 22:01 329240 ----a-w- c:\windows\system32\wucltui.dll

2012-06-02 19:19 . 2008-07-21 22:01 219160 ----a-w- c:\windows\system32\wuaucpl.cpl

2012-06-02 19:19 . 2008-07-21 22:01 210968 ----a-w- c:\windows\system32\wuweb.dll

2012-06-02 19:19 . 2010-05-19 18:47 45080 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 19:19 . 2010-05-19 18:47 15384 ----a-w- c:\windows\system32\wuapi.dll.mui

2012-06-02 19:19 . 2008-07-21 22:49 97304 ----a-w- c:\windows\system32\cdm.dll

2012-06-02 19:19 . 2008-07-21 22:01 35864 ----a-w- c:\windows\system32\wups.dll

2012-06-02 19:19 . 2008-07-21 22:01 53784 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 19:19 . 2010-05-19 18:47 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui

2012-06-02 19:19 . 2008-07-21 22:01 577048 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 19:19 . 2008-07-21 22:01 1933848 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 19:18 . 2010-12-13 17:22 275696 ----a-w- c:\windows\system32\mucltui.dll

2012-06-02 19:18 . 2010-12-13 17:22 17136 ----a-w- c:\windows\system32\mucltui.dll.mui

2012-06-02 19:18 . 2009-08-06 23:23 214256 ----a-w- c:\windows\system32\muweb.dll

2012-05-31 13:22 . 2008-07-21 22:49 599040 ----a-w- c:\windows\system32\crypt32.dll

2012-05-15 13:20 . 2008-07-21 22:50 1863168 ------w- c:\windows\system32\win32k.sys

2012-05-07 20:08 . 2012-05-07 20:08 4126880 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe

2012-05-04 13:16 . 2008-04-14 00:54 2148352 ------w- c:\windows\system32\ntoskrnl.exe

2012-05-04 12:32 . 2008-04-14 00:01 2026496 ------w- c:\windows\system32\ntkrnlpa.exe

2012-05-02 13:46 . 2008-07-21 21:59 139656 ------w- c:\windows\system32\drivers\rdpwd.sys

2012-06-19 23:31 . 2012-04-19 00:46 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Adobe Reader Synchronizer"="c:\program files\Adobe\Reader 10.0\Reader\AdobeCollabSync.exe" [2012-04-04 1261472]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2009-06-10 61728]

"TpShocks"="TpShocks.exe" [2009-03-05 185632]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-08-07 186904]

"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2009-03-13 68976]

"LENOVO.TPFNF6R"="c:\program files\Lenovo\HOTKEY\TPFNF6R.exe" [2009-08-20 62752]

"RTHDCPL"="RTHDCPL.EXE" [2009-07-02 18665472]

"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-11-24 487424]

"LPManager"="c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe" [2009-01-28 185688]

"LPMailChecker"="c:\progra~1\THINKV~1\PrdCtr\LPMLCHK.exe" [2009-01-28 124248]

"RoxioDragToDisc"="c:\program files\Lenovo\Drag-to-Disc\DrgToDsc.exe" [2007-03-13 1116920]

"Message Center Plus"="c:\program files\LENOVO\Message Center Plus\MCPLaunch.exe" [2009-05-28 49976]

"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2009-12-10 513384]

"IdeaNotesUser"="c:\program files\DDNI\Lenovo Idea Notes\DDNIMSGUser.exe" [2009-08-24 221872]

"CreateLMBCShortCut"="c:\program files\Lenovo\Mobile Broadband Connect\UserShortcutCreator.exe" [2009-12-04 40960]

"ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2009-07-29 425984]

"ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2009-07-29 172032]

"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2009-03-05 3093816]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-11-25 1594664]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]

"Tweak UI"="TWEAKUI.CPL" [2000-06-18 106544]

"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-02-01 115560]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-07-09 141336]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-07-09 173592]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-07-09 142872]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]

"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-06-27 1996200]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

McAfee Security Scan Plus.lnk - [N/A]

Windows Search.lnk - [N/A]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]

2006-09-06 07:37 34344 ------w- c:\program files\Lenovo\HOTKEY\notifyf2.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^iBarioGames.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\iBarioGames.lnk

backup=c:\windows\pss\iBarioGames.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]

2011-08-19 01:24 137536 ----atw- c:\documents and settings\User\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]

2008-04-25 15:15 244208 ------w- c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe"=

"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE"=

"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Documents and Settings\\User\\Local Settings\\Application Data\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management

.

R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [3/4/2009 6:56 PM 20520]

R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [7/16/2009 10:59 PM 13480]

R2 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [10/21/2011 4:23 PM 196176]

R2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [10/13/2011 6:21 PM 249648]

R2 DDNIMSGService;DDNIMSGService;c:\program files\DDNI\Lenovo Idea Notes\DDNIMSGService.exe [6/23/2009 1:23 PM 171872]

R2 DDNIService;DDNIService;c:\program files\DDNI\DIBS\DDNIService.exe [4/29/2010 2:25 PM 163680]

R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [6/27/2012 12:29 PM 1385896]

R2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\Lenovo\HOTKEY\micmute.exe [10/5/2009 10:21 PM 45424]

R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.exe [4/29/2010 2:18 PM 53248]

R2 regi;regi;c:\windows\system32\drivers\regi.sys [4/17/2007 11:09 PM 11032]

R2 TPHKSVC;On Screen Display;c:\program files\Lenovo\HOTKEY\TPHKSVC.exe [10/5/2009 10:21 PM 62320]

R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [11/24/2008 6:34 PM 520192]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [6/3/2012 9:56 AM 106656]

R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [4/29/2010 1:56 PM 110080]

R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [4/29/2010 1:53 PM 119256]

R3 NETw1x32;Intel® Wireless WiFi Link 1000 Series Adapter Driver for Windows XP 32 Bit;c:\windows\system32\drivers\NETw1x32.sys [4/29/2010 1:52 PM 5929216]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11/28/2011 8:27 PM 136176]

S2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files\Roxio\Digital Home 10\RoxioUpnpService10.exe [4/25/2008 11:18 AM 362992]

S2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [4/25/2008 11:16 AM 309744]

S2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [4/25/2008 11:15 AM 166384]

S2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\Lenovo\Rescue and Recovery\UpdateMonitor.exe [5/9/2008 8:50 PM 360448]

S3 5U877;USB Video Device;c:\windows\system32\drivers\5U877.sys [4/29/2010 1:53 PM 125568]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [5/7/2012 3:13 PM 257224]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [4/29/2010 1:55 PM 1684736]

S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [5/29/2007 1:55 PM 23888]

S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [12/18/2009 11:58 AM 11336]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [11/28/2011 8:27 PM 136176]

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.0.207\McCHSvc.exe [6/17/2011 1:33 PM 237008]

S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [5/6/2012 11:57 AM 113120]

S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [4/25/2008 11:18 AM 313840]

S3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [4/25/2008 11:15 AM 1120752]

.

Contents of the 'Scheduled Tasks' folder

.

2012-07-08 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-07 23:07]

.

2012-07-07 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-671389387-3183502675-1961634894-1008Core.job

- c:\documents and settings\User\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2011-08-19 01:24]

.

2012-07-08 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-671389387-3183502675-1961634894-1008UA.job

- c:\documents and settings\User\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2011-08-19 01:24]

.

2012-07-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-29 00:27]

.

2012-07-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-29 00:27]

.

2012-06-13 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job

- c:\program files\PCDR5\pcdr5cuiw32.exe [2009-02-20 20:57]

.

2012-07-08 c:\windows\Tasks\PMTask.job

- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2010-04-29 16:11]

.

2012-07-08 c:\windows\Tasks\User_Feed_Synchronization-{12C7E3DF-39F8-4F21-88F7-B4B74D782F53}.job

- c:\windows\system32\msfeedssync.exe [2007-08-14 08:31]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://mybrightweb.brighthorizons.com/

uInternet Connection Wizard,ShellNext = iexplore

IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000

Trusted Zone: brighthorizons.com\brightstar

Trusted Zone: brighthorizons.com\identity

Trusted Zone: brighthorizons.com\mybrightweb

Trusted Zone: intersourcing.com\brighthorizons

DPF: {8BE5651C-D60B-4B59-B5B2-F0EB93733D17} - hxxps://www36.verizon.com/FiOSVoice/UnProtected/FiosVoiceVMUtil.CAB

.

- - - - ORPHANS REMOVED - - - -

.

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

Notify-ACNotify - ACNotify.dll

SafeBoot-Symantec Antvirus

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-07-08 16:35

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(1520)

c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll

c:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dll

c:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dll

c:\program files\ThinkPad\ConnectUtilities\ACHelper.dll

c:\windows\system32\msv1_0.dll

.

- - - - - - - > 'explorer.exe'(7772)

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\program files\Lenovo\Drag-to-Disc\Shellex.dll

c:\windows\system32\DLAAPI_W.DLL

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

c:\windows\system32\OneX.DLL

c:\windows\system32\eappprxy.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\ibmpmsvc.exe

c:\program files\Symantec\Symantec Endpoint Protection\Smc.exe

c:\program files\Intel\WiFi\bin\S24EvMon.exe

c:\program files\Symantec\Symantec Endpoint Protection\SescLU.exe

c:\program files\Common Files\Symantec Shared\ccSvcHst.exe

c:\progra~1\Lenovo\HOTKEY\tpnumlk.exe

c:\progra~1\Lenovo\HOTKEY\tpnumlkd.exe

c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe

c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe

c:\program files\Intel\WiFi\bin\EvtEng.exe

c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

c:\program files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe

c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe

c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe

c:\program files\Symantec\Symantec Endpoint Protection\Rtvscan.exe

c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe

c:\program files\Symantec\Symantec Endpoint Protection\SmcGui.exe

c:\program files\Lenovo\Rescue and Recovery\rrservice.exe

c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\windows\system32\TpShocks.exe

c:\windows\RTHDCPL.EXE

c:\windows\system32\rundll32.exe

c:\program files\Lenovo\HOTKEY\TPONSCR.exe

c:\program files\Lenovo\Zoom\TpScrex.exe

c:\windows\system32\SearchIndexer.exe

c:\windows\system32\igfxsrvc.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\program files\Synaptics\SynTP\SynTPLpr.exe

c:\windows\system32\igfxext.exe

c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe

c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

c:\program files\lenovo\system update\suservice.exe

c:\windows\system32\wscntfy.exe

c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe

.

**************************************************************************

.

Completion time: 2012-07-08 16:38:32 - machine was rebooted

ComboFix-quarantined-files.txt 2012-07-08 20:38

.

Pre-Run: 445,841,088,512 bytes free

Post-Run: 446,695,452,672 bytes free

.

- - End Of File - - 14A5EF016F54EC284F85938D063144AC

Share this post


Link to post
Share on other sites

Can you take a look at these two folders, do you recognize them:

2012-07-08 11:53 . 2012-07-08 11:53 -------- d-----w- C:\59bc010d20ec5a017a79

2012-07-07 01:31 . 2012-07-07 01:31 -------- d-----w- C:\484a609db769287f76

You can delete this folder:

c:\documents and settings\All Users\Application Data\PC Optimizer Pro

You may have to enable hidden files to se it:

http://www.howtogeek...type=post&p=439

Then..........

Please Update and run a Quick Scan with MBAM, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

Share this post


Link to post
Share on other sites

The new folders are the install packages for IE8 and Ad-aware, both of which I tried to install but couldn't. The good news is that I can run msconfig, but I can't launch Internet Explorer or search. The malware installed an add-on toolbar, and I'm pretty sure I corrupted the program trying to remove it. Do you have a suggestion for how to do a clean install of Internet Explorer?

Thank you very much for your help!

Shawn

Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org

Database version: v2012.07.08.06

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

User :: ADMINLAP-0459 [administrator]

7/8/2012 6:11:03 PM

mbam-log-2012-07-08 (18-11-03).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 226717

Time elapsed: 5 minute(s), 34 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Share this post


Link to post
Share on other sites

How are we doing??

Do you still need help or can I close this post??

MrC

Share this post


Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.