Jump to content

Looks like I have a TDSSConf.A infection


randers1

Recommended Posts

Based on my firewall logs, I'm fairly sure my laptop is infected. Any help appreciated:

HiJack Log:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 11:12:02 AM, on 9/12/2011

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Boot mode: Normal

Running processes:

C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe

C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe

C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe

C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe

C:\Program Files\Lenovo\Zoom\TpScrex.exe

C:\Program Files (x86)\Common Files\SonicWALL\Schedule2\schedhlp.exe

C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEGui.exe

C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe

C:\Program Files (x86)\Xmarks\IE Extension\xmarkssync.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Program Files (x86)\Digital Line Detect\DLG.exe

C:\Program Files (x86)\SonicWALL\BareMetalRecovery\BareMetalRecoveryMonitor.exe

C:\Program Files (x86)\SonicWALL\BareMetalRecovery\TimounterMonitor.exe

C:\Program Files (x86)\Lenovo\Client Security Solution\password_manager.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE

C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe

C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe

C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/Users/randerson/Documents/bookmark.htm

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=userinit.exe

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

O2 - BHO: WebEx Productivity Tools - {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

O2 - BHO: Password Manager Browser Helper Object - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files (x86)\Lenovo\Client Security Solution\tvtpwm_ie_com.dll

O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (file missing)

O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

O3 - Toolbar: WebEx Productivity Tools - {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli.dll

O4 - HKLM\..\Run: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor

O4 - HKLM\..\Run: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

O4 - HKLM\..\Run: [bareMetalRecoveryMonitor.exe] C:\Program Files (x86)\SonicWALL\BareMetalRecovery\BareMetalRecoveryMonitor.exe

O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files (x86)\SonicWALL\BareMetalRecovery\TimounterMonitor.exe

O4 - HKLM\..\Run: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe

O4 - HKLM\..\Run: [systemRecoveryMonitor.exe] C:\Program Files (x86)\SonicWALL\BareMetalRecovery\SystemRecoveryMonitor.exe

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [Google Update] "C:\Users\randerson\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [iSUSPM] "C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler

O4 - HKCU\..\Run: [Xmarks] C:\Program Files (x86)\Xmarks\IE Extension\xmarkssync.exe -q

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O4 - Startup: MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe

O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files (x86)\Digital Line Detect\DLG.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra button: (no name) - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files (x86)\Lenovo\Client Security Solution\tvtpwm_ie_com.dll

O9 - Extra 'Tools' menuitem: Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files (x86)\Lenovo\Client Security Solution\tvtpwm_ie_com.dll

O9 - Extra button: (no name) - {638F11AA-DF27-433b-BA2E-7281CE561D71} - C:\Program Files (x86)\Xmarks\IE Extension\xmarkssync.exe (HKCU)

O9 - Extra 'Tools' menuitem: Xmarks for IE... - {638F11AA-DF27-433b-BA2E-7281CE561D71} - C:\Program Files (x86)\Xmarks\IE Extension\xmarkssync.exe (HKCU)

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O15 - Trusted Zone: http://*.mcafee.com (HKLM)

O15 - Trusted Zone: http://betavscan.mcafeeasap.com (HKLM)

O15 - Trusted Zone: http://vs.mcafeeasap.com (HKLM)

O15 - Trusted Zone: http://www.mcafeeasap.com (HKLM)

O15 - ESC Trusted Zone: http://*.mcafee.com (HKLM)

O15 - ESC Trusted Zone: http://betavscan.mcafeeasap.com (HKLM)

O15 - ESC Trusted Zone: http://vs.mcafeeasap.com (HKLM)

O15 - ESC Trusted Zone: http://www.mcafeeasap.com (HKLM)

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {AD545DE1-CA51-4DB3-BFE9-FA898626B926} (VALaunchX Control) - https://sravm.randerson.homedns.org/VAX.cab

O16 - DPF: {CB7FBF9A-F0FE-4DF2-AFDD-4EA305116E3B} (SWECMControlX Control) - http://software.sonicwall.com/applications/SEC/Beta/ClientSoftware/SWECMControlX.cab

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe

O23 - Service: CLDTVHNService - Unknown owner - C:\Program Files (x86)\DirecTV\DirecTV\Kernel\DMP\CLDTVHNService.exe

O23 - Service: Intel® PROSet/Wireless WiMAX Red Bend Device Management Service (DMAgent) - Red Bend Ltd. - C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe

O23 - Service: Lenovo Doze Mode Service (DozeSvc) - Lenovo. - C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\Windows\system32\ibmpmsvc.exe (file missing)

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Lenovo Camera Mute (LENOVO.CAMMUTE) - Lenovo Group Limited - C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe

O23 - Service: Lenovo Microphone Mute (LENOVO.MICMUTE) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe

O23 - Service: Lenovo Keyboard Noise Reduction (LENOVO.TPKNRSVC) - Lenovo Group Limited - C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe

O23 - Service: Lenovo Auto Scroll (Lenovo.VIRTSCRLSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe

O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

O23 - Service: Power Manager DBC Service - Lenovo - C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\Windows\SysWOW64\rpcnet.exe

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: SonicWALL Scheduler2 Service (SncSch2Svc) - Acronis - C:\Program Files (x86)\Common Files\SonicWALL\Schedule2\schedul2.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: SonicWALL NetExtender Service (SONICWALL_NetExtender) - SonicWALL Inc. - C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEService64.exe

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: System Update (SUService) - Lenovo Group Limited - C:\Program Files (x86)\Lenovo\System Update\SUService.exe

O23 - Service: Virtual Assist (sw_va_service) - Unknown owner - C:\Users\randerson\AppData\Local\SonicWALL\VirtualAssist\VASAC.exe (file missing)

O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe

O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Unknown owner - C:\Windows\System32\TPHDEXLG64.exe (file missing)

O23 - Service: On Screen Display (TPHKSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe

O23 - Service: TSS Core Service (TSSCoreService) - Lenovo - C:\Program Files (x86)\Lenovo\Client Security Solution\tvttcsd.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: Intel® PROSet/Wireless WiMAX Service (WiMAXAppSrv) - Intel® Corporation - C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 15163 bytes

Sorry, I should have also said that Malwarebytes' Anti-Malware doesn't find any infected objects.

Link to post
Share on other sites

Thanks for your help!

MBAM log:

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 7717

Windows 6.1.7601 Service Pack 1

Internet Explorer 9.0.8112.16421

9/14/2011 3:36:36 PM

mbam-log-2011-09-14 (15-36-36).txt

Scan type: Quick scan

Objects scanned: 213965

Time elapsed: 2 minute(s), 35 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

DDS Log:

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421

Run by randerson at 15:38:52 on 2011-09-14

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3956.1620 [GMT -4:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\ibmpmsvc.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe

C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Windows\system32\svchost.exe -k apphost

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\PROGRA~1\Lenovo\HOTKEY\tpnumlk.exe

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

C:\Program Files (x86)\DirecTV\DirecTV\Kernel\DMP\CLDTVHNService.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Windows\system32\svchost.exe -k HsfXAudioService

C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe

C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe

C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe

C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

C:\Windows\SysWOW64\rpcnet.exe

C:\Program Files (x86)\Common Files\SonicWALL\Schedule2\schedul2.exe

C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEService64.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe

C:\Program Files (x86)\Lenovo\Client Security Solution\tvttcsd.exe

C:\Windows\system32\svchost.exe -k iissvcs

C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe

C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe

C:\Program Files\Intel\WiFi\bin\EvtEng.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\WUDFHost.exe

C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe

C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\TpShocks.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe

C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe

C:\Program Files\Lenovo\Client Security Solution\cssauth.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files (x86)\Common Files\SonicWALL\Schedule2\schedhlp.exe

C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe

C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEGui.exe

C:\Program Files\Lenovo\Zoom\TpScrex.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe

C:\Program Files (x86)\Xmarks\IE Extension\xmarkssync.exe

C:\Program Files (x86)\Digital Line Detect\DLG.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Program Files (x86)\SonicWALL\BareMetalRecovery\BareMetalRecoveryMonitor.exe

C:\Program Files (x86)\SonicWALL\BareMetalRecovery\TimounterMonitor.exe

C:\Windows\system32\rundll32.exe

C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\Lenovo\System Update\SUService.exe

C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

C:\Windows\system32\notepad.exe

c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE

C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe

C:\Windows\system32\mstsc.exe

C:\Windows\system32\REGSVR32.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = file:///C:/Users/randerson/Documents/bookmark.htm

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

BHO: WebEx Productivity Tools: {90e2ba2e-dd1b-4cde-9134-7a8b86d33ca7} - C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

BHO: IePasswordManagerHelper Class: {bf468356-bb7e-42d7-9f15-4f3b9bcfced2} - C:\Program Files (x86)\Lenovo\Client Security Solution\tvtpwm_ie_com.dll

BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

TB: WebEx Productivity Tools: {90e2ba2e-dd1b-4cde-9134-7a8b86d33ca7} - C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli.dll

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [iSUSPM] "C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler

uRun: [Xmarks] C:\Program Files (x86)\Xmarks\IE Extension\xmarkssync.exe -q

mRun: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor

mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun: [bareMetalRecoveryMonitor.exe] C:\Program Files (x86)\SonicWALL\BareMetalRecovery\BareMetalRecoveryMonitor.exe

mRun: [AcronisTimounterMonitor] C:\Program Files (x86)\SonicWALL\BareMetalRecovery\TimounterMonitor.exe

mRun: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe

mRun: [systemRecoveryMonitor.exe] C:\Program Files (x86)\SonicWALL\BareMetalRecovery\SystemRecoveryMonitor.exe

mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\DIGITA~1.LNK - C:\Program Files (x86)\Digital Line Detect\DLG.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

mPolicies-system: DisableCAD = 1 (0x1)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

IE: {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files (x86)\Lenovo\Client Security Solution\tvtpwm_ie_com.dll

Trusted Zone: //about.htm/

Trusted Zone: //Exclude.htm/

Trusted Zone: //LanguageSelection.htm/

Trusted Zone: //Message.htm/

Trusted Zone: //MyAgttryCmd.htm/

Trusted Zone: //MyAgttryNag.htm/

Trusted Zone: //MyNotification.htm/

Trusted Zone: //NOCLessUpdate.htm/

Trusted Zone: //quarantine.htm/

Trusted Zone: //ScanNow.htm/

Trusted Zone: //strings.vbs/

Trusted Zone: //Template.htm/

Trusted Zone: //Update.htm/

Trusted Zone: //VirFound.htm/

Trusted Zone: mcafee.com\*

Trusted Zone: mcafeeasap.com\betavscan

Trusted Zone: mcafeeasap.com\vs

Trusted Zone: mcafeeasap.com\www

DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll

DPF: {AD545DE1-CA51-4DB3-BFE9-FA898626B926} - hxxps://sravm.randerson.homedns.org/VAX.cab

DPF: {CB7FBF9A-F0FE-4DF2-AFDD-4EA305116E3B} - hxxp://software.sonicwall.com/applications/SEC/Beta/ClientSoftware/SWECMControlX.cab

TCP: DhcpNameServer = 10.50.128.53 192.168.1.3 192.168.1.90

TCP: Interfaces\{BA3D01B2-E515-4FA7-BB7C-0F54EE1195DA} : DhcpNameServer = 166.102.165.11 166.102.165.13

TCP: Interfaces\{c3182090-b6ff-40ee-adfd-38518046dac7} : NameServer = 10.50.129.148 10.50.129.149

TCP: Interfaces\{E5340D64-A4FF-4FB5-88DA-665E8D9CC62D} : DhcpNameServer = 10.50.128.53 192.168.1.3 192.168.1.90

TCP: Interfaces\{E5340D64-A4FF-4FB5-88DA-665E8D9CC62D}\A79707865627 : DhcpNameServer = 192.168.1.3 10.50.129.148 4.2.2.4

TCP: Interfaces\{E5340D64-A4FF-4FB5-88DA-665E8D9CC62D}\A7970786562723 : DhcpNameServer = 192.168.1.3 192.168.1.90

TCP: Interfaces\{E5340D64-A4FF-4FB5-88DA-665E8D9CC62D}\A7970786562736 : DhcpNameServer = 192.168.1.3 192.168.1.90

TCP: Interfaces\{E5340D64-A4FF-4FB5-88DA-665E8D9CC62D}\A79707865627D27657563747 : DhcpNameServer = 192.168.1.3 192.168.1.90

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

LSA: Notification Packages = scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

BHO-X64: WebEx Productivity Tools: {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli.dll

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: IePasswordManagerHelper Class: {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files (x86)\Lenovo\Client Security Solution\tvtpwm_ie_com.dll

BHO-X64: Password Manager Browser Helper Object - No File

BHO-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

BHO-X64: Ask Toolbar BHO - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

TB-X64: WebEx Productivity Tools: {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli.dll

mRun-x64: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor

mRun-x64: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun-x64: [bareMetalRecoveryMonitor.exe] C:\Program Files (x86)\SonicWALL\BareMetalRecovery\BareMetalRecoveryMonitor.exe

mRun-x64: [AcronisTimounterMonitor] C:\Program Files (x86)\SonicWALL\BareMetalRecovery\TimounterMonitor.exe

mRun-x64: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe

mRun-x64: [systemRecoveryMonitor.exe] C:\Program Files (x86)\SonicWALL\BareMetalRecovery\SystemRecoveryMonitor.exe

mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRunOnce-x64: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

IE-X64: {638F11AA-DF27-433b-BA2E-7281CE561D71} - C:\Program Files (x86)\Xmarks\IE Extension\xmarkssync.exe

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\randerson\AppData\Roaming\Mozilla\Firefox\Profiles\9qvhu8bo.default\

FF - prefs.js: browser.startup.homepage - file:///C:/Users/randerson/Documents/bookmark.htm

FF - component: C:\Program Files (x86)\Lenovo\Client Security Solution\PWM Firefox Extension\components\tvtpwm_moz_xpcom.dll

FF - component: C:\Program Files (x86)\WebEx\Productivity Tools\components\OCFF.dll

FF - component: C:\Users\randerson\AppData\Roaming\Mozilla\Firefox\Profiles\9qvhu8bo.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}\platform\WINNT_x86-msvc\components\WeaveCrypto.dll

FF - component: C:\Users\randerson\AppData\Roaming\Mozilla\Firefox\Profiles\9qvhu8bo.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc_fireftp.dll

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npatgpc.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npyaxmpb.dll

FF - plugin: C:\Users\randerson\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll

FF - plugin: C:\Users\randerson\AppData\Roaming\Mozilla\Firefox\Profiles\9qvhu8bo.default\extensions\npNELaunch@sonicwall.com\plugins\npNELaunch.dll

FF - plugin: C:\Users\randerson\AppData\Roaming\Mozilla\Firefox\Profiles\9qvhu8bo.default\extensions\nprt@sonicwall.com\plugins\nprt.dll

FF - plugin: C:\Users\randerson\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll

FF - plugin: C:\Users\randerson\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: NetExtender Launcher : npNELaunch@sonicwall.com - %profile%\extensions\npNELaunch@sonicwall.com

FF - Ext: Webmail Ad Blocker: gmailnoads@mywebber.com - %profile%\extensions\gmailnoads@mywebber.com

FF - Ext: Ad blocker: {4DC70064-89E2-4a55-8FC6-E8CDEAE3612C} - %profile%\extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3612C}

FF - Ext: ColorfulTabs: {0545b830-f0aa-4d7e-8820-50a4629a56fe} - %profile%\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}

FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}

FF - Ext: FireFTP: {a7c6cf7f-112c-4500-a7ea-39801a327e5f} - %profile%\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}

FF - Ext: Virtual Assist Launcher: nprt@sonicwall.com - %profile%\extensions\nprt@sonicwall.com

FF - Ext: Xmarks: foxmarks@kei.com - %profile%\extensions\foxmarks@kei.com

FF - Ext: Firefox Sync: {340c2bbc-ce74-4362-90b5-7c26312808ef} - %profile%\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}

FF - Ext: ThinkVantage Password Manager: {FCF36B88-1BBA-487f-B64B-D2E8980A9293} - C:\Program Files (x86)\Lenovo\Client Security Solution\PWM Firefox Extension

FF - Ext: ocplugin: ocplugin@webex.com - C:\Program Files (x86)\WebEx\Productivity Tools

.

============= SERVICES / DRIVERS ===============

.

R0 DzHDD64;DzHDD64;C:\Windows\system32\DRIVERS\DzHDD64.sys --> C:\Windows\system32\DRIVERS\DzHDD64.sys [?]

R0 TPDIGIMN;TPDIGIMN;C:\Windows\system32\DRIVERS\ApsHM64.sys --> C:\Windows\system32\DRIVERS\ApsHM64.sys [?]

R1 lenovo.smi;Lenovo System Interface Driver;C:\Windows\system32\DRIVERS\smiifx64.sys --> C:\Windows\system32\DRIVERS\smiifx64.sys [?]

R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]

R2 CLDTVHNService;CLDTVHNService;C:\Program Files (x86)\DirecTV\DirecTV\Kernel\DMP\CLDTVHNService.exe [2010-10-28 75048]

R2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [2009-9-15 403456]

R2 EkaProt6;Ekahau User Protocol Driver for NDIS 6;C:\Windows\system32\DRIVERS\ekaprot6.sys --> C:\Windows\system32\DRIVERS\ekaprot6.sys [?]

R2 HsfXAudioService;HsfXAudioService;C:\Windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992]

R2 LENOVO.CAMMUTE;Lenovo Camera Mute;C:\Program Files\Lenovo\Communications Utility\CamMute.exe [2010-11-23 50536]

R2 LENOVO.MICMUTE;Lenovo Microphone Mute;C:\Program Files\Lenovo\HOTKEY\micmute.exe [2010-11-23 45496]

R2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe [2010-11-23 74088]

R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe [2010-11-23 93032]

R2 ntk_dtv;ntk_dtv;C:\Program Files (x86)\DirecTV\DirecTV\Kernel\DMP\ntk_dtv_64.sys [2010-10-28 82416]

R2 rimspci;rimspci;C:\Windows\system32\DRIVERS\rimspe64.sys --> C:\Windows\system32\DRIVERS\rimspe64.sys [?]

R2 smihlp2;SMI Helper Driver (smihlp2);C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [2009-3-13 13840]

R2 SncSch2Svc;SonicWALL Scheduler2 Service;C:\Program Files (x86)\Common Files\SonicWALL\Schedule2\schedul2.exe [2010-7-2 606560]

R2 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2010-8-24 92008]

R2 TPHKSVC;On Screen Display;C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe [2010-11-23 63928]

R2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [2009-9-15 907264]

R3 5U877;USB Video Device;C:\Windows\system32\DRIVERS\5U877.sys --> C:\Windows\system32\DRIVERS\5U877.sys [?]

R3 bpenum;bpenum;C:\Windows\system32\DRIVERS\bpenum.sys --> C:\Windows\system32\DRIVERS\bpenum.sys [?]

R3 bpmp;bpmp;C:\Windows\system32\DRIVERS\bpmp.sys --> C:\Windows\system32\DRIVERS\bpmp.sys [?]

R3 bpusb;bpusb;C:\Windows\system32\Drivers\bpusb.sys --> C:\Windows\system32\Drivers\bpusb.sys [?]

R3 CAXHWAZL;CAXHWAZL;C:\Windows\system32\DRIVERS\CAXHWAZL.sys --> C:\Windows\system32\DRIVERS\CAXHWAZL.sys [?]

R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;C:\Windows\system32\DRIVERS\e1k62x64.sys --> C:\Windows\system32\DRIVERS\e1k62x64.sys [?]

R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]

R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]

R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]

R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]

R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]

R3 NxDrv;SonicWALL NetExtender Adapter;C:\Windows\system32\DRIVERS\NxDrv.sys --> C:\Windows\system32\DRIVERS\NxDrv.sys [?]

R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-31 136176]

S2 sw_va_service;Virtual Assist;"C:\Users\randerson\AppData\Local\SonicWALL\VirtualAssist\VASAC.exe" -service --> C:\Users\randerson\AppData\Local\SonicWALL\VirtualAssist\VASAC.exe [?]

S3 androidusb;ADB Interface Driver;C:\Windows\system32\Drivers\androidusb.sys --> C:\Windows\system32\Drivers\androidusb.sys [?]

S3 btusbflt;Bluetooth USB Filter;C:\Windows\system32\drivers\btusbflt.sys --> C:\Windows\system32\drivers\btusbflt.sys [?]

S3 DozeSvc;Lenovo Doze Mode Service;C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2010-5-26 164200]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-31 136176]

S3 HTCAND64;HTC Device Driver;C:\Windows\system32\Drivers\ANDROIDUSB.sys --> C:\Windows\system32\Drivers\ANDROIDUSB.sys [?]

S3 MEMSWEEP2;MEMSWEEP2;\??\C:\Windows\system32\48ED.tmp --> C:\Windows\system32\48ED.tmp [?]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-12-27 31124344]

S3 NWUSBCDFIL64;Novatel Wireless Installation CD;C:\Windows\system32\DRIVERS\NwUsbCdFil64.sys --> C:\Windows\system32\DRIVERS\NwUsbCdFil64.sys [?]

S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;C:\Windows\system32\DRIVERS\nwusbser2.sys --> C:\Windows\system32\DRIVERS\nwusbser2.sys [?]

S3 Power Manager DBC Service;Power Manager DBC Service;C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe [2010-5-26 75112]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]

S3 silabenm;Silicon Labs CP210x USB to UART Bridge Serial Port Enumerator Driver;C:\Windows\system32\DRIVERS\silabenm.sys --> C:\Windows\system32\DRIVERS\silabenm.sys [?]

S3 silabser;Silicon Labs CP210x USB to UART Bridge Driver;C:\Windows\system32\DRIVERS\silabser.sys --> C:\Windows\system32\DRIVERS\silabser.sys [?]

S3 SMSIVZAM5X64;SMSIVZAM5X64 NDIS Protocol Driver;C:\PROGRA~2\VERIZO~1\VZACCE~1\SMSIVZAM5X64.SYS [2009-3-20 43032]

S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]

S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]

S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 vpcuxd;USB Virtualization Stub Service;C:\Windows\system32\drivers\vpcuxd.sys --> C:\Windows\system32\drivers\vpcuxd.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2011-09-14 19:33:09 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-09-14 16:01:13 8862544 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9173A697-8D0C-44F9-91A4-E26DA06F091E}\mpengine.dll

2011-09-14 13:57:29 -------- d-sh--w- C:\$RECYCLE.BIN

2011-09-14 12:36:03 -------- d-----w- C:\ComboFix

2011-09-14 01:43:44 6144 ------w- C:\Windows\System32\48ED.tmp

2011-09-14 01:43:09 6144 ------w- C:\Windows\System32\C175.tmp

2011-09-14 01:35:22 -------- d-----w- C:\Users\randerson\AppData\Local\Apple

2011-09-13 18:46:09 -------- d-----w- C:\Users\randerson\AppData\Local\Adobe

2011-09-13 00:34:44 98816 ----a-w- C:\Windows\sed.exe

2011-09-13 00:34:44 518144 ----a-w- C:\Windows\SWREG.exe

2011-09-13 00:34:44 256000 ----a-w- C:\Windows\PEV.exe

2011-09-13 00:34:44 208896 ----a-w- C:\Windows\MBR.exe

2011-09-13 00:17:30 -------- d-----w- C:\Windows\pss

2011-09-13 00:05:07 -------- d-----w- C:\Users\randerson\AppData\Local\Apple Computer

2011-09-12 14:13:16 6144 ------w- C:\Windows\System32\2C2F.tmp

2011-09-12 14:12:27 6144 ------w- C:\Windows\System32\6B11.tmp

2011-09-12 14:12:10 -------- d-----w- C:\Program Files (x86)\Sophos

2011-09-12 13:47:56 -------- d-----w- C:\Users\randerson\AppData\Roaming\Malwarebytes

2011-09-12 13:47:46 -------- d-----w- C:\ProgramData\Malwarebytes

2011-09-12 13:47:42 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2011-09-12 13:38:16 388096 ----a-r- C:\Users\randerson\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-09-12 13:38:15 -------- d-----w- C:\Program Files (x86)\Trend Micro

2011-09-09 19:40:44 601424 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DC7B2E94-26AD-4C01-B1D7-1AB41656C83B}\gapaengine.dll

2011-08-25 13:48:28 -------- d-----w- C:\Users\randerson\AppData\Local\WebEx

2011-08-25 13:15:34 -------- d-----w- C:\Program Files (x86)\WebEx

2011-08-24 15:44:41 -------- d--h--w- C:\Users\randerson\Ekahau Site Survey

2011-08-24 15:44:00 -------- d-----w- C:\Program Files\Ekahau

2011-08-24 11:17:39 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2011-08-24 11:17:39 2048 ----a-w- C:\Windows\System32\tzres.dll

2011-08-24 11:06:44 -------- d-----w- C:\Program Files (x86)\Xmarks

2011-08-23 13:27:49 -------- d-----w- C:\Program Files\iTunes

2011-08-23 13:27:49 -------- d-----w- C:\Program Files\iPod

2011-08-23 13:27:49 -------- d-----w- C:\Program Files (x86)\iTunes

.

==================== Find3M ====================

.

2011-09-14 01:35:21 17920 ----a-w- C:\Windows\System32\rpcnetp.exe

2011-09-13 01:48:36 58288 ----a-w- C:\Windows\SysWow64\rpcnet.dll

2011-08-16 18:02:16 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2011-07-22 05:42:23 2303488 ----a-w- C:\Windows\System32\jscript9.dll

2011-07-22 05:36:16 1389056 ----a-w- C:\Windows\System32\wininet.dll

2011-07-22 05:32:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2011-07-22 02:54:43 1797632 ----a-w- C:\Windows\SysWow64\jscript9.dll

2011-07-22 02:48:26 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll

2011-07-22 02:44:36 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2011-07-16 05:41:50 362496 ----a-w- C:\Windows\System32\wow64win.dll

2011-07-16 05:41:49 243200 ----a-w- C:\Windows\System32\wow64.dll

2011-07-16 05:41:49 13312 ----a-w- C:\Windows\System32\wow64cpu.dll

2011-07-16 05:39:10 16384 ----a-w- C:\Windows\System32\ntvdm64.dll

2011-07-16 05:37:12 421888 ----a-w- C:\Windows\System32\KernelBase.dll

2011-07-16 04:29:19 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2011-07-16 04:26:00 44032 ----a-w- C:\Windows\apppatch\acwow64.dll

2011-07-16 04:25:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2011-07-16 04:24:23 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2011-07-16 04:24:22 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll

2011-07-16 02:21:44 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2011-07-16 02:21:41 2048 ----a-w- C:\Windows\SysWow64\user.exe

2011-07-16 02:17:19 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

2011-07-16 02:17:19 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

2011-07-16 02:17:19 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

2011-07-16 02:17:19 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

2011-07-12 15:34:00 96104 ----a-w- C:\Windows\System32\dns-sd.exe

2011-07-12 15:34:00 85864 ----a-w- C:\Windows\System32\dnssd.dll

2011-07-12 15:34:00 61288 ----a-w- C:\Windows\System32\jdns_sd.dll

2011-07-12 15:34:00 212840 ----a-w- C:\Windows\System32\dnssdX.dll

2011-07-12 15:20:54 83816 ----a-w- C:\Windows\SysWow64\dns-sd.exe

2011-07-12 15:20:54 73064 ----a-w- C:\Windows\SysWow64\dnssd.dll

2011-07-12 15:20:54 50536 ----a-w- C:\Windows\SysWow64\jdns_sd.dll

2011-07-12 15:20:54 178536 ----a-w- C:\Windows\SysWow64\dnssdX.dll

2011-07-09 02:46:28 288768 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys

2011-07-05 22:37:00 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx

2011-07-05 22:37:00 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts

2011-06-24 05:34:53 214528 ----a-w- C:\Windows\System32\winsrv.dll

2011-06-24 05:25:49 338432 ----a-w- C:\Windows\System32\conhost.exe

2011-06-23 05:43:12 5561216 ----a-w- C:\Windows\System32\ntoskrnl.exe

2011-06-23 04:33:57 3967872 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2011-06-23 04:33:57 3912576 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2011-06-21 06:34:00 1923968 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2011-06-17 15:22:15 13160 ----a-w- C:\Windows\SysWow64\Upgrd.exe

2011-06-17 15:22:09 58288 ------w- C:\Windows\SysWow64\rpcnet.exe

.

============= FINISH: 15:47:11.57 ===============

Link to post
Share on other sites

ComboFix 11-09-16.01 - randerson 09/17/2011 7:25.3.4 - x64

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3956.2487 [GMT -4:00]

Running from: c:\users\randerson\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((( Files Created from 2011-08-17 to 2011-09-17 )))))))))))))))))))))))))))))))

.

.

2011-09-17 11:56 . 2011-09-17 11:56 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp

2011-09-17 11:56 . 2011-09-17 11:56 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-09-17 11:56 . 2011-09-17 11:56 -------- d-----w- c:\users\Classic .NET AppPool\AppData\Local\temp

2011-09-17 11:56 . 2011-09-17 11:56 -------- d-----w- c:\users\Administrator\AppData\Local\temp

2011-09-16 22:00 . 2011-08-12 04:10 8862544 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9D9EC29C-343D-460A-9EDE-02C9C4875785}\mpengine.dll

2011-09-16 21:57 . 2011-09-16 21:57 111408 ----a-w- c:\windows\system32\drivers\43042586.sys

2011-09-16 21:20 . 2011-09-16 21:20 -------- d-----w- c:\programdata\Kaspersky Lab

2011-09-14 01:43 . 2011-05-12 18:03 6144 ------w- c:\windows\system32\48ED.tmp

2011-09-14 01:43 . 2011-05-12 18:03 6144 ------w- c:\windows\system32\C175.tmp

2011-09-14 01:35 . 2011-09-14 01:35 -------- d-----w- c:\users\randerson\AppData\Local\Apple

2011-09-13 18:46 . 2011-09-13 18:46 -------- d-----w- c:\users\randerson\AppData\Local\Adobe

2011-09-13 00:05 . 2011-09-13 00:05 -------- d-----w- c:\users\randerson\AppData\Local\Apple Computer

2011-09-12 14:13 . 2011-05-12 18:03 6144 ------w- c:\windows\system32\2C2F.tmp

2011-09-12 14:12 . 2011-05-12 18:03 6144 ------w- c:\windows\system32\6B11.tmp

2011-09-12 14:12 . 2011-09-12 14:12 -------- d-----w- c:\program files (x86)\Sophos

2011-09-12 13:47 . 2011-09-12 13:47 -------- d-----w- c:\users\randerson\AppData\Roaming\Malwarebytes

2011-09-12 13:47 . 2011-09-12 13:47 -------- d-----w- c:\programdata\Malwarebytes

2011-09-12 13:47 . 2011-09-14 19:33 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2011-09-12 13:38 . 2011-09-12 13:38 388096 ----a-r- c:\users\randerson\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-09-12 13:38 . 2011-09-12 13:38 -------- d-----w- c:\program files (x86)\Trend Micro

2011-09-09 19:40 . 2011-04-18 18:35 601424 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DC7B2E94-26AD-4C01-B1D7-1AB41656C83B}\gapaengine.dll

2011-09-05 17:04 . 2011-09-05 17:04 183696 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll

2011-09-05 17:04 . 2011-09-05 17:04 183696 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll

2011-08-25 13:48 . 2011-09-09 19:32 -------- d-----w- c:\users\randerson\AppData\Local\WebEx

2011-08-25 13:15 . 2011-09-09 19:19 -------- d-----w- c:\program files (x86)\WebEx

2011-08-24 15:44 . 2011-08-24 15:48 -------- d--h--w- c:\users\randerson\Ekahau Site Survey

2011-08-24 15:44 . 2011-09-09 19:19 -------- d-----w- c:\program files\Ekahau

2011-08-24 11:17 . 2011-07-09 05:26 2048 ----a-w- c:\windows\system32\tzres.dll

2011-08-24 11:17 . 2011-07-09 04:29 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2011-08-24 11:06 . 2011-09-09 19:19 -------- d-----w- c:\program files (x86)\Xmarks

2011-08-23 13:27 . 2011-09-09 19:31 -------- d-----w- c:\program files\iTunes

2011-08-23 13:27 . 2011-09-09 19:31 -------- d-----w- c:\program files\iPod

2011-08-23 13:27 . 2011-09-09 19:31 -------- d-----w- c:\program files (x86)\iTunes

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-09-17 11:05 . 2010-05-26 15:15 17920 ----a-w- c:\windows\system32\rpcnetp.exe

2011-09-16 15:41 . 2010-05-26 13:41 58288 ----a-w- c:\windows\SysWow64\rpcnet.dll

2011-08-16 18:02 . 2011-05-24 15:05 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-08-12 04:10 . 2011-04-20 12:39 8862544 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2011-07-22 05:42 . 2011-08-12 09:36 2303488 ----a-w- c:\windows\system32\jscript9.dll

2011-07-22 05:36 . 2011-08-12 09:35 1389056 ----a-w- c:\windows\system32\wininet.dll

2011-07-22 05:32 . 2011-08-12 09:36 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2011-07-22 02:54 . 2011-08-12 09:36 1797632 ----a-w- c:\windows\SysWow64\jscript9.dll

2011-07-22 02:48 . 2011-08-12 09:35 1126912 ----a-w- c:\windows\SysWow64\wininet.dll

2011-07-22 02:44 . 2011-08-12 09:36 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb

2011-07-16 05:41 . 2011-08-11 11:11 362496 ----a-w- c:\windows\system32\wow64win.dll

2011-07-16 05:41 . 2011-08-11 11:11 243200 ----a-w- c:\windows\system32\wow64.dll

2011-07-16 05:41 . 2011-08-11 11:11 13312 ----a-w- c:\windows\system32\wow64cpu.dll

2011-07-16 05:39 . 2011-08-11 11:11 16384 ----a-w- c:\windows\system32\ntvdm64.dll

2011-07-16 05:37 . 2011-08-11 11:11 421888 ----a-w- c:\windows\system32\KernelBase.dll

2011-07-16 05:21 . 2011-08-11 11:11 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 11:11 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 11:11 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 11:11 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 11:11 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 11:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 11:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 11:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 11:11 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 11:11 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 11:11 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 11:11 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 11:11 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 11:11 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 11:11 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 11:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 11:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 11:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 11:11 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 11:11 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 11:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 11:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 11:11 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 11:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 11:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 11:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 11:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 11:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll

2011-07-16 04:29 . 2011-08-11 11:11 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll

2011-07-16 04:26 . 2011-08-11 11:11 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2011-07-16 04:25 . 2011-08-11 11:11 25600 ----a-w- c:\windows\SysWow64\setup16.exe

2011-07-16 04:24 . 2011-08-11 11:11 5120 ----a-w- c:\windows\SysWow64\wow32.dll

2011-07-16 04:24 . 2011-08-11 11:11 272384 ----a-w- c:\windows\SysWow64\KernelBase.dll

2011-07-16 04:15 . 2011-08-11 11:11 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll

2011-07-16 04:15 . 2011-08-11 11:11 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll

2011-07-16 04:15 . 2011-08-11 11:11 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll

2011-07-16 04:15 . 2011-08-11 11:11 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll

2011-07-16 04:15 . 2011-08-11 11:11 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll

2011-07-16 04:15 . 2011-08-11 11:11 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll

2011-07-16 04:15 . 2011-08-11 11:11 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll

2011-07-16 04:15 . 2011-08-11 11:11 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll

2011-07-16 04:15 . 2011-08-11 11:11 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll

2011-07-16 04:15 . 2011-08-11 11:11 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll

2011-07-16 04:15 . 2011-08-11 11:11 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll

2011-07-16 04:15 . 2011-08-11 11:11 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll

2011-07-16 04:15 . 2011-08-11 11:11 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll

2011-07-16 04:15 . 2011-08-11 11:11 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll

2011-07-16 04:15 . 2011-08-11 11:11 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll

2011-07-16 04:15 . 2011-08-11 11:11 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll

2011-07-16 04:15 . 2011-08-11 11:11 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll

2011-07-16 04:15 . 2011-08-11 11:11 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll

2011-07-16 04:15 . 2011-08-11 11:11 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll

2011-07-16 04:15 . 2011-08-11 11:11 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll

2011-07-16 04:15 . 2011-08-11 11:11 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll

2011-07-16 04:15 . 2011-08-11 11:11 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll

2011-07-16 04:15 . 2011-08-11 11:11 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll

2011-07-16 04:15 . 2011-08-11 11:11 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll

2011-07-16 02:21 . 2011-08-11 11:11 7680 ----a-w- c:\windows\SysWow64\instnm.exe

2011-07-16 02:21 . 2011-08-11 11:11 2048 ----a-w- c:\windows\SysWow64\user.exe

2011-07-16 02:17 . 2011-08-11 11:11 6144 ---ha-w- c:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

2011-07-16 02:17 . 2011-08-11 11:11 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

2011-07-16 02:17 . 2011-08-11 11:11 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

2011-07-16 02:17 . 2011-08-11 11:11 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

2011-07-13 04:53 . 2011-08-01 21:30 8578896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll

2011-07-12 15:34 . 2011-07-12 15:34 96104 ----a-w- c:\windows\system32\dns-sd.exe

2011-07-12 15:34 . 2011-07-12 15:34 85864 ----a-w- c:\windows\system32\dnssd.dll

2011-07-12 15:34 . 2011-07-12 15:34 61288 ----a-w- c:\windows\system32\jdns_sd.dll

2011-07-12 15:34 . 2011-07-12 15:34 212840 ----a-w- c:\windows\system32\dnssdX.dll

2011-07-12 15:20 . 2011-07-12 15:20 83816 ----a-w- c:\windows\SysWow64\dns-sd.exe

2011-07-12 15:20 . 2011-07-12 15:20 73064 ----a-w- c:\windows\SysWow64\dnssd.dll

2011-07-12 15:20 . 2011-07-12 15:20 50536 ----a-w- c:\windows\SysWow64\jdns_sd.dll

2011-07-12 15:20 . 2011-07-12 15:20 178536 ----a-w- c:\windows\SysWow64\dnssdX.dll

2011-07-09 02:46 . 2011-08-11 11:11 288768 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2011-07-05 22:37 . 2011-07-05 22:37 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx

2011-07-05 22:37 . 2011-07-05 22:37 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts

2011-06-24 05:34 . 2011-08-11 11:11 214528 ----a-w- c:\windows\system32\winsrv.dll

2011-06-24 05:25 . 2011-08-11 11:11 338432 ----a-w- c:\windows\system32\conhost.exe

2011-06-23 05:43 . 2011-08-11 11:11 5561216 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-06-23 04:33 . 2011-08-11 11:11 3912576 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2011-06-23 04:33 . 2011-08-11 11:11 3967872 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2011-06-21 06:34 . 2011-08-11 11:11 1923968 ----a-w- c:\windows\system32\drivers\tcpip.sys

.

.

((((((((((((((((((((((((((((( SnapShot@2011-09-13_01.22.21 )))))))))))))))))))))))))))))))))))))))))

.

- 2009-07-14 05:10 . 2011-09-13 01:22 36190 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2011-09-16 15:44 36190 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2010-05-26 12:47 . 2011-09-16 15:44 11076 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2929948100-151609578-3226734464-1000_UserData.bin

- 2010-05-26 15:19 . 2011-09-13 01:19 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2010-05-26 15:19 . 2011-09-16 16:50 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2010-05-26 15:19 . 2011-09-16 16:50 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2010-05-26 15:19 . 2011-09-13 01:19 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:54 . 2011-09-16 16:50 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-07-14 04:54 . 2011-09-13 01:19 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2011-06-06 16:55 . 2011-06-06 16:55 73624 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\wow_helper.exe

+ 2011-06-06 16:55 . 2011-06-06 16:55 17304 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\ViewerPS.dll

+ 2011-06-06 16:55 . 2011-06-06 16:55 35736 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\reader_sl.exe

+ 2011-06-06 16:55 . 2011-06-06 16:55 88992 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\PDFPrevHndlr.dll

+ 2011-06-06 16:55 . 2011-06-06 16:55 94608 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\eula.exe

+ 2011-06-06 16:55 . 2011-06-06 16:55 49064 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acrotextextractor.exe

+ 2011-06-06 16:55 . 2011-06-06 16:55 17824 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32Info.exe

+ 2011-06-06 16:55 . 2011-06-06 16:55 63912 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acroiehelpershim.dll

+ 2011-06-06 16:55 . 2011-06-06 16:55 64928 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroIEHelper.dll

+ 2011-06-06 16:55 . 2011-06-06 16:55 63384 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\Acrofx32.dll

- 2011-09-13 01:19 . 2011-09-13 01:19 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2011-09-16 15:41 . 2011-09-16 15:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2011-09-16 15:41 . 2011-09-16 15:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2011-09-13 01:19 . 2011-09-13 01:19 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2010-05-27 07:55 . 2011-09-16 12:12 368690 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin

- 2009-07-14 02:36 . 2011-09-13 00:23 725326 c:\windows\system32\perfh009.dat

+ 2009-07-14 02:36 . 2011-09-16 15:47 725326 c:\windows\system32\perfh009.dat

+ 2009-07-14 02:36 . 2011-09-16 15:47 143512 c:\windows\system32\perfc009.dat

- 2009-07-14 02:36 . 2011-09-13 00:23 143512 c:\windows\system32\perfc009.dat

+ 2011-06-06 16:55 . 2011-06-06 16:55 249232 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\sqlite.dll

+ 2011-06-06 16:55 . 2011-06-06 16:55 394136 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\pdfshell.dll

+ 2011-06-06 16:55 . 2011-06-06 16:55 183696 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\nppdf32.dll

+ 2011-06-06 16:55 . 2011-06-06 16:55 104344 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AiodLite.dll

+ 2011-06-06 16:55 . 2011-06-06 16:55 102808 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRdIF.dll

+ 2011-06-06 16:55 . 2011-06-06 16:55 755088 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroPDF.dll

+ 2011-06-06 16:55 . 2011-06-06 16:55 296344 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acrobroker.exe

+ 2011-06-06 16:55 . 2011-06-06 16:55 205720 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\a3dutils.dll

+ 2010-05-26 13:35 . 2011-09-16 15:40 5426928 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

- 2010-05-26 13:35 . 2011-09-13 01:18 5426928 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

+ 2011-09-09 19:59 . 2011-09-09 19:59 5423104 c:\windows\Installer\ec9d289.msi

+ 2011-06-06 16:55 . 2011-06-06 16:55 2215312 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\rt3d.dll

+ 2011-06-06 16:55 . 2011-06-06 16:55 6543768 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\authplay.dll

+ 2011-06-06 16:55 . 2011-06-06 16:55 1240992 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AdobeCollabSync.exe

+ 2011-06-06 16:55 . 2011-06-06 16:55 1480600 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32.exe

+ 2011-09-05 22:01 . 2011-09-05 22:01 13135872 c:\windows\Installer\11dba583.msp

+ 2011-06-06 16:55 . 2011-06-06 16:55 24731544 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]

2010-02-04 20:50 1197448 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]

.

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

"ISUSPM"="c:\programdata\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2007-07-12 226904]

"Xmarks"="c:\program files (x86)\Xmarks\IE Extension\xmarkssync.exe" [2011-08-19 1121832]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2010-05-12 1128296]

"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

"BareMetalRecoveryMonitor.exe"="c:\program files (x86)\SonicWALL\BareMetalRecovery\BareMetalRecoveryMonitor.exe" [2010-07-02 1275432]

"AcronisTimounterMonitor"="c:\program files (x86)\SonicWALL\BareMetalRecovery\TimounterMonitor.exe" [2010-07-02 884288]

"RotateImage"="c:\program files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe" [2008-10-30 55808]

"SystemRecoveryMonitor.exe"="c:\program files (x86)\SonicWALL\BareMetalRecovery\SystemRecoveryMonitor.exe" [2011-03-01 1275392]

"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-08-19 421736]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]

"GrpConv"="grpconv -o" [X]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Digital Line Detect.lnk - c:\program files (x86)\Digital Line Detect\DLG.exe [2010-11-3 50688]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

"DisableCAD"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages REG_MULTI_SZ scecli c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rpcnet]

@="Service"

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-18 136176]

R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]

R2 sw_va_service;Virtual Assist;c:\users\randerson\AppData\Local\SonicWALL\VirtualAssist\VASAC.exe [x]

R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys [x]

R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]

R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]

R3 DozeSvc;Lenovo Doze Mode Service;c:\program files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2010-05-12 164200]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-18 136176]

R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\48ED.tmp [x]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-12-28 31124344]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]

R3 NWUSBCDFIL64;Novatel Wireless Installation CD;c:\windows\system32\DRIVERS\NwUsbCdFil64.sys [x]

R3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\DRIVERS\nwusbser2.sys [x]

R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2010-05-12 75112]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]

R3 silabenm;Silicon Labs CP210x USB to UART Bridge Serial Port Enumerator Driver;c:\windows\system32\DRIVERS\silabenm.sys [x]

R3 silabser;Silicon Labs CP210x USB to UART Bridge Driver;c:\windows\system32\DRIVERS\silabser.sys [x]

R3 SMSIVZAM5X64;SMSIVZAM5X64 NDIS Protocol Driver;c:\progra~2\VERIZO~1\VZACCE~1\SMSIVZAM5X64.SYS [2009-03-20 43032]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

R3 vpcuxd;USB Virtualization Stub Service;c:\windows\system32\drivers\vpcuxd.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S0 DzHDD64;DzHDD64;c:\windows\System32\DRIVERS\DzHDD64.sys [x]

S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys [x]

S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]

S2 CLDTVHNService;CLDTVHNService;c:\program files (x86)\DirecTV\DirecTV\Kernel\DMP\CLDTVHNService.exe [2010-10-29 75048]

S2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [2009-09-16 403456]

S2 EkaProt6;Ekahau User Protocol Driver for NDIS 6;c:\windows\system32\DRIVERS\ekaprot6.sys [x]

S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136]

S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [2010-07-27 50536]

S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2010-04-07 45496]

S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [2010-07-27 74088]

S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2010-04-07 93032]

S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]

S2 ntk_dtv;ntk_dtv;c:\program files (x86)\DirecTV\DirecTV\Kernel\DMP\ntk_dtv_64.sys [2010-10-29 82416]

S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys [x]

S2 smihlp2;SMI Helper Driver (smihlp2);c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [2009-03-13 13840]

S2 SncSch2Svc;SonicWALL Scheduler2 Service;c:\program files (x86)\Common Files\SonicWALL\Schedule2\schedul2.exe [2010-07-02 606560]

S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2010-08-24 92008]

S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2010-04-07 63928]

S2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [2009-09-16 907264]

S3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys [x]

S3 bpenum;bpenum;c:\windows\system32\DRIVERS\bpenum.sys [x]

S3 bpmp;bpmp;c:\windows\system32\DRIVERS\bpmp.sys [x]

S3 bpusb;bpusb;c:\windows\system32\Drivers\bpusb.sys [x]

S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [x]

S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [x]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]

S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]

S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]

S3 NxDrv;SonicWALL NetExtender Adapter;c:\windows\system32\DRIVERS\NxDrv.sys [x]

S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - 1166329DRV

*NewlyCreated* - 28962829

*NewlyCreated* - 60271316

*Deregistered* - 60271316

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

iissvcs REG_MULTI_SZ w3svc was

apphost REG_MULTI_SZ apphostsvc

.

Contents of the 'Scheduled Tasks' folder

.

2011-09-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-01 18:29]

.

2011-09-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-01 18:29]

.

2011-09-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2929948100-151609578-3226734464-1000Core.job

- c:\users\randerson\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-28 01:18]

.

2011-09-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2929948100-151609578-3226734464-1000UA.job

- c:\users\randerson\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-28 01:18]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TpShocks"="TpShocks.exe" [2011-01-14 380776]

"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-16 307768]

"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]

"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2010-07-27 62312]

"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2010-07-27 69560]

"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2010-12-13 5989688]

"SonicWALL Scheduler2 Service"="c:\program files (x86)\Common Files\SonicWALL\Schedule2\schedhlp.exe" [2010-07-02 136544]

"PSQLLauncher"="c:\program files\ThinkVantage Fingerprint Software\launcher.exe" [2010-12-08 85328]

"SonicWALLNetExtender"="c:\program files (x86)\SonicWALL\SSL-VPN\NetExtender\NEGui.exe" [2011-07-29 1103744]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = file:///C:/Users/randerson/Documents/bookmark.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105

Trusted Zone: //about.htm/

Trusted Zone: //Exclude.htm/

Trusted Zone: //LanguageSelection.htm/

Trusted Zone: //Message.htm/

Trusted Zone: //MyAgttryCmd.htm/

Trusted Zone: //MyAgttryNag.htm/

Trusted Zone: //MyNotification.htm/

Trusted Zone: //NOCLessUpdate.htm/

Trusted Zone: //quarantine.htm/

Trusted Zone: //ScanNow.htm/

Trusted Zone: //strings.vbs/

Trusted Zone: //Template.htm/

Trusted Zone: //Update.htm/

Trusted Zone: //VirFound.htm/

Trusted Zone: mcafee.com\*

Trusted Zone: mcafeeasap.com\betavscan

Trusted Zone: mcafeeasap.com\vs

Trusted Zone: mcafeeasap.com\www

TCP: DhcpNameServer = 10.50.128.53 192.168.1.3 192.168.1.90

DPF: {AD545DE1-CA51-4DB3-BFE9-FA898626B926} - hxxps://sravm.randerson.homedns.org/VAX.cab

DPF: {CB7FBF9A-F0FE-4DF2-AFDD-4EA305116E3B} - hxxp://software.sonicwall.com/applications/SEC/Beta/ClientSoftware/SWECMControlX.cab

FF - ProfilePath - c:\users\randerson\AppData\Roaming\Mozilla\Firefox\Profiles\9qvhu8bo.default\

FF - prefs.js: browser.startup.homepage - file:///C:/Users/randerson/Documents/bookmark.htm

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: NetExtender Launcher : npNELaunch@sonicwall.com - %profile%\extensions\npNELaunch@sonicwall.com

FF - Ext: Webmail Ad Blocker: gmailnoads@mywebber.com - %profile%\extensions\gmailnoads@mywebber.com

FF - Ext: Ad blocker: {4DC70064-89E2-4a55-8FC6-E8CDEAE3612C} - %profile%\extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3612C}

FF - Ext: ColorfulTabs: {0545b830-f0aa-4d7e-8820-50a4629a56fe} - %profile%\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}

FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}

FF - Ext: FireFTP: {a7c6cf7f-112c-4500-a7ea-39801a327e5f} - %profile%\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}

FF - Ext: Virtual Assist Launcher: nprt@sonicwall.com - %profile%\extensions\nprt@sonicwall.com

FF - Ext: Xmarks: foxmarks@kei.com - %profile%\extensions\foxmarks@kei.com

FF - Ext: Firefox Sync: {340c2bbc-ce74-4362-90b5-7c26312808ef} - %profile%\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}

FF - Ext: ThinkVantage Password Manager: {FCF36B88-1BBA-487f-B64B-D2E8980A9293} - c:\program files (x86)\Lenovo\Client Security Solution\PWM Firefox Extension

FF - Ext: ocplugin: ocplugin@webex.com - c:\program files (x86)\WebEx\Productivity Tools

.

- - - - ORPHANS REMOVED - - - -

.

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MEMSWEEP2]

"ImagePath"="\??\c:\windows\system32\48ED.tmp"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-2929948100-151609578-3226734464-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\H*o*m*e* *P*l*a*n*s* \Maybe]

"Order"=hex:08,00,00,00,02,00,00,00,a2,06,00,00,01,00,00,00,07,00,00,00,f8,00,

00,00,00,00,00,00,ea,00,32,00,84,00,00,00,00,e2,39,7f,20,00,4c,41,52,47,45,\

.

[HKEY_USERS\S-1-5-21-2929948100-151609578-3226734464-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\H*o*m*e* *P*l*a*n*s* \SIP]

"Order"=hex:08,00,00,00,02,00,00,00,d4,00,00,00,01,00,00,00,01,00,00,00,c8,00,

00,00,00,00,00,00,ba,00,32,00,84,00,00,00,00,fb,c5,d3,20,00,50,4c,41,4e,57,\

.

[HKEY_USERS\S-1-5-21-2929948100-151609578-3226734464-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\H*o*m*e* *T*h*e*a*t*e*r* \Wireless Headset]

"Order"=hex:08,00,00,00,02,00,00,00,82,03,00,00,01,00,00,00,04,00,00,00,f8,00,

00,00,03,00,00,00,ea,00,32,00,84,00,00,00,00,3a,11,46,20,00,41,4d,41,5a,4f,\

.

[HKEY_USERS\S-1-5-21-2929948100-151609578-3226734464-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\L*a*b* *M*a*n*a*g*e*m*e*n*t* \SSL-VPN]

"Order"=hex:08,00,00,00,02,00,00,00,c2,05,00,00,01,00,00,00,0a,00,00,00,a2,00,

00,00,00,00,00,00,94,00,32,00,84,00,00,00,00,64,8b,e9,20,00,41,56,45,4e,54,\

.

[HKEY_USERS\S-1-5-21-2929948100-151609578-3226734464-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\P*e*r*s*o*n*a*l* \Finance]

"Order"=hex:08,00,00,00,02,00,00,00,02,0c,00,00,01,00,00,00,15,00,00,00,92,00,

00,00,00,00,00,00,84,00,32,00,84,00,00,00,00,84,63,a4,20,00,41,44,50,49,50,\

.

[HKEY_USERS\S-1-5-21-2929948100-151609578-3226734464-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\P*e*r*s*o*n*a*l* \Healthcare]

"Order"=hex:08,00,00,00,02,00,00,00,0e,02,00,00,01,00,00,00,04,00,00,00,7c,00,

00,00,00,00,00,00,6e,00,32,00,84,00,00,00,00,5d,db,75,20,00,45,42,53,2d,41,\

.

[HKEY_USERS\S-1-5-21-2929948100-151609578-3226734464-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\P*e*r*s*o*n*a*l* \Lexus]

"Order"=hex:08,00,00,00,02,00,00,00,ec,08,00,00,01,00,00,00,0d,00,00,00,7a,00,

00,00,00,00,00,00,6c,00,32,00,84,00,00,00,00,5a,29,73,20,00,42,55,52,44,49,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2011-09-17 08:16:28

ComboFix-quarantined-files.txt 2011-09-17 12:16

ComboFix2.txt 2011-09-13 01:43

.

Pre-Run: 376,616,964,096 bytes free

Post-Run: 376,375,603,200 bytes free

.

- - End Of File - - 9873DCBC4E940662F9247C94ED9EB026

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421

Run by randerson at 13:16:14 on 2011-09-17

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3956.2242 [GMT -4:00]

.

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\ibmpmsvc.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\conhost.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Windows\system32\svchost.exe -k apphost

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\PROGRA~1\Lenovo\HOTKEY\tpnumlk.exe

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

C:\Program Files (x86)\DirecTV\DirecTV\Kernel\DMP\CLDTVHNService.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Windows\system32\svchost.exe -k HsfXAudioService

C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe

C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe

C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe

C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

C:\Windows\SysWOW64\rpcnet.exe

C:\Program Files (x86)\Common Files\SonicWALL\Schedule2\schedul2.exe

C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEService64.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe

C:\Program Files (x86)\Lenovo\Client Security Solution\tvttcsd.exe

C:\Windows\system32\svchost.exe -k iissvcs

C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe

C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe

C:\Program Files\Intel\WiFi\bin\EvtEng.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\WUDFHost.exe

C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe

C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\TpShocks.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe

C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe

C:\Program Files\Lenovo\Client Security Solution\cssauth.exe

C:\Program Files (x86)\Common Files\SonicWALL\Schedule2\schedhlp.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe

C:\Program Files\Lenovo\Zoom\TpScrex.exe

C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEGui.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files (x86)\Xmarks\IE Extension\xmarkssync.exe

C:\Program Files (x86)\Digital Line Detect\DLG.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Windows\system32\rundll32.exe

C:\Program Files (x86)\SonicWALL\BareMetalRecovery\BareMetalRecoveryMonitor.exe

C:\Program Files (x86)\SonicWALL\BareMetalRecovery\TimounterMonitor.exe

C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files (x86)\Lenovo\System Update\SUService.exe

C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\system32\REGSVR32.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = file:///C:/Users/randerson/Documents/bookmark.htm

uInternet Settings,ProxyOverride = *.local

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

BHO: WebEx Productivity Tools: {90e2ba2e-dd1b-4cde-9134-7a8b86d33ca7} - C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

BHO: IePasswordManagerHelper Class: {bf468356-bb7e-42d7-9f15-4f3b9bcfced2} - C:\Program Files (x86)\Lenovo\Client Security Solution\tvtpwm_ie_com.dll

BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

TB: WebEx Productivity Tools: {90e2ba2e-dd1b-4cde-9134-7a8b86d33ca7} - C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli.dll

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [iSUSPM] "C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler

uRun: [Xmarks] C:\Program Files (x86)\Xmarks\IE Extension\xmarkssync.exe -q

mRun: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor

mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun: [bareMetalRecoveryMonitor.exe] C:\Program Files (x86)\SonicWALL\BareMetalRecovery\BareMetalRecoveryMonitor.exe

mRun: [AcronisTimounterMonitor] C:\Program Files (x86)\SonicWALL\BareMetalRecovery\TimounterMonitor.exe

mRun: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe

mRun: [systemRecoveryMonitor.exe] C:\Program Files (x86)\SonicWALL\BareMetalRecovery\SystemRecoveryMonitor.exe

mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRunOnce: [GrpConv] grpconv -o

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\DIGITA~1.LNK - C:\Program Files (x86)\Digital Line Detect\DLG.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

mPolicies-system: DisableCAD = 1 (0x1)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

IE: {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files (x86)\Lenovo\Client Security Solution\tvtpwm_ie_com.dll

Trusted Zone: //about.htm/

Trusted Zone: //Exclude.htm/

Trusted Zone: //LanguageSelection.htm/

Trusted Zone: //Message.htm/

Trusted Zone: //MyAgttryCmd.htm/

Trusted Zone: //MyAgttryNag.htm/

Trusted Zone: //MyNotification.htm/

Trusted Zone: //NOCLessUpdate.htm/

Trusted Zone: //quarantine.htm/

Trusted Zone: //ScanNow.htm/

Trusted Zone: //strings.vbs/

Trusted Zone: //Template.htm/

Trusted Zone: //Update.htm/

Trusted Zone: //VirFound.htm/

Trusted Zone: mcafee.com\*

Trusted Zone: mcafeeasap.com\betavscan

Trusted Zone: mcafeeasap.com\vs

Trusted Zone: mcafeeasap.com\www

DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll

DPF: {AD545DE1-CA51-4DB3-BFE9-FA898626B926} - hxxps://sravm.randerson.homedns.org/VAX.cab

DPF: {CB7FBF9A-F0FE-4DF2-AFDD-4EA305116E3B} - hxxp://software.sonicwall.com/applications/SEC/Beta/ClientSoftware/SWECMControlX.cab

TCP: DhcpNameServer = 10.50.128.53 192.168.1.3 192.168.1.90

TCP: Interfaces\{BA3D01B2-E515-4FA7-BB7C-0F54EE1195DA} : DhcpNameServer = 166.102.165.11 166.102.165.13

TCP: Interfaces\{E5340D64-A4FF-4FB5-88DA-665E8D9CC62D} : DhcpNameServer = 10.50.128.53 192.168.1.3 192.168.1.90

TCP: Interfaces\{E5340D64-A4FF-4FB5-88DA-665E8D9CC62D}\A79707865627 : DhcpNameServer = 192.168.1.3 10.50.129.148 4.2.2.4

TCP: Interfaces\{E5340D64-A4FF-4FB5-88DA-665E8D9CC62D}\A7970786562723 : DhcpNameServer = 192.168.1.3 192.168.1.90

TCP: Interfaces\{E5340D64-A4FF-4FB5-88DA-665E8D9CC62D}\A7970786562736 : DhcpNameServer = 192.168.1.3 192.168.1.90

TCP: Interfaces\{E5340D64-A4FF-4FB5-88DA-665E8D9CC62D}\A79707865627D27657563747 : DhcpNameServer = 192.168.1.3 192.168.1.90

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

LSA: Notification Packages = scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

BHO-X64: WebEx Productivity Tools: {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli.dll

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: IePasswordManagerHelper Class: {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files (x86)\Lenovo\Client Security Solution\tvtpwm_ie_com.dll

BHO-X64: Password Manager Browser Helper Object - No File

BHO-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

BHO-X64: Ask Toolbar BHO - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

TB-X64: WebEx Productivity Tools: {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli.dll

mRun-x64: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor

mRun-x64: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun-x64: [bareMetalRecoveryMonitor.exe] C:\Program Files (x86)\SonicWALL\BareMetalRecovery\BareMetalRecoveryMonitor.exe

mRun-x64: [AcronisTimounterMonitor] C:\Program Files (x86)\SonicWALL\BareMetalRecovery\TimounterMonitor.exe

mRun-x64: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe

mRun-x64: [systemRecoveryMonitor.exe] C:\Program Files (x86)\SonicWALL\BareMetalRecovery\SystemRecoveryMonitor.exe

mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRunOnce-x64: [GrpConv] grpconv -o

IE-X64: {638F11AA-DF27-433b-BA2E-7281CE561D71} - C:\Program Files (x86)\Xmarks\IE Extension\xmarkssync.exe

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

Hosts: 192.168.1.3 optiplex #PRE #DOM:LAB #net group's DC

Hosts: 192.168.1.36 legolis.randerson.homedns.org legolis

Hosts: 192.168.1.37 gimli.randerson.homedns.org gimli

Hosts: 192.168.0.5 pserver.pompeyclub.homedns.org pserver

Hosts: 192.168.1.90 exchange.randerson.homedns.org exchange

.

Note: multiple HOSTS entries found. Please refer to Attach.txt

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\randerson\AppData\Roaming\Mozilla\Firefox\Profiles\9qvhu8bo.default\

FF - prefs.js: browser.startup.homepage - file:///C:/Users/randerson/Documents/bookmark.htm

FF - component: C:\Program Files (x86)\Lenovo\Client Security Solution\PWM Firefox Extension\components\tvtpwm_moz_xpcom.dll

FF - component: C:\Program Files (x86)\WebEx\Productivity Tools\components\OCFF.dll

FF - component: C:\Users\randerson\AppData\Roaming\Mozilla\Firefox\Profiles\9qvhu8bo.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}\platform\WINNT_x86-msvc\components\WeaveCrypto.dll

FF - component: C:\Users\randerson\AppData\Roaming\Mozilla\Firefox\Profiles\9qvhu8bo.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc_fireftp.dll

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npatgpc.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npyaxmpb.dll

FF - plugin: C:\Users\randerson\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll

FF - plugin: C:\Users\randerson\AppData\Roaming\Mozilla\Firefox\Profiles\9qvhu8bo.default\extensions\npNELaunch@sonicwall.com\plugins\npNELaunch.dll

FF - plugin: C:\Users\randerson\AppData\Roaming\Mozilla\Firefox\Profiles\9qvhu8bo.default\extensions\nprt@sonicwall.com\plugins\nprt.dll

FF - plugin: C:\Users\randerson\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll

FF - plugin: C:\Users\randerson\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: NetExtender Launcher : npNELaunch@sonicwall.com - %profile%\extensions\npNELaunch@sonicwall.com

FF - Ext: Webmail Ad Blocker: gmailnoads@mywebber.com - %profile%\extensions\gmailnoads@mywebber.com

FF - Ext: Ad blocker: {4DC70064-89E2-4a55-8FC6-E8CDEAE3612C} - %profile%\extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3612C}

FF - Ext: ColorfulTabs: {0545b830-f0aa-4d7e-8820-50a4629a56fe} - %profile%\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}

FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}

FF - Ext: FireFTP: {a7c6cf7f-112c-4500-a7ea-39801a327e5f} - %profile%\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}

FF - Ext: Virtual Assist Launcher: nprt@sonicwall.com - %profile%\extensions\nprt@sonicwall.com

FF - Ext: Xmarks: foxmarks@kei.com - %profile%\extensions\foxmarks@kei.com

FF - Ext: Firefox Sync: {340c2bbc-ce74-4362-90b5-7c26312808ef} - %profile%\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}

FF - Ext: ThinkVantage Password Manager: {FCF36B88-1BBA-487f-B64B-D2E8980A9293} - C:\Program Files (x86)\Lenovo\Client Security Solution\PWM Firefox Extension

FF - Ext: ocplugin: ocplugin@webex.com - C:\Program Files (x86)\WebEx\Productivity Tools

.

============= SERVICES / DRIVERS ===============

.

R0 DzHDD64;DzHDD64;C:\Windows\system32\DRIVERS\DzHDD64.sys --> C:\Windows\system32\DRIVERS\DzHDD64.sys [?]

R0 TPDIGIMN;TPDIGIMN;C:\Windows\system32\DRIVERS\ApsHM64.sys --> C:\Windows\system32\DRIVERS\ApsHM64.sys [?]

R1 lenovo.smi;Lenovo System Interface Driver;C:\Windows\system32\DRIVERS\smiifx64.sys --> C:\Windows\system32\DRIVERS\smiifx64.sys [?]

R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]

R2 CLDTVHNService;CLDTVHNService;C:\Program Files (x86)\DirecTV\DirecTV\Kernel\DMP\CLDTVHNService.exe [2010-10-28 75048]

R2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [2009-9-15 403456]

R2 EkaProt6;Ekahau User Protocol Driver for NDIS 6;C:\Windows\system32\DRIVERS\ekaprot6.sys --> C:\Windows\system32\DRIVERS\ekaprot6.sys [?]

R2 HsfXAudioService;HsfXAudioService;C:\Windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992]

R2 LENOVO.CAMMUTE;Lenovo Camera Mute;C:\Program Files\Lenovo\Communications Utility\CamMute.exe [2010-11-23 50536]

R2 LENOVO.MICMUTE;Lenovo Microphone Mute;C:\Program Files\Lenovo\HOTKEY\micmute.exe [2010-11-23 45496]

R2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe [2010-11-23 74088]

R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe [2010-11-23 93032]

R2 ntk_dtv;ntk_dtv;C:\Program Files (x86)\DirecTV\DirecTV\Kernel\DMP\ntk_dtv_64.sys [2010-10-28 82416]

R2 rimspci;rimspci;C:\Windows\system32\DRIVERS\rimspe64.sys --> C:\Windows\system32\DRIVERS\rimspe64.sys [?]

R2 smihlp2;SMI Helper Driver (smihlp2);C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [2009-3-13 13840]

R2 SncSch2Svc;SonicWALL Scheduler2 Service;C:\Program Files (x86)\Common Files\SonicWALL\Schedule2\schedul2.exe [2010-7-2 606560]

R2 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2010-8-24 92008]

R2 TPHKSVC;On Screen Display;C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe [2010-11-23 63928]

R2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [2009-9-15 907264]

R3 5U877;USB Video Device;C:\Windows\system32\DRIVERS\5U877.sys --> C:\Windows\system32\DRIVERS\5U877.sys [?]

R3 bpenum;bpenum;C:\Windows\system32\DRIVERS\bpenum.sys --> C:\Windows\system32\DRIVERS\bpenum.sys [?]

R3 bpmp;bpmp;C:\Windows\system32\DRIVERS\bpmp.sys --> C:\Windows\system32\DRIVERS\bpmp.sys [?]

R3 bpusb;bpusb;C:\Windows\system32\Drivers\bpusb.sys --> C:\Windows\system32\Drivers\bpusb.sys [?]

R3 CAXHWAZL;CAXHWAZL;C:\Windows\system32\DRIVERS\CAXHWAZL.sys --> C:\Windows\system32\DRIVERS\CAXHWAZL.sys [?]

R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;C:\Windows\system32\DRIVERS\e1k62x64.sys --> C:\Windows\system32\DRIVERS\e1k62x64.sys [?]

R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]

R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]

R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]

R3 NxDrv;SonicWALL NetExtender Adapter;C:\Windows\system32\DRIVERS\NxDrv.sys --> C:\Windows\system32\DRIVERS\NxDrv.sys [?]

R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]

RUnknown 1166329drv;1166329drv; [x]

RUnknown 28962829;28962829; [x]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-31 136176]

S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-9-12 366152]

S2 sw_va_service;Virtual Assist;"C:\Users\randerson\AppData\Local\SonicWALL\VirtualAssist\VASAC.exe" -service --> C:\Users\randerson\AppData\Local\SonicWALL\VirtualAssist\VASAC.exe [?]

S3 androidusb;ADB Interface Driver;C:\Windows\system32\Drivers\androidusb.sys --> C:\Windows\system32\Drivers\androidusb.sys [?]

S3 btusbflt;Bluetooth USB Filter;C:\Windows\system32\drivers\btusbflt.sys --> C:\Windows\system32\drivers\btusbflt.sys [?]

S3 DozeSvc;Lenovo Doze Mode Service;C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2010-5-26 164200]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-31 136176]

S3 HTCAND64;HTC Device Driver;C:\Windows\system32\Drivers\ANDROIDUSB.sys --> C:\Windows\system32\Drivers\ANDROIDUSB.sys [?]

S3 MEMSWEEP2;MEMSWEEP2;\??\C:\Windows\system32\48ED.tmp --> C:\Windows\system32\48ED.tmp [?]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-12-27 31124344]

S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]

S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]

S3 NWUSBCDFIL64;Novatel Wireless Installation CD;C:\Windows\system32\DRIVERS\NwUsbCdFil64.sys --> C:\Windows\system32\DRIVERS\NwUsbCdFil64.sys [?]

S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;C:\Windows\system32\DRIVERS\nwusbser2.sys --> C:\Windows\system32\DRIVERS\nwusbser2.sys [?]

S3 Power Manager DBC Service;Power Manager DBC Service;C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe [2010-5-26 75112]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]

S3 silabenm;Silicon Labs CP210x USB to UART Bridge Serial Port Enumerator Driver;C:\Windows\system32\DRIVERS\silabenm.sys --> C:\Windows\system32\DRIVERS\silabenm.sys [?]

S3 silabser;Silicon Labs CP210x USB to UART Bridge Driver;C:\Windows\system32\DRIVERS\silabser.sys --> C:\Windows\system32\DRIVERS\silabser.sys [?]

S3 SMSIVZAM5X64;SMSIVZAM5X64 NDIS Protocol Driver;C:\PROGRA~2\VERIZO~1\VZACCE~1\SMSIVZAM5X64.SYS [2009-3-20 43032]

S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]

S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]

S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 vpcuxd;USB Virtualization Stub Service;C:\Windows\system32\drivers\vpcuxd.sys --> C:\Windows\system32\drivers\vpcuxd.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2011-09-17 11:18:19 -------- d-----w- C:\ComboFix

2011-09-16 22:00:42 8862544 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9D9EC29C-343D-460A-9EDE-02C9C4875785}\mpengine.dll

2011-09-16 21:57:33 111408 ----a-w- C:\Windows\System32\drivers\43042586.sys

2011-09-16 21:20:27 -------- d-----w- C:\ProgramData\Kaspersky Lab

2011-09-14 01:43:44 6144 ------w- C:\Windows\System32\48ED.tmp

2011-09-14 01:43:09 6144 ------w- C:\Windows\System32\C175.tmp

2011-09-14 01:35:22 -------- d-----w- C:\Users\randerson\AppData\Local\Apple

2011-09-13 18:46:09 -------- d-----w- C:\Users\randerson\AppData\Local\Adobe

2011-09-13 00:34:44 98816 ----a-w- C:\Windows\sed.exe

2011-09-13 00:34:44 518144 ----a-w- C:\Windows\SWREG.exe

2011-09-13 00:34:44 256000 ----a-w- C:\Windows\PEV.exe

2011-09-13 00:34:44 208896 ----a-w- C:\Windows\MBR.exe

2011-09-13 00:17:30 -------- d-----w- C:\Windows\pss

2011-09-13 00:05:07 -------- d-----w- C:\Users\randerson\AppData\Local\Apple Computer

2011-09-12 14:13:16 6144 ------w- C:\Windows\System32\2C2F.tmp

2011-09-12 14:12:27 6144 ------w- C:\Windows\System32\6B11.tmp

2011-09-12 14:12:10 -------- d-----w- C:\Program Files (x86)\Sophos

2011-09-12 13:47:56 -------- d-----w- C:\Users\randerson\AppData\Roaming\Malwarebytes

2011-09-12 13:47:46 -------- d-----w- C:\ProgramData\Malwarebytes

2011-09-12 13:47:42 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2011-09-12 13:38:16 388096 ----a-r- C:\Users\randerson\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-09-12 13:38:15 -------- d-----w- C:\Program Files (x86)\Trend Micro

2011-09-09 19:40:44 601424 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DC7B2E94-26AD-4C01-B1D7-1AB41656C83B}\gapaengine.dll

2011-09-05 17:04:56 183696 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll

2011-09-05 17:04:56 183696 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll

2011-08-25 13:48:28 -------- d-----w- C:\Users\randerson\AppData\Local\WebEx

2011-08-25 13:15:34 -------- d-----w- C:\Program Files (x86)\WebEx

2011-08-24 15:44:41 -------- d--h--w- C:\Users\randerson\Ekahau Site Survey

2011-08-24 15:44:00 -------- d-----w- C:\Program Files\Ekahau

2011-08-24 11:17:39 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2011-08-24 11:17:39 2048 ----a-w- C:\Windows\System32\tzres.dll

2011-08-24 11:06:44 -------- d-----w- C:\Program Files (x86)\Xmarks

2011-08-23 13:27:49 -------- d-----w- C:\Program Files\iTunes

2011-08-23 13:27:49 -------- d-----w- C:\Program Files\iPod

2011-08-23 13:27:49 -------- d-----w- C:\Program Files (x86)\iTunes

.

==================== Find3M ====================

.

2011-09-17 11:05:29 17920 ----a-w- C:\Windows\System32\rpcnetp.exe

2011-09-16 15:41:53 58288 ----a-w- C:\Windows\SysWow64\rpcnet.dll

2011-08-16 18:02:16 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2011-07-22 05:42:23 2303488 ----a-w- C:\Windows\System32\jscript9.dll

2011-07-22 05:36:16 1389056 ----a-w- C:\Windows\System32\wininet.dll

2011-07-22 05:32:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2011-07-22 02:54:43 1797632 ----a-w- C:\Windows\SysWow64\jscript9.dll

2011-07-22 02:48:26 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll

2011-07-22 02:44:36 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2011-07-16 05:41:50 362496 ----a-w- C:\Windows\System32\wow64win.dll

2011-07-16 05:41:49 243200 ----a-w- C:\Windows\System32\wow64.dll

2011-07-16 05:41:49 13312 ----a-w- C:\Windows\System32\wow64cpu.dll

2011-07-16 05:39:10 16384 ----a-w- C:\Windows\System32\ntvdm64.dll

2011-07-16 05:37:12 421888 ----a-w- C:\Windows\System32\KernelBase.dll

2011-07-16 04:29:19 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2011-07-16 04:26:00 44032 ----a-w- C:\Windows\apppatch\acwow64.dll

2011-07-16 04:25:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2011-07-16 04:24:23 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2011-07-16 04:24:22 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll

2011-07-16 02:21:44 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2011-07-16 02:21:41 2048 ----a-w- C:\Windows\SysWow64\user.exe

2011-07-16 02:17:19 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

2011-07-16 02:17:19 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

2011-07-16 02:17:19 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

2011-07-16 02:17:19 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

2011-07-12 15:34:00 96104 ----a-w- C:\Windows\System32\dns-sd.exe

2011-07-12 15:34:00 85864 ----a-w- C:\Windows\System32\dnssd.dll

2011-07-12 15:34:00 61288 ----a-w- C:\Windows\System32\jdns_sd.dll

2011-07-12 15:34:00 212840 ----a-w- C:\Windows\System32\dnssdX.dll

2011-07-12 15:20:54 83816 ----a-w- C:\Windows\SysWow64\dns-sd.exe

2011-07-12 15:20:54 73064 ----a-w- C:\Windows\SysWow64\dnssd.dll

2011-07-12 15:20:54 50536 ----a-w- C:\Windows\SysWow64\jdns_sd.dll

2011-07-12 15:20:54 178536 ----a-w- C:\Windows\SysWow64\dnssdX.dll

2011-07-09 02:46:28 288768 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys

2011-07-05 22:37:00 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx

2011-07-05 22:37:00 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts

2011-06-24 05:34:53 214528 ----a-w- C:\Windows\System32\winsrv.dll

2011-06-24 05:25:49 338432 ----a-w- C:\Windows\System32\conhost.exe

2011-06-23 05:43:12 5561216 ----a-w- C:\Windows\System32\ntoskrnl.exe

2011-06-23 04:33:57 3967872 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2011-06-23 04:33:57 3912576 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2011-06-21 06:34:00 1923968 ----a-w- C:\Windows\System32\drivers\tcpip.sys

.

============= FINISH: 13:24:22.77 ===============

Link to post
Share on other sites

  • Staff

Hi,

I see the Ask Toolbar in your log.

I strongly recommend you remove Ask Toolbar from your computer because:

  • It promotes its toolbars on sites targeted at kids.
  • It promotes its toolbars through ads that appear to be part of other companies' sites.
  • It promotes its toolbars through other companies' spyware.
  • It is Installed without any disclosure whatsoever and without any consent from the user whatsoever.
  • It Solicits installations via "deceptive door openers" that do not accurately describe the offer; failing to affirmatively show a license agreement; linking to a EULA via an off-screen link.
  • It makes confusing changes to user's browsers -- increasing Ask's revenues while taking users to pages they didn't intend to visit.

You can read more about Ask.com here

To remove it:

Click Start-->Control Panel-->Programs and Features

Click on the program name AskBarDis and/or Ask Toolbar to highlight it

From the menu at the top, select Uninstall or Remove.

Please reboot the computer.

Please delete your copy of ComboFix, download the latest version from here, and save it to your Desktop. Do not run it yet.

Next, please open Notepad - don't use any other text editor than notepad or the script will fail.

Copy/paste the text in the box below into Notepad:

Driver::
VGPU
MEMSWEEP2
KILLALL::

Save this as CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

CFScriptB-4.gif

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new DDS log.

-screen317

Link to post
Share on other sites

ComboFix 11-09-21.04 - randerson 09/21/2011 18:20:49.4.4 - x64

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3956.2336 [GMT -4:00]

Running from: c:\users\randerson\Desktop\ComboFix.exe

Command switches used :: c:\users\randerson\Desktop\CFScript.txt

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_MEMSWEEP2

-------\Service_VGPU

.

.

((((((((((((((((((((((((( Files Created from 2011-08-21 to 2011-09-21 )))))))))))))))))))))))))))))))

.

.

2011-09-21 22:52 . 2011-09-21 22:52 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp

2011-09-21 22:52 . 2011-09-21 22:52 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-09-21 22:52 . 2011-09-21 22:52 -------- d-----w- c:\users\Classic .NET AppPool\AppData\Local\temp

2011-09-21 22:52 . 2011-09-21 22:52 -------- d-----w- c:\users\Administrator\AppData\Local\temp

2011-09-19 12:27 . 2011-08-12 04:10 8862544 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5175DA13-9FFD-4164-A7B5-51A69FF88279}\mpengine.dll

2011-09-16 21:57 . 2011-09-16 21:57 111408 ----a-w- c:\windows\system32\drivers\43042586.sys

2011-09-16 21:20 . 2011-09-16 21:20 -------- d-----w- c:\programdata\Kaspersky Lab

2011-09-14 01:43 . 2011-05-12 18:03 6144 ------w- c:\windows\system32\48ED.tmp

2011-09-14 01:43 . 2011-05-12 18:03 6144 ------w- c:\windows\system32\C175.tmp

2011-09-14 01:35 . 2011-09-14 01:35 -------- d-----w- c:\users\randerson\AppData\Local\Apple

2011-09-13 18:46 . 2011-09-13 18:46 -------- d-----w- c:\users\randerson\AppData\Local\Adobe

2011-09-13 00:05 . 2011-09-19 22:39 -------- d-----w- c:\users\randerson\AppData\Local\Apple Computer

2011-09-12 14:13 . 2011-05-12 18:03 6144 ------w- c:\windows\system32\2C2F.tmp

2011-09-12 14:12 . 2011-05-12 18:03 6144 ------w- c:\windows\system32\6B11.tmp

2011-09-12 14:12 . 2011-09-12 14:12 -------- d-----w- c:\program files (x86)\Sophos

2011-09-12 13:47 . 2011-09-12 13:47 -------- d-----w- c:\users\randerson\AppData\Roaming\Malwarebytes

2011-09-12 13:47 . 2011-09-12 13:47 -------- d-----w- c:\programdata\Malwarebytes

2011-09-12 13:47 . 2011-09-14 19:33 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2011-09-12 13:38 . 2011-09-12 13:38 388096 ----a-r- c:\users\randerson\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-09-12 13:38 . 2011-09-12 13:38 -------- d-----w- c:\program files (x86)\Trend Micro

2011-09-09 19:40 . 2011-04-18 18:35 601424 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DC7B2E94-26AD-4C01-B1D7-1AB41656C83B}\gapaengine.dll

2011-09-05 17:04 . 2011-09-05 17:04 183696 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll

2011-09-05 17:04 . 2011-09-05 17:04 183696 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll

2011-08-25 13:48 . 2011-09-09 19:32 -------- d-----w- c:\users\randerson\AppData\Local\WebEx

2011-08-25 13:15 . 2011-09-09 19:19 -------- d-----w- c:\program files (x86)\WebEx

2011-08-24 15:44 . 2011-08-24 15:48 -------- d--h--w- c:\users\randerson\Ekahau Site Survey

2011-08-24 15:44 . 2011-09-09 19:19 -------- d-----w- c:\program files\Ekahau

2011-08-24 11:17 . 2011-07-09 05:26 2048 ----a-w- c:\windows\system32\tzres.dll

2011-08-24 11:17 . 2011-07-09 04:29 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2011-08-24 11:06 . 2011-09-09 19:19 -------- d-----w- c:\program files (x86)\Xmarks

2011-08-23 13:27 . 2011-09-09 19:31 -------- d-----w- c:\program files\iTunes

2011-08-23 13:27 . 2011-09-09 19:31 -------- d-----w- c:\program files\iPod

2011-08-23 13:27 . 2011-09-09 19:31 -------- d-----w- c:\program files (x86)\iTunes

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-09-21 22:55 . 2010-05-26 15:15 17920 ----a-w- c:\windows\system32\rpcnetp.exe

2011-09-21 22:55 . 2010-05-26 13:41 58288 ----a-w- c:\windows\SysWow64\rpcnet.dll

2011-08-16 18:02 . 2011-05-24 15:05 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-08-12 04:10 . 2011-04-20 12:39 8862544 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2011-07-22 05:42 . 2011-08-12 09:36 2303488 ----a-w- c:\windows\system32\jscript9.dll

2011-07-22 05:36 . 2011-08-12 09:35 1389056 ----a-w- c:\windows\system32\wininet.dll

2011-07-22 05:32 . 2011-08-12 09:36 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2011-07-22 02:54 . 2011-08-12 09:36 1797632 ----a-w- c:\windows\SysWow64\jscript9.dll

2011-07-22 02:48 . 2011-08-12 09:35 1126912 ----a-w- c:\windows\SysWow64\wininet.dll

2011-07-22 02:44 . 2011-08-12 09:36 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb

2011-07-16 05:41 . 2011-08-11 11:11 362496 ----a-w- c:\windows\system32\wow64win.dll

2011-07-16 05:41 . 2011-08-11 11:11 243200 ----a-w- c:\windows\system32\wow64.dll

2011-07-16 05:41 . 2011-08-11 11:11 13312 ----a-w- c:\windows\system32\wow64cpu.dll

2011-07-16 05:39 . 2011-08-11 11:11 16384 ----a-w- c:\windows\system32\ntvdm64.dll

2011-07-16 05:37 . 2011-08-11 11:11 421888 ----a-w- c:\windows\system32\KernelBase.dll

2011-07-16 05:21 . 2011-08-11 11:11 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 11:11 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 11:11 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 11:11 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 11:11 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 11:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 11:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 11:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 11:11 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 11:11 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 11:11 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 11:11 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 11:11 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 11:11 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 11:11 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 11:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 11:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 11:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 11:11 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 11:11 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 11:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 11:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 11:11 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 11:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 11:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 11:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 11:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 11:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll

2011-07-16 04:29 . 2011-08-11 11:11 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll

2011-07-16 04:26 . 2011-08-11 11:11 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2011-07-16 04:25 . 2011-08-11 11:11 25600 ----a-w- c:\windows\SysWow64\setup16.exe

2011-07-16 04:24 . 2011-08-11 11:11 5120 ----a-w- c:\windows\SysWow64\wow32.dll

2011-07-16 04:24 . 2011-08-11 11:11 272384 ----a-w- c:\windows\SysWow64\KernelBase.dll

2011-07-16 04:15 . 2011-08-11 11:11 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll

2011-07-16 04:15 . 2011-08-11 11:11 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll

2011-07-16 04:15 . 2011-08-11 11:11 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll

2011-07-16 04:15 . 2011-08-11 11:11 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll

2011-07-16 04:15 . 2011-08-11 11:11 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll

2011-07-16 04:15 . 2011-08-11 11:11 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll

2011-07-16 04:15 . 2011-08-11 11:11 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll

2011-07-16 04:15 . 2011-08-11 11:11 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll

2011-07-16 04:15 . 2011-08-11 11:11 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll

2011-07-16 04:15 . 2011-08-11 11:11 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll

2011-07-16 04:15 . 2011-08-11 11:11 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll

2011-07-16 04:15 . 2011-08-11 11:11 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll

2011-07-16 04:15 . 2011-08-11 11:11 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll

2011-07-16 04:15 . 2011-08-11 11:11 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll

2011-07-16 04:15 . 2011-08-11 11:11 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll

2011-07-16 04:15 . 2011-08-11 11:11 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll

2011-07-16 04:15 . 2011-08-11 11:11 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll

2011-07-16 04:15 . 2011-08-11 11:11 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll

2011-07-16 04:15 . 2011-08-11 11:11 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll

2011-07-16 04:15 . 2011-08-11 11:11 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll

2011-07-16 04:15 . 2011-08-11 11:11 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll

2011-07-16 04:15 . 2011-08-11 11:11 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll

2011-07-16 04:15 . 2011-08-11 11:11 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll

2011-07-16 04:15 . 2011-08-11 11:11 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll

2011-07-16 02:21 . 2011-08-11 11:11 7680 ----a-w- c:\windows\SysWow64\instnm.exe

2011-07-16 02:21 . 2011-08-11 11:11 2048 ----a-w- c:\windows\SysWow64\user.exe

2011-07-16 02:17 . 2011-08-11 11:11 6144 ---ha-w- c:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

2011-07-16 02:17 . 2011-08-11 11:11 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

2011-07-16 02:17 . 2011-08-11 11:11 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

2011-07-16 02:17 . 2011-08-11 11:11 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

2011-07-13 04:53 . 2011-08-01 21:30 8578896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll

2011-07-12 15:34 . 2011-07-12 15:34 96104 ----a-w- c:\windows\system32\dns-sd.exe

2011-07-12 15:34 . 2011-07-12 15:34 85864 ----a-w- c:\windows\system32\dnssd.dll

2011-07-12 15:34 . 2011-07-12 15:34 61288 ----a-w- c:\windows\system32\jdns_sd.dll

2011-07-12 15:34 . 2011-07-12 15:34 212840 ----a-w- c:\windows\system32\dnssdX.dll

2011-07-12 15:20 . 2011-07-12 15:20 83816 ----a-w- c:\windows\SysWow64\dns-sd.exe

2011-07-12 15:20 . 2011-07-12 15:20 73064 ----a-w- c:\windows\SysWow64\dnssd.dll

2011-07-12 15:20 . 2011-07-12 15:20 50536 ----a-w- c:\windows\SysWow64\jdns_sd.dll

2011-07-12 15:20 . 2011-07-12 15:20 178536 ----a-w- c:\windows\SysWow64\dnssdX.dll

2011-07-09 02:46 . 2011-08-11 11:11 288768 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2011-07-05 22:37 . 2011-07-05 22:37 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx

2011-07-05 22:37 . 2011-07-05 22:37 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts

2011-06-24 05:34 . 2011-08-11 11:11 214528 ----a-w- c:\windows\system32\winsrv.dll

2011-06-24 05:25 . 2011-08-11 11:11 338432 ----a-w- c:\windows\system32\conhost.exe

.

.

((((((((((((((((((((((((((((( SnapShot@2011-09-13_01.22.21 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-07-14 05:10 . 2011-09-21 22:58 36190 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

- 2009-07-14 05:10 . 2011-09-13 01:22 36190 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2010-05-26 12:47 . 2011-09-21 22:58 11076 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2929948100-151609578-3226734464-1000_UserData.bin

- 2010-05-26 15:19 . 2011-09-13 01:19 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2010-05-26 15:19 . 2011-09-21 22:55 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2010-05-26 15:19 . 2011-09-21 22:55 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2010-05-26 15:19 . 2011-09-13 01:19 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2011-09-13 01:19 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:54 . 2011-09-21 22:55 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2010-05-26 22:10 . 2011-09-18 16:48 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2010-05-26 22:10 . 2011-06-22 14:21 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2011-06-06 16:55 . 2011-06-06 16:55 73624 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\wow_helper.exe

+ 2011-06-06 16:55 . 2011-06-06 16:55 17304 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\ViewerPS.dll

+ 2011-06-06 16:55 . 2011-06-06 16:55 35736 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\reader_sl.exe

+ 2011-06-06 16:55 . 2011-06-06 16:55 88992 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\PDFPrevHndlr.dll

+ 2011-06-06 16:55 . 2011-06-06 16:55 94608 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\eula.exe

+ 2011-06-06 16:55 . 2011-06-06 16:55 49064 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acrotextextractor.exe

+ 2011-06-06 16:55 . 2011-06-06 16:55 17824 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32Info.exe

+ 2011-06-06 16:55 . 2011-06-06 16:55 63912 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acroiehelpershim.dll

+ 2011-06-06 16:55 . 2011-06-06 16:55 64928 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroIEHelper.dll

+ 2011-06-06 16:55 . 2011-06-06 16:55 63384 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\Acrofx32.dll

- 2011-09-13 01:19 . 2011-09-13 01:19 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2011-09-21 22:55 . 2011-09-21 22:55 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2011-09-21 22:55 . 2011-09-21 22:55 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2011-09-13 01:19 . 2011-09-13 01:19 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2010-05-27 07:55 . 2011-09-21 22:04 368920 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin

- 2009-07-14 02:36 . 2011-09-13 00:23 725326 c:\windows\system32\perfh009.dat

+ 2009-07-14 02:36 . 2011-09-21 22:08 725326 c:\windows\system32\perfh009.dat

- 2009-07-14 02:36 . 2011-09-13 00:23 143512 c:\windows\system32\perfc009.dat

+ 2009-07-14 02:36 . 2011-09-21 22:08 143512 c:\windows\system32\perfc009.dat

+ 2011-06-06 16:55 . 2011-06-06 16:55 249232 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\sqlite.dll

+ 2011-06-06 16:55 . 2011-06-06 16:55 394136 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\pdfshell.dll

+ 2011-06-06 16:55 . 2011-06-06 16:55 183696 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\nppdf32.dll

+ 2011-06-06 16:55 . 2011-06-06 16:55 104344 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AiodLite.dll

+ 2011-06-06 16:55 . 2011-06-06 16:55 102808 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRdIF.dll

+ 2011-06-06 16:55 . 2011-06-06 16:55 755088 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroPDF.dll

+ 2011-06-06 16:55 . 2011-06-06 16:55 296344 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acrobroker.exe

+ 2011-06-06 16:55 . 2011-06-06 16:55 205720 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\a3dutils.dll

- 2010-05-26 13:35 . 2011-09-13 01:18 5426928 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

+ 2010-05-26 13:35 . 2011-09-21 22:54 5426928 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

+ 2011-09-09 19:59 . 2011-09-09 19:59 5423104 c:\windows\Installer\ec9d289.msi

+ 2011-06-06 16:55 . 2011-06-06 16:55 2215312 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\rt3d.dll

+ 2011-06-06 16:55 . 2011-06-06 16:55 6543768 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\authplay.dll

+ 2011-06-06 16:55 . 2011-06-06 16:55 1240992 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AdobeCollabSync.exe

+ 2011-06-06 16:55 . 2011-06-06 16:55 1480600 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32.exe

+ 2011-09-05 22:01 . 2011-09-05 22:01 13135872 c:\windows\Installer\11dba583.msp

+ 2011-06-06 16:55 . 2011-06-06 16:55 24731544 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

"ISUSPM"="c:\programdata\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2007-07-12 226904]

"Xmarks"="c:\program files (x86)\Xmarks\IE Extension\xmarkssync.exe" [2011-08-19 1121832]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2010-05-12 1128296]

"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

"BareMetalRecoveryMonitor.exe"="c:\program files (x86)\SonicWALL\BareMetalRecovery\BareMetalRecoveryMonitor.exe" [2010-07-02 1275432]

"AcronisTimounterMonitor"="c:\program files (x86)\SonicWALL\BareMetalRecovery\TimounterMonitor.exe" [2010-07-02 884288]

"RotateImage"="c:\program files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe" [2008-10-30 55808]

"SystemRecoveryMonitor.exe"="c:\program files (x86)\SonicWALL\BareMetalRecovery\SystemRecoveryMonitor.exe" [2011-03-01 1275392]

"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-08-19 421736]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Digital Line Detect.lnk - c:\program files (x86)\Digital Line Detect\DLG.exe [2010-11-3 50688]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

"DisableCAD"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages REG_MULTI_SZ scecli c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rpcnet]

@="Service"

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-18 136176]

R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]

R2 sw_va_service;Virtual Assist;c:\users\randerson\AppData\Local\SonicWALL\VirtualAssist\VASAC.exe [x]

R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys [x]

R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]

R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]

R3 DozeSvc;Lenovo Doze Mode Service;c:\program files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2010-05-12 164200]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-18 136176]

R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-12-28 31124344]

R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]

R3 NWUSBCDFIL64;Novatel Wireless Installation CD;c:\windows\system32\DRIVERS\NwUsbCdFil64.sys [x]

R3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\DRIVERS\nwusbser2.sys [x]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2010-05-12 75112]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]

R3 silabenm;Silicon Labs CP210x USB to UART Bridge Serial Port Enumerator Driver;c:\windows\system32\DRIVERS\silabenm.sys [x]

R3 silabser;Silicon Labs CP210x USB to UART Bridge Driver;c:\windows\system32\DRIVERS\silabser.sys [x]

R3 SMSIVZAM5X64;SMSIVZAM5X64 NDIS Protocol Driver;c:\progra~2\VERIZO~1\VZACCE~1\SMSIVZAM5X64.SYS [2009-03-20 43032]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

R3 vpcuxd;USB Virtualization Stub Service;c:\windows\system32\drivers\vpcuxd.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S0 DzHDD64;DzHDD64;c:\windows\System32\DRIVERS\DzHDD64.sys [x]

S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys [x]

S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]

S2 CLDTVHNService;CLDTVHNService;c:\program files (x86)\DirecTV\DirecTV\Kernel\DMP\CLDTVHNService.exe [2010-10-29 75048]

S2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [2009-09-16 403456]

S2 EkaProt6;Ekahau User Protocol Driver for NDIS 6;c:\windows\system32\DRIVERS\ekaprot6.sys [x]

S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136]

S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [2010-07-27 50536]

S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2010-04-07 45496]

S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [2010-07-27 74088]

S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2010-04-07 93032]

S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]

S2 ntk_dtv;ntk_dtv;c:\program files (x86)\DirecTV\DirecTV\Kernel\DMP\ntk_dtv_64.sys [2010-10-29 82416]

S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys [x]

S2 smihlp2;SMI Helper Driver (smihlp2);c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [2009-03-13 13840]

S2 SncSch2Svc;SonicWALL Scheduler2 Service;c:\program files (x86)\Common Files\SonicWALL\Schedule2\schedul2.exe [2010-07-02 606560]

S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2010-08-24 92008]

S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2010-04-07 63928]

S2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [2009-09-16 907264]

S3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys [x]

S3 bpenum;bpenum;c:\windows\system32\DRIVERS\bpenum.sys [x]

S3 bpmp;bpmp;c:\windows\system32\DRIVERS\bpmp.sys [x]

S3 bpusb;bpusb;c:\windows\system32\Drivers\bpusb.sys [x]

S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [x]

S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [x]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]

S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]

S3 NxDrv;SonicWALL NetExtender Adapter;c:\windows\system32\DRIVERS\NxDrv.sys [x]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

iissvcs REG_MULTI_SZ w3svc was

apphost REG_MULTI_SZ apphostsvc

.

Contents of the 'Scheduled Tasks' folder

.

2011-09-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-01 18:29]

.

2011-09-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-01 18:29]

.

2011-09-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2929948100-151609578-3226734464-1000Core.job

- c:\users\randerson\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-28 01:18]

.

2011-09-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2929948100-151609578-3226734464-1000UA.job

- c:\users\randerson\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-28 01:18]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TpShocks"="TpShocks.exe" [2011-01-14 380776]

"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-16 307768]

"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]

"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2010-07-27 62312]

"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2010-07-27 69560]

"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2010-12-13 5989688]

"SonicWALL Scheduler2 Service"="c:\program files (x86)\Common Files\SonicWALL\Schedule2\schedhlp.exe" [2010-07-02 136544]

"PSQLLauncher"="c:\program files\ThinkVantage Fingerprint Software\launcher.exe" [2010-12-08 85328]

"SonicWALLNetExtender"="c:\program files (x86)\SonicWALL\SSL-VPN\NetExtender\NEGui.exe" [2011-07-29 1103744]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]

"combofix"="c:\combofix\CF14317.3XE" [2010-11-20 345088]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = file:///C:/Users/randerson/Documents/bookmark.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105

Trusted Zone: //about.htm/

Trusted Zone: //Exclude.htm/

Trusted Zone: //LanguageSelection.htm/

Trusted Zone: //Message.htm/

Trusted Zone: //MyAgttryCmd.htm/

Trusted Zone: //MyAgttryNag.htm/

Trusted Zone: //MyNotification.htm/

Trusted Zone: //NOCLessUpdate.htm/

Trusted Zone: //quarantine.htm/

Trusted Zone: //ScanNow.htm/

Trusted Zone: //strings.vbs/

Trusted Zone: //Template.htm/

Trusted Zone: //Update.htm/

Trusted Zone: //VirFound.htm/

Trusted Zone: mcafee.com\*

Trusted Zone: mcafeeasap.com\betavscan

Trusted Zone: mcafeeasap.com\vs

Trusted Zone: mcafeeasap.com\www

TCP: DhcpNameServer = 10.50.128.53 192.168.1.3 192.168.1.90

DPF: {AD545DE1-CA51-4DB3-BFE9-FA898626B926} - hxxps://sravm.randerson.homedns.org/VAX.cab

DPF: {CB7FBF9A-F0FE-4DF2-AFDD-4EA305116E3B} - hxxp://software.sonicwall.com/applications/SEC/Beta/ClientSoftware/SWECMControlX.cab

FF - ProfilePath - c:\users\randerson\AppData\Roaming\Mozilla\Firefox\Profiles\9qvhu8bo.default\

FF - prefs.js: browser.startup.homepage - file:///C:/Users/randerson/Documents/bookmark.htm

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: NetExtender Launcher : npNELaunch@sonicwall.com - %profile%\extensions\npNELaunch@sonicwall.com

FF - Ext: Webmail Ad Blocker: gmailnoads@mywebber.com - %profile%\extensions\gmailnoads@mywebber.com

FF - Ext: Ad blocker: {4DC70064-89E2-4a55-8FC6-E8CDEAE3612C} - %profile%\extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3612C}

FF - Ext: ColorfulTabs: {0545b830-f0aa-4d7e-8820-50a4629a56fe} - %profile%\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}

FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}

FF - Ext: FireFTP: {a7c6cf7f-112c-4500-a7ea-39801a327e5f} - %profile%\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}

FF - Ext: Virtual Assist Launcher: nprt@sonicwall.com - %profile%\extensions\nprt@sonicwall.com

FF - Ext: Xmarks: foxmarks@kei.com - %profile%\extensions\foxmarks@kei.com

FF - Ext: Firefox Sync: {340c2bbc-ce74-4362-90b5-7c26312808ef} - %profile%\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}

FF - Ext: ThinkVantage Password Manager: {FCF36B88-1BBA-487f-B64B-D2E8980A9293} - c:\program files (x86)\Lenovo\Client Security Solution\PWM Firefox Extension

FF - Ext: ocplugin: ocplugin@webex.com - c:\program files (x86)\WebEx\Productivity Tools

.

- - - - ORPHANS REMOVED - - - -

.

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-2929948100-151609578-3226734464-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\H*o*m*e* *P*l*a*n*s* \Maybe]

"Order"=hex:08,00,00,00,02,00,00,00,a2,06,00,00,01,00,00,00,07,00,00,00,f8,00,

00,00,00,00,00,00,ea,00,32,00,84,00,00,00,00,e2,39,7f,20,00,4c,41,52,47,45,\

.

[HKEY_USERS\S-1-5-21-2929948100-151609578-3226734464-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\H*o*m*e* *P*l*a*n*s* \SIP]

"Order"=hex:08,00,00,00,02,00,00,00,d4,00,00,00,01,00,00,00,01,00,00,00,c8,00,

00,00,00,00,00,00,ba,00,32,00,84,00,00,00,00,fb,c5,d3,20,00,50,4c,41,4e,57,\

.

[HKEY_USERS\S-1-5-21-2929948100-151609578-3226734464-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\H*o*m*e* *T*h*e*a*t*e*r* \Wireless Headset]

"Order"=hex:08,00,00,00,02,00,00,00,82,03,00,00,01,00,00,00,04,00,00,00,f8,00,

00,00,03,00,00,00,ea,00,32,00,84,00,00,00,00,3a,11,46,20,00,41,4d,41,5a,4f,\

.

[HKEY_USERS\S-1-5-21-2929948100-151609578-3226734464-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\L*a*b* *M*a*n*a*g*e*m*e*n*t* \SSL-VPN]

"Order"=hex:08,00,00,00,02,00,00,00,c2,05,00,00,01,00,00,00,0a,00,00,00,a2,00,

00,00,00,00,00,00,94,00,32,00,84,00,00,00,00,64,8b,e9,20,00,41,56,45,4e,54,\

.

[HKEY_USERS\S-1-5-21-2929948100-151609578-3226734464-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\P*e*r*s*o*n*a*l* \Finance]

"Order"=hex:08,00,00,00,02,00,00,00,02,0c,00,00,01,00,00,00,15,00,00,00,92,00,

00,00,00,00,00,00,84,00,32,00,84,00,00,00,00,84,63,a4,20,00,41,44,50,49,50,\

.

[HKEY_USERS\S-1-5-21-2929948100-151609578-3226734464-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\P*e*r*s*o*n*a*l* \Healthcare]

"Order"=hex:08,00,00,00,02,00,00,00,0e,02,00,00,01,00,00,00,04,00,00,00,7c,00,

00,00,00,00,00,00,6e,00,32,00,84,00,00,00,00,5d,db,75,20,00,45,42,53,2d,41,\

.

[HKEY_USERS\S-1-5-21-2929948100-151609578-3226734464-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\P*e*r*s*o*n*a*l* \Lexus]

"Order"=hex:08,00,00,00,02,00,00,00,ec,08,00,00,01,00,00,00,0d,00,00,00,7a,00,

00,00,00,00,00,00,6c,00,32,00,84,00,00,00,00,5a,29,73,20,00,42,55,52,44,49,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\progra~1\Lenovo\HOTKEY\tpnumlk.exe

c:\program files (x86)\Bonjour\mDNSResponder.exe

c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

c:\windows\SysWOW64\rpcnet.exe

c:\program files (x86)\Lenovo\Client Security Solution\tvttcsd.exe

c:\progra~1\LENOVO\VIRTSCRL\virtscrl.exe

c:\progra~1\Lenovo\HOTKEY\tpnumlkd.exe

c:\program files\Lenovo\HOTKEY\TPONSCR.exe

c:\program files\Lenovo\Zoom\TpScrex.exe

c:\windows\SysWOW64\rundll32.exe

c:\program files (x86)\Lenovo\System Update\SUService.exe

.

**************************************************************************

.

Completion time: 2011-09-21 19:17:17 - machine was rebooted

ComboFix-quarantined-files.txt 2011-09-21 23:17

ComboFix2.txt 2011-09-13 01:43

.

Pre-Run: 376,155,807,744 bytes free

Post-Run: 375,536,746,496 bytes free

.

- - End Of File - - 55A91D7013426E370FAF298FC1402AF0

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421

Run by randerson at 19:18:01 on 2011-09-21

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3956.2560 [GMT -4:00]

.

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\ibmpmsvc.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe

C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Windows\system32\svchost.exe -k apphost

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\PROGRA~1\Lenovo\HOTKEY\tpnumlk.exe

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

C:\Program Files (x86)\DirecTV\DirecTV\Kernel\DMP\CLDTVHNService.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Windows\system32\svchost.exe -k HsfXAudioService

C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe

C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe

C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe

C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

C:\Windows\SysWOW64\rpcnet.exe

C:\Program Files (x86)\Common Files\SonicWALL\Schedule2\schedul2.exe

C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEService64.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe

C:\Program Files (x86)\Lenovo\Client Security Solution\tvttcsd.exe

C:\Windows\system32\svchost.exe -k iissvcs

C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe

C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe

C:\Program Files\Intel\WiFi\bin\EvtEng.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\WUDFHost.exe

C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe

C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\conhost.exe

C:\ComboFix\CF14317.3XE

C:\Windows\System32\TpShocks.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe

C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe

C:\Program Files\Lenovo\Client Security Solution\cssauth.exe

C:\Program Files (x86)\Common Files\SonicWALL\Schedule2\schedhlp.exe

C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEGui.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe

C:\Program Files (x86)\Xmarks\IE Extension\xmarkssync.exe

C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe

C:\Program Files\Lenovo\Zoom\TpScrex.exe

C:\Program Files (x86)\Digital Line Detect\DLG.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Windows\system32\rundll32.exe

C:\Program Files (x86)\SonicWALL\BareMetalRecovery\BareMetalRecoveryMonitor.exe

C:\Program Files (x86)\SonicWALL\BareMetalRecovery\TimounterMonitor.exe

C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\Lenovo\System Update\SUService.exe

C:\Windows\system32\notepad.exe

C:\Windows\SysWow64\icacls.exe

C:\Windows\system32\REGSVR32.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = file:///C:/Users/randerson/Documents/bookmark.htm

uInternet Settings,ProxyOverride = *.local

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

BHO: WebEx Productivity Tools: {90e2ba2e-dd1b-4cde-9134-7a8b86d33ca7} - C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

BHO: IePasswordManagerHelper Class: {bf468356-bb7e-42d7-9f15-4f3b9bcfced2} - C:\Program Files (x86)\Lenovo\Client Security Solution\tvtpwm_ie_com.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: WebEx Productivity Tools: {90e2ba2e-dd1b-4cde-9134-7a8b86d33ca7} - C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli.dll

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [iSUSPM] "C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler

uRun: [Xmarks] C:\Program Files (x86)\Xmarks\IE Extension\xmarkssync.exe -q

mRun: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor

mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun: [bareMetalRecoveryMonitor.exe] C:\Program Files (x86)\SonicWALL\BareMetalRecovery\BareMetalRecoveryMonitor.exe

mRun: [AcronisTimounterMonitor] C:\Program Files (x86)\SonicWALL\BareMetalRecovery\TimounterMonitor.exe

mRun: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe

mRun: [systemRecoveryMonitor.exe] C:\Program Files (x86)\SonicWALL\BareMetalRecovery\SystemRecoveryMonitor.exe

mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\DIGITA~1.LNK - C:\Program Files (x86)\Digital Line Detect\DLG.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

mPolicies-system: DisableCAD = 1 (0x1)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

IE: {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files (x86)\Lenovo\Client Security Solution\tvtpwm_ie_com.dll

Trusted Zone: //about.htm/

Trusted Zone: //Exclude.htm/

Trusted Zone: //LanguageSelection.htm/

Trusted Zone: //Message.htm/

Trusted Zone: //MyAgttryCmd.htm/

Trusted Zone: //MyAgttryNag.htm/

Trusted Zone: //MyNotification.htm/

Trusted Zone: //NOCLessUpdate.htm/

Trusted Zone: //quarantine.htm/

Trusted Zone: //ScanNow.htm/

Trusted Zone: //strings.vbs/

Trusted Zone: //Template.htm/

Trusted Zone: //Update.htm/

Trusted Zone: //VirFound.htm/

Trusted Zone: mcafee.com\*

Trusted Zone: mcafeeasap.com\betavscan

Trusted Zone: mcafeeasap.com\vs

Trusted Zone: mcafeeasap.com\www

DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll

DPF: {AD545DE1-CA51-4DB3-BFE9-FA898626B926} - hxxps://sravm.randerson.homedns.org/VAX.cab

DPF: {CB7FBF9A-F0FE-4DF2-AFDD-4EA305116E3B} - hxxp://software.sonicwall.com/applications/SEC/Beta/ClientSoftware/SWECMControlX.cab

TCP: DhcpNameServer = 10.50.128.53 192.168.1.3 192.168.1.90

TCP: Interfaces\{BA3D01B2-E515-4FA7-BB7C-0F54EE1195DA} : DhcpNameServer = 192.168.1.3 192.168.1.90

TCP: Interfaces\{E5340D64-A4FF-4FB5-88DA-665E8D9CC62D} : DhcpNameServer = 10.50.128.53 192.168.1.3 192.168.1.90

TCP: Interfaces\{E5340D64-A4FF-4FB5-88DA-665E8D9CC62D}\A79707865627 : DhcpNameServer = 192.168.1.3 10.50.129.148 4.2.2.4

TCP: Interfaces\{E5340D64-A4FF-4FB5-88DA-665E8D9CC62D}\A7970786562723 : DhcpNameServer = 192.168.1.3 192.168.1.90

TCP: Interfaces\{E5340D64-A4FF-4FB5-88DA-665E8D9CC62D}\A7970786562736 : DhcpNameServer = 192.168.1.3 192.168.1.90

TCP: Interfaces\{E5340D64-A4FF-4FB5-88DA-665E8D9CC62D}\A79707865627D27657563747 : DhcpNameServer = 192.168.1.3 192.168.1.90

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

LSA: Notification Packages = scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

BHO-X64: WebEx Productivity Tools: {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli.dll

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: IePasswordManagerHelper Class: {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files (x86)\Lenovo\Client Security Solution\tvtpwm_ie_com.dll

BHO-X64: Password Manager Browser Helper Object - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: WebEx Productivity Tools: {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli.dll

TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

mRun-x64: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor

mRun-x64: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun-x64: [bareMetalRecoveryMonitor.exe] C:\Program Files (x86)\SonicWALL\BareMetalRecovery\BareMetalRecoveryMonitor.exe

mRun-x64: [AcronisTimounterMonitor] C:\Program Files (x86)\SonicWALL\BareMetalRecovery\TimounterMonitor.exe

mRun-x64: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe

mRun-x64: [systemRecoveryMonitor.exe] C:\Program Files (x86)\SonicWALL\BareMetalRecovery\SystemRecoveryMonitor.exe

mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

IE-X64: {638F11AA-DF27-433b-BA2E-7281CE561D71} - C:\Program Files (x86)\Xmarks\IE Extension\xmarkssync.exe

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\randerson\AppData\Roaming\Mozilla\Firefox\Profiles\9qvhu8bo.default\

FF - prefs.js: browser.startup.homepage - file:///C:/Users/randerson/Documents/bookmark.htm

FF - component: C:\Program Files (x86)\Lenovo\Client Security Solution\PWM Firefox Extension\components\tvtpwm_moz_xpcom.dll

FF - component: C:\Program Files (x86)\WebEx\Productivity Tools\components\OCFF.dll

FF - component: C:\Users\randerson\AppData\Roaming\Mozilla\Firefox\Profiles\9qvhu8bo.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}\platform\WINNT_x86-msvc\components\WeaveCrypto.dll

FF - component: C:\Users\randerson\AppData\Roaming\Mozilla\Firefox\Profiles\9qvhu8bo.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc_fireftp.dll

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npatgpc.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npyaxmpb.dll

FF - plugin: C:\Users\randerson\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll

FF - plugin: C:\Users\randerson\AppData\Roaming\Mozilla\Firefox\Profiles\9qvhu8bo.default\extensions\npNELaunch@sonicwall.com\plugins\npNELaunch.dll

FF - plugin: C:\Users\randerson\AppData\Roaming\Mozilla\Firefox\Profiles\9qvhu8bo.default\extensions\nprt@sonicwall.com\plugins\nprt.dll

FF - plugin: C:\Users\randerson\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll

FF - plugin: C:\Users\randerson\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: NetExtender Launcher : npNELaunch@sonicwall.com - %profile%\extensions\npNELaunch@sonicwall.com

FF - Ext: Webmail Ad Blocker: gmailnoads@mywebber.com - %profile%\extensions\gmailnoads@mywebber.com

FF - Ext: Ad blocker: {4DC70064-89E2-4a55-8FC6-E8CDEAE3612C} - %profile%\extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3612C}

FF - Ext: ColorfulTabs: {0545b830-f0aa-4d7e-8820-50a4629a56fe} - %profile%\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}

FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}

FF - Ext: FireFTP: {a7c6cf7f-112c-4500-a7ea-39801a327e5f} - %profile%\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}

FF - Ext: Virtual Assist Launcher: nprt@sonicwall.com - %profile%\extensions\nprt@sonicwall.com

FF - Ext: Xmarks: foxmarks@kei.com - %profile%\extensions\foxmarks@kei.com

FF - Ext: Firefox Sync: {340c2bbc-ce74-4362-90b5-7c26312808ef} - %profile%\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}

FF - Ext: ThinkVantage Password Manager: {FCF36B88-1BBA-487f-B64B-D2E8980A9293} - C:\Program Files (x86)\Lenovo\Client Security Solution\PWM Firefox Extension

FF - Ext: ocplugin: ocplugin@webex.com - C:\Program Files (x86)\WebEx\Productivity Tools

.

============= SERVICES / DRIVERS ===============

.

R0 DzHDD64;DzHDD64;C:\Windows\system32\DRIVERS\DzHDD64.sys --> C:\Windows\system32\DRIVERS\DzHDD64.sys [?]

R0 TPDIGIMN;TPDIGIMN;C:\Windows\system32\DRIVERS\ApsHM64.sys --> C:\Windows\system32\DRIVERS\ApsHM64.sys [?]

R1 lenovo.smi;Lenovo System Interface Driver;C:\Windows\system32\DRIVERS\smiifx64.sys --> C:\Windows\system32\DRIVERS\smiifx64.sys [?]

R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]

R2 CLDTVHNService;CLDTVHNService;C:\Program Files (x86)\DirecTV\DirecTV\Kernel\DMP\CLDTVHNService.exe [2010-10-28 75048]

R2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [2009-9-15 403456]

R2 EkaProt6;Ekahau User Protocol Driver for NDIS 6;C:\Windows\system32\DRIVERS\ekaprot6.sys --> C:\Windows\system32\DRIVERS\ekaprot6.sys [?]

R2 HsfXAudioService;HsfXAudioService;C:\Windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992]

R2 LENOVO.CAMMUTE;Lenovo Camera Mute;C:\Program Files\Lenovo\Communications Utility\CamMute.exe [2010-11-23 50536]

R2 LENOVO.MICMUTE;Lenovo Microphone Mute;C:\Program Files\Lenovo\HOTKEY\micmute.exe [2010-11-23 45496]

R2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe [2010-11-23 74088]

R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe [2010-11-23 93032]

R2 ntk_dtv;ntk_dtv;C:\Program Files (x86)\DirecTV\DirecTV\Kernel\DMP\ntk_dtv_64.sys [2010-10-28 82416]

R2 rimspci;rimspci;C:\Windows\system32\DRIVERS\rimspe64.sys --> C:\Windows\system32\DRIVERS\rimspe64.sys [?]

R2 smihlp2;SMI Helper Driver (smihlp2);C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [2009-3-13 13840]

R2 SncSch2Svc;SonicWALL Scheduler2 Service;C:\Program Files (x86)\Common Files\SonicWALL\Schedule2\schedul2.exe [2010-7-2 606560]

R2 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2010-8-24 92008]

R2 TPHKSVC;On Screen Display;C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe [2010-11-23 63928]

R2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [2009-9-15 907264]

R3 5U877;USB Video Device;C:\Windows\system32\DRIVERS\5U877.sys --> C:\Windows\system32\DRIVERS\5U877.sys [?]

R3 bpenum;bpenum;C:\Windows\system32\DRIVERS\bpenum.sys --> C:\Windows\system32\DRIVERS\bpenum.sys [?]

R3 bpmp;bpmp;C:\Windows\system32\DRIVERS\bpmp.sys --> C:\Windows\system32\DRIVERS\bpmp.sys [?]

R3 bpusb;bpusb;C:\Windows\system32\Drivers\bpusb.sys --> C:\Windows\system32\Drivers\bpusb.sys [?]

R3 CAXHWAZL;CAXHWAZL;C:\Windows\system32\DRIVERS\CAXHWAZL.sys --> C:\Windows\system32\DRIVERS\CAXHWAZL.sys [?]

R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;C:\Windows\system32\DRIVERS\e1k62x64.sys --> C:\Windows\system32\DRIVERS\e1k62x64.sys [?]

R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]

R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]

R3 NxDrv;SonicWALL NetExtender Adapter;C:\Windows\system32\DRIVERS\NxDrv.sys --> C:\Windows\system32\DRIVERS\NxDrv.sys [?]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-31 136176]

S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-9-12 366152]

S2 sw_va_service;Virtual Assist;"C:\Users\randerson\AppData\Local\SonicWALL\VirtualAssist\VASAC.exe" -service --> C:\Users\randerson\AppData\Local\SonicWALL\VirtualAssist\VASAC.exe [?]

S3 androidusb;ADB Interface Driver;C:\Windows\system32\Drivers\androidusb.sys --> C:\Windows\system32\Drivers\androidusb.sys [?]

S3 btusbflt;Bluetooth USB Filter;C:\Windows\system32\drivers\btusbflt.sys --> C:\Windows\system32\drivers\btusbflt.sys [?]

S3 DozeSvc;Lenovo Doze Mode Service;C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2010-5-26 164200]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-31 136176]

S3 HTCAND64;HTC Device Driver;C:\Windows\system32\Drivers\ANDROIDUSB.sys --> C:\Windows\system32\Drivers\ANDROIDUSB.sys [?]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-12-27 31124344]

S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]

S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]

S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]

S3 NWUSBCDFIL64;Novatel Wireless Installation CD;C:\Windows\system32\DRIVERS\NwUsbCdFil64.sys --> C:\Windows\system32\DRIVERS\NwUsbCdFil64.sys [?]

S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;C:\Windows\system32\DRIVERS\nwusbser2.sys --> C:\Windows\system32\DRIVERS\nwusbser2.sys [?]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 Power Manager DBC Service;Power Manager DBC Service;C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe [2010-5-26 75112]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]

S3 silabenm;Silicon Labs CP210x USB to UART Bridge Serial Port Enumerator Driver;C:\Windows\system32\DRIVERS\silabenm.sys --> C:\Windows\system32\DRIVERS\silabenm.sys [?]

S3 silabser;Silicon Labs CP210x USB to UART Bridge Driver;C:\Windows\system32\DRIVERS\silabser.sys --> C:\Windows\system32\DRIVERS\silabser.sys [?]

S3 SMSIVZAM5X64;SMSIVZAM5X64 NDIS Protocol Driver;C:\PROGRA~2\VERIZO~1\VZACCE~1\SMSIVZAM5X64.SYS [2009-3-20 43032]

S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]

S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]

S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 vpcuxd;USB Virtualization Stub Service;C:\Windows\system32\drivers\vpcuxd.sys --> C:\Windows\system32\drivers\vpcuxd.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2011-09-21 23:06:43 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5C8CAD16-E46A-4B27-BBED-83DF9F03EC5F}\offreg.dll

2011-09-21 23:06:41 9049936 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5C8CAD16-E46A-4B27-BBED-83DF9F03EC5F}\mpengine.dll

2011-09-21 22:10:45 -------- d-----w- C:\ComboFix

2011-09-16 21:57:33 111408 ----a-w- C:\Windows\System32\drivers\43042586.sys

2011-09-16 21:20:27 -------- d-----w- C:\ProgramData\Kaspersky Lab

2011-09-14 01:43:44 6144 ------w- C:\Windows\System32\48ED.tmp

2011-09-14 01:43:09 6144 ------w- C:\Windows\System32\C175.tmp

2011-09-14 01:35:22 -------- d-----w- C:\Users\randerson\AppData\Local\Apple

2011-09-13 18:46:09 -------- d-----w- C:\Users\randerson\AppData\Local\Adobe

2011-09-13 00:34:44 98816 ----a-w- C:\Windows\sed.exe

2011-09-13 00:34:44 518144 ----a-w- C:\Windows\SWREG.exe

2011-09-13 00:34:44 256000 ----a-w- C:\Windows\PEV.exe

2011-09-13 00:34:44 208896 ----a-w- C:\Windows\MBR.exe

2011-09-13 00:17:30 -------- d-----w- C:\Windows\pss

2011-09-13 00:05:07 -------- d-----w- C:\Users\randerson\AppData\Local\Apple Computer

2011-09-12 14:13:16 6144 ------w- C:\Windows\System32\2C2F.tmp

2011-09-12 14:12:27 6144 ------w- C:\Windows\System32\6B11.tmp

2011-09-12 14:12:10 -------- d-----w- C:\Program Files (x86)\Sophos

2011-09-12 13:47:56 -------- d-----w- C:\Users\randerson\AppData\Roaming\Malwarebytes

2011-09-12 13:47:46 -------- d-----w- C:\ProgramData\Malwarebytes

2011-09-12 13:47:42 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2011-09-12 13:38:16 388096 ----a-r- C:\Users\randerson\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-09-12 13:38:15 -------- d-----w- C:\Program Files (x86)\Trend Micro

2011-09-09 19:40:44 601424 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DC7B2E94-26AD-4C01-B1D7-1AB41656C83B}\gapaengine.dll

2011-09-05 17:04:56 183696 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll

2011-09-05 17:04:56 183696 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll

2011-08-25 13:48:28 -------- d-----w- C:\Users\randerson\AppData\Local\WebEx

2011-08-25 13:15:34 -------- d-----w- C:\Program Files (x86)\WebEx

2011-08-24 15:44:41 -------- d--h--w- C:\Users\randerson\Ekahau Site Survey

2011-08-24 15:44:00 -------- d-----w- C:\Program Files\Ekahau

2011-08-24 11:17:39 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2011-08-24 11:17:39 2048 ----a-w- C:\Windows\System32\tzres.dll

2011-08-24 11:06:44 -------- d-----w- C:\Program Files (x86)\Xmarks

2011-08-23 13:27:49 -------- d-----w- C:\Program Files\iTunes

2011-08-23 13:27:49 -------- d-----w- C:\Program Files\iPod

2011-08-23 13:27:49 -------- d-----w- C:\Program Files (x86)\iTunes

.

==================== Find3M ====================

.

2011-09-21 22:55:42 17920 ----a-w- C:\Windows\System32\rpcnetp.exe

2011-09-21 22:55:38 58288 ----a-w- C:\Windows\SysWow64\rpcnet.dll

2011-08-16 18:02:16 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2011-07-22 05:42:23 2303488 ----a-w- C:\Windows\System32\jscript9.dll

2011-07-22 05:36:16 1389056 ----a-w- C:\Windows\System32\wininet.dll

2011-07-22 05:32:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2011-07-22 02:54:43 1797632 ----a-w- C:\Windows\SysWow64\jscript9.dll

2011-07-22 02:48:26 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll

2011-07-22 02:44:36 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2011-07-16 05:41:50 362496 ----a-w- C:\Windows\System32\wow64win.dll

2011-07-16 05:41:49 243200 ----a-w- C:\Windows\System32\wow64.dll

2011-07-16 05:41:49 13312 ----a-w- C:\Windows\System32\wow64cpu.dll

2011-07-16 05:39:10 16384 ----a-w- C:\Windows\System32\ntvdm64.dll

2011-07-16 05:37:12 421888 ----a-w- C:\Windows\System32\KernelBase.dll

2011-07-16 04:29:19 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2011-07-16 04:26:00 44032 ----a-w- C:\Windows\apppatch\acwow64.dll

2011-07-16 04:25:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2011-07-16 04:24:23 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2011-07-16 04:24:22 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll

2011-07-16 02:21:44 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2011-07-16 02:21:41 2048 ----a-w- C:\Windows\SysWow64\user.exe

2011-07-16 02:17:19 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

2011-07-16 02:17:19 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

2011-07-16 02:17:19 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

2011-07-16 02:17:19 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

2011-07-12 15:34:00 96104 ----a-w- C:\Windows\System32\dns-sd.exe

2011-07-12 15:34:00 85864 ----a-w- C:\Windows\System32\dnssd.dll

2011-07-12 15:34:00 61288 ----a-w- C:\Windows\System32\jdns_sd.dll

2011-07-12 15:34:00 212840 ----a-w- C:\Windows\System32\dnssdX.dll

2011-07-12 15:20:54 83816 ----a-w- C:\Windows\SysWow64\dns-sd.exe

2011-07-12 15:20:54 73064 ----a-w- C:\Windows\SysWow64\dnssd.dll

2011-07-12 15:20:54 50536 ----a-w- C:\Windows\SysWow64\jdns_sd.dll

2011-07-12 15:20:54 178536 ----a-w- C:\Windows\SysWow64\dnssdX.dll

2011-07-09 02:46:28 288768 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys

2011-07-05 22:37:00 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx

2011-07-05 22:37:00 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts

2011-06-24 05:34:53 214528 ----a-w- C:\Windows\System32\winsrv.dll

2011-06-24 05:25:49 338432 ----a-w- C:\Windows\System32\conhost.exe

.

============= FINISH: 19:26:01.10 ===============

Link to post
Share on other sites

  • Staff

Hi,

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

Link to post
Share on other sites

ESETSmartInstaller@High as CAB hook log:

OnlineScanner64.ocx - registred OK

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)

# OnlineScanner.ocx=1.0.0.6528

# api_version=3.0.2

# EOSSerial=40beb8285ec5e64981f1a8f35fdeb2f6

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2011-09-25 09:37:25

# local_time=2011-09-25 05:37:25 (-0500, Eastern Daylight Time)

# country="United States"

# lang=9

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=512 16777215 100 0 224579 224579 0 0

# compatibility_mode=5893 16776574 100 94 462547 68524324 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=162226

# found=5

# cleaned=5

# scan_time=5771

C:\Users\randerson\Documents\Tivo\ptvlba48-4.01DD.iso INF/Autorun.gen trojan (deleted - quarantined) 00000000000000000000000000000000 C

C:\Users\randerson\Documents\zipper\zipper_universal_CD.iso INF/Autorun.gen trojan (deleted - quarantined) 00000000000000000000000000000000 C

C:\Users\randerson\Documents\zipper\zipper_universal_CD_with_HR10-250_image.iso INF/Autorun.gen trojan (deleted - quarantined) 00000000000000000000000000000000 C

C:\Users\randerson\Documents\zipper\zipper_tools\instantcake-hr10-250-1.2-3.1.5f-SE2-01-2-357.iso INF/Autorun.gen trojan (deleted - quarantined) 00000000000000000000000000000000 C

C:\Users\randerson\Documents\zipper\zipper_tools\ptvlba48-4.04DD.iso INF/Autorun.gen trojan (deleted - quarantined) 00000000000000000000000000000000 C

I think these are false positives for these 5 files--they've been on my system for a number of years. I don't need them anymore so I did delete them anyway.

Results of screen317's Security Check version 0.99.18

Windows 7 (UAC is disabled!)

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

ESET Online Scanner v3

WMI entry may not exist for antivirus; attempting automatic update.

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

Adobe Flash Player 10.3.183.5

Adobe Reader X (10.1.1)

````````````````````````````````

Process Check:

objlist.exe by Laurent

Windows Defender MSMpEng.exe

Microsoft Security Essentials msseces.exe

Microsoft Security Client Antimalware MsMpEng.exe

Microsoft Security Client Antimalware NisSrv.exe

``````````End of Log````````````

Clicking on Firefox and IE google search results still redirect to undesired pages like this one:

http://64.111.211.187/c.php?re=1&r=eNo1k0uvgkgQhX8QifaDVy_uArkC8vL6AmQzaaBBGhBRBCH8-HExk9RJ5SRf1eocviBMAFggWPzzdnbD4yNtAu7N258FrACU1f8XAhACgiRIgCgqCzVrThGZ2GnDE2yXcfh5pePP94olKYUSIDnDGYIEK1_LMJByIBGkyv_IYppSLCW59P0lilkqwgxKoiJBFdKUoYUoC1yY3xpjxt5tpWmarw1mqXonv65esvVrxIe9WtltUXlZN7iQAXl-9vv8_hHM90V33rZ2ySbDlrq8xVWURHLcCH0a5bMveP14QGvtuXcaPP_ZntxWxaTv0IhPaoDLsgpHlHcOZtOrnoZWz7fQSTXJ02FRCeDk-Qyc7b7dHZPkQQarsCxDdZChXjQMzlBTMqluu3Phzna9-zjBuzquqf5bbmSypzdEjkIU6W7HGr39uGMklKLIo2Adlzd9A8WQ75pEaINraz20d7fbNC5SQjaLIXxbGD4L1OjFcz4AoxNLP6RMvh1G2eR2Psl3Yz-X5_D0LBFaD3HX8ugy97-VYVdWtbavYp_pvqKEMbrjoyo0JH_cPo5bPIPX72PauXFjnBt23ZUfMricConFN9OVP2rG7IdZyehPPNDXziB7YcJlb2zrtd_ZBdC1Ken7D9lh5SRaF8XC4XMN70k1aJArjrWRL-q-l1RR9883eOeXMkja-exuhNdRvV_Db4ASvn4w_3nxI6u81VSPtSG8ZmQUPpwzRxP4fkR1VwbXvR_vPC9V-9Y0w3HrWp0qP56UW2kTVUM8xv3Mx7hUWjkpQwf2OXtvHWVXCCUOnadx_Js6j6eOZF_HX7A-OS_9yfXDLfGYeSHClZcO30bo2ELl1CSJcjWHpBia-81va5lVGy9t5wa3Xg26GRwkJJxf68wwA7h_zMN6aPZVahhEM99BWsNPWQ-Zp8_KnygNo8XVoUDatx9QwSuoqiusriCUlwWq4uob_6_QCgG0gGVBS4Yz7DbGTPGxjUN_iqP0nTQBWAggX-A7-D_m80iQNFPTmOKTxBMEfpYsZzTHVCUKSSnBSJYpAjnNABXVb8XoklPEMooxESWAkKRCOVPkRFEIwGnOFPIvgHhQyg&u=ecff5c418bd395dfad5941961dc6eba8&cid=9517cf35d56c4072b7818feb20b215f3&rc=0&pa=&ref1=&ref2=

instead of taking me to the actual search results.

I haven't seen firewall log entries indicating that my laptop is attempting to contact a TSDDConf.A botnet controller since I ran these tools, but I've seen quiet times for this type of activity over the last couple of weeks so I'm not sure that means anything yet. I'll keep monitoring that and post if I see these types of attempts again tonight.

Thanks for sticking with me through this.

Link to post
Share on other sites

  • Staff

Hi,

  • Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
  • Execute the file TDSSKiller.exe by double-clicking on it.
  • Wait for the scan and disinfection process to be over.
  • When its work is over, the utility prompts for a reboot to complete the disinfection.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).

The log is like UtilityName.Version_Date_Time_log.txt.

for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.

Link to post
Share on other sites

21:11:24.0615 5536 TDSS rootkit removing tool 2.6.2.0 Sep 26 2011 18:56:43

21:11:25.0032 5536 ============================================================

21:11:25.0032 5536 Current date / time: 2011/09/27 21:11:25.0032

21:11:25.0032 5536 SystemInfo:

21:11:25.0032 5536

21:11:25.0032 5536 OS Version: 6.1.7601 ServicePack: 1.0

21:11:25.0032 5536 Product type: Workstation

21:11:25.0032 5536 ComputerName: T410

21:11:25.0032 5536 UserName: randerson

21:11:25.0032 5536 Windows directory: C:\Windows

21:11:25.0032 5536 System windows directory: C:\Windows

21:11:25.0032 5536 Running under WOW64

21:11:25.0032 5536 Processor architecture: Intel x64

21:11:25.0032 5536 Number of processors: 4

21:11:25.0032 5536 Page size: 0x1000

21:11:25.0032 5536 Boot type: Normal boot

21:11:25.0032 5536 ============================================================

21:11:25.0360 5536 Initialize success

21:11:32.0687 6828 ============================================================

21:11:32.0687 6828 Scan started

21:11:32.0687 6828 Mode: Manual;

21:11:32.0687 6828 ============================================================

21:11:32.0930 6828 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

21:11:32.0931 6828 1394ohci - ok

21:11:32.0978 6828 5U877 (7c6cde7051affec0f18079caf7448a9a) C:\Windows\system32\DRIVERS\5U877.sys

21:11:32.0979 6828 5U877 - ok

21:11:33.0023 6828 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

21:11:33.0025 6828 ACPI - ok

21:11:33.0055 6828 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

21:11:33.0056 6828 AcpiPmi - ok

21:11:33.0185 6828 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

21:11:33.0187 6828 adp94xx - ok

21:11:33.0240 6828 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

21:11:33.0241 6828 adpahci - ok

21:11:33.0257 6828 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

21:11:33.0259 6828 adpu320 - ok

21:11:33.0310 6828 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys

21:11:33.0312 6828 AFD - ok

21:11:33.0401 6828 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

21:11:33.0401 6828 agp440 - ok

21:11:33.0453 6828 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

21:11:33.0454 6828 aliide - ok

21:11:33.0471 6828 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

21:11:33.0471 6828 amdide - ok

21:11:33.0500 6828 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

21:11:33.0501 6828 AmdK8 - ok

21:11:33.0513 6828 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

21:11:33.0513 6828 AmdPPM - ok

21:11:33.0554 6828 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

21:11:33.0554 6828 amdsata - ok

21:11:33.0602 6828 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

21:11:33.0603 6828 amdsbs - ok

21:11:33.0628 6828 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

21:11:33.0628 6828 amdxata - ok

21:11:33.0695 6828 androidusb (363571bc0c79e394e69300d1f2e3ddae) C:\Windows\system32\Drivers\androidusb.sys

21:11:33.0696 6828 androidusb - ok

21:11:33.0765 6828 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

21:11:33.0765 6828 AppID - ok

21:11:33.0882 6828 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

21:11:33.0883 6828 arc - ok

21:11:33.0912 6828 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

21:11:33.0913 6828 arcsas - ok

21:11:33.0970 6828 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

21:11:33.0970 6828 AsyncMac - ok

21:11:34.0016 6828 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

21:11:34.0016 6828 atapi - ok

21:11:34.0133 6828 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

21:11:34.0135 6828 b06bdrv - ok

21:11:34.0178 6828 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

21:11:34.0179 6828 b57nd60a - ok

21:11:34.0197 6828 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

21:11:34.0197 6828 Beep - ok

21:11:34.0232 6828 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

21:11:34.0233 6828 blbdrive - ok

21:11:34.0335 6828 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

21:11:34.0336 6828 bowser - ok

21:11:34.0390 6828 bpenum (a91b4392b326f6aed0052cb2592e979d) C:\Windows\system32\DRIVERS\bpenum.sys

21:11:34.0390 6828 bpenum - ok

21:11:34.0419 6828 bpmp (7057339774618e38cfefe0b5d1fdd58e) C:\Windows\system32\DRIVERS\bpmp.sys

21:11:34.0420 6828 bpmp - ok

21:11:34.0449 6828 bpusb (2636c9619120a6b16dcb51886c46ac20) C:\Windows\system32\Drivers\bpusb.sys

21:11:34.0449 6828 bpusb - ok

21:11:34.0485 6828 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

21:11:34.0486 6828 BrFiltLo - ok

21:11:34.0550 6828 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

21:11:34.0550 6828 BrFiltUp - ok

21:11:34.0583 6828 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

21:11:34.0584 6828 Brserid - ok

21:11:34.0596 6828 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

21:11:34.0597 6828 BrSerWdm - ok

21:11:34.0608 6828 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

21:11:34.0609 6828 BrUsbMdm - ok

21:11:34.0616 6828 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

21:11:34.0617 6828 BrUsbSer - ok

21:11:34.0668 6828 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys

21:11:34.0668 6828 BthEnum - ok

21:11:34.0707 6828 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

21:11:34.0708 6828 BTHMODEM - ok

21:11:34.0769 6828 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys

21:11:34.0770 6828 BthPan - ok

21:11:34.0804 6828 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys

21:11:34.0807 6828 BTHPORT - ok

21:11:34.0846 6828 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys

21:11:34.0847 6828 BTHUSB - ok

21:11:34.0883 6828 btusbflt (d3466f77c2c49c6e393ba5fba963a33e) C:\Windows\system32\drivers\btusbflt.sys

21:11:34.0884 6828 btusbflt - ok

21:11:34.0903 6828 btwaudio - ok

21:11:34.0917 6828 btwavdt - ok

21:11:34.0925 6828 btwl2cap - ok

21:11:34.0933 6828 btwrchid - ok

21:11:34.0973 6828 catchme - ok

21:11:35.0093 6828 CAXHWAZL (48360b88c4bf45850653bb7c86888ed4) C:\Windows\system32\DRIVERS\CAXHWAZL.sys

21:11:35.0094 6828 CAXHWAZL - ok

21:11:35.0119 6828 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

21:11:35.0120 6828 cdfs - ok

21:11:35.0171 6828 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys

21:11:35.0171 6828 cdrom - ok

21:11:35.0209 6828 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

21:11:35.0210 6828 circlass - ok

21:11:35.0304 6828 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

21:11:35.0306 6828 CLFS - ok

21:11:35.0354 6828 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

21:11:35.0355 6828 CmBatt - ok

21:11:35.0393 6828 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

21:11:35.0393 6828 cmdide - ok

21:11:35.0431 6828 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys

21:11:35.0433 6828 CNG - ok

21:11:35.0543 6828 CnxtHdAudService (22bc1c27274d1cb1c3a8c14cdba0cdf2) C:\Windows\system32\drivers\CHDRT64.sys

21:11:35.0547 6828 CnxtHdAudService - ok

21:11:35.0575 6828 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

21:11:35.0575 6828 Compbatt - ok

21:11:35.0636 6828 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

21:11:35.0636 6828 CompositeBus - ok

21:11:35.0662 6828 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

21:11:35.0662 6828 crcdisk - ok

21:11:35.0778 6828 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys

21:11:35.0780 6828 CSC - ok

21:11:35.0825 6828 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

21:11:35.0826 6828 DfsC - ok

21:11:35.0859 6828 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

21:11:35.0860 6828 discache - ok

21:11:35.0948 6828 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

21:11:35.0949 6828 Disk - ok

21:11:36.0010 6828 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

21:11:36.0011 6828 drmkaud - ok

21:11:36.0062 6828 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

21:11:36.0066 6828 DXGKrnl - ok

21:11:36.0179 6828 DzHDD64 (5bdef3faa1bfd9c9c5d3dc972049f0fa) C:\Windows\system32\DRIVERS\DzHDD64.sys

21:11:36.0180 6828 DzHDD64 - ok

21:11:36.0216 6828 e1kexpress (3fac023e44bcae77e62770f8fd476a2a) C:\Windows\system32\DRIVERS\e1k62x64.sys

21:11:36.0218 6828 e1kexpress - ok

21:11:36.0288 6828 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

21:11:36.0303 6828 ebdrv - ok

21:11:36.0430 6828 EkaProt6 (dee9d1253fcfe8ccf31d346294210824) C:\Windows\system32\DRIVERS\ekaprot6.sys

21:11:36.0431 6828 EkaProt6 - ok

21:11:36.0469 6828 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

21:11:36.0472 6828 elxstor - ok

21:11:36.0509 6828 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

21:11:36.0509 6828 ErrDev - ok

21:11:36.0556 6828 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

21:11:36.0557 6828 exfat - ok

21:11:36.0572 6828 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

21:11:36.0573 6828 fastfat - ok

21:11:36.0665 6828 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

21:11:36.0665 6828 fdc - ok

21:11:36.0697 6828 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

21:11:36.0698 6828 FileInfo - ok

21:11:36.0716 6828 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

21:11:36.0716 6828 Filetrace - ok

21:11:36.0727 6828 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

21:11:36.0727 6828 flpydisk - ok

21:11:36.0764 6828 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

21:11:36.0766 6828 FltMgr - ok

21:11:36.0782 6828 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

21:11:36.0783 6828 FsDepends - ok

21:11:36.0795 6828 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys

21:11:36.0796 6828 Fs_Rec - ok

21:11:36.0834 6828 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

21:11:36.0835 6828 fvevol - ok

21:11:36.0933 6828 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

21:11:36.0933 6828 gagp30kx - ok

21:11:36.0988 6828 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

21:11:36.0988 6828 GEARAspiWDM - ok

21:11:37.0031 6828 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

21:11:37.0031 6828 hcw85cir - ok

21:11:37.0071 6828 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

21:11:37.0072 6828 HdAudAddService - ok

21:11:37.0106 6828 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys

21:11:37.0107 6828 HDAudBus - ok

21:11:37.0189 6828 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys

21:11:37.0190 6828 HECIx64 - ok

21:11:37.0213 6828 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

21:11:37.0213 6828 HidBatt - ok

21:11:37.0227 6828 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

21:11:37.0227 6828 HidBth - ok

21:11:37.0255 6828 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

21:11:37.0256 6828 HidIr - ok

21:11:37.0303 6828 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys

21:11:37.0303 6828 HidUsb - ok

21:11:37.0331 6828 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

21:11:37.0331 6828 HpSAMD - ok

21:11:37.0462 6828 HSF_DPV (f6ac1087a131fbb385400667bea64fbe) C:\Windows\system32\DRIVERS\CAX_DPV.sys

21:11:37.0469 6828 HSF_DPV - ok

21:11:37.0513 6828 HTCAND64 (363571bc0c79e394e69300d1f2e3ddae) C:\Windows\system32\Drivers\ANDROIDUSB.sys

21:11:37.0514 6828 HTCAND64 - ok

21:11:37.0567 6828 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

21:11:37.0570 6828 HTTP - ok

21:11:37.0655 6828 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

21:11:37.0655 6828 hwpolicy - ok

21:11:37.0705 6828 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys

21:11:37.0706 6828 i8042prt - ok

21:11:37.0745 6828 iaStor (abbf174cb394f5c437410a788b7e404a) C:\Windows\system32\DRIVERS\iaStor.sys

21:11:37.0747 6828 iaStor - ok

21:11:37.0825 6828 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

21:11:37.0827 6828 iaStorV - ok

21:11:37.0898 6828 IBMPMDRV (3761fab385f1c2f51b2fad48cfabbe9d) C:\Windows\system32\DRIVERS\ibmpmdrv.sys

21:11:37.0898 6828 IBMPMDRV - ok

21:11:37.0954 6828 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

21:11:37.0954 6828 iirsp - ok

21:11:38.0027 6828 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys

21:11:38.0028 6828 Impcd - ok

21:11:38.0071 6828 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

21:11:38.0072 6828 intelide - ok

21:11:38.0119 6828 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

21:11:38.0120 6828 intelppm - ok

21:11:38.0192 6828 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

21:11:38.0193 6828 IpFilterDriver - ok

21:11:38.0240 6828 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

21:11:38.0240 6828 IPMIDRV - ok

21:11:38.0293 6828 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

21:11:38.0294 6828 IPNAT - ok

21:11:38.0370 6828 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

21:11:38.0370 6828 IRENUM - ok

21:11:38.0428 6828 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

21:11:38.0428 6828 isapnp - ok

21:11:38.0441 6828 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

21:11:38.0443 6828 iScsiPrt - ok

21:11:38.0490 6828 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys

21:11:38.0491 6828 kbdclass - ok

21:11:38.0535 6828 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys

21:11:38.0535 6828 kbdhid - ok

21:11:38.0574 6828 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys

21:11:38.0575 6828 KSecDD - ok

21:11:38.0612 6828 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys

21:11:38.0613 6828 KSecPkg - ok

21:11:38.0651 6828 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

21:11:38.0652 6828 ksthunk - ok

21:11:38.0743 6828 lenovo.smi (5acff5823634bc2c4ebf559c3b33e18e) C:\Windows\system32\DRIVERS\smiifx64.sys

21:11:38.0743 6828 lenovo.smi - ok

21:11:38.0831 6828 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

21:11:38.0832 6828 lltdio - ok

21:11:38.0872 6828 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

21:11:38.0873 6828 LSI_FC - ok

21:11:38.0891 6828 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

21:11:38.0892 6828 LSI_SAS - ok

21:11:38.0903 6828 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

21:11:38.0904 6828 LSI_SAS2 - ok

21:11:38.0950 6828 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

21:11:38.0951 6828 LSI_SCSI - ok

21:11:38.0966 6828 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

21:11:38.0967 6828 luafv - ok

21:11:39.0032 6828 MBAMProtector - ok

21:11:39.0084 6828 mcdbus (79d51e7f5926e8ce1b3ebecebae28cff) C:\Windows\system32\DRIVERS\mcdbus.sys

21:11:39.0085 6828 mcdbus - ok

21:11:39.0126 6828 mdmxsdk (e4f44ec214b3e381e1fc844a02926666) C:\Windows\system32\DRIVERS\mdmxsdk.sys

21:11:39.0127 6828 mdmxsdk - ok

21:11:39.0178 6828 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

21:11:39.0178 6828 megasas - ok

21:11:39.0194 6828 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

21:11:39.0195 6828 MegaSR - ok

21:11:39.0212 6828 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

21:11:39.0213 6828 Modem - ok

21:11:39.0261 6828 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

21:11:39.0261 6828 monitor - ok

21:11:39.0333 6828 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys

21:11:39.0334 6828 mouclass - ok

21:11:39.0342 6828 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

21:11:39.0343 6828 mouhid - ok

21:11:39.0430 6828 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

21:11:39.0430 6828 mountmgr - ok

21:11:39.0493 6828 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys

21:11:39.0494 6828 MpFilter - ok

21:11:39.0528 6828 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

21:11:39.0529 6828 mpio - ok

21:11:39.0565 6828 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys

21:11:39.0565 6828 MpNWMon - ok

21:11:39.0593 6828 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

21:11:39.0593 6828 mpsdrv - ok

21:11:39.0665 6828 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

21:11:39.0666 6828 MRxDAV - ok

21:11:39.0699 6828 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

21:11:39.0700 6828 mrxsmb - ok

21:11:39.0741 6828 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

21:11:39.0742 6828 mrxsmb10 - ok

21:11:39.0755 6828 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

21:11:39.0756 6828 mrxsmb20 - ok

21:11:39.0791 6828 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

21:11:39.0792 6828 msahci - ok

21:11:39.0860 6828 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

21:11:39.0861 6828 msdsm - ok

21:11:39.0932 6828 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

21:11:39.0932 6828 Msfs - ok

21:11:39.0962 6828 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

21:11:39.0962 6828 mshidkmdf - ok

21:11:39.0987 6828 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

21:11:39.0988 6828 msisadrv - ok

21:11:40.0019 6828 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

21:11:40.0020 6828 MSKSSRV - ok

21:11:40.0054 6828 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

21:11:40.0054 6828 MSPCLOCK - ok

21:11:40.0096 6828 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

21:11:40.0097 6828 MSPQM - ok

21:11:40.0141 6828 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

21:11:40.0143 6828 MsRPC - ok

21:11:40.0211 6828 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

21:11:40.0211 6828 mssmbios - ok

21:11:40.0240 6828 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

21:11:40.0240 6828 MSTEE - ok

21:11:40.0250 6828 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

21:11:40.0250 6828 MTConfig - ok

21:11:40.0280 6828 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

21:11:40.0280 6828 Mup - ok

21:11:40.0344 6828 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

21:11:40.0346 6828 NativeWifiP - ok

21:11:40.0432 6828 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

21:11:40.0436 6828 NDIS - ok

21:11:40.0458 6828 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

21:11:40.0459 6828 NdisCap - ok

21:11:40.0494 6828 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

21:11:40.0494 6828 NdisTapi - ok

21:11:40.0556 6828 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

21:11:40.0557 6828 Ndisuio - ok

21:11:40.0594 6828 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

21:11:40.0595 6828 NdisWan - ok

21:11:40.0679 6828 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

21:11:40.0679 6828 NDProxy - ok

21:11:40.0711 6828 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

21:11:40.0712 6828 NetBIOS - ok

21:11:40.0747 6828 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

21:11:40.0749 6828 NetBT - ok

21:11:40.0956 6828 NETw5s64 (24f64343f14a119308456e1ca7507b26) C:\Windows\system32\DRIVERS\NETw5s64.sys

21:11:40.0988 6828 NETw5s64 - ok

21:11:41.0081 6828 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

21:11:41.0082 6828 nfrd960 - ok

21:11:41.0130 6828 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys

21:11:41.0131 6828 NisDrv - ok

21:11:41.0183 6828 NPF (c31fa031335eff434b2d94278e74bcce) C:\Windows\system32\drivers\npf.sys

21:11:41.0184 6828 NPF - ok

21:11:41.0199 6828 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

21:11:41.0200 6828 Npfs - ok

21:11:41.0215 6828 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

21:11:41.0215 6828 nsiproxy - ok

21:11:41.0279 6828 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

21:11:41.0287 6828 Ntfs - ok

21:11:41.0405 6828 ntk_dtv (10694a19236a6355741914c3737cf3a5) C:\Program Files (x86)\DirecTV\DirecTV\Kernel\DMP\ntk_dtv_64.sys

21:11:41.0406 6828 ntk_dtv - ok

21:11:41.0458 6828 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

21:11:41.0459 6828 Null - ok

21:11:41.0515 6828 NVHDA (e20abd5b229760158f753ca90b97e090) C:\Windows\system32\drivers\nvhda64v.sys

21:11:41.0516 6828 NVHDA - ok

21:11:41.0731 6828 nvlddmkm (d5dea2c1865cab9ee6aa29cf9e79a2ce) C:\Windows\system32\DRIVERS\nvlddmkm.sys

21:11:41.0783 6828 nvlddmkm - ok

21:11:41.0881 6828 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

21:11:41.0882 6828 nvraid - ok

21:11:41.0894 6828 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

21:11:41.0895 6828 nvstor - ok

21:11:41.0962 6828 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

21:11:41.0963 6828 nv_agp - ok

21:11:42.0015 6828 NWADI (952ab3bdef38a7391aa05bc8c6028f15) C:\Windows\system32\DRIVERS\NWADIenum.sys

21:11:42.0017 6828 NWADI - ok

21:11:42.0061 6828 NWUSBCDFIL64 (de3abd010d9734cd4ad4e0ba81f50b63) C:\Windows\system32\DRIVERS\NwUsbCdFil64.sys

21:11:42.0061 6828 NWUSBCDFIL64 - ok

21:11:42.0133 6828 NWUSBModem (6ae72c04633788c3c3b71b5beb17183c) C:\Windows\system32\DRIVERS\nwusbmdm.sys

21:11:42.0134 6828 NWUSBModem - ok

21:11:42.0152 6828 NWUSBPort (6ae72c04633788c3c3b71b5beb17183c) C:\Windows\system32\DRIVERS\nwusbser.sys

21:11:42.0153 6828 NWUSBPort - ok

21:11:42.0171 6828 NWUSBPort2 (6ae72c04633788c3c3b71b5beb17183c) C:\Windows\system32\DRIVERS\nwusbser2.sys

21:11:42.0173 6828 NWUSBPort2 - ok

21:11:42.0220 6828 NxDrv (81ea44152271ec2bb2a0251987d5d13c) C:\Windows\system32\DRIVERS\NxDrv.sys

21:11:42.0220 6828 NxDrv - ok

21:11:42.0262 6828 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

21:11:42.0263 6828 ohci1394 - ok

21:11:42.0310 6828 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

21:11:42.0311 6828 Parport - ok

21:11:42.0408 6828 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys

21:11:42.0409 6828 partmgr - ok

21:11:42.0426 6828 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

21:11:42.0427 6828 pci - ok

21:11:42.0438 6828 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

21:11:42.0439 6828 pciide - ok

21:11:42.0458 6828 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

21:11:42.0459 6828 pcmcia - ok

21:11:42.0470 6828 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

21:11:42.0470 6828 pcw - ok

21:11:42.0496 6828 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

21:11:42.0499 6828 PEAUTH - ok

21:11:42.0648 6828 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

21:11:42.0649 6828 PptpMiniport - ok

21:11:42.0675 6828 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

21:11:42.0676 6828 Processor - ok

21:11:42.0721 6828 psadd (515a7c5a0886fcc60901916785efd549) C:\Windows\system32\DRIVERS\psadd.sys

21:11:42.0721 6828 psadd - ok

21:11:42.0769 6828 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

21:11:42.0770 6828 Psched - ok

21:11:42.0824 6828 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

21:11:42.0831 6828 ql2300 - ok

21:11:42.0907 6828 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

21:11:42.0908 6828 ql40xx - ok

21:11:42.0927 6828 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

21:11:42.0928 6828 QWAVEdrv - ok

21:11:42.0953 6828 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

21:11:42.0954 6828 RasAcd - ok

21:11:42.0999 6828 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

21:11:42.0999 6828 RasAgileVpn - ok

21:11:43.0042 6828 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

21:11:43.0043 6828 Rasl2tp - ok

21:11:43.0059 6828 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

21:11:43.0059 6828 RasPppoe - ok

21:11:43.0145 6828 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

21:11:43.0146 6828 RasSstp - ok

21:11:43.0188 6828 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

21:11:43.0190 6828 rdbss - ok

21:11:43.0208 6828 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

21:11:43.0208 6828 rdpbus - ok

21:11:43.0232 6828 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

21:11:43.0232 6828 RDPCDD - ok

21:11:43.0271 6828 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys

21:11:43.0272 6828 RDPDR - ok

21:11:43.0285 6828 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

21:11:43.0286 6828 RDPENCDD - ok

21:11:43.0305 6828 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

21:11:43.0306 6828 RDPREFMP - ok

21:11:43.0403 6828 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys

21:11:43.0404 6828 RdpVideoMiniport - ok

21:11:43.0450 6828 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys

21:11:43.0452 6828 RDPWD - ok

21:11:43.0480 6828 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

21:11:43.0482 6828 rdyboost - ok

21:11:43.0545 6828 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys

21:11:43.0546 6828 RFCOMM - ok

21:11:43.0633 6828 rimspci (3dca561aaf776aa2e356fb5b142aa5f8) C:\Windows\system32\DRIVERS\rimspe64.sys

21:11:43.0634 6828 rimspci - ok

21:11:43.0683 6828 RimUsb (7b04c9843921ab1f695fb395422c5360) C:\Windows\system32\Drivers\RimUsb_AMD64.sys

21:11:43.0684 6828 RimUsb - ok

21:11:43.0731 6828 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

21:11:43.0732 6828 rspndr - ok

21:11:43.0767 6828 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys

21:11:43.0767 6828 s3cap - ok

21:11:43.0847 6828 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

21:11:43.0848 6828 sbp2port - ok

21:11:43.0888 6828 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

21:11:43.0889 6828 scfilter - ok

21:11:43.0940 6828 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys

21:11:43.0941 6828 sdbus - ok

21:11:43.0982 6828 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

21:11:43.0983 6828 secdrv - ok

21:11:44.0017 6828 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

21:11:44.0017 6828 Serenum - ok

21:11:44.0029 6828 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

21:11:44.0030 6828 Serial - ok

21:11:44.0135 6828 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

21:11:44.0136 6828 sermouse - ok

21:11:44.0171 6828 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys

21:11:44.0172 6828 sffdisk - ok

21:11:44.0182 6828 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

21:11:44.0183 6828 sffp_mmc - ok

21:11:44.0200 6828 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\DRIVERS\sffp_sd.sys

21:11:44.0200 6828 sffp_sd - ok

21:11:44.0214 6828 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

21:11:44.0215 6828 sfloppy - ok

21:11:44.0259 6828 Shockprf (380b52126e62c6c2d3c8ba805aadfdc7) C:\Windows\system32\DRIVERS\Apsx64.sys

21:11:44.0260 6828 Shockprf - ok

21:11:44.0300 6828 silabenm (720088aad691ff1d90be8ec28727f6ca) C:\Windows\system32\DRIVERS\silabenm.sys

21:11:44.0300 6828 silabenm - ok

21:11:44.0334 6828 silabser (3a639fc33ad3d4897c301130214d7ff0) C:\Windows\system32\DRIVERS\silabser.sys

21:11:44.0335 6828 silabser - ok

21:11:44.0415 6828 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

21:11:44.0416 6828 SiSRaid2 - ok

21:11:44.0435 6828 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

21:11:44.0436 6828 SiSRaid4 - ok

21:11:44.0462 6828 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

21:11:44.0463 6828 Smb - ok

21:11:44.0552 6828 smihlp2 (c5b1a19b14f19b08ae72fcb20a3075b6) C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys

21:11:44.0553 6828 smihlp2 - ok

21:11:44.0633 6828 SMSIVZAM5X64 (b5d3c24e4ea8e6d4850e83dad8c510d4) C:\PROGRA~2\VERIZO~1\VZACCE~1\SMSIVZAM5X64.SYS

21:11:44.0633 6828 SMSIVZAM5X64 - ok

21:11:44.0757 6828 snapman (882aeb72f86c70d0f8481438a7446a73) C:\Windows\system32\DRIVERS\snapman.sys

21:11:44.0758 6828 snapman - ok

21:11:44.0847 6828 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

21:11:44.0848 6828 spldr - ok

21:11:44.0898 6828 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

21:11:44.0900 6828 srv - ok

21:11:44.0975 6828 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

21:11:44.0977 6828 srv2 - ok

21:11:45.0007 6828 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS

21:11:45.0008 6828 SrvHsfHDA - ok

21:11:45.0038 6828 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS

21:11:45.0044 6828 SrvHsfV92 - ok

21:11:45.0145 6828 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS

21:11:45.0148 6828 SrvHsfWinac - ok

21:11:45.0183 6828 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

21:11:45.0184 6828 srvnet - ok

21:11:45.0218 6828 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

21:11:45.0218 6828 stexstor - ok

21:11:45.0282 6828 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys

21:11:45.0283 6828 storflt - ok

21:11:45.0334 6828 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys

21:11:45.0335 6828 storvsc - ok

21:11:45.0358 6828 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

21:11:45.0359 6828 swenum - ok

21:11:45.0394 6828 Synth3dVsc - ok

21:11:45.0439 6828 SynTP (868dfb220a18312a12cef01ba9ac069b) C:\Windows\system32\DRIVERS\SynTP.sys

21:11:45.0441 6828 SynTP - ok

21:11:45.0513 6828 Tcpip (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\drivers\tcpip.sys

21:11:45.0521 6828 Tcpip - ok

21:11:45.0617 6828 TCPIP6 (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\DRIVERS\tcpip.sys

21:11:45.0626 6828 TCPIP6 - ok

21:11:45.0665 6828 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

21:11:45.0665 6828 tcpipreg - ok

21:11:45.0690 6828 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

21:11:45.0690 6828 TDPIPE - ok

21:11:45.0700 6828 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys

21:11:45.0701 6828 TDTCP - ok

21:11:45.0737 6828 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

21:11:45.0738 6828 tdx - ok

21:11:45.0765 6828 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys

21:11:45.0766 6828 TermDD - ok

21:11:45.0818 6828 tifsfilter (9e8412fe374a6d7af071a76b2839c900) C:\Windows\system32\DRIVERS\tifsfilt.sys

21:11:45.0819 6828 tifsfilter - ok

21:11:45.0840 6828 timounter (86f492b58f99d482bc79d31c1f2fdcf7) C:\Windows\system32\DRIVERS\timntr.sys

21:11:45.0844 6828 timounter - ok

21:11:45.0949 6828 TPDIGIMN (5523c729f1ed31b63c88490af3d220fa) C:\Windows\system32\DRIVERS\ApsHM64.sys

21:11:45.0949 6828 TPDIGIMN - ok

21:11:46.0003 6828 TPM (dbcc20c02e8a3e43b03c304a4e40a84f) C:\Windows\system32\drivers\tpm.sys

21:11:46.0004 6828 TPM - ok

21:11:46.0034 6828 TPPWRIF (2c067e01d6bbccc88b233b868e210907) C:\Windows\system32\drivers\Tppwr64v.sys

21:11:46.0035 6828 TPPWRIF - ok

21:11:46.0082 6828 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

21:11:46.0083 6828 tssecsrv - ok

21:11:46.0109 6828 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

21:11:46.0109 6828 TsUsbFlt - ok

21:11:46.0123 6828 tsusbhub - ok

21:11:46.0223 6828 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

21:11:46.0224 6828 tunnel - ok

21:11:46.0255 6828 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

21:11:46.0255 6828 uagp35 - ok

21:11:46.0296 6828 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

21:11:46.0298 6828 udfs - ok

21:11:46.0354 6828 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

21:11:46.0355 6828 uliagpkx - ok

21:11:46.0381 6828 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys

21:11:46.0382 6828 umbus - ok

21:11:46.0393 6828 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

21:11:46.0394 6828 UmPass - ok

21:11:46.0482 6828 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys

21:11:46.0482 6828 USBAAPL64 - ok

21:11:46.0516 6828 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

21:11:46.0517 6828 usbccgp - ok

21:11:46.0569 6828 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

21:11:46.0570 6828 usbcir - ok

21:11:46.0584 6828 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys

21:11:46.0585 6828 usbehci - ok

21:11:46.0610 6828 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

21:11:46.0612 6828 usbhub - ok

21:11:46.0633 6828 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys

21:11:46.0633 6828 usbohci - ok

21:11:46.0663 6828 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

21:11:46.0664 6828 usbprint - ok

21:11:46.0754 6828 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS

21:11:46.0755 6828 USBSTOR - ok

21:11:46.0780 6828 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys

21:11:46.0781 6828 usbuhci - ok

21:11:46.0839 6828 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys

21:11:46.0840 6828 usbvideo - ok

21:11:46.0872 6828 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

21:11:46.0872 6828 vdrvroot - ok

21:11:46.0891 6828 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

21:11:46.0892 6828 vga - ok

21:11:46.0910 6828 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

21:11:46.0911 6828 VgaSave - ok

21:11:46.0987 6828 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

21:11:46.0989 6828 vhdmp - ok

21:11:47.0001 6828 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

21:11:47.0001 6828 viaide - ok

21:11:47.0026 6828 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys

21:11:47.0027 6828 vmbus - ok

21:11:47.0046 6828 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys

21:11:47.0047 6828 VMBusHID - ok

21:11:47.0090 6828 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

21:11:47.0091 6828 volmgr - ok

21:11:47.0127 6828 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

21:11:47.0129 6828 volmgrx - ok

21:11:47.0147 6828 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

21:11:47.0148 6828 volsnap - ok

21:11:47.0230 6828 vpcbus (b4a73ca4ef9a02b9738cea9ad5fe5917) C:\Windows\system32\DRIVERS\vpchbus.sys

21:11:47.0231 6828 vpcbus - ok

21:11:47.0267 6828 vpcnfltr (e675fb2b48c54f09895482e2253b289c) C:\Windows\system32\DRIVERS\vpcnfltr.sys

21:11:47.0268 6828 vpcnfltr - ok

21:11:47.0288 6828 vpcusb (5fb42082b0d19a0268705f1dd343df20) C:\Windows\system32\DRIVERS\vpcusb.sys

21:11:47.0289 6828 vpcusb - ok

21:11:47.0332 6828 vpcuxd (63f4e10873beb4124028c6d1a66b0968) C:\Windows\system32\drivers\vpcuxd.sys

21:11:47.0333 6828 vpcuxd - ok

21:11:47.0390 6828 vpcvmm (207b6539799cc1c112661a9b620dd233) C:\Windows\system32\drivers\vpcvmm.sys

21:11:47.0392 6828 vpcvmm - ok

21:11:47.0497 6828 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

21:11:47.0498 6828 vsmraid - ok

21:11:47.0513 6828 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

21:11:47.0514 6828 vwifibus - ok

21:11:47.0546 6828 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

21:11:47.0547 6828 vwififlt - ok

21:11:47.0587 6828 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys

21:11:47.0587 6828 vwifimp - ok

21:11:47.0620 6828 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

21:11:47.0621 6828 WacomPen - ok

21:11:47.0728 6828 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

21:11:47.0729 6828 WANARP - ok

21:11:47.0733 6828 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

21:11:47.0734 6828 Wanarpv6 - ok

21:11:47.0760 6828 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

21:11:47.0761 6828 Wd - ok

21:11:47.0785 6828 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

21:11:47.0788 6828 Wdf01000 - ok

21:11:47.0814 6828 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

21:11:47.0814 6828 WfpLwf - ok

21:11:47.0850 6828 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

21:11:47.0850 6828 WIMMount - ok

21:11:47.0942 6828 winachsf (1edbbf412a382550af6eb35f5e46928e) C:\Windows\system32\DRIVERS\CAX_CNXT.sys

21:11:47.0945 6828 winachsf - ok

21:11:48.0026 6828 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUSB.sys

21:11:48.0027 6828 WinUsb - ok

21:11:48.0043 6828 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

21:11:48.0043 6828 WmiAcpi - ok

21:11:48.0075 6828 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

21:11:48.0075 6828 ws2ifsl - ok

21:11:48.0170 6828 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

21:11:48.0171 6828 WudfPf - ok

21:11:48.0202 6828 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

21:11:48.0203 6828 WUDFRd - ok

21:11:48.0247 6828 XAudio (e8f3fa126a06f8e7088f63757112a186) C:\Windows\system32\DRIVERS\XAudio64.sys

21:11:48.0248 6828 XAudio - ok

21:11:48.0291 6828 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

21:11:48.0300 6828 \Device\Harddisk0\DR0 - ok

21:11:48.0302 6828 Boot (0x1200) (77351265c3d680052665394373fa6001) \Device\Harddisk0\DR0\Partition0

21:11:48.0303 6828 \Device\Harddisk0\DR0\Partition0 - ok

21:11:48.0315 6828 Boot (0x1200) (ff696915be5b222cde4129a718b2f649) \Device\Harddisk0\DR0\Partition1

21:11:48.0316 6828 \Device\Harddisk0\DR0\Partition1 - ok

21:11:48.0317 6828 ============================================================

21:11:48.0317 6828 Scan finished

21:11:48.0317 6828 ============================================================

21:11:48.0326 4160 Detected object count: 0

21:11:48.0326 4160 Actual detected object count: 0

21:11:52.0232 7112 Deinitialize success

Link to post
Share on other sites

  • Staff

Okay. :)

1. Very important: First disconnect your computers from the Internet.

2. Router Reset: Next you must reset the router to its default configuration. This can be done by inserting something tiny like a paper clip end or pencil tip into the small hole labeled Reset located on the back of the router. Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 30 seconds).

3. Reset the IP/DNS settings of your Internet connection on each computer connected:

  • Go to Start -> Control Panel -> Double click on Network Connections.
  • Right click on your default connection (usually Local Area Connection or Wireless Network Connection) and select Properties.
  • Select the General tab.
  • Double click on Internet Protocol (TCP/IP).
    • Under General tab:
      • Select "Obtain an IP address automatically".
      • Select "Obtain DNS server address automatically".

    [*]Click OK twice to save the settings.

    [*]Reboot if you had to change any setting.

4. Flush the DNS cache:

  • Click the Start logo in the bottom left corner of the screen
  • Click on Run
  • In the command window copy/paste the following:
    ipconfig /flushdns


  • Then hit enter.
  • Exit the command window.

5. Reconnect: Once you have followed all the above steps you can reconnect your computer to the internet.

Link to post
Share on other sites

The DNS cache is flushed and the IP addressing on the laptop looks good (all of the settings are correct):

Wireless LAN adapter Intel 6250 AGN Wireless:

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Intel® Centrino® Advanced-N 6250 AGN

Physical Address. . . . . . . . . : 00-23-15-17-31-A4

DHCP Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IPv4 Address. . . . . . . . . . . : 10.20.251.11(Preferred)

Subnet Mask . . . . . . . . . . . : 255.255.255.128

Lease Obtained. . . . . . . . . . : Tuesday, September 27, 2011 10:01:37 PM

Lease Expires . . . . . . . . . . : Wednesday, September 28, 2011 10:01:37 PM

Default Gateway . . . . . . . . . : 10.20.251.1

DHCP Server . . . . . . . . . . . : 10.20.251.1

DNS Servers . . . . . . . . . . . : 10.50.128.53

192.168.1.3

192.168.1.90

Primary WINS Server . . . . . . . : 10.0.0.32

Secondary WINS Server . . . . . . : 192.168.1.3

NetBIOS over Tcpip. . . . . . . . : Enabled

Link to post
Share on other sites

Sorry Chris, the firewall can't be reset because of business reasons. I'm certain that the firewall isn't a contributing factor. The virus behavior is only associated with one laptop on the network. There are 7 other windows machines on the network, none of them exhibit any anomalous behavior. Can you say what specifically you're worried about on the firewall?

Link to post
Share on other sites

We may be out-of-the woods here. I ran ComboFix and would appreciate it if you would review the log below and provide feedback on anything that looks suspicious. The primary issue (redirecting browser google search results to unwanted content) appears to be gone at this point for both Firefox and IE.

ComboFix 11-09-30.03 - randerson 09/30/2011 9:17.5.4 - x64

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3956.2367 [GMT -4:00]

Running from: c:\users\randerson\Desktop\ComboFix1.exe

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((( Files Created from 2011-08-28 to 2011-09-30 )))))))))))))))))))))))))))))))

.

.

2011-09-30 13:49 . 2011-09-30 13:49 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp

2011-09-30 13:49 . 2011-09-30 13:49 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-09-30 13:49 . 2011-09-30 13:49 -------- d-----w- c:\users\Classic .NET AppPool\AppData\Local\temp

2011-09-30 13:49 . 2011-09-30 13:49 -------- d-----w- c:\users\Administrator\AppData\Local\temp

2011-09-30 12:25 . 2011-09-30 12:25 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{05A75A8B-C5A7-4A00-AB3D-BAA53E78CFE1}\offreg.dll

2011-09-30 12:25 . 2011-09-13 00:26 9049936 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{05A75A8B-C5A7-4A00-AB3D-BAA53E78CFE1}\mpengine.dll

2011-09-27 00:42 . 2011-09-27 00:42 -------- d-----w- c:\program files (x86)\Common Files\Java

2011-09-27 00:42 . 2011-09-27 00:42 -------- d-----w- c:\program files (x86)\Java

2011-09-26 19:30 . 2011-09-26 19:30 -------- d-----w- c:\program files (x86)\GPLGS

2011-09-25 19:59 . 2011-09-25 19:59 -------- d-----w- c:\program files (x86)\ESET

2011-09-21 22:10 . 2011-09-30 13:08 -------- d-----w- C:\ComboFix

2011-09-16 21:57 . 2011-09-16 21:57 111408 ----a-w- c:\windows\system32\drivers\43042586.sys

2011-09-16 21:20 . 2011-09-16 21:20 -------- d-----w- c:\programdata\Kaspersky Lab

2011-09-14 01:43 . 2011-05-12 18:03 6144 ------w- c:\windows\system32\48ED.tmp

2011-09-14 01:43 . 2011-05-12 18:03 6144 ------w- c:\windows\system32\C175.tmp

2011-09-14 01:35 . 2011-09-14 01:35 -------- d-----w- c:\users\randerson\AppData\Local\Apple

2011-09-13 18:46 . 2011-09-13 18:46 -------- d-----w- c:\users\randerson\AppData\Local\Adobe

2011-09-13 00:05 . 2011-09-19 22:39 -------- d-----w- c:\users\randerson\AppData\Local\Apple Computer

2011-09-12 14:13 . 2011-05-12 18:03 6144 ------w- c:\windows\system32\2C2F.tmp

2011-09-12 14:12 . 2011-05-12 18:03 6144 ------w- c:\windows\system32\6B11.tmp

2011-09-12 14:12 . 2011-09-12 14:12 -------- d-----w- c:\program files (x86)\Sophos

2011-09-12 13:47 . 2011-09-12 13:47 -------- d-----w- c:\users\randerson\AppData\Roaming\Malwarebytes

2011-09-12 13:47 . 2011-09-12 13:47 -------- d-----w- c:\programdata\Malwarebytes

2011-09-12 13:47 . 2011-09-14 19:33 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2011-09-12 13:38 . 2011-09-12 13:38 388096 ----a-r- c:\users\randerson\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-09-12 13:38 . 2011-09-12 13:38 -------- d-----w- c:\program files (x86)\Trend Micro

2011-09-09 19:40 . 2011-04-18 18:35 601424 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DC7B2E94-26AD-4C01-B1D7-1AB41656C83B}\gapaengine.dll

2011-09-05 17:04 . 2011-09-05 17:04 183696 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll

2011-09-05 17:04 . 2011-09-05 17:04 183696 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-09-30 12:13 . 2010-05-26 15:15 17920 ----a-w- c:\windows\system32\rpcnetp.exe

2011-09-28 20:32 . 2010-05-26 13:41 58288 ----a-w- c:\windows\SysWow64\rpcnet.dll

2011-09-27 00:42 . 2010-05-27 12:58 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll

2011-09-26 19:28 . 2011-05-24 15:05 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-09-13 00:26 . 2011-04-20 12:39 9049936 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2011-07-22 05:42 . 2011-08-12 09:36 2303488 ----a-w- c:\windows\system32\jscript9.dll

2011-07-22 05:36 . 2011-08-12 09:35 1389056 ----a-w- c:\windows\system32\wininet.dll

2011-07-22 05:32 . 2011-08-12 09:36 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2011-07-22 02:54 . 2011-08-12 09:36 1797632 ----a-w- c:\windows\SysWow64\jscript9.dll

2011-07-22 02:48 . 2011-08-12 09:35 1126912 ----a-w- c:\windows\SysWow64\wininet.dll

2011-07-22 02:44 . 2011-08-12 09:36 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb

2011-07-16 05:41 . 2011-08-11 11:11 362496 ----a-w- c:\windows\system32\wow64win.dll

2011-07-16 05:41 . 2011-08-11 11:11 243200 ----a-w- c:\windows\system32\wow64.dll

2011-07-16 05:41 . 2011-08-11 11:11 13312 ----a-w- c:\windows\system32\wow64cpu.dll

2011-07-16 05:39 . 2011-08-11 11:11 16384 ----a-w- c:\windows\system32\ntvdm64.dll

2011-07-16 05:37 . 2011-08-11 11:11 421888 ----a-w- c:\windows\system32\KernelBase.dll

2011-07-16 05:21 . 2011-08-11 11:11 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 11:11 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 11:11 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 11:11 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 11:11 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 11:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 11:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 11:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 11:11 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 11:11 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 11:11 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 11:11 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 11:11 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 11:11 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 11:11 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 11:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 11:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 11:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 11:11 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 11:11 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 11:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 11:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 11:11 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 11:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 11:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 11:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 11:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll

2011-07-16 05:21 . 2011-08-11 11:11 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll

2011-07-16 04:29 . 2011-08-11 11:11 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll

2011-07-16 04:26 . 2011-08-11 11:11 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2011-07-16 04:25 . 2011-08-11 11:11 25600 ----a-w- c:\windows\SysWow64\setup16.exe

2011-07-16 04:24 . 2011-08-11 11:11 5120 ----a-w- c:\windows\SysWow64\wow32.dll

2011-07-16 04:24 . 2011-08-11 11:11 272384 ----a-w- c:\windows\SysWow64\KernelBase.dll

2011-07-16 04:15 . 2011-08-11 11:11 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll

2011-07-16 04:15 . 2011-08-11 11:11 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll

2011-07-16 04:15 . 2011-08-11 11:11 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll

2011-07-16 04:15 . 2011-08-11 11:11 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll

2011-07-16 04:15 . 2011-08-11 11:11 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll

2011-07-16 04:15 . 2011-08-11 11:11 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll

2011-07-16 04:15 . 2011-08-11 11:11 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll

2011-07-16 04:15 . 2011-08-11 11:11 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll

2011-07-16 04:15 . 2011-08-11 11:11 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll

2011-07-16 04:15 . 2011-08-11 11:11 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll

2011-07-16 04:15 . 2011-08-11 11:11 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll

2011-07-16 04:15 . 2011-08-11 11:11 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll

2011-07-16 04:15 . 2011-08-11 11:11 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll

2011-07-16 04:15 . 2011-08-11 11:11 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll

2011-07-16 04:15 . 2011-08-11 11:11 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll

2011-07-16 04:15 . 2011-08-11 11:11 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll

2011-07-16 04:15 . 2011-08-11 11:11 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll

2011-07-16 04:15 . 2011-08-11 11:11 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll

2011-07-16 04:15 . 2011-08-11 11:11 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll

2011-07-16 04:15 . 2011-08-11 11:11 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll

2011-07-16 04:15 . 2011-08-11 11:11 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll

2011-07-16 04:15 . 2011-08-11 11:11 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll

2011-07-16 04:15 . 2011-08-11 11:11 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll

2011-07-16 04:15 . 2011-08-11 11:11 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll

2011-07-16 02:21 . 2011-08-11 11:11 7680 ----a-w- c:\windows\SysWow64\instnm.exe

2011-07-16 02:21 . 2011-08-11 11:11 2048 ----a-w- c:\windows\SysWow64\user.exe

2011-07-16 02:17 . 2011-08-11 11:11 6144 ---ha-w- c:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

2011-07-16 02:17 . 2011-08-11 11:11 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

2011-07-16 02:17 . 2011-08-11 11:11 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

2011-07-16 02:17 . 2011-08-11 11:11 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

2011-07-13 04:53 . 2011-08-01 21:30 8578896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll

2011-07-12 15:34 . 2011-07-12 15:34 96104 ----a-w- c:\windows\system32\dns-sd.exe

2011-07-12 15:34 . 2011-07-12 15:34 85864 ----a-w- c:\windows\system32\dnssd.dll

2011-07-12 15:34 . 2011-07-12 15:34 61288 ----a-w- c:\windows\system32\jdns_sd.dll

2011-07-12 15:34 . 2011-07-12 15:34 212840 ----a-w- c:\windows\system32\dnssdX.dll

2011-07-12 15:20 . 2011-07-12 15:20 83816 ----a-w- c:\windows\SysWow64\dns-sd.exe

2011-07-12 15:20 . 2011-07-12 15:20 73064 ----a-w- c:\windows\SysWow64\dnssd.dll

2011-07-12 15:20 . 2011-07-12 15:20 50536 ----a-w- c:\windows\SysWow64\jdns_sd.dll

2011-07-12 15:20 . 2011-07-12 15:20 178536 ----a-w- c:\windows\SysWow64\dnssdX.dll

2011-07-09 05:26 . 2011-08-24 11:17 2048 ----a-w- c:\windows\system32\tzres.dll

2011-07-09 04:29 . 2011-08-24 11:17 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2011-07-09 02:46 . 2011-08-11 11:11 288768 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2011-07-05 22:37 . 2011-07-05 22:37 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx

2011-07-05 22:37 . 2011-07-05 22:37 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts

.

.

((((((((((((((((((((((((((((( SnapShot@2011-09-13_01.22.21 )))))))))))))))))))))))))))))))))))))))))

.

- 2009-07-14 04:54 . 2011-09-09 19:34 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-07-14 04:54 . 2011-09-26 19:25 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-07-14 04:54 . 2011-09-09 19:34 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:54 . 2011-09-26 19:25 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:54 . 2011-09-26 19:25 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-07-14 04:54 . 2011-09-09 19:34 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 05:10 . 2011-09-28 02:02 36206 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2010-05-26 12:47 . 2011-09-28 02:02 11108 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2929948100-151609578-3226734464-1000_UserData.bin

- 2010-05-26 15:19 . 2011-09-13 01:19 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2010-05-26 15:19 . 2011-09-29 19:03 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2010-05-26 15:19 . 2011-09-13 01:19 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2010-05-26 15:19 . 2011-09-29 19:03 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:54 . 2011-09-29 19:03 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-07-14 04:54 . 2011-09-13 01:19 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2010-05-26 22:10 . 2011-09-18 16:48 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2010-05-26 22:10 . 2011-06-22 14:21 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2011-06-06 16:55 . 2011-06-06 16:55 73624 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\wow_helper.exe

+ 2011-06-06 16:55 . 2011-06-06 16:55 17304 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\ViewerPS.dll

+ 2011-06-06 16:55 . 2011-06-06 16:55 35736 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\reader_sl.exe

+ 2011-06-06 16:55 . 2011-06-06 16:55 88992 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\PDFPrevHndlr.dll

+ 2011-06-06 16:55 . 2011-06-06 16:55 94608 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\eula.exe

+ 2011-06-06 16:55 . 2011-06-06 16:55 49064 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acrotextextractor.exe

+ 2011-06-06 16:55 . 2011-06-06 16:55 17824 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32Info.exe

+ 2011-06-06 16:55 . 2011-06-06 16:55 63912 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acroiehelpershim.dll

+ 2011-06-06 16:55 . 2011-06-06 16:55 64928 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroIEHelper.dll

+ 2011-06-06 16:55 . 2011-06-06 16:55 63384 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\Acrofx32.dll

+ 2011-09-27 17:59 . 2011-09-27 17:59 9560 c:\windows\system32\NetworkList\Icons\{B37EAB64-DDB8-49C7-965A-9FE8FC471DEB}_48.bin

+ 2011-09-27 17:59 . 2011-09-27 17:59 4280 c:\windows\system32\NetworkList\Icons\{B37EAB64-DDB8-49C7-965A-9FE8FC471DEB}_32.bin

+ 2011-09-27 17:59 . 2011-09-27 17:59 2456 c:\windows\system32\NetworkList\Icons\{B37EAB64-DDB8-49C7-965A-9FE8FC471DEB}_24.bin

+ 2011-09-27 19:16 . 2011-09-27 19:16 9560 c:\windows\system32\NetworkList\Icons\{5693255A-EB88-4C84-B4E6-A01700D3C32D}_48.bin

+ 2011-09-27 19:16 . 2011-09-27 19:16 4280 c:\windows\system32\NetworkList\Icons\{5693255A-EB88-4C84-B4E6-A01700D3C32D}_32.bin

+ 2011-09-27 19:16 . 2011-09-27 19:16 2456 c:\windows\system32\NetworkList\Icons\{5693255A-EB88-4C84-B4E6-A01700D3C32D}_24.bin

- 2011-09-13 01:19 . 2011-09-13 01:19 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2011-09-28 20:32 . 2011-09-28 20:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2011-09-28 20:32 . 2011-09-28 20:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2011-09-13 01:19 . 2011-09-13 01:19 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2011-09-26 19:28 . 2011-09-26 19:28 243360 c:\windows\SysWOW64\Macromed\Flash\FlashUtil10x_Plugin.exe

+ 2011-09-27 00:42 . 2011-09-27 00:42 157472 c:\windows\SysWOW64\javaws.exe

+ 2011-09-27 00:42 . 2011-09-27 00:42 145184 c:\windows\SysWOW64\javaw.exe

+ 2011-09-27 00:42 . 2011-09-27 00:42 145184 c:\windows\SysWOW64\java.exe

+ 2010-05-27 07:55 . 2011-09-29 18:12 370132 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin

- 2009-07-14 02:36 . 2011-09-13 00:23 725326 c:\windows\system32\perfh009.dat

+ 2009-07-14 02:36 . 2011-09-28 20:37 725326 c:\windows\system32\perfh009.dat

+ 2009-07-14 02:36 . 2011-09-28 20:37 143512 c:\windows\system32\perfc009.dat

- 2009-07-14 02:36 . 2011-09-13 00:23 143512 c:\windows\system32\perfc009.dat

+ 2011-09-27 00:42 . 2011-09-27 00:42 207360 c:\windows\Installer\121f8dd.msi

+ 2011-06-06 16:55 . 2011-06-06 16:55 249232 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\sqlite.dll

+ 2011-06-06 16:55 . 2011-06-06 16:55 394136 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\pdfshell.dll

+ 2011-06-06 16:55 . 2011-06-06 16:55 183696 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\nppdf32.dll

+ 2011-06-06 16:55 . 2011-06-06 16:55 104344 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AiodLite.dll

+ 2011-06-06 16:55 . 2011-06-06 16:55 102808 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRdIF.dll

+ 2011-06-06 16:55 . 2011-06-06 16:55 755088 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroPDF.dll

+ 2011-06-06 16:55 . 2011-06-06 16:55 296344 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acrobroker.exe

+ 2011-06-06 16:55 . 2011-06-06 16:55 205720 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\a3dutils.dll

- 2010-01-27 01:07 . 2011-08-16 11:21 6277280 c:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll

+ 2010-01-27 01:07 . 2011-09-26 19:28 6277280 c:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll

- 2010-05-26 13:35 . 2011-09-13 01:18 5426928 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

+ 2010-05-26 13:35 . 2011-09-28 20:31 5426928 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

+ 2011-09-09 19:59 . 2011-09-09 19:59 5423104 c:\windows\Installer\ec9d289.msi

+ 2011-06-06 16:55 . 2011-06-06 16:55 2215312 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\rt3d.dll

+ 2011-06-06 16:55 . 2011-06-06 16:55 6543768 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\authplay.dll

+ 2011-06-06 16:55 . 2011-06-06 16:55 1240992 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AdobeCollabSync.exe

+ 2011-06-06 16:55 . 2011-06-06 16:55 1480600 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32.exe

+ 2011-09-27 00:41 . 2011-09-27 00:41 12866048 c:\windows\Installer\121f8d8.msi

+ 2011-09-05 22:01 . 2011-09-05 22:01 13135872 c:\windows\Installer\11dba583.msp

+ 2011-06-06 16:55 . 2011-06-06 16:55 24731544 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32.dll

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

"ISUSPM"="c:\programdata\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2007-07-12 226904]

"Xmarks"="c:\program files (x86)\Xmarks\IE Extension\xmarkssync.exe" [2011-08-19 1121832]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2010-05-12 1128296]

"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

"BareMetalRecoveryMonitor.exe"="c:\program files (x86)\SonicWALL\BareMetalRecovery\BareMetalRecoveryMonitor.exe" [2010-07-02 1275432]

"AcronisTimounterMonitor"="c:\program files (x86)\SonicWALL\BareMetalRecovery\TimounterMonitor.exe" [2010-07-02 884288]

"RotateImage"="c:\program files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe" [2008-10-30 55808]

"SystemRecoveryMonitor.exe"="c:\program files (x86)\SonicWALL\BareMetalRecovery\SystemRecoveryMonitor.exe" [2011-03-01 1275392]

"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-08-19 421736]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Digital Line Detect.lnk - c:\program files (x86)\Digital Line Detect\DLG.exe [2010-11-3 50688]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

"DisableCAD"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages REG_MULTI_SZ scecli c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rpcnet]

@="Service"

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-18 136176]

R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]

R2 sw_va_service;Virtual Assist;c:\users\randerson\AppData\Local\SonicWALL\VirtualAssist\VASAC.exe [x]

R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys [x]

R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]

R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]

R3 DozeSvc;Lenovo Doze Mode Service;c:\program files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2010-05-12 164200]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-18 136176]

R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-12-28 31124344]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]

R3 NWUSBCDFIL64;Novatel Wireless Installation CD;c:\windows\system32\DRIVERS\NwUsbCdFil64.sys [x]

R3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\DRIVERS\nwusbser2.sys [x]

R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2010-05-12 75112]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]

R3 silabenm;Silicon Labs CP210x USB to UART Bridge Serial Port Enumerator Driver;c:\windows\system32\DRIVERS\silabenm.sys [x]

R3 silabser;Silicon Labs CP210x USB to UART Bridge Driver;c:\windows\system32\DRIVERS\silabser.sys [x]

R3 SMSIVZAM5X64;SMSIVZAM5X64 NDIS Protocol Driver;c:\progra~2\VERIZO~1\VZACCE~1\SMSIVZAM5X64.SYS [2009-03-20 43032]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

R3 vpcuxd;USB Virtualization Stub Service;c:\windows\system32\drivers\vpcuxd.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S0 DzHDD64;DzHDD64;c:\windows\System32\DRIVERS\DzHDD64.sys [x]

S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys [x]

S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]

S2 CLDTVHNService;CLDTVHNService;c:\program files (x86)\DirecTV\DirecTV\Kernel\DMP\CLDTVHNService.exe [2010-10-29 75048]

S2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [2009-09-16 403456]

S2 EkaProt6;Ekahau User Protocol Driver for NDIS 6;c:\windows\system32\DRIVERS\ekaprot6.sys [x]

S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136]

S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [2010-07-27 50536]

S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2010-04-07 45496]

S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [2010-07-27 74088]

S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2010-04-07 93032]

S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]

S2 ntk_dtv;ntk_dtv;c:\program files (x86)\DirecTV\DirecTV\Kernel\DMP\ntk_dtv_64.sys [2010-10-29 82416]

S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys [x]

S2 smihlp2;SMI Helper Driver (smihlp2);c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [2009-03-13 13840]

S2 SncSch2Svc;SonicWALL Scheduler2 Service;c:\program files (x86)\Common Files\SonicWALL\Schedule2\schedul2.exe [2010-07-02 606560]

S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2010-08-24 92008]

S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2010-04-07 63928]

S2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [2009-09-16 907264]

S3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys [x]

S3 bpenum;bpenum;c:\windows\system32\DRIVERS\bpenum.sys [x]

S3 bpmp;bpmp;c:\windows\system32\DRIVERS\bpmp.sys [x]

S3 bpusb;bpusb;c:\windows\system32\Drivers\bpusb.sys [x]

S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [x]

S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [x]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]

S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]

S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]

S3 NxDrv;SonicWALL NetExtender Adapter;c:\windows\system32\DRIVERS\NxDrv.sys [x]

S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

iissvcs REG_MULTI_SZ w3svc was

apphost REG_MULTI_SZ apphostsvc

.

Contents of the 'Scheduled Tasks' folder

.

2011-09-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-01 18:29]

.

2011-09-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-01 18:29]

.

2011-09-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2929948100-151609578-3226734464-1000Core.job

- c:\users\randerson\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-28 01:18]

.

2011-09-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2929948100-151609578-3226734464-1000UA.job

- c:\users\randerson\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-28 01:18]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TpShocks"="TpShocks.exe" [2011-01-14 380776]

"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-16 307768]

"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]

"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2010-07-27 62312]

"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2010-07-27 69560]

"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2010-12-13 5989688]

"SonicWALL Scheduler2 Service"="c:\program files (x86)\Common Files\SonicWALL\Schedule2\schedhlp.exe" [2010-07-02 136544]

"PSQLLauncher"="c:\program files\ThinkVantage Fingerprint Software\launcher.exe" [2010-12-08 85328]

"SonicWALLNetExtender"="c:\program files (x86)\SonicWALL\SSL-VPN\NetExtender\NEGui.exe" [2011-07-29 1103744]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = file:///C:/Users/randerson/Documents/bookmark.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105

Trusted Zone: //about.htm/

Trusted Zone: //Exclude.htm/

Trusted Zone: //LanguageSelection.htm/

Trusted Zone: //Message.htm/

Trusted Zone: //MyAgttryCmd.htm/

Trusted Zone: //MyAgttryNag.htm/

Trusted Zone: //MyNotification.htm/

Trusted Zone: //NOCLessUpdate.htm/

Trusted Zone: //quarantine.htm/

Trusted Zone: //ScanNow.htm/

Trusted Zone: //strings.vbs/

Trusted Zone: //Template.htm/

Trusted Zone: //Update.htm/

Trusted Zone: //VirFound.htm/

Trusted Zone: mcafee.com\*

Trusted Zone: mcafeeasap.com\betavscan

Trusted Zone: mcafeeasap.com\vs

Trusted Zone: mcafeeasap.com\www

TCP: DhcpNameServer = 10.50.128.53 192.168.1.3 192.168.1.90

TCP: Interfaces\{BA3D01B2-E515-4FA7-BB7C-0F54EE1195DA}: NameServer = 192.168.1.3

DPF: {AD545DE1-CA51-4DB3-BFE9-FA898626B926} - hxxps://sravm.randerson.homedns.org/VAX.cab

DPF: {CB7FBF9A-F0FE-4DF2-AFDD-4EA305116E3B} - hxxp://software.sonicwall.com/applications/SEC/Beta/ClientSoftware/SWECMControlX.cab

FF - ProfilePath - c:\users\randerson\AppData\Roaming\Mozilla\Firefox\Profiles\9qvhu8bo.default\

FF - prefs.js: browser.startup.homepage - file:///C:/Users/randerson/Documents/bookmark.htm

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}

FF - Ext: NetExtender Launcher : npNELaunch@sonicwall.com - %profile%\extensions\npNELaunch@sonicwall.com

FF - Ext: Webmail Ad Blocker: gmailnoads@mywebber.com - %profile%\extensions\gmailnoads@mywebber.com

FF - Ext: Ad blocker: {4DC70064-89E2-4a55-8FC6-E8CDEAE3612C} - %profile%\extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3612C}

FF - Ext: ColorfulTabs: {0545b830-f0aa-4d7e-8820-50a4629a56fe} - %profile%\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}

FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}

FF - Ext: FireFTP: {a7c6cf7f-112c-4500-a7ea-39801a327e5f} - %profile%\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}

FF - Ext: Virtual Assist Launcher: nprt@sonicwall.com - %profile%\extensions\nprt@sonicwall.com

FF - Ext: Xmarks: foxmarks@kei.com - %profile%\extensions\foxmarks@kei.com

FF - Ext: Firefox Sync: {340c2bbc-ce74-4362-90b5-7c26312808ef} - %profile%\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}

FF - Ext: ThinkVantage Password Manager: {FCF36B88-1BBA-487f-B64B-D2E8980A9293} - c:\program files (x86)\Lenovo\Client Security Solution\PWM Firefox Extension

FF - Ext: ocplugin: ocplugin@webex.com - c:\program files (x86)\WebEx\Productivity Tools

.

- - - - ORPHANS REMOVED - - - -

.

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-2929948100-151609578-3226734464-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\E*v*o*â*¬ 9 \IPad]

"Order"=hex:08,00,00,00,02,00,00,00,5e,03,00,00,01,00,00,00,05,00,00,00,80,00,

00,00,00,00,00,00,72,00,32,00,84,00,00,00,00,85,68,b5,20,00,4d,4f,42,49,4c,\

.

[HKEY_USERS\S-1-5-21-2929948100-151609578-3226734464-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\E*v*o* \IPad]

"Order"=hex:08,00,00,00,02,00,00,00,5e,03,00,00,01,00,00,00,05,00,00,00,80,00,

00,00,01,00,00,00,72,00,32,00,84,00,00,00,00,76,ef,72,20,00,4d,4f,42,49,4c,\

.

[HKEY_USERS\S-1-5-21-2929948100-151609578-3226734464-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\H*o*m*e* *P*l*a*n*s*â*¬ 9 \Building Materials]

"Order"=hex:08,00,00,00,02,00,00,00,0e,1d,00,00,01,00,00,00,24,00,00,00,82,00,

00,00,00,00,00,00,74,00,32,00,84,00,00,00,00,e2,fc,df,20,00,41,4c,50,49,4e,\

.

[HKEY_USERS\S-1-5-21-2929948100-151609578-3226734464-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\H*o*m*e* *P*l*a*n*s*â*¬ 9 \Maybe]

"Order"=hex:08,00,00,00,02,00,00,00,a2,06,00,00,01,00,00,00,07,00,00,00,f8,00,

00,00,00,00,00,00,ea,00,32,00,84,00,00,00,00,61,e5,d5,20,00,4c,41,52,47,45,\

.

[HKEY_USERS\S-1-5-21-2929948100-151609578-3226734464-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\H*o*m*e* *P*l*a*n*s*â*¬ 9 \SIP]

"Order"=hex:08,00,00,00,02,00,00,00,d4,00,00,00,01,00,00,00,01,00,00,00,c8,00,

00,00,00,00,00,00,ba,00,32,00,84,00,00,00,00,37,1a,ea,20,00,50,4c,41,4e,57,\

.

[HKEY_USERS\S-1-5-21-2929948100-151609578-3226734464-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\H*o*m*e* *P*l*a*n*s* \Building Materials]

"Order"=hex:08,00,00,00,02,00,00,00,0e,1d,00,00,01,00,00,00,24,00,00,00,82,00,

00,00,00,00,00,00,74,00,32,00,84,00,00,00,00,b5,c4,3b,20,00,41,4c,50,49,4e,\

.

[HKEY_USERS\S-1-5-21-2929948100-151609578-3226734464-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\H*o*m*e* *P*l*a*n*s* \Maybe]

"Order"=hex:08,00,00,00,02,00,00,00,a2,06,00,00,01,00,00,00,07,00,00,00,f8,00,

00,00,00,00,00,00,ea,00,32,00,84,00,00,00,00,b2,12,5a,20,00,4c,41,52,47,45,\

.

[HKEY_USERS\S-1-5-21-2929948100-151609578-3226734464-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\H*o*m*e* *P*l*a*n*s* \SIP]

"Order"=hex:08,00,00,00,02,00,00,00,d4,00,00,00,01,00,00,00,01,00,00,00,c8,00,

00,00,00,00,00,00,ba,00,32,00,84,00,00,00,00,2f,e9,8e,20,00,50,4c,41,4e,57,\

.

[HKEY_USERS\S-1-5-21-2929948100-151609578-3226734464-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\H*o*m*e* *T*h*e*a*t*e*r* \Wireless Headset]

"Order"=hex:08,00,00,00,02,00,00,00,82,03,00,00,01,00,00,00,04,00,00,00,f8,00,

00,00,03,00,00,00,ea,00,32,00,84,00,00,00,00,3a,11,46,20,00,41,4d,41,5a,4f,\

.

[HKEY_USERS\S-1-5-21-2929948100-151609578-3226734464-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\L*a*b* *M*a*n*a*g*e*m*e*n*t* \SSL-VPN]

"Order"=hex:08,00,00,00,02,00,00,00,c2,05,00,00,01,00,00,00,0a,00,00,00,a2,00,

00,00,00,00,00,00,94,00,32,00,84,00,00,00,00,64,8b,e9,20,00,41,56,45,4e,54,\

.

[HKEY_USERS\S-1-5-21-2929948100-151609578-3226734464-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\P*e*r*s*o*n*a*l* \Finance]

"Order"=hex:08,00,00,00,02,00,00,00,02,0c,00,00,01,00,00,00,15,00,00,00,92,00,

00,00,00,00,00,00,84,00,32,00,84,00,00,00,00,84,63,a4,20,00,41,44,50,49,50,\

.

[HKEY_USERS\S-1-5-21-2929948100-151609578-3226734464-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\P*e*r*s*o*n*a*l* \Healthcare]

"Order"=hex:08,00,00,00,02,00,00,00,0e,02,00,00,01,00,00,00,04,00,00,00,7c,00,

00,00,00,00,00,00,6e,00,32,00,84,00,00,00,00,5d,db,75,20,00,45,42,53,2d,41,\

.

[HKEY_USERS\S-1-5-21-2929948100-151609578-3226734464-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\P*e*r*s*o*n*a*l* \Lexus]

"Order"=hex:08,00,00,00,02,00,00,00,ec,08,00,00,01,00,00,00,0d,00,00,00,7a,00,

00,00,00,00,00,00,6c,00,32,00,84,00,00,00,00,5a,29,73,20,00,42,55,52,44,49,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2011-09-30 10:09:08

ComboFix-quarantined-files.txt 2011-09-30 14:09

ComboFix2.txt 2011-09-21 23:17

ComboFix3.txt 2011-09-13 01:43

.

Pre-Run: 369,464,639,488 bytes free

Post-Run: 369,114,124,288 bytes free

.

- - End Of File - - B59490367D1D5A4B32795B58969A9E73

Link to post
Share on other sites

  • Staff

Great news! I'm not really seeing anything suspicious in the log.

Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstall

This uninstalls all of ComboFix's components.

Delete SecurityCheck.

After that, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following program(s) (if present):

ESET Online Scanner v3

Restart your computer.

Get the latest version of Java, Adobe Reader, and Adobe Flash Player.

Let me know what issues remain.

-screen317

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.