Please help - Browser hijacked...

[mbdchampagne]

Hi, I am having trouble removing something that keeps hijacking my browser. I tried running malwarebytes anti-malware, spybot, and adaware, all in safe mode, and they all found issues and deleted them, but they keep coming back.

Please help! I've attached the DDS file as well.

Thank you for your time!

Danny

I screwed up and the attach.txt file didn't get attached to the other topic, so I am reposting. sorry for the confusion.

Attach.txt

DDS.txt

[screen317]

Hi and welcome to Malwarebytes.

In the future, please post all logs directly into your reply instead of attaching them unless otherwise indicated. With that said, please update MBAM, run a Quick Scan, and post its log.

Next, run DDS again and post DDS.txt directly in your reply.

[mbdchampagne]

Thank you for your reply! Sorry for attaching instead of pasting. I will check back frequently now because I believe the notification emails are being caught in the corporate email filter.

Some additional information: the hijack is appearing in IE, Firefox, AND Chrome.

Here is the log from the MBAM quick scan:

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org

Database version: v2012.07.19.10

Windows 7 x64 NTFS

Internet Explorer 8.0.7600.16385

dchampagne :: DCHAMPAGNE [administrator]

7/19/2012 9:42:59 AM

mbam-log-2012-07-19 (09-42-59).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 197018

Time elapsed: 3 minute(s), 32 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

and here is the DDS.txt:

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 8.0.7600.16385

Run by dchampagne at 9:47:15 on 2012-07-19

Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.8052.4241 [GMT -4:00]

.

AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}

FW: Symantec Endpoint Protection *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\ibmpmsvc.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\WUDFHost.exe

C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe

C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe

C:\Windows\system32\conhost.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\PROGRA~1\Lenovo\HOTKEY\tpnumlk.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE

C:\Program Files\Intel\WiFi\bin\EvtEng.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Program Files\LENOVO\HOTKEY\CAMMUTE.exe

C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe

c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe

C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\sqlservr.exe

C:\Program Files\Microsoft SQL Server\MSAS10_50.MSSQLSERVER\OLAP\bin\msmdsrv.exe

C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

C:\Program Files\Microsoft SQL Server\MSRS10_50.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe

C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEService64.exe

C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe

C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\fdhost.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe

C:\Windows\system32\svchost.exe -k HsfXAudioService

C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

c:\Program Files (x86)\Lenovo\System Update\SUService.exe

C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\svchost.exe -k WbioSvcGroup

C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe

C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe

C:\Program Files (x86)\TeamViewer\Version7\tv_x64.exe

C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SmcGui.exe

C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe

C:\Windows\System32\TpShocks.exe

C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEGui.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe

C:\Program Files\Lenovo\Zoom\TpScrex.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Users\dchampagne\AppData\Local\Google\Update\GoogleUpdate.exe

C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe

C:\Program Files (x86)\Digital Line Detect\DLG.exe

C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe

C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Windows\system32\rundll32.exe

C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe

C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe

C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

C:\Users\dchampagne\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\ThinkPad\Bluetooth Software\BluetoothHeadsetProxy.exe

C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe

C:\Windows\system32\conhost.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe

C:\Windows\system32\conhost.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe

C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

C:\Program Files (x86)\Microsoft\BingBar\BingBar.exe

C:\Program Files (x86)\Microsoft\BingBar\BingApp.exe

C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE

C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE

C:\Windows\splwow64.exe

C:\Program Files (x86)\Adobe\Adobe Fireworks CS5\Fireworks.exe

C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe

C:\Windows\system32\PrintIsolationHost.exe

C:\Users\dchampagne\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\dchampagne\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\dchampagne\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\dchampagne\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\dchampagne\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\dchampagne\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\dchampagne\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\dchampagne\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\dchampagne\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uWindow Title = Microsoft Internet Explorer provided by ATP Tour

uStart Page = hxxp://www.google.com/

uDefault_Page_URL = hxxp://lenovo.msn.com

uInternet Settings,ProxyOverride = <local>

uURLSearchHooks: YouTube Downloader Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\5.6\youtubedownloaderToolbarIE.dll

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: YouTube Downloader Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\5.6\youtubedownloaderToolbarIE.dll

BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB: YouTube Downloader Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\5.6\youtubedownloaderToolbarIE.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

uRun: [Google Update] "C:\Users\dchampagne\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

uRun: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"

uRun: [Adobe] rundll32.exe "C:\Users\dchampagne\AppData\Local\Akamai\Adobe\rtfzrvfnz.dll",CreateInstance

uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

mRun: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe

mRun: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor

mRun: [Message Center Plus] C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe /start

mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"

mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"

mRun: [<NO NAME>]

mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"

mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [iMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

dRun: [Adobe] rundll32.exe "C:\Users\dchampagne\AppData\Local\Akamai\Adobe\rtfzrvfnz.dll",CreateInstance

StartupFolder: C:\Users\DCHAMP~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\dchampagne\AppData\Roaming\Dropbox\bin\Dropbox.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\ThinkPad\Bluetooth Software\BTTray.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\DIGITA~1.LNK - C:\Program Files (x86)\Digital Line Detect\DLG.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105

IE: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

Trusted Zone: atpworldtour.com\vpn

DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab

DPF: {6EEFD7B1-B26C-440D-B55A-1EC677189F30} - hxxps://vpn.atpworldtour.com/NELX.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab

TCP: DhcpNameServer = 10.1.0.5 10.104.0.5 10.104.0.6

TCP: Interfaces\{238CD47E-977D-42B0-8B46-1419AB0F99F8} : DhcpNameServer = 10.1.0.5 10.104.0.5 10.104.0.6

TCP: Interfaces\{238CD47E-977D-42B0-8B46-1419AB0F99F8}\05C61697562737F5C4F657E6765613 : DhcpNameServer = 195.238.2.21 195.238.2.22 8.8.8.8

TCP: Interfaces\{238CD47E-977D-42B0-8B46-1419AB0F99F8}\0727563737F527F6F6D613 : DhcpNameServer = 195.238.2.21 195.238.2.22 8.8.8.8

TCP: Interfaces\{238CD47E-977D-42B0-8B46-1419AB0F99F8}\144435C483635323 : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{238CD47E-977D-42B0-8B46-1419AB0F99F8}\64249402355525655494C4C414E43454026514E40213334333 : DhcpNameServer = 192.168.1.254

TCP: Interfaces\{369B1172-3EBA-4D23-99A1-902405013925} : DhcpNameServer = 10.1.0.5 10.104.0.5

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL

LSA: Notification Packages = scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll

IFEO: sethc.exe - C:\windows\system32\cmd.exe

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll

BHO-X64: Increase performance and video formats for your HTML5 <video> - No File

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL

BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: YouTube Downloader Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\5.6\youtubedownloaderToolbarIE.dll

BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO-X64: SmartSelect - No File

TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB-X64: YouTube Downloader Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\5.6\youtubedownloaderToolbarIE.dll

TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

mRun-x64: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe

mRun-x64: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor

mRun-x64: [Message Center Plus] C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe /start

mRun-x64: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun-x64: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"

mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"

mRun-x64: [(Default)]

mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"

mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [iMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL

IFEO-X64: sethc.exe - C:\windows\system32\cmd.exe

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\dchampagne\AppData\Roaming\Mozilla\Firefox\Profiles\3wdfz54w.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=

FF - prefs.js: network.proxy.type - 0

FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll

FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll

FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\dchampagne\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll

FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll

FF - plugin: C:\Windows\SysWOW64\npmproxy.dll

.

============= SERVICES / DRIVERS ===============

.

R0 DzHDD64;DzHDD64;C:\Windows\system32\DRIVERS\DzHDD64.sys --> C:\Windows\system32\DRIVERS\DzHDD64.sys [?]

R0 TPDIGIMN;TPDIGIMN;C:\Windows\system32\DRIVERS\ApsHM64.sys --> C:\Windows\system32\DRIVERS\ApsHM64.sys [?]

R1 lenovo.smi;Lenovo System Interface Driver;C:\Windows\system32\DRIVERS\smiifx64.sys --> C:\Windows\system32\DRIVERS\smiifx64.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 DozeSvc;Lenovo Doze Mode Service;C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2010-3-8 161128]

R2 HsfXAudioService;HsfXAudioService;C:\Windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992]

R2 LENOVO.CAMMUTE;Lenovo Camera Mute;C:\Program Files\Lenovo\HOTKEY\cammute.exe [2009-12-9 54632]

R2 LENOVO.MICMUTE;Lenovo Microphone Mute;C:\Program Files\Lenovo\HOTKEY\micmute.exe [2009-12-9 44984]

R2 MsDtsServer100;SQL Server Integration Services 10.0;C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe [2011-6-17 210784]

R2 ReportServer;SQL Server Reporting Services (MSSQLSERVER);C:\Program Files\Microsoft SQL Server\MSRS10_50.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2011-6-17 2180960]

R2 rimspci;rimspci;C:\Windows\system32\DRIVERS\rimspe64.sys --> C:\Windows\system32\DRIVERS\rimspe64.sys [?]

R2 smihlp;SMI Helper Driver (smihlp);C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [2009-3-13 13840]

R2 Symantec AntiVirus;Symantec Endpoint Protection;C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe [2009-10-14 2477304]

R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-4-16 2666880]

R2 TPHKSVC;On Screen Display;C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe [2009-12-9 62904]

R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]

R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-3-8 2320920]

R3 5U877;USB Video Device;C:\Windows\system32\DRIVERS\5U877.sys --> C:\Windows\system32\DRIVERS\5U877.sys [?]

R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]

R3 CAXHWAZL;CAXHWAZL;C:\Windows\system32\DRIVERS\CAXHWAZL.sys --> C:\Windows\system32\DRIVERS\CAXHWAZL.sys [?]

R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;C:\Windows\system32\DRIVERS\e1k62x64.sys --> C:\Windows\system32\DRIVERS\e1k62x64.sys [?]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-6-1 138912]

R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]

R3 LenovoRd;LenovoRd;C:\Windows\system32\Drivers\LenovoRd.sys --> C:\Windows\system32\Drivers\LenovoRd.sys [?]

R3 MSSQLFDLauncher;SQL Full-text Filter Daemon Launcher (MSSQLSERVER);C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe [2010-4-3 32096]

R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]

R3 NxDrv;SonicWALL NetExtender Adapter;C:\Windows\system32\DRIVERS\NxDrv.sys --> C:\Windows\system32\DRIVERS\NxDrv.sys [?]

R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

R3 Power Manager DBC Service;Power Manager DBC Service;C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe [2010-3-8 75112]

R3 TVTI2C;Lenovo SM bus driver;C:\Windows\system32\DRIVERS\Tvti2c.sys --> C:\Windows\system32\DRIVERS\Tvti2c.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-3 160944]

S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-4-1 183560]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-12-27 31124344]

S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-4 113120]

S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]

S3 pmxdrv;pmxdrv;\??\C:\Windows\system32\drivers\pmxdrv.sys --> C:\Windows\system32\drivers\pmxdrv.sys [?]

S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]

S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]

S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]

S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]

S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-9-29 126392]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2010-4-3 59744]

S4 RsFx0105;RsFx0105 Driver;C:\Windows\system32\DRIVERS\RsFx0105.sys --> C:\Windows\system32\DRIVERS\RsFx0105.sys [?]

S4 RsFx0151;RsFx0151 Driver;C:\Windows\system32\DRIVERS\RsFx0151.sys --> C:\Windows\system32\DRIVERS\RsFx0151.sys [?]

S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-9-22 431464]

.

=============== Created Last 30 ================

.

2012-07-19 02:02:21 -------- d-----w- C:\Users\dchampagne\AppData\Local\{62BDD537-D2B3-40F8-BA8C-C0F8E99A2DEE}

2012-07-18 13:07:56 -------- d-----w- C:\Users\dchampagne\AppData\Local\{1621A8BC-0E33-4B36-A547-0F11141F0E7D}

2012-07-17 18:30:55 -------- d-----w- C:\Users\dchampagne\AppData\Local\{19B71D2D-1399-49EE-A457-B26954032ECB}

2012-07-17 18:30:42 -------- d-----w- C:\Users\dchampagne\AppData\Local\{9F470903-E905-40FB-99D4-0DCCF1436066}

2012-07-17 16:43:45 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8D37FB42-A874-4C61-AD02-60AF31AB8E6F}\offreg.dll

2012-07-17 16:27:27 -------- d-----w- C:\Windows\en

2012-07-17 16:18:39 69464 ----a-w- C:\Windows\SysWow64\XAPOFX1_3.dll

2012-07-17 16:18:39 515416 ----a-w- C:\Windows\SysWow64\XAudio2_5.dll

2012-07-17 16:18:37 523088 ----a-w- C:\Windows\System32\d3dx10_42.dll

2012-07-17 16:18:37 453456 ----a-w- C:\Windows\SysWow64\d3dx10_42.dll

2012-07-17 16:17:39 3860992 ----a-w- C:\Windows\System32\UIRibbon.dll

2012-07-17 16:17:39 2983424 ----a-w- C:\Windows\SysWow64\UIRibbon.dll

2012-07-17 16:17:39 1164800 ----a-w- C:\Windows\SysWow64\UIRibbonRes.dll

2012-07-17 16:17:39 1164800 ----a-w- C:\Windows\System32\UIRibbonRes.dll

2012-07-17 16:16:48 257024 ----a-w- C:\Windows\System32\mfreadwrite.dll

2012-07-17 16:16:48 206848 ----a-w- C:\Windows\System32\mfps.dll

2012-07-17 16:16:48 196608 ----a-w- C:\Windows\SysWow64\mfreadwrite.dll

2012-07-17 16:16:48 1888256 ----a-w- C:\Windows\System32\WMVDECOD.DLL

2012-07-17 16:16:48 1619456 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL

2012-07-17 16:16:47 4068864 ----a-w- C:\Windows\System32\mf.dll

2012-07-17 16:16:47 3181568 ----a-w- C:\Windows\SysWow64\mf.dll

2012-07-17 16:14:16 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\364ea9351cd64370f\MeshBetaRemover.exe

2012-07-17 15:51:07 8669240 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll

2012-07-17 15:51:00 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8D37FB42-A874-4C61-AD02-60AF31AB8E6F}\mpengine.dll

2012-07-17 15:51:00 279656 ------w- C:\Windows\System32\MpSigStub.exe

2012-07-17 15:50:18 -------- d-----w- C:\ProgramData\GFI Software

2012-07-16 21:10:27 208896 ----a-w- C:\Windows\System32\profsvc.dll

2012-07-16 21:10:09 5505392 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-07-16 21:10:09 3958128 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-07-16 21:10:09 3902320 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-07-16 21:09:58 3144192 ----a-w- C:\Windows\System32\win32k.sys

2012-07-16 21:09:51 204800 ----a-w- C:\Windows\System32\drivers\rdpwd.sys

2012-07-16 21:09:40 3213824 ----a-w- C:\Windows\System32\msi.dll

2012-07-16 21:09:40 2342400 ----a-w- C:\Windows\SysWow64\msi.dll

2012-07-16 21:07:52 182272 ----a-w- C:\Windows\System32\cryptsvc.dll

2012-07-16 21:07:52 1460224 ----a-w- C:\Windows\System32\crypt32.dll

2012-07-16 21:07:52 140288 ----a-w- C:\Windows\System32\cryptnet.dll

2012-07-16 21:07:52 139264 ----a-w- C:\Windows\SysWow64\cryptsvc.dll

2012-07-16 21:07:52 1156608 ----a-w- C:\Windows\SysWow64\crypt32.dll

2012-07-16 21:07:52 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll

2012-07-16 19:50:29 -------- d-----w- C:\Users\dchampagne\AppData\Roaming\Malwarebytes

2012-07-16 19:47:27 -------- d-----w- C:\ProgramData\Malwarebytes

2012-07-16 19:47:26 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-07-16 19:47:26 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-07-16 18:26:51 119416 ------w- C:\Windows\System32\drivers\SbFwIm.sys

2012-07-16 14:24:49 7450888 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\c0b8ae7a1cd635e11\bingbarsetup.exe

2012-07-16 14:24:23 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\b1e067c31cd635e10\DSETUP.dll

2012-07-16 14:24:23 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\b1e067c31cd635e10\DXSETUP.exe

2012-07-16 14:24:23 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\b1e067c31cd635e10\dsetup32.dll

2012-07-16 14:24:20 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\af44761a1cd635e0f\DSETUP.dll

2012-07-16 14:24:20 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\af44761a1cd635e0f\DXSETUP.exe

2012-07-16 14:24:20 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\af44761a1cd635e0f\dsetup32.dll

2012-07-16 14:23:23 -------- d-----w- C:\Users\dchampagne\AppData\Local\Windows Live

2012-07-16 14:23:22 -------- d-----w- C:\Users\dchampagne\AppData\Local\{0B45EDB6-308D-40CF-BAAD-9C813F581E4D}

2012-07-16 14:21:50 15128 ----a-w- C:\Users\dchampagne\AppData\Roaming\Microsoft\IdentityCRL\Production\ppcrlconfig.dll

2012-07-09 13:08:46 2622464 ----a-w- C:\Windows\System32\wucltux.dll

2012-07-09 13:08:10 36864 ----a-w- C:\Windows\System32\wuapp.exe

2012-07-09 13:08:10 186752 ----a-w- C:\Windows\System32\wuwebv.dll

2012-07-06 13:43:55 -------- d-----w- C:\Program Files\iTunes

2012-07-06 13:43:55 -------- d-----w- C:\Program Files\iPod

2012-07-06 13:43:55 -------- d-----w- C:\Program Files (x86)\iTunes

2012-07-03 20:10:21 -------- d-----w- C:\Users\dchampagne\AppData\Local\DDMSettings

2012-07-03 20:03:47 -------- d-----w- C:\Program Files (x86)\Common Files\PX Storage Engine

2012-07-03 20:03:21 -------- d-----w- C:\Program Files\DivX

2012-07-03 20:03:04 -------- d-----w- C:\Program Files (x86)\Common Files\DivX Shared

2012-07-03 20:00:48 -------- d-----w- C:\Program Files (x86)\DivX

2012-07-03 19:58:31 -------- d-----w- C:\ProgramData\DivX

2012-06-26 13:47:35 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll

2012-06-26 13:47:35 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll

2012-06-26 13:47:35 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll

2012-06-26 13:47:35 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll

2012-06-26 13:47:35 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll

2012-06-26 13:47:35 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll

2012-06-26 13:47:35 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll

.

==================== Find3M ====================

.

2012-06-28 15:46:32 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-06-28 15:46:32 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-05-15 03:56:59 1197568 ----a-w- C:\Windows\System32\wininet.dll

2012-05-15 03:08:48 981504 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-05-05 21:58:37 8769696 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe

2012-05-04 15:00:26 476960 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll

2012-05-04 15:00:26 472864 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2012-04-26 15:54:16 172592 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS

2012-04-26 05:34:38 76288 ----a-w- C:\Windows\System32\rdpwsx.dll

2012-04-26 05:34:37 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll

2012-04-26 05:28:32 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe

.

============= FINISH: 9:48:07.96 ===============

[screen317]

Hi,

Do you have corporate licensing to be able to use MBAM?

[mbdchampagne]

no, i'm using the free version.

[screen317]

The free version is for home/personal use only and it is a violation of the EULA to use it in a corporate setting. You may get corporate licensing here:

http://www.malwarebytes.org/corporate_licensing

[mbdchampagne]

this is my personal computer - it was a corporate machine before i retired it to use as a personal machine.

[mbdchampagne]

let me know if you can help, or if it is necessary to purchase the software before you can.

[screen317]

Okay thanks for the update.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

• When the tool is finished, it will produce a report for you.
  
• Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

[mbdchampagne]

Thanks -

here is the log for MWAM:

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org

Database version: v2012.07.19.11

Windows 7 x64 NTFS

Internet Explorer 8.0.7600.16385

dchampagne :: DCHAMPAGNE [administrator]

7/19/2012 1:49:32 PM

mbam-log-2012-07-19 (13-49-32).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 197379

Time elapsed: 3 minute(s), 7 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

and here is the log for ComboFix:

ComboFix 12-07-19.02 - dchampagne 07/19/2012 13:56:55.1.4 - x64

Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.8052.4596 [GMT -4:00]

Running from: c:\users\dchampagne\Desktop\ComboFix.exe

AV: Symantec Endpoint Protection *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}

FW: Symantec Endpoint Protection *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}

SP: Symantec Endpoint Protection *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\install.exe

Q:\Autorun.inf

.

.

((((((((((((((((((((((((( Files Created from 2012-06-19 to 2012-07-19 )))))))))))))))))))))))))))))))

.

.

2012-07-19 18:05 . 2012-07-19 18:05 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-07-17 16:43 . 2012-07-17 16:43 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8D37FB42-A874-4C61-AD02-60AF31AB8E6F}\offreg.dll

2012-07-17 16:27 . 2012-07-17 16:27 -------- d-----w- c:\windows\en

2012-07-17 16:21 . 2012-07-17 16:21 -------- d-----w- c:\program files\Windows Live

2012-07-17 16:18 . 2009-09-04 21:44 69464 ----a-w- c:\windows\SysWow64\XAPOFX1_3.dll

2012-07-17 16:18 . 2009-09-04 21:44 515416 ----a-w- c:\windows\SysWow64\XAudio2_5.dll

2012-07-17 16:18 . 2009-09-04 21:29 453456 ----a-w- c:\windows\SysWow64\d3dx10_42.dll

2012-07-17 16:18 . 2009-09-04 21:29 523088 ----a-w- c:\windows\system32\d3dx10_42.dll

2012-07-17 16:17 . 2010-08-11 05:19 3860992 ----a-w- c:\windows\system32\UIRibbon.dll

2012-07-17 16:17 . 2010-08-11 05:13 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll

2012-07-17 16:17 . 2010-08-11 04:44 2983424 ----a-w- c:\windows\SysWow64\UIRibbon.dll

2012-07-17 16:17 . 2010-08-11 04:35 1164800 ----a-w- c:\windows\SysWow64\UIRibbonRes.dll

2012-07-17 16:16 . 2010-05-23 10:15 1619456 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL

2012-07-17 16:16 . 2010-05-23 10:11 196608 ----a-w- c:\windows\SysWow64\mfreadwrite.dll

2012-07-17 16:16 . 2010-05-23 08:37 1888256 ----a-w- c:\windows\system32\WMVDECOD.DLL

2012-07-17 16:16 . 2010-05-23 08:35 257024 ----a-w- c:\windows\system32\mfreadwrite.dll

2012-07-17 16:16 . 2010-05-23 08:35 206848 ----a-w- c:\windows\system32\mfps.dll

2012-07-17 16:16 . 2010-05-23 10:11 3181568 ----a-w- c:\windows\SysWow64\mf.dll

2012-07-17 16:16 . 2010-05-23 08:35 4068864 ----a-w- c:\windows\system32\mf.dll

2012-07-17 16:14 . 2012-07-17 16:14 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\364ea9351cd64370f\MeshBetaRemover.exe

2012-07-17 15:51 . 2012-07-16 06:40 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8D37FB42-A874-4C61-AD02-60AF31AB8E6F}\mpengine.dll

2012-07-17 15:51 . 2012-05-31 16:25 279656 ------w- c:\windows\system32\MpSigStub.exe

2012-07-17 15:50 . 2012-07-17 15:50 -------- d-----w- c:\programdata\GFI Software

2012-07-16 21:24 . 2012-07-16 21:24 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help

2012-07-16 21:17 . 2012-04-17 05:38 851968 ----a-w- c:\windows\system32\jscript.dll

2012-07-16 21:10 . 2012-05-02 05:32 208896 ----a-w- c:\windows\system32\profsvc.dll

2012-07-16 21:10 . 2012-05-04 10:52 5505392 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-07-16 21:10 . 2012-05-04 10:08 3958128 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-07-16 21:10 . 2012-05-04 10:08 3902320 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-07-16 21:09 . 2012-05-15 01:32 3144192 ----a-w- c:\windows\system32\win32k.sys

2012-07-16 21:09 . 2012-04-28 03:50 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-07-16 21:09 . 2012-04-07 12:18 3213824 ----a-w- c:\windows\system32\msi.dll

2012-07-16 21:09 . 2012-04-07 11:34 2342400 ----a-w- c:\windows\SysWow64\msi.dll

2012-07-16 21:07 . 2012-04-24 05:59 182272 ----a-w- c:\windows\system32\cryptsvc.dll

2012-07-16 21:07 . 2012-04-24 05:59 1460224 ----a-w- c:\windows\system32\crypt32.dll

2012-07-16 21:07 . 2012-04-24 05:59 140288 ----a-w- c:\windows\system32\cryptnet.dll

2012-07-16 21:07 . 2012-04-24 04:47 139264 ----a-w- c:\windows\SysWow64\cryptsvc.dll

2012-07-16 21:07 . 2012-04-24 04:47 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll

2012-07-16 21:07 . 2012-04-24 04:47 1156608 ----a-w- c:\windows\SysWow64\crypt32.dll

2012-07-16 19:50 . 2012-07-16 19:50 -------- d-----w- c:\users\dchampagne\AppData\Roaming\Malwarebytes

2012-07-16 19:47 . 2012-07-16 19:47 -------- d-----w- c:\programdata\Malwarebytes

2012-07-16 19:47 . 2012-07-16 19:51 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-07-16 19:47 . 2012-07-03 17:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-07-16 18:26 . 2011-09-29 16:16 119416 ------w- c:\windows\system32\drivers\SbFwIm.sys

2012-07-16 14:24 . 2012-07-16 14:24 7450888 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\c0b8ae7a1cd635e11\bingbarsetup.exe

2012-07-16 14:24 . 2012-07-16 14:24 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\b1e067c31cd635e10\DSETUP.dll

2012-07-16 14:24 . 2012-07-16 14:24 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\b1e067c31cd635e10\DXSETUP.exe

2012-07-16 14:24 . 2012-07-16 14:24 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\b1e067c31cd635e10\dsetup32.dll

2012-07-16 14:24 . 2012-07-16 14:24 94040 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\af44761a1cd635e0f\DSETUP.dll

2012-07-16 14:24 . 2012-07-16 14:24 525656 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\af44761a1cd635e0f\DXSETUP.exe

2012-07-16 14:24 . 2012-07-16 14:24 1691480 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\af44761a1cd635e0f\dsetup32.dll

2012-07-16 14:23 . 2012-07-19 14:03 -------- d-----w- c:\users\dchampagne\AppData\Local\Windows Live

2012-07-09 13:08 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-07-09 13:08 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-07-09 13:08 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll

2012-07-09 13:08 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-07-09 13:08 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-07-09 13:08 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-07-06 13:43 . 2012-07-06 13:44 -------- d-----w- c:\program files\iTunes

2012-07-06 13:43 . 2012-07-06 13:44 -------- d-----w- c:\program files (x86)\iTunes

2012-07-06 13:43 . 2012-07-06 13:43 -------- d-----w- c:\program files\iPod

2012-07-03 20:10 . 2012-07-03 20:10 -------- d-----w- c:\users\dchampagne\AppData\Local\DDMSettings

2012-07-03 20:04 . 2012-07-03 20:04 -------- d-----w- c:\users\dchampagne\AppData\Roaming\DivX

2012-07-03 20:03 . 2012-07-03 20:03 -------- d-----w- c:\program files (x86)\Common Files\PX Storage Engine

2012-07-03 20:03 . 2012-07-03 20:03 -------- d-----w- c:\program files\DivX

2012-07-03 20:03 . 2012-07-03 20:03 -------- d-----w- c:\program files (x86)\Common Files\DivX Shared

2012-07-03 20:00 . 2012-07-03 20:04 -------- d-----w- c:\program files (x86)\DivX

2012-07-03 19:58 . 2012-07-03 20:09 -------- d-----w- c:\programdata\DivX

2012-06-26 13:47 . 2012-06-26 13:47 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll

2012-06-26 13:47 . 2012-06-26 13:47 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll

2012-06-26 13:47 . 2012-06-26 13:47 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll

2012-06-26 13:47 . 2012-06-26 13:47 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll

2012-06-26 13:47 . 2012-06-26 13:47 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll

2012-06-26 13:47 . 2012-06-26 13:47 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll

2012-06-26 13:47 . 2012-06-26 13:47 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll

2012-06-26 13:46 . 2012-06-26 13:47 -------- d-----w- c:\program files (x86)\QuickTime

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-07-17 16:20 . 2011-03-28 22:36 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2012-07-16 21:17 . 2012-06-01 15:06 58957832 ----a-w- c:\windows\system32\MRT.exe

2012-06-28 15:46 . 2012-04-30 19:32 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-06-28 15:46 . 2012-04-30 19:32 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-06-01 15:03 . 2012-04-17 14:26 2144864 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll

2012-05-05 21:58 . 2012-05-05 21:58 8769696 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe

2012-05-04 15:00 . 2012-05-04 15:00 476960 ----a-w- c:\windows\SysWow64\npdeployJava1.dll

2012-05-04 15:00 . 2012-05-04 15:00 472864 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-04-26 15:54 . 2012-04-16 19:02 172592 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 94208 ----a-w- c:\users\dchampagne\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 94208 ----a-w- c:\users\dchampagne\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 94208 ----a-w- c:\users\dchampagne\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 94208 ----a-w- c:\users\dchampagne\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-03 17417392]

"OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2010-12-21 718720]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"RotateImage"="c:\program files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe" [2008-10-30 55808]

"PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2010-01-05 1101672]

"Message Center Plus"="c:\program files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe" [2009-05-28 49976]

"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

"ccApp"="c:\program files (x86)\Common Files\Symantec Shared\ccApp.exe" [2009-10-14 115560]

"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2012-03-27 40376]

"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2012-03-26 640440]

"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]

"IMSS"="c:\program files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" [2009-10-01 111640]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]

.

c:\users\dchampagne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\dchampagne\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2009-8-11 1080608]

Digital Line Detect.lnk - c:\program files (x86)\Digital Line Detect\DLG.exe [2010-3-8 50688]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"mixer4"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages REG_MULTI_SZ scecli c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-03 160944]

R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-04-01 183560]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-12-28 31124344]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-18 113120]

R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]

R3 pmxdrv;pmxdrv;c:\windows\system32\drivers\pmxdrv.sys [2010-03-08 38536]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]

R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-09-30 126392]

R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2010-04-03 59744]

R4 RsFx0105;RsFx0105 Driver;c:\windows\system32\DRIVERS\RsFx0105.sys [2011-09-23 311144]

R4 RsFx0151;RsFx0151 Driver;c:\windows\system32\DRIVERS\RsFx0151.sys [2011-06-18 313696]

R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-09-23 431464]

S0 DzHDD64;DzHDD64;c:\windows\System32\DRIVERS\DzHDD64.sys [2010-01-05 30320]

S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys [2009-10-09 23592]

S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys [2008-05-12 15400]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 DozeSvc;Lenovo Doze Mode Service;c:\program files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2010-01-05 161128]

S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136]

S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\LENOVO\HOTKEY\CAMMUTE.exe [2009-11-09 54632]

S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2009-11-17 44984]

S2 MsDtsServer100;SQL Server Integration Services 10.0;c:\program files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe [2011-06-18 210784]

S2 ReportServer;SQL Server Reporting Services (MSSQLSERVER);c:\program files\Microsoft SQL Server\MSRS10_50.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2011-06-18 2180960]

S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys [2009-10-26 61952]

S2 smihlp;SMI Helper Driver (smihlp);c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [2009-03-13 13840]

S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-03-19 2666880]

S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2009-11-16 62904]

S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2009-09-30 12728]

S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-12-09 2320920]

S3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys [2009-10-27 161664]

S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 35104]

S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [2009-06-30 292864]

S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [2009-12-01 293040]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-05-30 138912]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]

S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-26 151936]

S3 LenovoRd;LenovoRd;c:\windows\system32\Drivers\LenovoRd.sys [2009-05-11 118016]

S3 MSSQLFDLauncher;SQL Full-text Filter Daemon Launcher (MSSQLSERVER);c:\program files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe [2010-04-03 32096]

S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2009-09-15 6952960]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2009-11-11 84584]

S3 NxDrv;SonicWALL NetExtender Adapter;c:\windows\system32\DRIVERS\NxDrv.sys [2010-10-27 24264]

S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

S3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2010-01-05 75112]

S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys [2009-09-24 41536]

S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-07-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2051102694-2188014494-960542640-8627Core.job

- c:\users\dchampagne\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-17 20:27]

.

2012-07-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2051102694-2188014494-960542640-8627UA.job

- c:\users\dchampagne\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-17 20:27]

.

2012-07-19 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job

- c:\program files\PC-Doctor\pcdlauncher.exe [2009-11-14 07:29]

.

2012-04-18 c:\windows\Tasks\SystemToolsDailyTest.job

- c:\program files\PC-Doctor\pcdr5cuiw32.exe [2009-11-14 07:30]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 97792 ----a-w- c:\users\dchampagne\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 97792 ----a-w- c:\users\dchampagne\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 97792 ----a-w- c:\users\dchampagne\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 97792 ----a-w- c:\users\dchampagne\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2009-11-17 69568]

"TpShocks"="TpShocks.exe" [2009-12-11 380776]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-12-03 16414312]

"SonicWALLNetExtender"="c:\program files (x86)\SonicWALL\SSL-VPN\NetExtender\NEGui.exe" [2011-05-04 1099648]

"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-02-22 500208]

"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-07-16 307768]

"nwiz"="nwiz.exe" [2009-12-03 1712744]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.com/

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = <local>

IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105

IE: Send image to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm

Trusted Zone: atpworldtour.com\vpn

TCP: DhcpNameServer = 10.1.0.5 10.104.0.5

FF - ProfilePath - c:\users\dchampagne\AppData\Roaming\Mozilla\Firefox\Profiles\3wdfz54w.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=

FF - prefs.js: network.proxy.type - 0

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Wow6432Node-HKCU-Run-Adobe - c:\users\dchampagne\AppData\Local\Akamai\Adobe\rtfzrvfnz.dll

Wow6432Node-HKU-Default-Run-Adobe - c:\users\dchampagne\AppData\Local\Akamai\Adobe\rtfzrvfnz.dll

SafeBoot-Symantec Antvirus

Toolbar-Locked - (no file)

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

HKLM-Run-AcWin7Hlpr - c:\program files (x86)\Lenovo\Access Connections\AcTBenabler.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-07-19 14:09:02

ComboFix-quarantined-files.txt 2012-07-19 18:09

.

Pre-Run: 259,646,210,048 bytes free

Post-Run: 259,168,931,840 bytes free

.

- - End Of File - - F44F5F1F074E156EE297861CB6D4AD02

and here is the log for DDS:

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 8.0.7600.16385

Run by dchampagne at 14:11:52 on 2012-07-19

Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.8052.3986 [GMT -4:00]

.

AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}

FW: Symantec Endpoint Protection *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\ibmpmsvc.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\WUDFHost.exe

C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe

C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe

C:\Windows\system32\conhost.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\PROGRA~1\Lenovo\HOTKEY\tpnumlk.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE

C:\Program Files\Intel\WiFi\bin\EvtEng.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Program Files\LENOVO\HOTKEY\CAMMUTE.exe

C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe

c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe

C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\sqlservr.exe

C:\Program Files\Microsoft SQL Server\MSAS10_50.MSSQLSERVER\OLAP\bin\msmdsrv.exe

C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

C:\Program Files\Microsoft SQL Server\MSRS10_50.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe

C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEService64.exe

C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe

C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\fdhost.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe

C:\Windows\system32\svchost.exe -k HsfXAudioService

C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

c:\Program Files (x86)\Lenovo\System Update\SUService.exe

C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\svchost.exe -k WbioSvcGroup

C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe

C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe

C:\Program Files (x86)\TeamViewer\Version7\tv_x64.exe

C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SmcGui.exe

C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe

C:\Windows\System32\TpShocks.exe

C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEGui.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe

C:\Program Files\Lenovo\Zoom\TpScrex.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE

C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe

C:\Program Files (x86)\Digital Line Detect\DLG.exe

C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe

C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe

C:\Windows\system32\rundll32.exe

C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe

C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe

C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\ThinkPad\Bluetooth Software\BluetoothHeadsetProxy.exe

C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe

C:\Windows\system32\conhost.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe

C:\Windows\system32\conhost.exe

C:\Program Files (x86)\Microsoft\BingBar\BingBar.exe

C:\Program Files (x86)\Microsoft\BingBar\BingApp.exe

C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE

C:\Program Files (x86)\Adobe\Adobe Fireworks CS5\Fireworks.exe

C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe

C:\Windows\system32\PrintIsolationHost.exe

C:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\Ssms.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\notepad.exe

C:\Windows\system32\notepad.exe

C:\Users\dchampagne\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\dchampagne\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\dchampagne\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\dchampagne\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\dchampagne\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\dchampagne\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\dchampagne\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\dchampagne\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\dchampagne\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\dchampagne\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\dchampagne\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\dchampagne\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\dchampagne\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Users\dchampagne\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\DllHost.exe

C:\Program Files (x86)\Common Files\Symantec Shared\COH\coh64.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyOverride = <local>

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

uRun: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"

mRun: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe

mRun: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor

mRun: [Message Center Plus] C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe /start

mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"

mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"

mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"

mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [iMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

StartupFolder: C:\Users\DCHAMP~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\dchampagne\AppData\Roaming\Dropbox\bin\Dropbox.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\ThinkPad\Bluetooth Software\BTTray.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\DIGITA~1.LNK - C:\Program Files (x86)\Digital Line Detect\DLG.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105

IE: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

Trusted Zone: atpworldtour.com\vpn

DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab

DPF: {6EEFD7B1-B26C-440D-B55A-1EC677189F30} - hxxps://vpn.atpworldtour.com/NELX.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab

TCP: DhcpNameServer = 10.1.0.5 10.104.0.5

TCP: Interfaces\{238CD47E-977D-42B0-8B46-1419AB0F99F8} : DhcpNameServer = 10.1.0.5 10.104.0.5 10.104.0.6

TCP: Interfaces\{238CD47E-977D-42B0-8B46-1419AB0F99F8}\05C61697562737F5C4F657E6765613 : DhcpNameServer = 195.238.2.21 195.238.2.22 8.8.8.8

TCP: Interfaces\{238CD47E-977D-42B0-8B46-1419AB0F99F8}\0727563737F527F6F6D613 : DhcpNameServer = 195.238.2.21 195.238.2.22 8.8.8.8

TCP: Interfaces\{238CD47E-977D-42B0-8B46-1419AB0F99F8}\144435C483635323 : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{238CD47E-977D-42B0-8B46-1419AB0F99F8}\64249402355525655494C4C414E43454026514E40213334333 : DhcpNameServer = 192.168.1.254

TCP: Interfaces\{369B1172-3EBA-4D23-99A1-902405013925} : DhcpNameServer = 10.1.0.5 10.104.0.5

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL

LSA: Notification Packages = scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll

BHO-X64: Increase performance and video formats for your HTML5 <video> - No File

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL

BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO-X64: SmartSelect - No File

TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

mRun-x64: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe

mRun-x64: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor

mRun-x64: [Message Center Plus] C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe /start

mRun-x64: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun-x64: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"

mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"

mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"

mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [iMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\dchampagne\AppData\Roaming\Mozilla\Firefox\Profiles\3wdfz54w.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=

FF - prefs.js: network.proxy.type - 0

FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll

FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll

FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\dchampagne\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll

FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll

FF - plugin: C:\Windows\SysWOW64\npmproxy.dll

.

============= SERVICES / DRIVERS ===============

.

R0 DzHDD64;DzHDD64;C:\Windows\system32\DRIVERS\DzHDD64.sys --> C:\Windows\system32\DRIVERS\DzHDD64.sys [?]

R0 TPDIGIMN;TPDIGIMN;C:\Windows\system32\DRIVERS\ApsHM64.sys --> C:\Windows\system32\DRIVERS\ApsHM64.sys [?]

R1 lenovo.smi;Lenovo System Interface Driver;C:\Windows\system32\DRIVERS\smiifx64.sys --> C:\Windows\system32\DRIVERS\smiifx64.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 DozeSvc;Lenovo Doze Mode Service;C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2010-3-8 161128]

R2 HsfXAudioService;HsfXAudioService;C:\Windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992]

R2 LENOVO.CAMMUTE;Lenovo Camera Mute;C:\Program Files\Lenovo\HOTKEY\cammute.exe [2009-12-9 54632]

R2 LENOVO.MICMUTE;Lenovo Microphone Mute;C:\Program Files\Lenovo\HOTKEY\micmute.exe [2009-12-9 44984]

R2 MsDtsServer100;SQL Server Integration Services 10.0;C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe [2011-6-17 210784]

R2 ReportServer;SQL Server Reporting Services (MSSQLSERVER);C:\Program Files\Microsoft SQL Server\MSRS10_50.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2011-6-17 2180960]

R2 rimspci;rimspci;C:\Windows\system32\DRIVERS\rimspe64.sys --> C:\Windows\system32\DRIVERS\rimspe64.sys [?]

R2 smihlp;SMI Helper Driver (smihlp);C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [2009-3-13 13840]

R2 Symantec AntiVirus;Symantec Endpoint Protection;C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe [2009-10-14 2477304]

R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-4-16 2666880]

R2 TPHKSVC;On Screen Display;C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe [2009-12-9 62904]

R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]

R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-3-8 2320920]

R3 5U877;USB Video Device;C:\Windows\system32\DRIVERS\5U877.sys --> C:\Windows\system32\DRIVERS\5U877.sys [?]

R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]

R3 CAXHWAZL;CAXHWAZL;C:\Windows\system32\DRIVERS\CAXHWAZL.sys --> C:\Windows\system32\DRIVERS\CAXHWAZL.sys [?]

R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;C:\Windows\system32\DRIVERS\e1k62x64.sys --> C:\Windows\system32\DRIVERS\e1k62x64.sys [?]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-6-1 138912]

R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]

R3 LenovoRd;LenovoRd;C:\Windows\system32\Drivers\LenovoRd.sys --> C:\Windows\system32\Drivers\LenovoRd.sys [?]

R3 MSSQLFDLauncher;SQL Full-text Filter Daemon Launcher (MSSQLSERVER);C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe [2010-4-3 32096]

R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]

R3 NxDrv;SonicWALL NetExtender Adapter;C:\Windows\system32\DRIVERS\NxDrv.sys --> C:\Windows\system32\DRIVERS\NxDrv.sys [?]

R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

R3 Power Manager DBC Service;Power Manager DBC Service;C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe [2010-3-8 75112]

R3 TVTI2C;Lenovo SM bus driver;C:\Windows\system32\DRIVERS\Tvti2c.sys --> C:\Windows\system32\DRIVERS\Tvti2c.sys [?]

R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-3 160944]

S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-4-1 183560]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-12-27 31124344]

S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-4 113120]

S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]

S3 pmxdrv;pmxdrv;\??\C:\Windows\system32\drivers\pmxdrv.sys --> C:\Windows\system32\drivers\pmxdrv.sys [?]

S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]

S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]

S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]

S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]

S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-9-29 126392]

S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2010-4-3 59744]

S4 RsFx0105;RsFx0105 Driver;C:\Windows\system32\DRIVERS\RsFx0105.sys --> C:\Windows\system32\DRIVERS\RsFx0105.sys [?]

S4 RsFx0151;RsFx0151 Driver;C:\Windows\system32\DRIVERS\RsFx0151.sys --> C:\Windows\system32\DRIVERS\RsFx0151.sys [?]

S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-9-22 431464]

.

=============== Created Last 30 ================

.

2012-07-19 17:54:58 98816 ----a-w- C:\Windows\sed.exe

2012-07-19 17:54:58 518144 ----a-w- C:\Windows\SWREG.exe

2012-07-19 17:54:58 256000 ----a-w- C:\Windows\PEV.exe

2012-07-19 17:54:58 208896 ----a-w- C:\Windows\MBR.exe

2012-07-19 14:02:57 -------- d-----w- C:\Users\dchampagne\AppData\Local\{62F3CF1B-84B0-49B1-84AC-768CFA31C7C0}

2012-07-19 02:02:21 -------- d-----w- C:\Users\dchampagne\AppData\Local\{62BDD537-D2B3-40F8-BA8C-C0F8E99A2DEE}

2012-07-18 13:07:56 -------- d-----w- C:\Users\dchampagne\AppData\Local\{1621A8BC-0E33-4B36-A547-0F11141F0E7D}

2012-07-17 18:30:55 -------- d-----w- C:\Users\dchampagne\AppData\Local\{19B71D2D-1399-49EE-A457-B26954032ECB}

2012-07-17 18:30:42 -------- d-----w- C:\Users\dchampagne\AppData\Local\{9F470903-E905-40FB-99D4-0DCCF1436066}

2012-07-17 16:43:45 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8D37FB42-A874-4C61-AD02-60AF31AB8E6F}\offreg.dll

2012-07-17 16:27:27 -------- d-----w- C:\Windows\en

2012-07-17 16:18:39 69464 ----a-w- C:\Windows\SysWow64\XAPOFX1_3.dll

2012-07-17 16:18:39 515416 ----a-w- C:\Windows\SysWow64\XAudio2_5.dll

2012-07-17 16:18:37 523088 ----a-w- C:\Windows\System32\d3dx10_42.dll

2012-07-17 16:18:37 453456 ----a-w- C:\Windows\SysWow64\d3dx10_42.dll

2012-07-17 16:17:39 3860992 ----a-w- C:\Windows\System32\UIRibbon.dll

2012-07-17 16:17:39 2983424 ----a-w- C:\Windows\SysWow64\UIRibbon.dll

2012-07-17 16:17:39 1164800 ----a-w- C:\Windows\SysWow64\UIRibbonRes.dll

2012-07-17 16:17:39 1164800 ----a-w- C:\Windows\System32\UIRibbonRes.dll

2012-07-17 16:16:48 257024 ----a-w- C:\Windows\System32\mfreadwrite.dll

2012-07-17 16:16:48 206848 ----a-w- C:\Windows\System32\mfps.dll

2012-07-17 16:16:48 196608 ----a-w- C:\Windows\SysWow64\mfreadwrite.dll

2012-07-17 16:16:48 1888256 ----a-w- C:\Windows\System32\WMVDECOD.DLL

2012-07-17 16:16:48 1619456 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL

2012-07-17 16:16:47 4068864 ----a-w- C:\Windows\System32\mf.dll

2012-07-17 16:16:47 3181568 ----a-w- C:\Windows\SysWow64\mf.dll

2012-07-17 16:14:16 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\364ea9351cd64370f\MeshBetaRemover.exe

2012-07-17 15:51:07 8669240 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll

2012-07-17 15:51:00 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8D37FB42-A874-4C61-AD02-60AF31AB8E6F}\mpengine.dll

2012-07-17 15:51:00 279656 ------w- C:\Windows\System32\MpSigStub.exe

2012-07-17 15:50:18 -------- d-----w- C:\ProgramData\GFI Software

2012-07-16 21:10:27 208896 ----a-w- C:\Windows\System32\profsvc.dll

2012-07-16 21:10:09 5505392 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-07-16 21:10:09 3958128 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-07-16 21:10:09 3902320 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-07-16 21:09:58 3144192 ----a-w- C:\Windows\System32\win32k.sys

2012-07-16 21:09:51 204800 ----a-w- C:\Windows\System32\drivers\rdpwd.sys

2012-07-16 21:09:40 3213824 ----a-w- C:\Windows\System32\msi.dll

2012-07-16 21:09:40 2342400 ----a-w- C:\Windows\SysWow64\msi.dll

2012-07-16 21:07:52 182272 ----a-w- C:\Windows\System32\cryptsvc.dll

2012-07-16 21:07:52 1460224 ----a-w- C:\Windows\System32\crypt32.dll

2012-07-16 21:07:52 140288 ----a-w- C:\Windows\System32\cryptnet.dll

2012-07-16 21:07:52 139264 ----a-w- C:\Windows\SysWow64\cryptsvc.dll

2012-07-16 21:07:52 1156608 ----a-w- C:\Windows\SysWow64\crypt32.dll

2012-07-16 21:07:52 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll

2012-07-16 19:50:29 -------- d-----w- C:\Users\dchampagne\AppData\Roaming\Malwarebytes

2012-07-16 19:47:27 -------- d-----w- C:\ProgramData\Malwarebytes

2012-07-16 19:47:26 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-07-16 19:47:26 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-07-16 18:26:51 119416 ------w- C:\Windows\System32\drivers\SbFwIm.sys

2012-07-16 14:24:49 7450888 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\c0b8ae7a1cd635e11\bingbarsetup.exe

2012-07-16 14:24:23 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\b1e067c31cd635e10\DSETUP.dll

2012-07-16 14:24:23 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\b1e067c31cd635e10\DXSETUP.exe

2012-07-16 14:24:23 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\b1e067c31cd635e10\dsetup32.dll

2012-07-16 14:24:20 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\af44761a1cd635e0f\DSETUP.dll

2012-07-16 14:24:20 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\af44761a1cd635e0f\DXSETUP.exe

2012-07-16 14:24:20 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\af44761a1cd635e0f\dsetup32.dll

2012-07-16 14:23:23 -------- d-----w- C:\Users\dchampagne\AppData\Local\Windows Live

2012-07-16 14:23:22 -------- d-----w- C:\Users\dchampagne\AppData\Local\{0B45EDB6-308D-40CF-BAAD-9C813F581E4D}

2012-07-16 14:21:50 15128 ----a-w- C:\Users\dchampagne\AppData\Roaming\Microsoft\IdentityCRL\Production\ppcrlconfig.dll

2012-07-09 13:08:46 2622464 ----a-w- C:\Windows\System32\wucltux.dll

2012-07-09 13:08:10 36864 ----a-w- C:\Windows\System32\wuapp.exe

2012-07-09 13:08:10 186752 ----a-w- C:\Windows\System32\wuwebv.dll

2012-07-06 13:43:55 -------- d-----w- C:\Program Files\iTunes

2012-07-06 13:43:55 -------- d-----w- C:\Program Files\iPod

2012-07-06 13:43:55 -------- d-----w- C:\Program Files (x86)\iTunes

2012-07-03 20:10:21 -------- d-----w- C:\Users\dchampagne\AppData\Local\DDMSettings

2012-07-03 20:03:47 -------- d-----w- C:\Program Files (x86)\Common Files\PX Storage Engine

2012-07-03 20:03:21 -------- d-----w- C:\Program Files\DivX

2012-07-03 20:03:04 -------- d-----w- C:\Program Files (x86)\Common Files\DivX Shared

2012-07-03 20:00:48 -------- d-----w- C:\Program Files (x86)\DivX

2012-07-03 19:58:31 -------- d-----w- C:\ProgramData\DivX

2012-06-26 13:47:35 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll

2012-06-26 13:47:35 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll

2012-06-26 13:47:35 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll

2012-06-26 13:47:35 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll

2012-06-26 13:47:35 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll

2012-06-26 13:47:35 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll

2012-06-26 13:47:35 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll

.

==================== Find3M ====================

.

2012-06-28 15:46:32 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-06-28 15:46:32 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-05-15 03:56:59 1197568 ----a-w- C:\Windows\System32\wininet.dll

2012-05-15 03:08:48 981504 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-05-05 21:58:37 8769696 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe

2012-05-04 15:00:26 476960 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll

2012-05-04 15:00:26 472864 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2012-04-26 15:54:16 172592 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS

2012-04-26 05:34:38 76288 ----a-w- C:\Windows\System32\rdpwsx.dll

2012-04-26 05:34:37 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll

2012-04-26 05:28:32 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe

.

============= FINISH: 14:12:12.71 ===============

[screen317]

Hi,

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

1. Tick the box next to YES, I accept the Terms of Use.
   
2. Click Start
   
3. When asked, allow the ActiveX control to install
   
4. Click Start
   
5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
   
6. Click Scan
   Wait for the scan to finish
   
7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
   
8. Copy and paste that log as a reply to this topic
   

Next, download my Security Check from here or here.

• Save it to your Desktop.
  
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  

Let me know how things are running now and what issues remain.

[mbdchampagne]

I am running the first one now, up to 28%. Then I'll run the next one and report back. I am still getting hijacked when I search in any browser - its not every time, but it's consistent. I'll check again after these are done running, thanks again for your help.

[mbdchampagne]

ok, here is the log from ESET:

C:\Program Files (x86)\YouTube Downloader Toolbar\IE\5.6\youtubedownloaderToolbarIE.dll a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined

C:\Users\dchampagne\Downloads\cnet2_cuteftp_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined

and here is the Checkup log:

Results of screen317's Security Check version 0.99.43

Windows 7 x64 (UAC is disabled!)

Out of date service pack!!

Internet Explorer 8 Out of date!

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

Symantec Endpoint Protection

WMI entry may not exist for antivirus; attempting automatic update.

`````````Anti-malware/Other Utilities Check:`````````

Spybot - Search & Destroy

Malwarebytes Anti-Malware version 1.62.0.1300

Java 6 Update 32

Java version out of Date!

Adobe Reader 9 Adobe Reader out of Date!

Mozilla Firefox 13.0.1 Firefox out of Date!

Google Chrome 20.0.1132.47

Google Chrome 20.0.1132.57

Google Chrome plugins...

````````Process Check: objlist.exe by Laurent````````

Norton ccSvcHst.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 1%

````````````````````End of Log``````````````````````

still having the same issue.

thanks!

[screen317]

Hi,

Where are you getting redirected to? Does it occur in all browsers?

[mbdchampagne]

yes, all browsers, and it takes me to various pages. usually loosely related to my search. for example, a search for bahamas will redirect to a travel site. a search for ipad accessories takes me to a "you won an ipad" page.

[screen317]

Okay thank you for the update.

• Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
  
• Execute the file TDSSKiller.exe by double-clicking on it.
  
• Wait for the scan and disinfection process to be over.
  
• When its work is over, the utility prompts for a reboot to complete the disinfection.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).

The log is like UtilityName.Version_Date_Time_log.txt.

for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) ( 511KB ) to your desktop. Double click the aswMBR.exe to run it

• Click the "Scan" button to start scan.
  
• Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time)
  
• Please post the contents of that log in your next reply.
  

There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

[mbdchampagne]

TDS log:

18:26:43.0363 7240 TDSS rootkit removing tool 2.7.46.0 Jul 16 2012 22:10:11

18:26:44.0996 7240 ============================================================

18:26:44.0997 7240 Current date / time: 2012/07/19 18:26:44.0996

18:26:44.0997 7240 SystemInfo:

18:26:44.0997 7240

18:26:44.0997 7240 OS Version: 6.1.7600 ServicePack: 0.0

18:26:44.0997 7240 Product type: Workstation

18:26:44.0997 7240 ComputerName: DCHAMPAGNE

18:26:44.0997 7240 UserName: dchampagne

18:26:44.0997 7240 Windows directory: C:\Windows

18:26:44.0997 7240 System windows directory: C:\Windows

18:26:44.0997 7240 Running under WOW64

18:26:44.0997 7240 Processor architecture: Intel x64

18:26:44.0997 7240 Number of processors: 4

18:26:44.0997 7240 Page size: 0x1000

18:26:44.0997 7240 Boot type: Normal boot

18:26:44.0997 7240 ============================================================

18:26:45.0938 7240 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xFC59, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040

18:26:45.0943 7240 ============================================================

18:26:45.0943 7240 \Device\Harddisk0\DR0:

18:26:45.0943 7240 MBR partitions:

18:26:45.0943 7240 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x258000

18:26:45.0943 7240 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x258800, BlocksNum 0x38DA4FF8

18:26:45.0943 7240 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x38FFD800, BlocksNum 0x1388000

18:26:45.0943 7240 ============================================================

18:26:45.0971 7240 C: <-> \Device\Harddisk0\DR0\Partition1

18:26:46.0021 7240 Q: <-> \Device\Harddisk0\DR0\Partition2

18:26:46.0021 7240 ============================================================

18:26:46.0021 7240 Initialize success

18:26:46.0021 7240 ============================================================

18:26:52.0913 5404 ============================================================

18:26:52.0913 5404 Scan started

18:26:52.0913 5404 Mode: Manual;

18:26:52.0913 5404 ============================================================

18:26:53.0815 5404 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys

18:26:53.0820 5404 1394ohci - ok

18:26:53.0857 5404 5U877 (df986d28a45acf98a51faccdd39d8d9f) C:\Windows\system32\DRIVERS\5U877.sys

18:26:53.0860 5404 5U877 - ok

18:26:53.0894 5404 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys

18:26:53.0899 5404 ACPI - ok

18:26:53.0914 5404 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys

18:26:53.0926 5404 AcpiPmi - ok

18:26:53.0979 5404 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

18:26:53.0999 5404 adp94xx - ok

18:26:54.0025 5404 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

18:26:54.0043 5404 adpahci - ok

18:26:54.0057 5404 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

18:26:54.0066 5404 adpu320 - ok

18:26:54.0099 5404 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll

18:26:54.0100 5404 AeLookupSvc - ok

18:26:54.0144 5404 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys

18:26:54.0148 5404 AFD - ok

18:26:54.0170 5404 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys

18:26:54.0180 5404 agp440 - ok

18:26:54.0196 5404 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe

18:26:54.0203 5404 ALG - ok

18:26:54.0215 5404 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys

18:26:54.0221 5404 aliide - ok

18:26:54.0225 5404 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys

18:26:54.0233 5404 amdide - ok

18:26:54.0238 5404 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

18:26:54.0245 5404 AmdK8 - ok

18:26:54.0250 5404 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

18:26:54.0257 5404 AmdPPM - ok

18:26:54.0275 5404 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys

18:26:54.0282 5404 amdsata - ok

18:26:54.0294 5404 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

18:26:54.0302 5404 amdsbs - ok

18:26:54.0318 5404 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys

18:26:54.0319 5404 amdxata - ok

18:26:54.0334 5404 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys

18:26:54.0340 5404 AppID - ok

18:26:54.0354 5404 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll

18:26:54.0360 5404 AppIDSvc - ok

18:26:54.0374 5404 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll

18:26:54.0381 5404 Appinfo - ok

18:26:54.0518 5404 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

18:26:54.0519 5404 Apple Mobile Device - ok

18:26:54.0542 5404 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll

18:26:54.0551 5404 AppMgmt - ok

18:26:54.0585 5404 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

18:26:54.0592 5404 arc - ok

18:26:54.0602 5404 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

18:26:54.0611 5404 arcsas - ok

18:26:54.0679 5404 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe

18:26:54.0701 5404 aspnet_state - ok

18:26:54.0722 5404 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

18:26:54.0723 5404 AsyncMac - ok

18:26:54.0738 5404 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys

18:26:54.0745 5404 atapi - ok

18:26:54.0794 5404 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll

18:26:54.0829 5404 AudioEndpointBuilder - ok

18:26:54.0835 5404 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll

18:26:54.0838 5404 AudioSrv - ok

18:26:54.0868 5404 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll

18:26:54.0876 5404 AxInstSV - ok

18:26:54.0934 5404 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

18:26:54.0947 5404 b06bdrv - ok

18:26:54.0971 5404 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

18:26:54.0981 5404 b57nd60a - ok

18:26:55.0090 5404 BBSvc (0d1ea7509f394d8b705b239ee71f5118) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE

18:26:55.0117 5404 BBSvc - ok

18:26:55.0134 5404 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll

18:26:55.0141 5404 BDESVC - ok

18:26:55.0170 5404 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

18:26:55.0171 5404 Beep - ok

18:26:55.0240 5404 BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll

18:26:55.0255 5404 BFE - ok

18:26:55.0307 5404 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\system32\qmgr.dll

18:26:55.0322 5404 BITS - ok

18:26:55.0374 5404 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

18:26:55.0375 5404 blbdrive - ok

18:26:55.0470 5404 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe

18:26:55.0472 5404 Bonjour Service - ok

18:26:55.0485 5404 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys

18:26:55.0485 5404 bowser - ok

18:26:55.0497 5404 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

18:26:55.0502 5404 BrFiltLo - ok

18:26:55.0507 5404 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

18:26:55.0512 5404 BrFiltUp - ok

18:26:55.0536 5404 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys

18:26:55.0542 5404 BridgeMP - ok

18:26:55.0571 5404 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll

18:26:55.0580 5404 Browser - ok

18:26:55.0611 5404 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

18:26:55.0623 5404 Brserid - ok

18:26:55.0630 5404 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

18:26:55.0637 5404 BrSerWdm - ok

18:26:55.0641 5404 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

18:26:55.0646 5404 BrUsbMdm - ok

18:26:55.0650 5404 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

18:26:55.0656 5404 BrUsbSer - ok

18:26:55.0673 5404 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\DRIVERS\BthEnum.sys

18:26:55.0674 5404 BthEnum - ok

18:26:55.0679 5404 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

18:26:55.0686 5404 BTHMODEM - ok

18:26:55.0701 5404 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys

18:26:55.0702 5404 BthPan - ok

18:26:55.0746 5404 BTHPORT (a51fa9d0e85d5adabef72e67f386309c) C:\Windows\system32\Drivers\BTHport.sys

18:26:55.0752 5404 BTHPORT - ok

18:26:55.0775 5404 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll

18:26:55.0781 5404 bthserv - ok

18:26:55.0792 5404 BTHUSB (f740b9a16b2c06700f2130e19986bf3b) C:\Windows\system32\Drivers\BTHUSB.sys

18:26:55.0793 5404 BTHUSB - ok

18:26:55.0841 5404 btwaudio (6bcfdc2b5b7f66d484486d4bd4b39a6b) C:\Windows\system32\drivers\btwaudio.sys

18:26:55.0842 5404 btwaudio - ok

18:26:55.0872 5404 btwavdt (82dc8b7c626e526681c1bebed2bc3ff9) C:\Windows\system32\DRIVERS\btwavdt.sys

18:26:55.0874 5404 btwavdt - ok

18:26:55.0990 5404 btwdins (c73eb036bfc5a27b9cb87b29f7ed88c3) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe

18:26:55.0994 5404 btwdins - ok

18:26:56.0005 5404 btwl2cap (6149301dc3f81d6f9667a3fbac410975) C:\Windows\system32\DRIVERS\btwl2cap.sys

18:26:56.0006 5404 btwl2cap - ok

18:26:56.0028 5404 btwrchid (28e105ad3b79f440bf94780f507bf66a) C:\Windows\system32\DRIVERS\btwrchid.sys

18:26:56.0028 5404 btwrchid - ok

18:26:56.0074 5404 catchme - ok

18:26:56.0123 5404 CAXHWAZL (48360b88c4bf45850653bb7c86888ed4) C:\Windows\system32\DRIVERS\CAXHWAZL.sys

18:26:56.0126 5404 CAXHWAZL - ok

18:26:56.0217 5404 ccEvtMgr (27d036fb3d22ca8a6662fe960d1a937d) C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe

18:26:56.0218 5404 ccEvtMgr - ok

18:26:56.0221 5404 ccSetMgr (27d036fb3d22ca8a6662fe960d1a937d) C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe

18:26:56.0222 5404 ccSetMgr - ok

18:26:56.0268 5404 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

18:26:56.0274 5404 cdfs - ok

18:26:56.0308 5404 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys

18:26:56.0310 5404 cdrom - ok

18:26:56.0337 5404 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll

18:26:56.0345 5404 CertPropSvc - ok

18:26:56.0362 5404 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

18:26:56.0369 5404 circlass - ok

18:26:56.0398 5404 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

18:26:56.0400 5404 CLFS - ok

18:26:56.0471 5404 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

18:26:56.0472 5404 clr_optimization_v2.0.50727_32 - ok

18:26:56.0506 5404 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

18:26:56.0513 5404 clr_optimization_v2.0.50727_64 - ok

18:26:56.0572 5404 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

18:26:56.0584 5404 clr_optimization_v4.0.30319_32 - ok

18:26:56.0597 5404 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

18:26:56.0606 5404 clr_optimization_v4.0.30319_64 - ok

18:26:56.0632 5404 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

18:26:56.0633 5404 CmBatt - ok

18:26:56.0648 5404 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys

18:26:56.0654 5404 cmdide - ok

18:26:56.0687 5404 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys

18:26:56.0690 5404 CNG - ok

18:26:56.0744 5404 CnxtHdAudService (3711b277ad222137d9883e511dc19156) C:\Windows\system32\drivers\CHDRT64.sys

18:26:56.0751 5404 CnxtHdAudService - ok

18:26:56.0775 5404 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

18:26:56.0775 5404 Compbatt - ok

18:26:56.0802 5404 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys

18:26:56.0803 5404 CompositeBus - ok

18:26:56.0816 5404 COMSysApp - ok

18:26:56.0834 5404 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

18:26:56.0840 5404 crcdisk - ok

18:26:56.0892 5404 CryptSvc (f02786b66375292e58c8777082d4396d) C:\Windows\system32\cryptsvc.dll

18:26:56.0900 5404 CryptSvc - ok

18:26:56.0965 5404 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys

18:26:56.0968 5404 CSC - ok

18:26:57.0019 5404 CscService (873fbf927c06e5cee04dec617502f8fd) C:\Windows\System32\cscsvc.dll

18:26:57.0023 5404 CscService - ok

18:26:57.0063 5404 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll

18:26:57.0068 5404 DcomLaunch - ok

18:26:57.0090 5404 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll

18:26:57.0097 5404 defragsvc - ok

18:26:57.0144 5404 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys

18:26:57.0145 5404 DfsC - ok

18:26:57.0177 5404 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll

18:26:57.0187 5404 Dhcp - ok

18:26:57.0203 5404 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

18:26:57.0203 5404 discache - ok

18:26:57.0232 5404 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

18:26:57.0233 5404 Disk - ok

18:26:57.0270 5404 Dnscache (676108c4e3aa6f6b34633748bd0bebd9) C:\Windows\System32\dnsrslvr.dll

18:26:57.0280 5404 Dnscache - ok

18:26:57.0301 5404 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll

18:26:57.0308 5404 dot3svc - ok

18:26:57.0388 5404 DozeSvc (7d353f3087433a4638a7908d6228cdcf) C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE

18:26:57.0389 5404 DozeSvc - ok

18:26:57.0409 5404 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll

18:26:57.0410 5404 DPS - ok

18:26:57.0440 5404 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

18:26:57.0446 5404 drmkaud - ok

18:26:57.0515 5404 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys

18:26:57.0524 5404 DXGKrnl - ok

18:26:57.0555 5404 DzHDD64 (5bdef3faa1bfd9c9c5d3dc972049f0fa) C:\Windows\system32\DRIVERS\DzHDD64.sys

18:26:57.0556 5404 DzHDD64 - ok

18:26:57.0599 5404 e1kexpress (d9c7679dd570a83872b47549351e6b18) C:\Windows\system32\DRIVERS\e1k62x64.sys

18:26:57.0602 5404 e1kexpress - ok

18:26:57.0646 5404 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll

18:26:57.0652 5404 EapHost - ok

18:26:57.0809 5404 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

18:26:57.0846 5404 ebdrv - ok

18:26:57.0965 5404 eeCtrl (ba6420c1f7070ed8f1ba372844f3e1ec) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys

18:26:57.0979 5404 eeCtrl - ok

18:26:58.0058 5404 EFS (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\System32\lsass.exe

18:26:58.0059 5404 EFS - ok

18:26:58.0144 5404 ehRecvr (b91d81b3b54a54ccafc03733dbc2e29e) C:\Windows\ehome\ehRecvr.exe

18:26:58.0172 5404 ehRecvr - ok

18:26:58.0184 5404 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe

18:26:58.0192 5404 ehSched - ok

18:26:58.0262 5404 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

18:26:58.0277 5404 elxstor - ok

18:26:58.0407 5404 EraserUtilRebootDrv (1343df3451bc0c442dc69837c6fba21b) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

18:26:58.0419 5404 EraserUtilRebootDrv - ok

18:26:58.0426 5404 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys

18:26:58.0431 5404 ErrDev - ok

18:26:58.0476 5404 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll

18:26:58.0479 5404 EventSystem - ok

18:26:58.0639 5404 EvtEng (51643ee2712d9212e1e53ca7e8d8eb4a) C:\Program Files\Intel\WiFi\bin\EvtEng.exe

18:26:58.0646 5404 EvtEng - ok

18:26:58.0772 5404 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

18:26:58.0778 5404 exfat - ok

18:26:58.0804 5404 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

18:26:58.0805 5404 fastfat - ok

18:26:58.0858 5404 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe

18:26:58.0871 5404 Fax - ok

18:26:58.0889 5404 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

18:26:58.0896 5404 fdc - ok

18:26:58.0912 5404 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll

18:26:58.0918 5404 fdPHost - ok

18:26:58.0943 5404 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll

18:26:58.0950 5404 FDResPub - ok

18:26:58.0967 5404 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

18:26:58.0968 5404 FileInfo - ok

18:26:59.0039 5404 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

18:26:59.0046 5404 Filetrace - ok

18:26:59.0154 5404 FLEXnet Licensing Service (f76d04f7413b07daa029f6520b64b4e8) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

18:26:59.0173 5404 FLEXnet Licensing Service - ok

18:26:59.0178 5404 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

18:26:59.0185 5404 flpydisk - ok

18:26:59.0226 5404 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys

18:26:59.0227 5404 FltMgr - ok

18:26:59.0287 5404 FontCache (8ac4cb4ea61e41009fae9ae7b2b5da3a) C:\Windows\system32\FntCache.dll

18:26:59.0319 5404 FontCache - ok

18:26:59.0373 5404 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

18:26:59.0374 5404 FontCache3.0.0.0 - ok

18:26:59.0403 5404 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

18:26:59.0409 5404 FsDepends - ok

18:26:59.0460 5404 Fs_Rec (d3e3f93d67821a2db2b3d9fac2dc2064) C:\Windows\system32\drivers\Fs_Rec.sys

18:26:59.0461 5404 Fs_Rec - ok

18:26:59.0489 5404 fvevol (b8b2a6e1558f8f5de5ce431c5b2c7b09) C:\Windows\system32\DRIVERS\fvevol.sys

18:26:59.0491 5404 fvevol - ok

18:26:59.0523 5404 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

18:26:59.0530 5404 gagp30kx - ok

18:26:59.0573 5404 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

18:26:59.0574 5404 GEARAspiWDM - ok

18:26:59.0633 5404 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll

18:26:59.0638 5404 gpsvc - ok

18:26:59.0664 5404 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

18:26:59.0670 5404 hcw85cir - ok

18:26:59.0715 5404 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys

18:26:59.0725 5404 HdAudAddService - ok

18:26:59.0758 5404 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys

18:26:59.0759 5404 HDAudBus - ok

18:26:59.0792 5404 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys

18:26:59.0793 5404 HECIx64 - ok

18:26:59.0797 5404 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

18:26:59.0804 5404 HidBatt - ok

18:26:59.0822 5404 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

18:26:59.0829 5404 HidBth - ok

18:26:59.0842 5404 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

18:26:59.0848 5404 HidIr - ok

18:26:59.0865 5404 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll

18:26:59.0871 5404 hidserv - ok

18:26:59.0888 5404 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys

18:26:59.0889 5404 HidUsb - ok

18:26:59.0914 5404 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll

18:26:59.0920 5404 hkmsvc - ok

18:26:59.0935 5404 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll

18:26:59.0942 5404 HomeGroupListener - ok

18:26:59.0965 5404 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll

18:26:59.0976 5404 HomeGroupProvider - ok

18:26:59.0985 5404 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys

18:26:59.0996 5404 HpSAMD - ok

18:27:00.0122 5404 HsfXAudioService (447256d1c026654c5cd3cc17e7b20631) C:\Windows\SysWOW64\XAudio64.dll

18:27:00.0134 5404 HsfXAudioService - ok

18:27:00.0214 5404 HSF_DPV (f6ac1087a131fbb385400667bea64fbe) C:\Windows\system32\DRIVERS\CAX_DPV.sys

18:27:00.0226 5404 HSF_DPV - ok

18:27:00.0365 5404 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys

18:27:00.0369 5404 HTTP - ok

18:27:00.0392 5404 hwdatacard - ok

18:27:00.0409 5404 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys

18:27:00.0410 5404 hwpolicy - ok

18:27:00.0457 5404 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys

18:27:00.0458 5404 i8042prt - ok

18:27:00.0513 5404 iaStor (073a606333b6f7bbf20aa856df7f0997) C:\Windows\system32\DRIVERS\iaStor.sys

18:27:00.0516 5404 iaStor - ok

18:27:00.0559 5404 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys

18:27:00.0570 5404 iaStorV - ok

18:27:00.0585 5404 IBMPMDRV (3761fab385f1c2f51b2fad48cfabbe9d) C:\Windows\system32\DRIVERS\ibmpmdrv.sys

18:27:00.0586 5404 IBMPMDRV - ok

18:27:00.0594 5404 IBMPMSVC (fc22310f3862e2c7c8722ef4778d5cc3) C:\Windows\system32\ibmpmsvc.exe

18:27:00.0595 5404 IBMPMSVC - ok

18:27:00.0700 5404 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

18:27:00.0725 5404 idsvc - ok

18:27:01.0287 5404 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys

18:27:01.0377 5404 igfx - ok

18:27:01.0496 5404 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

18:27:01.0509 5404 iirsp - ok

18:27:01.0577 5404 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll

18:27:01.0605 5404 IKEEXT - ok

18:27:01.0647 5404 Impcd (36fdf367a1dabff903e2214023d71368) C:\Windows\system32\DRIVERS\Impcd.sys

18:27:01.0650 5404 Impcd - ok

18:27:01.0672 5404 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys

18:27:01.0683 5404 intelide - ok

18:27:01.0707 5404 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

18:27:01.0709 5404 intelppm - ok

18:27:01.0725 5404 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll

18:27:01.0735 5404 IPBusEnum - ok

18:27:01.0746 5404 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys

18:27:01.0756 5404 IpFilterDriver - ok

18:27:01.0802 5404 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll

18:27:01.0813 5404 iphlpsvc - ok

18:27:01.0829 5404 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys

18:27:01.0836 5404 IPMIDRV - ok

18:27:01.0845 5404 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

18:27:01.0851 5404 IPNAT - ok

18:27:01.0984 5404 iPod Service (a9ab99ee7d39725eafec82732d2b3271) C:\Program Files\iPod\bin\iPodService.exe

18:27:01.0988 5404 iPod Service - ok

18:27:02.0006 5404 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

18:27:02.0014 5404 IRENUM - ok

18:27:02.0030 5404 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys

18:27:02.0037 5404 isapnp - ok

18:27:02.0059 5404 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys

18:27:02.0070 5404 iScsiPrt - ok

18:27:02.0156 5404 IviRegMgr (213822072085b5bbad9af30ab577d817) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe

18:27:02.0157 5404 IviRegMgr - ok

18:27:02.0177 5404 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

18:27:02.0178 5404 kbdclass - ok

18:27:02.0198 5404 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys

18:27:02.0200 5404 kbdhid - ok

18:27:02.0216 5404 KeyIso (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe

18:27:02.0217 5404 KeyIso - ok

18:27:02.0235 5404 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys

18:27:02.0236 5404 KSecDD - ok

18:27:02.0255 5404 KSecPkg (bbe1bf6d9b661c354d4857d5fadb943b) C:\Windows\system32\Drivers\ksecpkg.sys

18:27:02.0256 5404 KSecPkg - ok

18:27:02.0267 5404 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

18:27:02.0268 5404 ksthunk - ok

18:27:02.0308 5404 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll

18:27:02.0317 5404 KtmRm - ok

18:27:02.0351 5404 LanmanServer (c926920b8978de6acfe9e15c709e9b57) C:\Windows\System32\srvsvc.dll

18:27:02.0362 5404 LanmanServer - ok

18:27:02.0397 5404 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll

18:27:02.0405 5404 LanmanWorkstation - ok

18:27:02.0500 5404 LENOVO.CAMMUTE (a4aefd644cade44f99ceafa49004426c) C:\Program Files\LENOVO\HOTKEY\CAMMUTE.exe

18:27:02.0500 5404 LENOVO.CAMMUTE - ok

18:27:02.0522 5404 LENOVO.MICMUTE (e9953eeed1653d1cb9ec5c54ff8057db) C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe

18:27:02.0523 5404 LENOVO.MICMUTE - ok

18:27:02.0546 5404 lenovo.smi (5acff5823634bc2c4ebf559c3b33e18e) C:\Windows\system32\DRIVERS\smiifx64.sys

18:27:02.0547 5404 lenovo.smi - ok

18:27:02.0584 5404 LenovoRd (606da892a53fa863b67f8d3f8ff016a0) C:\Windows\system32\Drivers\LenovoRd.sys

18:27:02.0586 5404 LenovoRd - ok

18:27:02.0785 5404 LiveUpdate (e34152d03caaaaa81dd66d803f392522) C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE

18:27:02.0802 5404 LiveUpdate - ok

18:27:02.0905 5404 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

18:27:02.0906 5404 lltdio - ok

18:27:02.0937 5404 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll

18:27:02.0945 5404 lltdsvc - ok

18:27:02.0974 5404 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll

18:27:02.0982 5404 lmhosts - ok

18:27:03.0064 5404 LMS (1c05c59d588a94867671fd07b7062caf) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

18:27:03.0065 5404 LMS - ok

18:27:03.0097 5404 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

18:27:03.0104 5404 LSI_FC - ok

18:27:03.0112 5404 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

18:27:03.0119 5404 LSI_SAS - ok

18:27:03.0125 5404 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

18:27:03.0132 5404 LSI_SAS2 - ok

18:27:03.0141 5404 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

18:27:03.0148 5404 LSI_SCSI - ok

18:27:03.0179 5404 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

18:27:03.0180 5404 luafv - ok

18:27:03.0233 5404 Macromedia Licensing Service (04d3a71875699098af856ee5f9f72ac3) C:\Program Files (x86)\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe

18:27:03.0242 5404 Macromedia Licensing Service - ok

18:27:03.0261 5404 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll

18:27:03.0267 5404 Mcx2Svc - ok

18:27:03.0308 5404 mdmxsdk (e4f44ec214b3e381e1fc844a02926666) C:\Windows\system32\DRIVERS\mdmxsdk.sys

18:27:03.0308 5404 mdmxsdk - ok

18:27:03.0313 5404 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

18:27:03.0321 5404 megasas - ok

18:27:03.0358 5404 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

18:27:03.0370 5404 MegaSR - ok

18:27:03.0431 5404 Microsoft SharePoint Workspace Audit Service - ok

18:27:03.0459 5404 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

18:27:03.0460 5404 MMCSS - ok

18:27:03.0470 5404 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

18:27:03.0470 5404 Modem - ok

18:27:03.0498 5404 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

18:27:03.0499 5404 monitor - ok

18:27:03.0512 5404 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

18:27:03.0513 5404 mouclass - ok

18:27:03.0521 5404 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

18:27:03.0523 5404 mouhid - ok

18:27:03.0535 5404 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys

18:27:03.0535 5404 mountmgr - ok

18:27:03.0602 5404 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

18:27:03.0627 5404 MozillaMaintenance - ok

18:27:03.0648 5404 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys

18:27:03.0658 5404 mpio - ok

18:27:03.0679 5404 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

18:27:03.0679 5404 mpsdrv - ok

18:27:03.0743 5404 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll

18:27:03.0750 5404 MpsSvc - ok

18:27:03.0765 5404 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys

18:27:03.0771 5404 MRxDAV - ok

18:27:03.0791 5404 mrxsmb (cfdcd8ca87c2a657debc150ac35b5e08) C:\Windows\system32\DRIVERS\mrxsmb.sys

18:27:03.0792 5404 mrxsmb - ok

18:27:03.0814 5404 mrxsmb10 (1bee517b220b7f024f411aec1571dd5a) C:\Windows\system32\DRIVERS\mrxsmb10.sys

18:27:03.0816 5404 mrxsmb10 - ok

18:27:03.0832 5404 mrxsmb20 (6b2d5fef385828b6e485c1c90afb8195) C:\Windows\system32\DRIVERS\mrxsmb20.sys

18:27:03.0833 5404 mrxsmb20 - ok

18:27:03.0862 5404 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys

18:27:03.0870 5404 msahci - ok

18:27:03.0880 5404 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys

18:27:03.0889 5404 msdsm - ok

18:27:03.0906 5404 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe

18:27:03.0913 5404 MSDTC - ok

18:27:04.0116 5404 MsDtsServer100 (f7a0ba64036ea2b3dfb569e4dc9986e7) C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe

18:27:04.0117 5404 MsDtsServer100 - ok

18:27:04.0132 5404 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

18:27:04.0132 5404 Msfs - ok

18:27:04.0151 5404 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

18:27:04.0158 5404 mshidkmdf - ok

18:27:04.0166 5404 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys

18:27:04.0167 5404 msisadrv - ok

18:27:04.0207 5404 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll

18:27:04.0214 5404 MSiSCSI - ok

18:27:04.0218 5404 msiserver - ok

18:27:04.0237 5404 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

18:27:04.0242 5404 MSKSSRV - ok

18:27:04.0251 5404 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

18:27:04.0252 5404 MSPCLOCK - ok

18:27:04.0269 5404 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

18:27:04.0270 5404 MSPQM - ok

18:27:04.0302 5404 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys

18:27:04.0304 5404 MsRPC - ok

18:27:04.0332 5404 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys

18:27:04.0333 5404 mssmbios - ok

18:27:04.0381 5404 MSSQL$SQLEXPRESS - ok

18:27:04.0463 5404 MSSQLFDLauncher (aa511eb28672011a1d832f73e302f0a0) C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe

18:27:04.0464 5404 MSSQLFDLauncher - ok

18:27:04.0472 5404 MSSQLSERVER - ok

18:27:04.0526 5404 MSSQLServerADHelper100 (04ef36eaf5c4dbce424d81b76f1e9231) c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE

18:27:04.0540 5404 MSSQLServerADHelper100 - ok

18:27:04.0615 5404 MSSQLServerOLAPService - ok

18:27:04.0661 5404 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

18:27:04.0672 5404 MSTEE - ok

18:27:04.0677 5404 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

18:27:04.0688 5404 MTConfig - ok

18:27:04.0718 5404 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

18:27:04.0719 5404 Mup - ok

18:27:04.0770 5404 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll

18:27:04.0777 5404 napagent - ok

18:27:04.0829 5404 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

18:27:04.0832 5404 NativeWifiP - ok

18:27:05.0059 5404 NAVENG (8043d41f881d6ace40b854ad6e32217f) C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20120719.006\ENG64.SYS

18:27:05.0060 5404 NAVENG - ok

18:27:05.0174 5404 NAVEX15 (9a9ab2fc45d701daed465d14980f1305) C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20120719.006\EX64.SYS

18:27:05.0194 5404 NAVEX15 - ok

18:27:05.0356 5404 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys

18:27:05.0363 5404 NDIS - ok

18:27:05.0384 5404 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

18:27:05.0391 5404 NdisCap - ok

18:27:05.0407 5404 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

18:27:05.0408 5404 NdisTapi - ok

18:27:05.0425 5404 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys

18:27:05.0426 5404 Ndisuio - ok

18:27:05.0443 5404 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys

18:27:05.0444 5404 NdisWan - ok

18:27:05.0459 5404 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys

18:27:05.0459 5404 NDProxy - ok

18:27:05.0486 5404 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

18:27:05.0487 5404 NetBIOS - ok

18:27:05.0512 5404 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys

18:27:05.0514 5404 NetBT - ok

18:27:05.0533 5404 Netlogon (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe

18:27:05.0535 5404 Netlogon - ok

18:27:05.0586 5404 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll

18:27:05.0604 5404 Netman - ok

18:27:05.0680 5404 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

18:27:05.0694 5404 NetMsmqActivator - ok

18:27:05.0699 5404 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

18:27:05.0700 5404 NetPipeActivator - ok

18:27:05.0732 5404 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll

18:27:05.0737 5404 netprofm - ok

18:27:05.0742 5404 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

18:27:05.0744 5404 NetTcpActivator - ok

18:27:05.0748 5404 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

18:27:05.0750 5404 NetTcpPortSharing - ok

18:27:06.0213 5404 NETw5s64 (4d85a450edef10c38882182753a49aae) C:\Windows\system32\DRIVERS\NETw5s64.sys

18:27:06.0299 5404 NETw5s64 - ok

18:27:06.0755 5404 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys

18:27:06.0837 5404 netw5v64 - ok

18:27:06.0972 5404 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

18:27:06.0986 5404 nfrd960 - ok

18:27:07.0035 5404 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll

18:27:07.0040 5404 NlaSvc - ok

18:27:07.0053 5404 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

18:27:07.0054 5404 Npfs - ok

18:27:07.0066 5404 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll

18:27:07.0077 5404 nsi - ok

18:27:07.0090 5404 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

18:27:07.0091 5404 nsiproxy - ok

18:27:07.0211 5404 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys

18:27:07.0231 5404 Ntfs - ok

18:27:07.0348 5404 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

18:27:07.0349 5404 Null - ok

18:27:07.0392 5404 NVHDA (181e7fe39211e04128a30708906627d8) C:\Windows\system32\drivers\nvhda64v.sys

18:27:07.0394 5404 NVHDA - ok

18:27:08.0098 5404 nvlddmkm (04625e1d4821e66c2beab2c7e64ae416) C:\Windows\system32\DRIVERS\nvlddmkm.sys

18:27:08.0316 5404 nvlddmkm - ok

18:27:08.0455 5404 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys

18:27:08.0472 5404 nvraid - ok

18:27:08.0487 5404 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys

18:27:08.0502 5404 nvstor - ok

18:27:08.0559 5404 nvsvc (86f74594f4994ec42cc55712a4713835) C:\Windows\system32\nvvsvc.exe

18:27:08.0565 5404 nvsvc - ok

18:27:08.0577 5404 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys

18:27:08.0591 5404 nv_agp - ok

18:27:08.0614 5404 NxDrv (81ea44152271ec2bb2a0251987d5d13c) C:\Windows\system32\DRIVERS\NxDrv.sys

18:27:08.0615 5404 NxDrv - ok

18:27:08.0637 5404 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys

18:27:08.0647 5404 ohci1394 - ok

18:27:08.0736 5404 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

18:27:08.0789 5404 ose - ok

18:27:09.0203 5404 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

18:27:09.0244 5404 osppsvc - ok

18:27:09.0355 5404 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

18:27:09.0369 5404 p2pimsvc - ok

18:27:09.0418 5404 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll

18:27:09.0432 5404 p2psvc - ok

18:27:09.0477 5404 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

18:27:09.0490 5404 Parport - ok

18:27:09.0514 5404 partmgr (90061b1acfe8ccaa5345750ffe08d8b8) C:\Windows\system32\drivers\partmgr.sys

18:27:09.0515 5404 partmgr - ok

18:27:09.0535 5404 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll

18:27:09.0549 5404 PcaSvc - ok

18:27:09.0571 5404 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys

18:27:09.0574 5404 pci - ok

18:27:09.0594 5404 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys

18:27:09.0604 5404 pciide - ok

18:27:09.0627 5404 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

18:27:09.0642 5404 pcmcia - ok

18:27:09.0664 5404 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

18:27:09.0664 5404 pcw - ok

18:27:09.0721 5404 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

18:27:09.0728 5404 PEAUTH - ok

18:27:09.0831 5404 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll

18:27:09.0863 5404 PeerDistSvc - ok

18:27:09.0976 5404 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe

18:27:09.0996 5404 PerfHost - ok

18:27:10.0141 5404 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll

18:27:10.0171 5404 pla - ok

18:27:10.0212 5404 PlugPlay (23157d583244400e1d7fbaee2e4b31b7) C:\Windows\system32\umpnpmgr.dll

18:27:10.0233 5404 PlugPlay - ok

18:27:10.0287 5404 pmxdrv (34bfc6ed31b4e8be940c884b8ac7d9df) C:\Windows\system32\drivers\pmxdrv.sys

18:27:10.0303 5404 pmxdrv - ok

18:27:10.0322 5404 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll

18:27:10.0333 5404 PNRPAutoReg - ok

18:27:10.0361 5404 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

18:27:10.0365 5404 PNRPsvc - ok

18:27:10.0418 5404 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll

18:27:10.0439 5404 PolicyAgent - ok

18:27:10.0459 5404 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll

18:27:10.0474 5404 Power - ok

18:27:10.0565 5404 Power Manager DBC Service (0b6590c8e9b12cd7edc7bb7311efbb30) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE

18:27:10.0567 5404 Power Manager DBC Service - ok

18:27:10.0603 5404 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys

18:27:10.0604 5404 PptpMiniport - ok

18:27:10.0624 5404 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

18:27:10.0636 5404 Processor - ok

18:27:10.0685 5404 ProfSvc (97293447431311c06703368ad0f6c4be) C:\Windows\system32\profsvc.dll

18:27:10.0703 5404 ProfSvc - ok

18:27:10.0725 5404 ProtectedStorage (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe

18:27:10.0726 5404 ProtectedStorage - ok

18:27:10.0759 5404 psadd (515a7c5a0886fcc60901916785efd549) C:\Windows\system32\DRIVERS\psadd.sys

18:27:10.0761 5404 psadd - ok

18:27:10.0803 5404 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys

18:27:10.0804 5404 Psched - ok

18:27:11.0132 5404 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

18:27:11.0167 5404 ql2300 - ok

18:27:11.0273 5404 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

18:27:11.0285 5404 ql40xx - ok

18:27:11.0330 5404 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll

18:27:11.0342 5404 QWAVE - ok

18:27:11.0363 5404 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

18:27:11.0372 5404 QWAVEdrv - ok

18:27:11.0377 5404 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

18:27:11.0389 5404 RasAcd - ok

18:27:11.0420 5404 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

18:27:11.0421 5404 RasAgileVpn - ok

18:27:11.0441 5404 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll

18:27:11.0452 5404 RasAuto - ok

18:27:11.0473 5404 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys

18:27:11.0474 5404 Rasl2tp - ok

18:27:11.0524 5404 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll

18:27:11.0547 5404 RasMan - ok

18:27:11.0569 5404 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

18:27:11.0570 5404 RasPppoe - ok

18:27:11.0587 5404 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

18:27:11.0588 5404 RasSstp - ok

18:27:11.0618 5404 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys

18:27:11.0621 5404 rdbss - ok

18:27:11.0631 5404 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

18:27:11.0632 5404 rdpbus - ok

18:27:11.0648 5404 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

18:27:11.0649 5404 RDPCDD - ok

18:27:11.0687 5404 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys

18:27:11.0697 5404 RDPDR - ok

18:27:11.0713 5404 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

18:27:11.0714 5404 RDPENCDD - ok

18:27:11.0724 5404 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

18:27:11.0725 5404 RDPREFMP - ok

18:27:11.0768 5404 RDPWD (447de7e3dea39d422c1504f245b668b1) C:\Windows\system32\drivers\RDPWD.sys

18:27:11.0779 5404 RDPWD - ok

18:27:11.0811 5404 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys

18:27:11.0813 5404 rdyboost - ok

18:27:11.0946 5404 RegSrvc (3b71b5b91e7dca93585d5a86c897adc4) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

18:27:11.0951 5404 RegSrvc - ok

18:27:11.0985 5404 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll

18:27:11.0993 5404 RemoteAccess - ok

18:27:12.0029 5404 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll

18:27:12.0044 5404 RemoteRegistry - ok

18:27:12.0299 5404 ReportServer (b08d6b6785b947fc97f18027a7a88f86) C:\Program Files\Microsoft SQL Server\MSRS10_50.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe

18:27:12.0319 5404 ReportServer - ok

18:27:12.0468 5404 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys

18:27:12.0471 5404 RFCOMM - ok

18:27:12.0505 5404 rimspci (3dca561aaf776aa2e356fb5b142aa5f8) C:\Windows\system32\DRIVERS\rimspe64.sys

18:27:12.0507 5404 rimspci - ok

18:27:12.0548 5404 RimUsb (ad42432d22940b4215177be113e4919c) C:\Windows\system32\Drivers\RimUsb_AMD64.sys

18:27:12.0558 5404 RimUsb - ok

18:27:12.0613 5404 RimVSerPort (4aafffa67ac4dfa3d9985d78573887e2) C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys

18:27:12.0614 5404 RimVSerPort - ok

18:27:12.0624 5404 ROOTMODEM (388d3dd1a6457280f3badba9f3acd6b1) C:\Windows\system32\Drivers\RootMdm.sys

18:27:12.0625 5404 ROOTMODEM - ok

18:27:12.0655 5404 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll

18:27:12.0669 5404 RpcEptMapper - ok

18:27:12.0693 5404 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe

18:27:12.0703 5404 RpcLocator - ok

18:27:12.0739 5404 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll

18:27:12.0745 5404 RpcSs - ok

18:27:12.0827 5404 RsFx0105 (c9fe05a63c500abe3afa5786504c4d36) C:\Windows\system32\DRIVERS\RsFx0105.sys

18:27:12.0844 5404 RsFx0105 - ok

18:27:12.0892 5404 RsFx0151 (c606c5f712a3761896ceffa4af6b1268) C:\Windows\system32\DRIVERS\RsFx0151.sys

18:27:12.0909 5404 RsFx0151 - ok

18:27:12.0942 5404 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

18:27:12.0944 5404 rspndr - ok

18:27:12.0961 5404 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys

18:27:12.0970 5404 s3cap - ok

18:27:12.0983 5404 SamSs (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe

18:27:12.0985 5404 SamSs - ok

18:27:13.0016 5404 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys

18:27:13.0029 5404 sbp2port - ok

18:27:13.0053 5404 SBRE - ok

18:27:13.0091 5404 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll

18:27:13.0105 5404 SCardSvr - ok

18:27:13.0123 5404 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys

18:27:13.0124 5404 scfilter - ok

18:27:13.0204 5404 Schedule (ec56b171f85c7e855e7b0588ac503eea) C:\Windows\system32\schedsvc.dll

18:27:13.0219 5404 Schedule - ok

18:27:13.0248 5404 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll

18:27:13.0249 5404 SCPolicySvc - ok

18:27:13.0288 5404 sdbus (54e47ad086782d3ae9417c155cdceb9b) C:\Windows\system32\DRIVERS\sdbus.sys

18:27:13.0290 5404 sdbus - ok

18:27:13.0313 5404 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll

18:27:13.0329 5404 SDRSVC - ok

18:27:13.0442 5404 SeaPort (78779ee07231c658b483b1f38b5088df) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

18:27:13.0445 5404 SeaPort - ok

18:27:13.0482 5404 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

18:27:13.0483 5404 secdrv - ok

18:27:13.0502 5404 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll

18:27:13.0516 5404 seclogon - ok

18:27:13.0533 5404 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll

18:27:13.0536 5404 SENS - ok

18:27:13.0559 5404 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll

18:27:13.0569 5404 SensrSvc - ok

18:27:13.0581 5404 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

18:27:13.0582 5404 Serenum - ok

18:27:13.0598 5404 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

18:27:13.0600 5404 Serial - ok

18:27:13.0613 5404 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

18:27:13.0623 5404 sermouse - ok

18:27:13.0681 5404 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll

18:27:13.0698 5404 SessionEnv - ok

18:27:13.0720 5404 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys

18:27:13.0730 5404 sffdisk - ok

18:27:13.0737 5404 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys

18:27:13.0747 5404 sffp_mmc - ok

18:27:13.0761 5404 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys

18:27:13.0770 5404 sffp_sd - ok

18:27:13.0775 5404 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

18:27:13.0785 5404 sfloppy - ok

18:27:13.0828 5404 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll

18:27:13.0841 5404 SharedAccess - ok

18:27:13.0881 5404 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll

18:27:13.0900 5404 ShellHWDetection - ok

18:27:13.0932 5404 Shockprf (c45942985943fc4ab8a7ea7a92f29c00) C:\Windows\system32\DRIVERS\Apsx64.sys

18:27:13.0936 5404 Shockprf - ok

18:27:13.0954 5404 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

18:27:13.0965 5404 SiSRaid2 - ok

18:27:13.0977 5404 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

18:27:13.0989 5404 SiSRaid4 - ok

18:27:14.0098 5404 SkypeUpdate (ea396139541706b4b433641d62ea53ce) C:\Program Files (x86)\Skype\Updater\Updater.exe

18:27:14.0254 5404 SkypeUpdate - ok

18:27:14.0312 5404 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

18:27:14.0324 5404 Smb - ok

18:27:14.0617 5404 SmcService (ad97b711074cf27da0c00f2c26e1a62c) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe

18:27:14.0646 5404 SmcService - ok

18:27:14.0745 5404 smihlp (c5b1a19b14f19b08ae72fcb20a3075b6) C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys

18:27:14.0757 5404 smihlp - ok

18:27:14.0871 5404 SNAC (91bd8e268d93aaf5f59aac9de84a25bb) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE

18:27:14.0894 5404 SNAC - ok

18:27:15.0011 5404 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe

18:27:15.0023 5404 SNMPTRAP - ok

18:27:15.0228 5404 SONICWALL_NetExtender (9b232bf5a80fad158f0d42ca3ffe76fc) C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEService64.exe

18:27:15.0233 5404 SONICWALL_NetExtender - ok

18:27:15.0261 5404 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

18:27:15.0262 5404 spldr - ok

18:27:15.0313 5404 Spooler (89e8550c5862999fcf482ea562b0e98e) C:\Windows\System32\spoolsv.exe

18:27:15.0320 5404 Spooler - ok

18:27:15.0526 5404 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe

18:27:15.0639 5404 sppsvc - ok

18:27:15.0807 5404 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll

18:27:15.0823 5404 sppuinotify - ok

18:27:15.0984 5404 SQLAgent$SQLEXPRESS (45e65fb17a4cd5facbd3ca16c8334c82) c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE

18:27:16.0025 5404 SQLAgent$SQLEXPRESS - ok

18:27:16.0282 5404 SQLBrowser (7d67c07c63796775cc5492bcfeaff125) c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe

18:27:16.0333 5404 SQLBrowser - ok

18:27:16.0402 5404 SQLSERVERAGENT (3420e0482ad95120b471b7328a8d7d08) C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE

18:27:16.0449 5404 SQLSERVERAGENT - ok

18:27:16.0520 5404 SQLWriter (f98ddfbfe0ee66d4c4b00693512b9527) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

18:27:16.0522 5404 SQLWriter - ok

18:27:16.0709 5404 SRTSP (32900ac9cfdc578531279886ca16a4df) C:\Windows\system32\Drivers\SRTSP64.SYS

18:27:16.0715 5404 SRTSP - ok

18:27:16.0765 5404 SRTSPL (8929566d1f14685fd78eaf25bee3ecc7) C:\Windows\system32\Drivers\SRTSPL64.SYS

18:27:16.0788 5404 SRTSPL - ok

18:27:16.0800 5404 SRTSPX (cb2fdf47ee67f8cca5362ed9b94fe955) C:\Windows\system32\Drivers\SRTSPX64.SYS

18:27:16.0801 5404 SRTSPX - ok

18:27:16.0845 5404 srv (ec8f67289105bf270498095f14963464) C:\Windows\system32\DRIVERS\srv.sys

18:27:16.0850 5404 srv - ok

18:27:16.0896 5404 srv2 (f773d2ed090b7baa1c1a034f3ca476c8) C:\Windows\system32\DRIVERS\srv2.sys

18:27:16.0900 5404 srv2 - ok

18:27:16.0939 5404 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS

18:27:16.0956 5404 SrvHsfHDA - ok

18:27:17.0062 5404 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS

18:27:17.0096 5404 SrvHsfV92 - ok

18:27:17.0256 5404 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS

18:27:17.0281 5404 SrvHsfWinac - ok

18:27:17.0318 5404 srvnet (26e84d3649019c3244622e654dfcd75b) C:\Windows\system32\DRIVERS\srvnet.sys

18:27:17.0320 5404 srvnet - ok

18:27:17.0353 5404 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll

18:27:17.0368 5404 SSDPSRV - ok

18:27:17.0382 5404 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll

18:27:17.0400 5404 SstpSvc - ok

18:27:17.0415 5404 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

18:27:17.0427 5404 stexstor - ok

18:27:17.0484 5404 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll

18:27:17.0500 5404 stisvc - ok

18:27:17.0525 5404 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys

18:27:17.0527 5404 storflt - ok

18:27:17.0540 5404 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll

18:27:17.0550 5404 StorSvc - ok

18:27:17.0563 5404 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys

18:27:17.0574 5404 storvsc - ok

18:27:17.0681 5404 SUService (3119e9bc5fad5ea1cd31ae200a1da591) c:\Program Files (x86)\Lenovo\System Update\SUService.exe

18:27:17.0681 5404 SUService - ok

18:27:17.0715 5404 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys

18:27:17.0715 5404 swenum - ok

18:27:17.0770 5404 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll

18:27:17.0786 5404 swprv - ok

18:27:17.0978 5404 Symantec AntiVirus (ba2fb8f8ab24d0279caa98a4c118150e) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe

18:27:17.0999 5404 Symantec AntiVirus - ok

18:27:18.0115 5404 SymEvent (7e4d281982e19abd06728c7ee9ac40a8) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS

18:27:18.0132 5404 SymEvent - ok

18:27:18.0205 5404 SynTP (3c08fb2829a5304825f974b1631dedfa) C:\Windows\system32\DRIVERS\SynTP.sys

18:27:18.0209 5404 SynTP - ok

18:27:18.0336 5404 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll

18:27:18.0391 5404 SysMain - ok

18:27:18.0483 5404 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll

18:27:18.0495 5404 TabletInputService - ok

18:27:18.0528 5404 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll

18:27:18.0546 5404 TapiSrv - ok

18:27:18.0564 5404 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll

18:27:18.0576 5404 TBS - ok

18:27:18.0740 5404 Tcpip (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\drivers\tcpip.sys

18:27:18.0764 5404 Tcpip - ok

18:27:18.0956 5404 TCPIP6 (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\DRIVERS\tcpip.sys

18:27:18.0972 5404 TCPIP6 - ok

18:27:19.0040 5404 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys

18:27:19.0040 5404 tcpipreg - ok

18:27:19.0058 5404 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

18:27:19.0069 5404 TDPIPE - ok

18:27:19.0098 5404 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys

18:27:19.0109 5404 TDTCP - ok

18:27:19.0140 5404 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys

18:27:19.0141 5404 tdx - ok

18:27:19.0381 5404 TeamViewer7 (a4d2ce94b028ef1e437cf4ac3d8ff26c) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe

18:27:19.0403 5404 TeamViewer7 - ok

18:27:19.0568 5404 Teefer2 (13657dc475de564247745bf4da23207c) C:\Windows\system32\DRIVERS\teefer2.sys

18:27:19.0569 5404 Teefer2 - ok

18:27:19.0596 5404 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys

18:27:19.0598 5404 TermDD - ok

18:27:19.0659 5404 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll

18:27:19.0693 5404 TermService - ok

18:27:19.0718 5404 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll

18:27:19.0730 5404 Themes - ok

18:27:19.0867 5404 ThinkVantage Registry Monitor Service (39ac444e07fdbd8c2e8e291a65d515d3) C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe

18:27:19.0877 5404 ThinkVantage Registry Monitor Service - ok

18:27:19.0902 5404 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

18:27:19.0904 5404 THREADORDER - ok

18:27:19.0952 5404 TPDIGIMN (6db3fae611554dc373e266ed50111b1c) C:\Windows\system32\DRIVERS\ApsHM64.sys

18:27:19.0952 5404 TPDIGIMN - ok

18:27:19.0982 5404 TPHDEXLGSVC (47d2009fdc682833ee03b6dcba23fdd2) C:\Windows\system32\TPHDEXLG64.exe

18:27:19.0996 5404 TPHDEXLGSVC - ok

18:27:20.0090 5404 TPHKSVC (12068221ca8264e4d1281520089e195c) C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe

18:27:20.0091 5404 TPHKSVC - ok

18:27:20.0124 5404 TPM (dbcc20c02e8a3e43b03c304a4e40a84f) C:\Windows\system32\drivers\tpm.sys

18:27:20.0126 5404 TPM - ok

18:27:20.0150 5404 TPPWRIF (2c067e01d6bbccc88b233b868e210907) C:\Windows\system32\drivers\Tppwr64v.sys

18:27:20.0151 5404 TPPWRIF - ok

18:27:20.0187 5404 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll

18:27:20.0204 5404 TrkWks - ok

18:27:20.0243 5404 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe

18:27:20.0254 5404 TrustedInstaller - ok

18:27:20.0269 5404 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys

18:27:20.0281 5404 tssecsrv - ok

18:27:20.0318 5404 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys

18:27:20.0319 5404 tunnel - ok

18:27:20.0353 5404 TurboB (53ff5f00eab07e329abe48ae3de4f5d7) C:\Windows\system32\DRIVERS\TurboB.sys

18:27:20.0354 5404 TurboB - ok

18:27:20.0411 5404 TurboBoost (b670df651f00194434adc6b326743709) C:\Program Files\Intel\TurboBoost\TurboBoost.exe

18:27:20.0448 5404 TurboBoost - ok

18:27:20.0639 5404 TVT Backup Service (b56da1aa776c15043d10f82b32aa000d) C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe

18:27:20.0707 5404 TVT Backup Service - ok

18:27:20.0834 5404 TVTI2C (4daae0413cd4e816258838e2fafb3147) C:\Windows\system32\DRIVERS\Tvti2c.sys

18:27:20.0835 5404 TVTI2C - ok

18:27:20.0861 5404 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

18:27:20.0873 5404 uagp35 - ok

18:27:20.0896 5404 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys

18:27:20.0909 5404 udfs - ok

18:27:20.0962 5404 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe

18:27:20.0975 5404 UI0Detect - ok

18:27:20.0988 5404 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys

18:27:21.0001 5404 uliagpkx - ok

18:27:21.0017 5404 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys

18:27:21.0019 5404 umbus - ok

18:27:21.0025 5404 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

18:27:21.0035 5404 UmPass - ok

18:27:21.0055 5404 UmRdpService (af0ac98ee5077eb844413eb54287fde3) C:\Windows\System32\umrdp.dll

18:27:21.0071 5404 UmRdpService - ok

18:27:21.0283 5404 UNS (40c7c20d2d1798eeb68eefd606c20689) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

18:27:21.0305 5404 UNS - ok

18:27:21.0527 5404 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll

18:27:21.0543 5404 upnphost - ok

18:27:21.0621 5404 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys

18:27:21.0622 5404 USBAAPL64 - ok

18:27:21.0651 5404 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys

18:27:21.0653 5404 usbccgp - ok

18:27:21.0676 5404 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys

18:27:21.0688 5404 usbcir - ok

18:27:21.0704 5404 usbehci (cb490987a7f6928a04bb838e3bd8a936) C:\Windows\system32\DRIVERS\usbehci.sys

18:27:21.0705 5404 usbehci - ok

18:27:21.0743 5404 usbhub (18124ef0a881a00ee222d02a3ee30270) C:\Windows\system32\DRIVERS\usbhub.sys

18:27:21.0748 5404 usbhub - ok

18:27:21.0768 5404 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys

18:27:21.0778 5404 usbohci - ok

18:27:21.0792 5404 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

18:27:21.0802 5404 usbprint - ok

18:27:21.0822 5404 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS

18:27:21.0834 5404 USBSTOR - ok

18:27:21.0839 5404 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys

18:27:21.0852 5404 usbuhci - ok

18:27:21.0887 5404 usbvideo (d501e12614b00a3252073101d6a1a74b) C:\Windows\system32\Drivers\usbvideo.sys

18:27:21.0900 5404 usbvideo - ok

18:27:21.0933 5404 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll

18:27:21.0946 5404 UxSms - ok

18:27:21.0967 5404 VaultSvc (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe

18:27:21.0969 5404 VaultSvc - ok

18:27:21.0998 5404 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys

18:27:22.0000 5404 vdrvroot - ok

18:27:22.0037 5404 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe

18:27:22.0054 5404 vds - ok

18:27:22.0061 5404 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

18:27:22.0070 5404 vga - ok

18:27:22.0088 5404 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

18:27:22.0089 5404 VgaSave - ok

18:27:22.0109 5404 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys

18:27:22.0132 5404 vhdmp - ok

18:27:22.0137 5404 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys

18:27:22.0148 5404 viaide - ok

18:27:22.0168 5404 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys

18:27:22.0182 5404 vmbus - ok

18:27:22.0188 5404 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys

18:27:22.0197 5404 VMBusHID - ok

18:27:22.0220 5404 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys

18:27:22.0221 5404 volmgr - ok

18:27:22.0257 5404 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys

18:27:22.0260 5404 volmgrx - ok

18:27:22.0295 5404 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys

18:27:22.0299 5404 volsnap - ok

18:27:22.0336 5404 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

18:27:22.0350 5404 vsmraid - ok

18:27:22.0477 5404 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe

18:27:22.0507 5404 VSS - ok

18:27:22.0619 5404 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

18:27:22.0620 5404 vwifibus - ok

18:27:22.0652 5404 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

18:27:22.0653 5404 vwififlt - ok

18:27:22.0700 5404 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll

18:27:22.0706 5404 W32Time - ok

18:27:22.0733 5404 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

18:27:22.0746 5404 WacomPen - ok

18:27:22.0776 5404 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys

18:27:22.0777 5404 WANARP - ok

18:27:22.0785 5404 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys

18:27:22.0786 5404 Wanarpv6 - ok

18:27:22.0886 5404 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe

18:27:22.0917 5404 wbengine - ok

18:27:23.0039 5404 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll

18:27:23.0055 5404 WbioSrvc - ok

18:27:23.0090 5404 wcncsvc (8321c2ca3b62b61b293cda3451984468) C:\Windows\System32\wcncsvc.dll

18:27:23.0105 5404 wcncsvc - ok

18:27:23.0126 5404 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll

18:27:23.0137 5404 WcsPlugInService - ok

18:27:23.0178 5404 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

18:27:23.0189 5404 Wd - ok

18:27:23.0245 5404 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

18:27:23.0253 5404 Wdf01000 - ok

18:27:23.0274 5404 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

18:27:23.0290 5404 WdiServiceHost - ok

18:27:23.0294 5404 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

18:27:23.0298 5404 WdiSystemHost - ok

18:27:23.0326 5404 WebClient (8a438cbb8c032a0c798b0c642ffbe572) C:\Windows\System32\webclnt.dll

18:27:23.0351 5404 WebClient - ok

18:27:23.0375 5404 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll

18:27:23.0389 5404 Wecsvc - ok

18:27:23.0413 5404 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll

18:27:23.0426 5404 wercplsupport - ok

18:27:23.0453 5404 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll

18:27:23.0463 5404 WerSvc - ok

18:27:23.0491 5404 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

18:27:23.0493 5404 WfpLwf - ok

18:27:23.0511 5404 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

18:27:23.0521 5404 WIMMount - ok

18:27:23.0586 5404 winachsf (1edbbf412a382550af6eb35f5e46928e) C:\Windows\system32\DRIVERS\CAX_CNXT.sys

18:27:23.0596 5404 winachsf - ok

18:27:23.0638 5404 WinDefend - ok

18:27:23.0652 5404 WinHttpAutoProxySvc - ok

18:27:23.0711 5404 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll

18:27:23.0730 5404 Winmgmt - ok

18:27:23.0886 5404 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll

18:27:23.0932 5404 WinRM - ok

18:27:24.0057 5404 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUSB.sys

18:27:24.0058 5404 WinUsb - ok

18:27:24.0133 5404 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll

18:27:24.0146 5404 Wlansvc - ok

18:27:24.0439 5404 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

18:27:24.0459 5404 wlidsvc - ok

18:27:24.0585 5404 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys

18:27:24.0586 5404 WmiAcpi - ok

18:27:24.0643 5404 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe

18:27:24.0659 5404 wmiApSrv - ok

18:27:24.0711 5404 WMPNetworkSvc - ok

18:27:24.0742 5404 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll

18:27:24.0753 5404 WPCSvc - ok

18:27:24.0773 5404 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll

18:27:24.0788 5404 WPDBusEnum - ok

18:27:24.0816 5404 WPS (6cab753b203f39b4ce05ff10013de2ef) C:\Windows\system32\drivers\wpsdrvnt.sys

18:27:24.0825 5404 WPS - ok

18:27:24.0872 5404 WpsHelper (d9b5a13804b7d97770c42da484a9d86e) C:\Windows\system32\drivers\WpsHelper.sys

18:27:24.0900 5404 WpsHelper - ok

18:27:24.0943 5404 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

18:27:24.0952 5404 ws2ifsl - ok

18:27:24.0977 5404 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll

18:27:24.0990 5404 wscsvc - ok

18:27:24.0994 5404 WSearch - ok

18:27:25.0193 5404 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll

18:27:25.0225 5404 wuauserv - ok

18:27:25.0338 5404 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys

18:27:25.0340 5404 WudfPf - ok

18:27:25.0371 5404 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys

18:27:25.0373 5404 WUDFRd - ok

18:27:25.0402 5404 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll

18:27:25.0414 5404 wudfsvc - ok

18:27:25.0452 5404 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll

18:27:25.0464 5404 WwanSvc - ok

18:27:25.0499 5404 XAudio (e8f3fa126a06f8e7088f63757112a186) C:\Windows\system32\DRIVERS\XAudio64.sys

18:27:25.0500 5404 XAudio - ok

18:27:25.0530 5404 MBR (0x1B8) (14156fcf2cd2733b0f4bdf9d93cc00b2) \Device\Harddisk0\DR0

18:27:25.0829 5404 \Device\Harddisk0\DR0 - ok

18:27:25.0834 5404 Boot (0x1200) (0a74415b72e67e770f122af0aacb13b3) \Device\Harddisk0\DR0\Partition0

18:27:25.0836 5404 \Device\Harddisk0\DR0\Partition0 - ok

18:27:25.0847 5404 Boot (0x1200) (a0cc1d350a10342a493721b22a861d53) \Device\Harddisk0\DR0\Partition1

18:27:25.0849 5404 \Device\Harddisk0\DR0\Partition1 - ok

18:27:25.0880 5404 Boot (0x1200) (40aaa4536e91a47a5c6e2f49190495f5) \Device\Harddisk0\DR0\Partition2

18:27:25.0883 5404 \Device\Harddisk0\DR0\Partition2 - ok

18:27:25.0884 5404 ============================================================

18:27:25.0884 5404 Scan finished

18:27:25.0884 5404 ============================================================

18:27:25.0900 7828 Detected object count: 0

18:27:25.0900 7828 Actual detected object count: 0

running the other one now.

[mbdchampagne]

had this pop up while I was running the last one:

Scan type: Auto-Protect Scan

Event: Risk Found!

Security risk detected: Trojan.Gen.2

File: C:\Users\dchampagne\AppData\Local\Temp\_avast4_\unp121108272.tmp

Location: C:\Users\dchampagne\AppData\Local\Temp\_avast4_

Computer: DCHAMPAGNE

User: dchampagne

Action taken: Pending Side Effects Analysis : Access denied

Date found: Thursday, July 19, 2012 6:33:57 PM

and here is the log for the aswMBR:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-07-19 18:28:14

-----------------------------

18:28:14.619 OS Version: Windows x64 6.1.7600

18:28:14.619 Number of processors: 4 586 0x2502

18:28:14.619 ComputerName: DCHAMPAGNE UserName: dchampagne

18:28:16.661 Initialize success

18:32:05.135 AVAST engine defs: 12071902

18:32:34.955 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

18:32:34.959 Disk 0 Vendor: HITACHI_ PC4Z Size: 476940MB BusType: 3

18:32:34.986 Disk 0 MBR read successfully

18:32:34.990 Disk 0 MBR scan

18:32:35.002 Disk 0 unknown MBR code

18:32:35.013 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 1200 MB offset 2048

18:32:35.028 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 465737 MB offset 2459648

18:32:35.061 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 10000 MB offset 956291072

18:32:35.105 Disk 0 scanning C:\Windows\system32\drivers

18:32:46.591 Service scanning

18:33:44.928 Modules scanning

18:33:44.943 Disk 0 trace - called modules:

18:33:46.282 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll

18:33:46.293 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007d8a060]

18:33:46.302 3 CLASSPNP.SYS[fffff88001b1743f] -> nt!IofCallDriver -> [0xfffffa8007a3fa10]

18:33:46.311 5 ACPI.sys[fffff88000f04781] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007a44050]

18:33:49.044 AVAST engine scan C:\Windows

18:33:55.475 AVAST engine scan C:\Windows\system32

18:40:26.746 AVAST engine scan C:\Windows\system32\drivers

18:40:39.180 AVAST engine scan C:\Users\dchampagne

19:29:54.728 AVAST engine scan C:\ProgramData

19:32:00.208 Scan finished successfully

22:19:49.293 Disk 0 MBR has been saved successfully to "C:\Users\dchampagne\Desktop\MBR.dat"

22:19:49.305 The log file has been saved successfully to "C:\Users\dchampagne\Desktop\aswMBR.txt"

[mbdchampagne]

Here is the MBR zip file you requested.

as an update, still having the same issue...

MBR.zip

[mbdchampagne]

update: it is still occurring in Firefox and Chrome, but not in IE. thanks.

[mbdchampagne]

one site that seems to come up frequently is: http://click.get-answers-fast.com/ads-clicktrack/click/jump1.do?

for instance: http://click.get-answers-fast.com/ads-clicktrack/click/jump1.do?sid=wol3FdF9QgkwPH9nQZyapRmt%2BuDhe7HskxwuhcAT0xIj5YN5IdCUmw%3D%3D&affiliate=46573&subid=197920-1638-27681&rc=0&terms=ipad%20stuff

[mbdchampagne]

good morning. Just wanted to touch bases to see if there is anything else i can try - thanks!

[dogrunner]

mbd, I am curious to see if we have the same browser hijack. Is yours the nginx, blekko, hijack? I have this problem and keep getting redirected.

[mbdchampagne]

I don't even know what it is- I am hoping screen317 has something that will help today.

[screen317]

dogrunner,

Please start your own topic and someone will help you as soon as they can.

mbdchampagne, let's see if we can find where this thing is hiding.

Are you connected through a router?

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1

Download Mirror #2

• Double-click SystemLook.exe to run it.
  
• Copy the content of the following codebox into the main textfield:
  

  :regfind
  answers

  
  

• Click the Look button to start the scan.
  
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
  

Note: The log can also be found on your Desktop entitled SystemLook.txt