Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HijackThis Log: Please help Diagnose


  • This topic is locked This topic is locked
14 replies to this topic

#1 phoenix1206

phoenix1206

  • Members
  • 80 posts
  • OFFLINE
  •  
  • Local time:06:06 AM

Posted 16 April 2012 - 02:38 AM

I am not sure if I am infected by Trojan-Dropper.Win32.ZAccess.acsg, detected by Kaspersky. Thanks


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:33:24, on 16.04.2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe
C:\Windows\Explorer.EXE
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\TpShocks.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe
C:\Program Files\DDNI\Lenovo Idea Notes\DDNIMSGUser.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Windows\System32\igfxpers.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\SCHTASK.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Common Files\Ulead Systems\AutoDetector\Monitor.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Users\Phoenix\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Users\Phoenix\AppData\Roaming\Spotify\spotify.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
C:\Users\Phoenix\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Phoenix\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Phoenix\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Phoenix\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Phoenix\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Phoenix\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Phoenix\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Users\Phoenix\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Users\Phoenix\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Phoenix\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtblfs.exe
C:\Windows\system32\rundll32.exe
C:\Users\Phoenix\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Phoenix\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Phoenix\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Phoenix\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Phoenix\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Phoenix\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Phoenix\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Phoenix\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Phoenix\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Phoenix\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Users\Phoenix\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Phoenix\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Phoenix\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\notepad.exe

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~4\Office14\URLREDIR.DLL
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [PWMTRV] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [Message Center Plus] C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe /start
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"
O4 - HKLM\..\Run: [IdeaNotesUser] C:\Program Files\DDNI\Lenovo Idea Notes\DDNIMSGUser.exe
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AcWin7Hlpr] C:\Program Files\Lenovo\Access Connections\AcTBenabler.exe
O4 - HKLM\..\Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe"
O4 - HKLM\..\Run: [Ashampoo Anti-Malware Guard] "C:\Program Files\Ashampoo\Ashampoo Anti-Malware\AAMW_Guard.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Phoenix\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Radio Downloader] "C:\Program Files\Radio Downloader\Radio Downloader.exe" /hidemainwindow
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [chromium] C:\Users\Phoenix\AppData\Local\Google\Chrome\Application\chrome.exe --no-startup-window
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [Spotify] "C:\Users\Phoenix\AppData\Roaming\Spotify\spotify.exe" /uri spotify:autostart
O4 - HKCU\..\Run: [Xvid] C:\Program Files\Xvid\CheckUpdate.exe
O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~4\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: 新增到卡巴斯基廣告橫幅防護清單 - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: 虛擬鍵盤(&V) - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: 檢查網址(&H) - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\youku\common\ikutm.dll
O10 - Unknown file in Winsock LSP: c:\program files\youku\common\ikutm.dll
O10 - Unknown file in Winsock LSP: c:\program files\youku\common\ikutm.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Ashampoo Anti-Malware Service (AAMWService) - Unknown owner - C:\Program Files\Ashampoo\Ashampoo Anti-Malware\AAMW_Service.exe
O23 - Service: Ashampoo Anti-Malware WSC Service (AAMW_WSC_Service_Vista) - Unknown owner - C:\Program Files\Ashampoo\Ashampoo Anti-Malware\AAMW_WSC_Service_Vista.exe
O23 - Service: AcPrfMgrSvc - Lenovo - C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe
O23 - Service: AcSvc - Lenovo - C:\Program Files\Lenovo\Access Connections\AcSvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: IntelR CentrinoR Wireless BluetoothR 3.0 + High Speed Service (AMPPALR3) - Intel Corporation - C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: 卡巴斯基防病毒服務 (AVP) - Kaspersky Lab ZAO - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
O23 - Service: BecHelperService - Unknown owner - C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe
O23 - Service: Bonjour 服務 (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service (BTHSSecurityMgr) - Intel® Corporation - C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
O23 - Service: DDNIMSGService - Digital Delivery Networks, Inc. - C:\Program Files\DDNI\Lenovo Idea Notes\DDNIMSGService.exe
O23 - Service: DDNIService - Digital Delivery Networks, Inc. - C:\Program Files\DDNI\DIBS\DDNIService.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Google更新 服務 (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google更新 服務 (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo. - C:\Windows\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod 服務 (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Lenovo Camera Mute (LENOVO.CAMMUTE) - Lenovo Group Limited - C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
O23 - Service: Lenovo Microphone Mute (LENOVO.MICMUTE) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
O23 - Service: Lenovo Keyboard Noise Reduction (LENOVO.TPKNRSVC) - Lenovo Group Limited - C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
O23 - Service: Lenovo Auto Scroll (Lenovo.VIRTSCRLSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
O23 - Service: Power Manager DBC Service - Lenovo - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
O23 - Service: Cisco EnergyWise Enabler (PwmEWSvc) - Lenovo Group Limited - C:\Program Files\ThinkPad\Utilities\PWMEWSVC.EXE
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - C:\Program Files\Lenovo\System Update\SUService.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\Windows\System32\TPHDEXLG.exe
O23 - Service: Lenovo Hotkey Client Loader (TPHKLOAD) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
O23 - Service: On Screen Display (TPHKSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe

--
End of file - 18046 bytes

BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,955 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:06 AM

Posted 18 April 2012 - 10:00 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

===

Please post the logs for my review.

#3 phoenix1206

phoenix1206
  • Topic Starter

  • Members
  • 80 posts
  • OFFLINE
  •  
  • Local time:06:06 AM

Posted 18 April 2012 - 10:11 AM

23:07:12.0497 2396 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05
23:07:13.0720 2396 ============================================================
23:07:13.0720 2396 Current date / time: 2012/04/18 23:07:13.0720
23:07:13.0720 2396 SystemInfo:
23:07:13.0720 2396
23:07:13.0720 2396 OS Version: 6.1.7601 ServicePack: 1.0
23:07:13.0720 2396 Product type: Workstation
23:07:13.0720 2396 ComputerName: PHOENIX-THINK
23:07:13.0720 2396 UserName: Phoenix
23:07:13.0720 2396 Windows directory: C:\Windows
23:07:13.0720 2396 System windows directory: C:\Windows
23:07:13.0720 2396 Processor architecture: Intel x86
23:07:13.0720 2396 Number of processors: 2
23:07:13.0720 2396 Page size: 0x1000
23:07:13.0720 2396 Boot type: Normal boot
23:07:13.0720 2396 ============================================================
23:07:18.0518 2396 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
23:07:18.0521 2396 \Device\Harddisk0\DR0:
23:07:18.0521 2396 MBR used
23:07:18.0521 2396 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x258000
23:07:18.0521 2396 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x258800, BlocksNum 0x23D53800
23:07:18.0521 2396 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x23FAC000, BlocksNum 0x14822B0
23:07:18.0716 2396 Initialize success
23:07:18.0716 2396 ============================================================
23:07:42.0734 56764 ============================================================
23:07:42.0734 56764 Scan started
23:07:42.0734 56764 Mode: Manual;
23:07:42.0734 56764 ============================================================
23:07:43.0248 56764 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
23:07:43.0253 56764 1394ohci - ok
23:07:43.0359 56764 5U877 (d623af0d0db0f13d32cae34d3f0dad39) C:\Windows\system32\DRIVERS\5U877.sys
23:07:43.0363 56764 5U877 - ok
23:07:43.0617 56764 AAMWService (9cddb64fa3acecda2c7113a17ebadd01) C:\Program Files\Ashampoo\Ashampoo Anti-Malware\AAMW_Service.exe
23:07:43.0663 56764 AAMWService - ok
23:07:43.0872 56764 AAMW_WSC_Service_Vista (ea87df1a0d4287db88debe30e449514f) C:\Program Files\Ashampoo\Ashampoo Anti-Malware\AAMW_WSC_Service_Vista.exe
23:07:43.0874 56764 AAMW_WSC_Service_Vista - ok
23:07:44.0019 56764 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
23:07:44.0072 56764 ACPI - ok
23:07:44.0162 56764 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
23:07:44.0164 56764 AcpiPmi - ok
23:07:44.0292 56764 AcPrfMgrSvc (deeccadbd25f65d65293a09721b3a447) C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe
23:07:44.0297 56764 AcPrfMgrSvc - ok
23:07:44.0349 56764 AcSvc (a7753804c6c66c9c80f4e29659fd721c) C:\Program Files\Lenovo\Access Connections\AcSvc.exe
23:07:44.0354 56764 AcSvc - ok
23:07:44.0529 56764 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
23:07:44.0534 56764 AdobeFlashPlayerUpdateSvc - ok
23:07:44.0612 56764 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
23:07:44.0629 56764 adp94xx - ok
23:07:44.0697 56764 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
23:07:44.0702 56764 adpahci - ok
23:07:44.0749 56764 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
23:07:44.0752 56764 adpu320 - ok
23:07:44.0824 56764 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
23:07:44.0824 56764 AeLookupSvc - ok
23:07:44.0908 56764 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
23:07:44.0925 56764 AFD - ok
23:07:44.0987 56764 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
23:07:44.0990 56764 agp440 - ok
23:07:45.0073 56764 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
23:07:45.0099 56764 aic78xx - ok
23:07:45.0176 56764 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
23:07:45.0179 56764 ALG - ok
23:07:45.0264 56764 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
23:07:45.0267 56764 aliide - ok
23:07:45.0340 56764 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
23:07:45.0343 56764 amdagp - ok
23:07:45.0389 56764 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
23:07:45.0391 56764 amdide - ok
23:07:45.0468 56764 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
23:07:45.0471 56764 AmdK8 - ok
23:07:45.0531 56764 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
23:07:45.0534 56764 AmdPPM - ok
23:07:45.0623 56764 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
23:07:45.0626 56764 amdsata - ok
23:07:45.0669 56764 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
23:07:45.0673 56764 amdsbs - ok
23:07:45.0724 56764 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
23:07:45.0727 56764 amdxata - ok
23:07:45.0808 56764 AMPPAL (99bbef4a68bf398ed647f4eeb8ff66d4) C:\Windows\system32\DRIVERS\AMPPAL.sys
23:07:45.0813 56764 AMPPAL - ok
23:07:45.0890 56764 AMPPALP (99bbef4a68bf398ed647f4eeb8ff66d4) C:\Windows\system32\DRIVERS\amppal.sys
23:07:45.0892 56764 AMPPALP - ok
23:07:46.0119 56764 AMPPALR3 (ef4022e9c59b20438c1304424d9441f4) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
23:07:46.0154 56764 AMPPALR3 - ok
23:07:46.0372 56764 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
23:07:46.0374 56764 AppID - ok
23:07:46.0454 56764 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
23:07:46.0459 56764 AppIDSvc - ok
23:07:46.0514 56764 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
23:07:46.0517 56764 Appinfo - ok
23:07:46.0627 56764 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
23:07:46.0632 56764 Apple Mobile Device - ok
23:07:46.0699 56764 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
23:07:46.0702 56764 arc - ok
23:07:46.0747 56764 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
23:07:46.0749 56764 arcsas - ok
23:07:46.0942 56764 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
23:07:46.0964 56764 aspnet_state - ok
23:07:47.0037 56764 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
23:07:47.0039 56764 AsyncMac - ok
23:07:47.0137 56764 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
23:07:47.0139 56764 atapi - ok
23:07:47.0217 56764 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
23:07:47.0226 56764 AudioEndpointBuilder - ok
23:07:47.0253 56764 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
23:07:47.0256 56764 Audiosrv - ok
23:07:47.0361 56764 AVP (2718dc27571bd1e37813f5759d2dc118) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
23:07:47.0363 56764 AVP - ok
23:07:47.0497 56764 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
23:07:47.0501 56764 AxInstSV - ok
23:07:47.0602 56764 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
23:07:47.0612 56764 b06bdrv - ok
23:07:47.0707 56764 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
23:07:47.0712 56764 b57nd60x - ok
23:07:47.0858 56764 BBSvc (0d1ea7509f394d8b705b239ee71f5118) C:\Program Files\Microsoft\BingBar\BBSvc.EXE
23:07:47.0863 56764 BBSvc - ok
23:07:47.0975 56764 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
23:07:48.0000 56764 BDESVC - ok
23:07:48.0144 56764 BecHelperService (68bf3520fe759c91fd9182f36e585374) C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe
23:07:48.0189 56764 BecHelperService - ok
23:07:48.0261 56764 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
23:07:48.0269 56764 Beep - ok
23:07:48.0389 56764 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
23:07:48.0406 56764 BFE - ok
23:07:48.0444 56764 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\System32\qmgr.dll
23:07:48.0551 56764 BITS - ok
23:07:48.0651 56764 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
23:07:48.0654 56764 blbdrive - ok
23:07:48.0821 56764 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
23:07:48.0831 56764 Bonjour Service - ok
23:07:49.0022 56764 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
23:07:49.0026 56764 bowser - ok
23:07:49.0105 56764 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
23:07:49.0108 56764 BrFiltLo - ok
23:07:49.0140 56764 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
23:07:49.0142 56764 BrFiltUp - ok
23:07:49.0214 56764 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
23:07:49.0218 56764 Browser - ok
23:07:49.0261 56764 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
23:07:49.0273 56764 Brserid - ok
23:07:49.0327 56764 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
23:07:49.0334 56764 BrSerWdm - ok
23:07:49.0391 56764 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
23:07:49.0394 56764 BrUsbMdm - ok
23:07:49.0448 56764 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
23:07:49.0450 56764 BrUsbSer - ok
23:07:49.0546 56764 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\drivers\BthEnum.sys
23:07:49.0550 56764 BthEnum - ok
23:07:49.0583 56764 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
23:07:49.0586 56764 BTHMODEM - ok
23:07:49.0631 56764 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
23:07:49.0634 56764 BthPan - ok
23:07:49.0673 56764 BTHPORT (c2fbf6d271d9a94d839c416bf186ead9) C:\Windows\System32\Drivers\BTHport.sys
23:07:49.0684 56764 BTHPORT - ok
23:07:49.0737 56764 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
23:07:49.0740 56764 bthserv - ok
23:07:49.0857 56764 BTHSSecurityMgr (8893814133afdd17431e2682ede2dce9) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
23:07:49.0860 56764 BTHSSecurityMgr - ok
23:07:49.0941 56764 BTHUSB (c81e9413a25a439f436b1d4b6a0cf9e9) C:\Windows\System32\Drivers\BTHUSB.sys
23:07:49.0944 56764 BTHUSB - ok
23:07:49.0978 56764 btwaudio (d57d29132efe13a83133d9bd449e0cf1) C:\Windows\system32\drivers\btwaudio.sys
23:07:49.0982 56764 btwaudio - ok
23:07:50.0044 56764 btwavdt (d282c14a69357d0e1bafaecc2ca98c3a) C:\Windows\system32\DRIVERS\btwavdt.sys
23:07:50.0052 56764 btwavdt - ok
23:07:50.0148 56764 btwdins (f7434401ae320bb97903a3c1865242fb) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
23:07:50.0168 56764 btwdins - ok
23:07:50.0254 56764 btwl2cap (aafd7cb76ba61fbb08e302da208c974a) C:\Windows\system32\DRIVERS\btwl2cap.sys
23:07:50.0290 56764 btwl2cap - ok
23:07:50.0343 56764 btwrchid (02eb4d2b05967df2d32f29c84ab1fb17) C:\Windows\system32\DRIVERS\btwrchid.sys
23:07:50.0346 56764 btwrchid - ok
23:07:50.0420 56764 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
23:07:50.0423 56764 cdfs - ok
23:07:50.0513 56764 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
23:07:50.0524 56764 cdrom - ok
23:07:50.0611 56764 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
23:07:50.0614 56764 CertPropSvc - ok
23:07:50.0674 56764 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
23:07:50.0681 56764 circlass - ok
23:07:50.0735 56764 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
23:07:50.0744 56764 CLFS - ok
23:07:50.0839 56764 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:07:50.0844 56764 clr_optimization_v2.0.50727_32 - ok
23:07:50.0978 56764 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:07:51.0048 56764 clr_optimization_v4.0.30319_32 - ok
23:07:51.0134 56764 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
23:07:51.0140 56764 CmBatt - ok
23:07:51.0243 56764 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
23:07:51.0261 56764 cmdide - ok
23:07:51.0349 56764 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
23:07:51.0377 56764 CNG - ok
23:07:51.0421 56764 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
23:07:51.0434 56764 Compbatt - ok
23:07:51.0527 56764 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
23:07:51.0530 56764 CompositeBus - ok
23:07:51.0585 56764 COMSysApp - ok
23:07:51.0640 56764 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
23:07:51.0645 56764 crcdisk - ok
23:07:51.0744 56764 CryptSvc (a585bebf7d054bd9618eda0922d5484a) C:\Windows\system32\cryptsvc.dll
23:07:51.0766 56764 CryptSvc - ok
23:07:51.0822 56764 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
23:07:51.0834 56764 DcomLaunch - ok
23:07:51.0936 56764 DDNIMSGService (696c496ddab0a608d02894e9d4f62980) C:\Program Files\DDNI\Lenovo Idea Notes\DDNIMSGService.exe
23:07:51.0969 56764 DDNIMSGService - ok
23:07:52.0029 56764 DDNIService (a767a85632556477021d43259397b21a) C:\Program Files\DDNI\DIBS\DDNIService.exe
23:07:52.0033 56764 DDNIService - ok
23:07:52.0143 56764 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
23:07:52.0149 56764 defragsvc - ok
23:07:52.0222 56764 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
23:07:52.0226 56764 DfsC - ok
23:07:52.0320 56764 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
23:07:52.0329 56764 Dhcp - ok
23:07:52.0367 56764 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
23:07:52.0370 56764 discache - ok
23:07:52.0408 56764 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
23:07:52.0411 56764 Disk - ok
23:07:52.0481 56764 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
23:07:52.0486 56764 Dnscache - ok
23:07:52.0558 56764 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
23:07:52.0565 56764 dot3svc - ok
23:07:52.0663 56764 Dot4 (b5e479eb83707dd698f66953e922042c) C:\Windows\system32\DRIVERS\Dot4.sys
23:07:52.0682 56764 Dot4 - ok
23:07:52.0916 56764 Dot4Print (caefd09b6a6249c53a67d55a9a9fcabf) C:\Windows\system32\DRIVERS\Dot4Prt.sys
23:07:52.0918 56764 Dot4Print - ok
23:07:52.0965 56764 dot4usb (cf491ff38d62143203c065260567e2f7) C:\Windows\system32\DRIVERS\dot4usb.sys
23:07:52.0972 56764 dot4usb - ok
23:07:53.0071 56764 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
23:07:53.0075 56764 DPS - ok
23:07:53.0138 56764 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
23:07:53.0140 56764 drmkaud - ok
23:07:53.0217 56764 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
23:07:53.0239 56764 DXGKrnl - ok
23:07:53.0360 56764 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
23:07:53.0364 56764 EapHost - ok
23:07:53.0496 56764 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
23:07:53.0573 56764 ebdrv - ok
23:07:53.0634 56764 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
23:07:53.0637 56764 EFS - ok
23:07:53.0713 56764 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
23:07:53.0730 56764 ehRecvr - ok
23:07:53.0812 56764 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
23:07:53.0819 56764 ehSched - ok
23:07:53.0896 56764 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
23:07:53.0913 56764 elxstor - ok
23:07:53.0975 56764 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
23:07:53.0977 56764 ErrDev - ok
23:07:54.0055 56764 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
23:07:54.0061 56764 EventSystem - ok
23:07:54.0263 56764 EvtEng (b6c691d8cae275ed9b2782e62626f36a) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
23:07:54.0298 56764 EvtEng - ok
23:07:54.0439 56764 ewusbmbb (026f6d48cc5293c7b8a696376618b9d2) C:\Windows\system32\DRIVERS\ewusbwwan.sys
23:07:54.0446 56764 ewusbmbb - ok
23:07:54.0533 56764 ew_hwusbdev (57c171ea22f0a7f068fcb0caedd1e8e7) C:\Windows\system32\DRIVERS\ew_hwusbdev.sys
23:07:54.0537 56764 ew_hwusbdev - ok
23:07:54.0570 56764 ew_usbenumfilter (61a973f60e94a551ba7b15f3460444fb) C:\Windows\system32\DRIVERS\ew_usbenumfilter.sys
23:07:54.0572 56764 ew_usbenumfilter - ok
23:07:54.0617 56764 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
23:07:54.0620 56764 exfat - ok
23:07:54.0649 56764 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
23:07:54.0653 56764 fastfat - ok
23:07:54.0747 56764 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
23:07:54.0766 56764 Fax - ok
23:07:54.0809 56764 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
23:07:54.0812 56764 fdc - ok
23:07:54.0855 56764 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
23:07:54.0858 56764 fdPHost - ok
23:07:54.0887 56764 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
23:07:54.0890 56764 FDResPub - ok
23:07:54.0918 56764 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
23:07:54.0921 56764 FileInfo - ok
23:07:54.0957 56764 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
23:07:54.0959 56764 Filetrace - ok
23:07:54.0999 56764 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
23:07:55.0001 56764 flpydisk - ok
23:07:55.0064 56764 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
23:07:55.0068 56764 FltMgr - ok
23:07:55.0144 56764 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
23:07:55.0179 56764 FontCache - ok
23:07:55.0272 56764 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
23:07:55.0274 56764 FontCache3.0.0.0 - ok
23:07:55.0349 56764 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
23:07:55.0352 56764 FsDepends - ok
23:07:55.0408 56764 fssfltr (b0082808a6856a252f7cdd939892ce50) C:\Windows\system32\DRIVERS\fssfltr.sys
23:07:55.0411 56764 fssfltr - ok
23:07:55.0607 56764 fsssvc (28ddeeec44e988657b732cf404d504cb) C:\Program Files\Windows Live\Family Safety\fsssvc.exe
23:07:55.0653 56764 fsssvc - ok
23:07:55.0906 56764 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys
23:07:56.0391 56764 Fs_Rec - ok
23:07:56.0555 56764 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
23:07:56.0566 56764 fvevol - ok
23:07:56.0639 56764 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
23:07:56.0642 56764 gagp30kx - ok
23:07:56.0757 56764 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
23:07:56.0759 56764 GEARAspiWDM - ok
23:07:56.0844 56764 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
23:07:56.0863 56764 gpsvc - ok
23:07:57.0010 56764 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
23:07:57.0016 56764 gupdate - ok
23:07:57.0054 56764 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
23:07:57.0056 56764 gupdatem - ok
23:07:57.0154 56764 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
23:07:57.0162 56764 gusvc - ok
23:07:57.0263 56764 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
23:07:57.0265 56764 hcw85cir - ok
23:07:57.0371 56764 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
23:07:57.0380 56764 HdAudAddService - ok
23:07:57.0489 56764 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
23:07:57.0493 56764 HDAudBus - ok
23:07:57.0537 56764 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
23:07:57.0540 56764 HidBatt - ok
23:07:57.0593 56764 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
23:07:57.0597 56764 HidBth - ok
23:07:57.0649 56764 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
23:07:57.0652 56764 HidIr - ok
23:07:57.0695 56764 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\system32\hidserv.dll
23:07:57.0698 56764 hidserv - ok
23:07:57.0781 56764 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
23:07:57.0784 56764 HidUsb - ok
23:07:57.0887 56764 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
23:07:57.0892 56764 hkmsvc - ok
23:07:57.0932 56764 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
23:07:57.0939 56764 HomeGroupListener - ok
23:07:58.0002 56764 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
23:07:58.0008 56764 HomeGroupProvider - ok
23:07:58.0253 56764 hpqcxs08 (1dae5c46d42b02a6d5862e1482efb390) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
23:07:58.0265 56764 hpqcxs08 - ok
23:07:58.0316 56764 hpqddsvc (99e8eef42fe2f4af29b08c3355dd7685) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
23:07:58.0322 56764 hpqddsvc - ok
23:07:58.0462 56764 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
23:07:58.0469 56764 HpSAMD - ok
23:07:58.0652 56764 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
23:07:58.0669 56764 HTTP - ok
23:07:58.0835 56764 huawei_enumerator (f44461e66f1b7dd267957fe9baa63ed0) C:\Windows\system32\DRIVERS\ew_jubusenum.sys
23:07:58.0838 56764 huawei_enumerator - ok
23:07:58.0950 56764 hwdatacard (f547f862b8907f1bcbd9b72a72a6449e) C:\Windows\system32\DRIVERS\ewusbmdm.sys
23:07:58.0955 56764 hwdatacard - ok
23:07:59.0026 56764 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
23:07:59.0048 56764 hwpolicy - ok
23:07:59.0160 56764 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
23:07:59.0163 56764 i8042prt - ok
23:07:59.0310 56764 IAANTMON (0e899d0db39617aa0b2f992e7e95b5eb) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
23:07:59.0331 56764 IAANTMON - ok
23:07:59.0466 56764 iaStor (01446278d4563b3013c92830ae6cbb26) C:\Windows\system32\DRIVERS\iaStor.sys
23:07:59.0469 56764 iaStor - ok
23:07:59.0566 56764 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
23:07:59.0573 56764 iaStorV - ok
23:07:59.0643 56764 IBMPMDRV (fa3d0a6da7bb7968efe5c5bc267f0e55) C:\Windows\system32\DRIVERS\ibmpmdrv.sys
23:07:59.0662 56764 IBMPMDRV - ok
23:07:59.0746 56764 IBMPMSVC (495f184a29b80b51735bcee91d84fe8f) C:\Windows\system32\ibmpmsvc.exe
23:07:59.0761 56764 IBMPMSVC - ok
23:07:59.0968 56764 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
23:07:59.0977 56764 IDriverT - ok
23:08:00.0210 56764 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
23:08:00.0309 56764 idsvc - ok
23:08:00.0592 56764 igfx (c7fee838fd0216ee0ad3d765ab4f40f4) C:\Windows\system32\DRIVERS\igdkmd32.sys
23:08:00.0739 56764 igfx - ok
23:08:00.0880 56764 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
23:08:00.0883 56764 iirsp - ok
23:08:01.0034 56764 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
23:08:01.0055 56764 IKEEXT - ok
23:08:01.0329 56764 IntcAzAudAddService (d991871aa47da7989540ac2c0f6ec533) C:\Windows\system32\drivers\RTKVHDA.sys
23:08:01.0421 56764 IntcAzAudAddService - ok
23:08:01.0627 56764 IntcHdmiAddService (264632ade8127b7baa2190cf6fad435b) C:\Windows\system32\drivers\IntcHdmi.sys
23:08:01.0633 56764 IntcHdmiAddService - ok
23:08:01.0749 56764 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
23:08:01.0751 56764 intelide - ok
23:08:01.0862 56764 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
23:08:01.0865 56764 intelppm - ok
23:08:01.0961 56764 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
23:08:01.0965 56764 IPBusEnum - ok
23:08:02.0020 56764 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:08:02.0023 56764 IpFilterDriver - ok
23:08:02.0118 56764 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
23:08:02.0137 56764 iphlpsvc - ok
23:08:02.0211 56764 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
23:08:02.0215 56764 IPMIDRV - ok
23:08:02.0333 56764 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
23:08:02.0337 56764 IPNAT - ok
23:08:02.0537 56764 iPod Service (49918803b661367023bf325cf602afdc) C:\Program Files\iPod\bin\iPodService.exe
23:08:02.0565 56764 iPod Service - ok
23:08:02.0691 56764 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
23:08:02.0693 56764 IRENUM - ok
23:08:02.0845 56764 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
23:08:02.0850 56764 isapnp - ok
23:08:02.0977 56764 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
23:08:02.0985 56764 iScsiPrt - ok
23:08:03.0050 56764 IviRegMgr (213822072085b5bbad9af30ab577d817) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
23:08:03.0067 56764 IviRegMgr - ok
23:08:03.0167 56764 JMCR (8bbe388234c79e51ebb091edbfa77ea7) C:\Windows\system32\DRIVERS\jmcr.sys
23:08:03.0190 56764 JMCR - ok
23:08:03.0310 56764 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
23:08:03.0357 56764 kbdclass - ok
23:08:03.0430 56764 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
23:08:03.0432 56764 kbdhid - ok
23:08:03.0495 56764 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
23:08:03.0497 56764 KeyIso - ok
23:08:03.0612 56764 KL1 (186b54479d98e48aee0e9ada4b3c4d31) C:\Windows\system32\DRIVERS\kl1.sys
23:08:03.0657 56764 KL1 - ok
23:08:03.0710 56764 kl2 (bf485bfba13c0ab116701fd9c55324d0) C:\Windows\system32\DRIVERS\kl2.sys
23:08:03.0745 56764 kl2 - ok
23:08:03.0943 56764 KLIF (af04d0ce7939324e9a605b159295706c) C:\Windows\system32\DRIVERS\klif.sys
23:08:03.0963 56764 KLIF - ok
23:08:04.0074 56764 KLIM6 (6295a19003f935ecc6ccbe9e2376427b) C:\Windows\system32\DRIVERS\klim6.sys
23:08:04.0076 56764 KLIM6 - ok
23:08:04.0150 56764 klmouflt (3de1771c135328420315e21dde229bba) C:\Windows\system32\DRIVERS\klmouflt.sys
23:08:04.0152 56764 klmouflt - ok
23:08:04.0215 56764 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
23:08:04.0221 56764 KSecDD - ok
23:08:04.0263 56764 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
23:08:04.0266 56764 KSecPkg - ok
23:08:04.0340 56764 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
23:08:04.0348 56764 KtmRm - ok
23:08:04.0455 56764 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\system32\srvsvc.dll
23:08:04.0461 56764 LanmanServer - ok
23:08:04.0539 56764 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
23:08:04.0550 56764 LanmanWorkstation - ok
23:08:04.0682 56764 LENOVO.CAMMUTE (cab9c6c37fd0f9612b269349116504b6) C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
23:08:04.0686 56764 LENOVO.CAMMUTE - ok
23:08:04.0786 56764 LENOVO.MICMUTE (128158d8b1df639bf3e3fdbcbb64cdac) C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
23:08:04.0789 56764 LENOVO.MICMUTE - ok
23:08:04.0890 56764 lenovo.smi (9aac267a225f3caebb9e633f7eb16e4b) C:\Windows\system32\DRIVERS\smiif32.sys
23:08:04.0896 56764 lenovo.smi - ok
23:08:05.0071 56764 LENOVO.TPKNRSVC (04b5f7f44ccb2fab615c67ed0e6c8323) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
23:08:05.0074 56764 LENOVO.TPKNRSVC - ok
23:08:05.0112 56764 Lenovo.VIRTSCRLSVC (6f2cc57eb5836d2ac9bd37f3554d55f8) C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
23:08:05.0115 56764 Lenovo.VIRTSCRLSVC - ok
23:08:05.0238 56764 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
23:08:05.0243 56764 lltdio - ok
23:08:05.0286 56764 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
23:08:05.0292 56764 lltdsvc - ok
23:08:05.0347 56764 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
23:08:05.0351 56764 lmhosts - ok
23:08:05.0459 56764 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
23:08:05.0463 56764 LSI_FC - ok
23:08:05.0487 56764 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
23:08:05.0490 56764 LSI_SAS - ok
23:08:05.0530 56764 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
23:08:05.0545 56764 LSI_SAS2 - ok
23:08:05.0585 56764 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
23:08:05.0588 56764 LSI_SCSI - ok
23:08:05.0660 56764 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
23:08:05.0663 56764 luafv - ok
23:08:05.0795 56764 massfilter (59a2783aba6019bed0c843c706e10a6a) C:\Windows\system32\drivers\massfilter.sys
23:08:05.0797 56764 massfilter - ok
23:08:05.0864 56764 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
23:08:05.0869 56764 Mcx2Svc - ok
23:08:05.0967 56764 mdvrmng (4e10e84320a8ec1c12bd0d00973b22ab) C:\Windows\system32\drivers\mdvrmng.sys
23:08:05.0970 56764 mdvrmng - ok
23:08:06.0017 56764 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
23:08:06.0019 56764 megasas - ok
23:08:06.0081 56764 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
23:08:06.0126 56764 MegaSR - ok
23:08:06.0214 56764 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
23:08:06.0217 56764 MMCSS - ok
23:08:06.0267 56764 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
23:08:06.0270 56764 Modem - ok
23:08:06.0455 56764 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
23:08:06.0495 56764 monitor - ok
23:08:06.0649 56764 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
23:08:06.0658 56764 mouclass - ok
23:08:06.0759 56764 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
23:08:06.0762 56764 mouhid - ok
23:08:06.0850 56764 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
23:08:06.0854 56764 mountmgr - ok
23:08:06.0941 56764 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
23:08:06.0949 56764 mpio - ok
23:08:07.0034 56764 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
23:08:07.0056 56764 mpsdrv - ok
23:08:07.0192 56764 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
23:08:07.0225 56764 MpsSvc - ok
23:08:07.0347 56764 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
23:08:07.0353 56764 MRxDAV - ok
23:08:07.0464 56764 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
23:08:07.0474 56764 mrxsmb - ok
23:08:07.0521 56764 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:08:07.0530 56764 mrxsmb10 - ok
23:08:07.0584 56764 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:08:07.0587 56764 mrxsmb20 - ok
23:08:07.0659 56764 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
23:08:07.0662 56764 msahci - ok
23:08:07.0719 56764 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
23:08:07.0722 56764 msdsm - ok
23:08:07.0777 56764 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
23:08:07.0799 56764 MSDTC - ok
23:08:07.0864 56764 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
23:08:07.0869 56764 Msfs - ok
23:08:07.0902 56764 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
23:08:07.0904 56764 mshidkmdf - ok
23:08:07.0969 56764 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
23:08:07.0972 56764 msisadrv - ok
23:08:08.0032 56764 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
23:08:08.0037 56764 MSiSCSI - ok
23:08:08.0062 56764 msiserver - ok
23:08:08.0134 56764 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
23:08:08.0137 56764 MSKSSRV - ok
23:08:08.0174 56764 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
23:08:08.0177 56764 MSPCLOCK - ok
23:08:08.0204 56764 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
23:08:08.0207 56764 MSPQM - ok
23:08:08.0242 56764 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
23:08:08.0247 56764 MsRPC - ok
23:08:08.0319 56764 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
23:08:08.0322 56764 mssmbios - ok
23:08:08.0349 56764 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
23:08:08.0352 56764 MSTEE - ok
23:08:08.0379 56764 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
23:08:08.0382 56764 MTConfig - ok
23:08:08.0409 56764 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
23:08:08.0412 56764 Mup - ok
23:08:08.0482 56764 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
23:08:08.0494 56764 napagent - ok
23:08:08.0709 56764 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
23:08:08.0747 56764 NativeWifiP - ok
23:08:09.0017 56764 NDIS (3723262737d90f58059ceda7373b0387) C:\Windows\system32\drivers\ndis.sys
23:08:09.0040 56764 NDIS - ok
23:08:09.0254 56764 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
23:08:09.0257 56764 NdisCap - ok
23:08:09.0349 56764 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
23:08:09.0351 56764 NdisTapi - ok
23:08:09.0423 56764 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
23:08:09.0426 56764 Ndisuio - ok
23:08:09.0510 56764 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
23:08:09.0523 56764 NdisWan - ok
23:08:09.0614 56764 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
23:08:09.0618 56764 NDProxy - ok
23:08:09.0754 56764 Net Driver HPZ12 (510c138564486ff926a3f773205c63d1) C:\Windows\system32\HPZinw12.dll
23:08:09.0758 56764 Net Driver HPZ12 - ok
23:08:09.0812 56764 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
23:08:09.0815 56764 NetBIOS - ok
23:08:09.0884 56764 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
23:08:09.0890 56764 NetBT - ok
23:08:09.0956 56764 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
23:08:09.0958 56764 Netlogon - ok
23:08:10.0113 56764 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
23:08:10.0181 56764 Netman - ok
23:08:10.0382 56764 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
23:08:10.0410 56764 NetMsmqActivator - ok
23:08:10.0429 56764 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
23:08:10.0430 56764 NetPipeActivator - ok
23:08:10.0527 56764 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
23:08:10.0547 56764 netprofm - ok
23:08:10.0641 56764 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
23:08:10.0643 56764 NetTcpActivator - ok
23:08:10.0651 56764 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
23:08:10.0652 56764 NetTcpPortSharing - ok
23:08:10.0883 56764 netw5v32 (af1ae2e42b03395560b1cde03230205c) C:\Windows\system32\DRIVERS\netw5v32.sys
23:08:11.0033 56764 netw5v32 - ok
23:08:11.0491 56764 NETwNs32 (5c979c481981e04919ecbb3b88d54b34) C:\Windows\system32\DRIVERS\NETwNs32.sys
23:08:11.0692 56764 NETwNs32 - ok
23:08:11.0825 56764 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
23:08:11.0828 56764 nfrd960 - ok
23:08:11.0916 56764 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
23:08:11.0923 56764 NlaSvc - ok
23:08:11.0963 56764 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
23:08:11.0965 56764 Npfs - ok
23:08:12.0033 56764 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
23:08:12.0038 56764 nsi - ok
23:08:12.0167 56764 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
23:08:12.0176 56764 nsiproxy - ok
23:08:12.0294 56764 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
23:08:12.0378 56764 Ntfs - ok
23:08:12.0441 56764 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
23:08:12.0443 56764 Null - ok
23:08:12.0561 56764 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
23:08:12.0585 56764 nvraid - ok
23:08:12.0669 56764 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
23:08:12.0674 56764 nvstor - ok
23:08:12.0744 56764 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
23:08:12.0750 56764 nv_agp - ok
23:08:12.0816 56764 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
23:08:12.0820 56764 ohci1394 - ok
23:08:12.0906 56764 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:08:12.0912 56764 ose - ok
23:08:13.0093 56764 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
23:08:13.0210 56764 osppsvc - ok
23:08:13.0302 56764 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
23:08:13.0368 56764 p2pimsvc - ok
23:08:13.0469 56764 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
23:08:13.0493 56764 p2psvc - ok
23:08:13.0572 56764 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
23:08:13.0624 56764 Parport - ok
23:08:13.0677 56764 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
23:08:13.0679 56764 partmgr - ok
23:08:13.0719 56764 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
23:08:13.0722 56764 Parvdm - ok
23:08:13.0769 56764 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
23:08:13.0777 56764 PcaSvc - ok
23:08:13.0799 56764 PcdrNdisuio - ok
23:08:13.0869 56764 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
23:08:13.0872 56764 pci - ok
23:08:13.0929 56764 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
23:08:13.0934 56764 pciide - ok
23:08:14.0017 56764 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
23:08:14.0024 56764 pcmcia - ok
23:08:14.0134 56764 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
23:08:14.0137 56764 pcw - ok
23:08:14.0204 56764 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
23:08:14.0222 56764 PEAUTH - ok
23:08:14.0327 56764 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
23:08:14.0372 56764 pla - ok
23:08:14.0429 56764 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
23:08:14.0437 56764 PlugPlay - ok
23:08:14.0529 56764 Pml Driver HPZ12 (37e5e8ffbad35605daeec3224ea0e465) C:\Windows\system32\HPZipm12.dll
23:08:14.0532 56764 Pml Driver HPZ12 - ok
23:08:14.0571 56764 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
23:08:14.0575 56764 PNRPAutoReg - ok
23:08:14.0656 56764 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
23:08:14.0660 56764 PNRPsvc - ok
23:08:14.0752 56764 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
23:08:14.0761 56764 PolicyAgent - ok
23:08:14.0834 56764 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
23:08:14.0840 56764 Power - ok
23:08:14.0957 56764 Power Manager DBC Service (ebf8a077be308c0c6d55d90f89a43547) C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
23:08:14.0964 56764 Power Manager DBC Service - ok
23:08:15.0082 56764 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
23:08:15.0085 56764 PptpMiniport - ok
23:08:15.0116 56764 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
23:08:15.0119 56764 Processor - ok
23:08:15.0189 56764 ProfSvc (43ca4ccc22d52fb58e8988f0198851d0) C:\Windows\system32\profsvc.dll
23:08:15.0195 56764 ProfSvc - ok
23:08:15.0257 56764 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
23:08:15.0260 56764 ProtectedStorage - ok
23:08:15.0342 56764 psadd (72de205cd4006dc45b1401859c506679) C:\Windows\system32\DRIVERS\psadd.sys
23:08:15.0344 56764 psadd - ok
23:08:15.0441 56764 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
23:08:15.0445 56764 Psched - ok
23:08:15.0593 56764 PwmEWSvc (254de0e4fb8822ca9e5495dcac3bf11c) C:\Program Files\ThinkPad\Utilities\PWMEWSVC.EXE
23:08:15.0598 56764 PwmEWSvc - ok
23:08:15.0666 56764 PxHelp20 (40fedd328f98245ad201cf5f9f311724) C:\Windows\system32\Drivers\PxHelp20.sys
23:08:15.0671 56764 PxHelp20 - ok
23:08:15.0781 56764 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
23:08:15.0823 56764 ql2300 - ok
23:08:15.0848 56764 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
23:08:15.0853 56764 ql40xx - ok
23:08:15.0926 56764 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
23:08:15.0933 56764 QWAVE - ok
23:08:15.0996 56764 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
23:08:16.0003 56764 QWAVEdrv - ok
23:08:16.0038 56764 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
23:08:16.0041 56764 RasAcd - ok
23:08:16.0101 56764 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
23:08:16.0103 56764 RasAgileVpn - ok
23:08:16.0148 56764 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
23:08:16.0153 56764 RasAuto - ok
23:08:16.0188 56764 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
23:08:16.0191 56764 Rasl2tp - ok
23:08:16.0258 56764 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
23:08:16.0278 56764 RasMan - ok
23:08:16.0311 56764 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
23:08:16.0313 56764 RasPppoe - ok
23:08:16.0353 56764 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
23:08:16.0356 56764 RasSstp - ok
23:08:16.0396 56764 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
23:08:16.0403 56764 rdbss - ok
23:08:16.0443 56764 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
23:08:16.0446 56764 rdpbus - ok
23:08:16.0506 56764 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
23:08:16.0508 56764 RDPCDD - ok
23:08:16.0556 56764 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
23:08:16.0568 56764 RDPENCDD - ok
23:08:16.0604 56764 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
23:08:16.0606 56764 RDPREFMP - ok
23:08:16.0668 56764 RDPWD (244c83332f44589ae98fc347f11b2693) C:\Windows\system32\drivers\RDPWD.sys
23:08:16.0674 56764 RDPWD - ok
23:08:16.0762 56764 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
23:08:16.0770 56764 rdyboost - ok
23:08:16.0814 56764 regi (001b4278407f4303efc902a2b16f2453) C:\Windows\system32\drivers\regi.sys
23:08:16.0816 56764 regi - ok
23:08:16.0943 56764 RegSrvc (6c47ac711f5fb55c5387a85d50ab4703) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
23:08:16.0961 56764 RegSrvc - ok
23:08:17.0022 56764 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
23:08:17.0026 56764 RemoteAccess - ok
23:08:17.0073 56764 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
23:08:17.0079 56764 RemoteRegistry - ok
23:08:17.0150 56764 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
23:08:17.0155 56764 RFCOMM - ok
23:08:17.0255 56764 Roxio UPnP Renderer 10 (14a99fd851272c73b758546ef8f0e641) C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
23:08:17.0277 56764 Roxio UPnP Renderer 10 - ok
23:08:17.0318 56764 Roxio Upnp Server 10 (ba917f2f2bd5033e70823797c73cdfcb) C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe
23:08:17.0328 56764 Roxio Upnp Server 10 - ok
23:08:17.0427 56764 RoxLiveShare10 (8986d20cf294d794a79fb18ff697b68b) C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
23:08:17.0435 56764 RoxLiveShare10 - ok
23:08:17.0494 56764 RoxMediaDB10 (d8c44229eb2495e774350529ed9be08d) C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
23:08:18.0184 56764 RoxMediaDB10 - ok
23:08:18.0292 56764 RoxWatch10 (53716357f4b3c99112cf0a21932c5688) C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
23:08:18.0314 56764 RoxWatch10 - ok
23:08:18.0393 56764 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
23:08:18.0398 56764 RpcEptMapper - ok
23:08:18.0444 56764 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
23:08:18.0451 56764 RpcLocator - ok
23:08:18.0530 56764 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
23:08:18.0536 56764 RpcSs - ok
23:08:18.0614 56764 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
23:08:18.0618 56764 rspndr - ok
23:08:18.0758 56764 RTL8167 (5283b9a27ff230f2ff70d92451ff409a) C:\Windows\system32\DRIVERS\Rt86win7.sys
23:08:18.0769 56764 RTL8167 - ok
23:08:18.0860 56764 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
23:08:18.0864 56764 SamSs - ok
23:08:18.0951 56764 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
23:08:18.0955 56764 sbp2port - ok
23:08:19.0037 56764 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
23:08:19.0042 56764 SCardSvr - ok
23:08:19.0118 56764 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
23:08:19.0120 56764 scfilter - ok
23:08:19.0215 56764 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
23:08:19.0249 56764 Schedule - ok
23:08:19.0315 56764 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
23:08:19.0318 56764 SCPolicySvc - ok
23:08:19.0399 56764 sdbus (0328be1c7f1cba23848179f8762e391c) C:\Windows\system32\drivers\sdbus.sys
23:08:19.0402 56764 sdbus - ok
23:08:19.0467 56764 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
23:08:19.0476 56764 SDRSVC - ok
23:08:19.0578 56764 SeaPort (78779ee07231c658b483b1f38b5088df) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
23:08:19.0617 56764 SeaPort - ok
23:08:19.0709 56764 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
23:08:19.0712 56764 secdrv - ok
23:08:19.0762 56764 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
23:08:19.0767 56764 seclogon - ok
23:08:19.0819 56764 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll
23:08:19.0824 56764 SENS - ok
23:08:19.0912 56764 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
23:08:19.0917 56764 SensrSvc - ok
23:08:19.0984 56764 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
23:08:19.0987 56764 Serenum - ok
23:08:20.0024 56764 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
23:08:20.0027 56764 Serial - ok
23:08:20.0094 56764 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
23:08:20.0097 56764 sermouse - ok
23:08:20.0184 56764 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
23:08:20.0192 56764 SessionEnv - ok
23:08:20.0252 56764 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
23:08:20.0254 56764 sffdisk - ok
23:08:20.0287 56764 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
23:08:20.0289 56764 sffp_mmc - ok
23:08:20.0319 56764 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
23:08:20.0319 56764 sffp_sd - ok
23:08:20.0377 56764 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
23:08:20.0382 56764 sfloppy - ok
23:08:20.0442 56764 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
23:08:20.0449 56764 SharedAccess - ok
23:08:20.0512 56764 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
23:08:20.0519 56764 ShellHWDetection - ok
23:08:20.0608 56764 Shockprf (1624530d05155f4e5a4736531523bff5) C:\Windows\system32\DRIVERS\Apsx86.sys
23:08:20.0612 56764 Shockprf - ok
23:08:20.0682 56764 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
23:08:20.0685 56764 sisagp - ok
23:08:20.0750 56764 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
23:08:20.0753 56764 SiSRaid2 - ok
23:08:20.0779 56764 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
23:08:20.0782 56764 SiSRaid4 - ok
23:08:20.0880 56764 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files\Skype\Updater\Updater.exe
23:08:20.0900 56764 SkypeUpdate - ok
23:08:20.0949 56764 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
23:08:20.0952 56764 Smb - ok
23:08:21.0044 56764 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
23:08:21.0048 56764 SNMPTRAP - ok
23:08:21.0092 56764 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
23:08:21.0095 56764 spldr - ok
23:08:21.0276 56764 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
23:08:21.0284 56764 Spooler - ok
23:08:21.0746 56764 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
23:08:21.0842 56764 sppsvc - ok
23:08:21.0969 56764 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
23:08:21.0975 56764 sppuinotify - ok
23:08:22.0127 56764 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
23:08:22.0134 56764 srv - ok
23:08:22.0191 56764 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
23:08:22.0201 56764 srv2 - ok
23:08:22.0254 56764 SrvHsfHDA (e00fdfaff025e94f9821153750c35a6d) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
23:08:22.0263 56764 SrvHsfHDA - ok
23:08:22.0399 56764 SrvHsfV92 (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
23:08:22.0423 56764 SrvHsfV92 - ok
23:08:22.0495 56764 SrvHsfWinac (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
23:08:22.0523 56764 SrvHsfWinac - ok
23:08:22.0588 56764 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
23:08:22.0597 56764 srvnet - ok
23:08:22.0665 56764 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
23:08:22.0671 56764 SSDPSRV - ok
23:08:22.0726 56764 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
23:08:22.0732 56764 SstpSvc - ok
23:08:22.0923 56764 stdriver (5c031c715e14f10dfc9395004f54ee21) C:\Windows\system32\DRIVERS\stdriver32.sys
23:08:22.0926 56764 stdriver - ok
23:08:22.0969 56764 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
23:08:22.0971 56764 stexstor - ok
23:08:23.0051 56764 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
23:08:23.0073 56764 StiSvc - ok
23:08:23.0144 56764 stllssvr (ff5eb78af7dfb68c2fb363537aaf753e) C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
23:08:23.0608 56764 stllssvr - ok
23:08:23.0697 56764 SUService (6ea2f517373771cac5188e82617c9c0b) C:\Program Files\Lenovo\System Update\SUService.exe
23:08:23.0700 56764 SUService - ok
23:08:23.0808 56764 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
23:08:23.0810 56764 swenum - ok
23:08:23.0869 56764 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
23:08:23.0878 56764 swprv - ok
23:08:23.0988 56764 SynTP (d7dc30b8b41e7a913c3fccc0631e72ec) C:\Windows\system32\DRIVERS\SynTP.sys
23:08:23.0994 56764 SynTP - ok
23:08:24.0082 56764 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
23:08:24.0118 56764 SysMain - ok
23:08:24.0190 56764 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
23:08:24.0195 56764 TabletInputService - ok
23:08:24.0267 56764 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
23:08:24.0274 56764 TapiSrv - ok
23:08:24.0340 56764 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
23:08:24.0345 56764 TBS - ok
23:08:24.0485 56764 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
23:08:24.0519 56764 Tcpip - ok
23:08:24.0680 56764 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
23:08:24.0692 56764 TCPIP6 - ok
23:08:24.0777 56764 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
23:08:24.0781 56764 tcpipreg - ok
23:08:24.0868 56764 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
23:08:24.0871 56764 TDPIPE - ok
23:08:24.0972 56764 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
23:08:24.0975 56764 TDTCP - ok
23:08:25.0050 56764 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
23:08:25.0053 56764 tdx - ok
23:08:25.0118 56764 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
23:08:25.0146 56764 TermDD - ok
23:08:25.0283 56764 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
23:08:25.0302 56764 TermService - ok
23:08:25.0396 56764 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
23:08:25.0401 56764 Themes - ok
23:08:25.0496 56764 ThinkVantage Registry Monitor Service (39ac444e07fdbd8c2e8e291a65d515d3) C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
23:08:25.0533 56764 ThinkVantage Registry Monitor Service - ok
23:08:25.0634 56764 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
23:08:25.0646 56764 THREADORDER - ok
23:08:25.0820 56764 TPDIGIMN (d2378fbbd668d9fe9b6b5e3139d506d3) C:\Windows\system32\DRIVERS\ApsHM86.sys
23:08:25.0823 56764 TPDIGIMN - ok
23:08:25.0910 56764 TPHDEXLGSVC (a34a1e6b5461273846d30f5898602a72) C:\Windows\system32\TPHDEXLG.exe
23:08:25.0916 56764 TPHDEXLGSVC - ok
23:08:26.0006 56764 TPHKLOAD (1dbf0267cebf80f0bd24dfe895367db5) C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
23:08:26.0012 56764 TPHKLOAD - ok
23:08:26.0068 56764 TPHKSVC (cb0625c2f5b7c72c50c5ae34f8e8f7d0) C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
23:08:26.0070 56764 TPHKSVC - ok
23:08:26.0162 56764 TPM (5ad05191dc8b444a7ba4d79b76c42a30) C:\Windows\system32\drivers\tpm.sys
23:08:26.0165 56764 TPM - ok
23:08:26.0258 56764 TPPWRIF (c16ec6a5390904d3971179553852025b) C:\Windows\system32\drivers\Tppwr32v.sys
23:08:26.0260 56764 TPPWRIF - ok
23:08:26.0319 56764 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
23:08:26.0325 56764 TrkWks - ok
23:08:26.0402 56764 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
23:08:26.0408 56764 TrustedInstaller - ok
23:08:26.0453 56764 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
23:08:26.0456 56764 tssecsrv - ok
23:08:26.0521 56764 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
23:08:26.0525 56764 TsUsbFlt - ok
23:08:26.0588 56764 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
23:08:26.0591 56764 tunnel - ok
23:08:26.0702 56764 TVT Backup Service (a87be63239ffdc22f963e9bafefeb2c9) C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
23:08:26.0748 56764 TVT Backup Service - ok
23:08:26.0833 56764 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
23:08:26.0835 56764 uagp35 - ok
23:08:26.0915 56764 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
23:08:26.0920 56764 udfs - ok
23:08:26.0983 56764 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
23:08:26.0988 56764 UI0Detect - ok
23:08:27.0058 56764 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
23:08:27.0060 56764 uliagpkx - ok
23:08:27.0143 56764 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
23:08:27.0155 56764 umbus - ok
23:08:27.0198 56764 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
23:08:27.0203 56764 UmPass - ok
23:08:27.0258 56764 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
23:08:27.0278 56764 upnphost - ok
23:08:27.0320 56764 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
23:08:27.0325 56764 usbccgp - ok
23:08:27.0390 56764 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
23:08:27.0393 56764 usbcir - ok
23:08:27.0458 56764 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
23:08:27.0460 56764 usbehci - ok
23:08:27.0543 56764 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
23:08:27.0550 56764 usbhub - ok
23:08:27.0582 56764 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
23:08:27.0584 56764 usbohci - ok
23:08:27.0645 56764 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
23:08:27.0648 56764 usbprint - ok
23:08:27.0722 56764 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
23:08:27.0728 56764 usbscan - ok
23:08:27.0779 56764 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:08:27.0786 56764 USBSTOR - ok
23:08:27.0847 56764 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
23:08:27.0850 56764 usbuhci - ok
23:08:27.0936 56764 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys
23:08:27.0943 56764 usbvideo - ok
23:08:27.0990 56764 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
23:08:27.0994 56764 UxSms - ok
23:08:28.0052 56764 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
23:08:28.0058 56764 VaultSvc - ok
23:08:28.0121 56764 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
23:08:28.0124 56764 vdrvroot - ok
23:08:28.0205 56764 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
23:08:28.0227 56764 vds - ok
23:08:28.0270 56764 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
23:08:28.0293 56764 vga - ok
23:08:28.0333 56764 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
23:08:28.0335 56764 VgaSave - ok
23:08:28.0391 56764 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
23:08:28.0395 56764 vhdmp - ok
23:08:28.0445 56764 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
23:08:28.0448 56764 viaagp - ok
23:08:28.0490 56764 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
23:08:28.0493 56764 ViaC7 - ok
23:08:28.0532 56764 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
23:08:28.0534 56764 viaide - ok
23:08:28.0572 56764 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
23:08:28.0579 56764 volmgr - ok
23:08:28.0623 56764 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
23:08:28.0629 56764 volmgrx - ok
23:08:28.0667 56764 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
23:08:28.0690 56764 volsnap - ok
23:08:28.0739 56764 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
23:08:28.0743 56764 vsmraid - ok
23:08:28.0833 56764 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
23:08:28.0867 56764 VSS - ok
23:08:28.0913 56764 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
23:08:28.0916 56764 vwifibus - ok
23:08:28.0969 56764 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
23:08:28.0971 56764 vwififlt - ok
23:08:29.0012 56764 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys
23:08:29.0015 56764 vwifimp - ok
23:08:29.0062 56764 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
23:08:29.0071 56764 W32Time - ok
23:08:29.0123 56764 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
23:08:29.0126 56764 WacomPen - ok
23:08:29.0206 56764 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
23:08:29.0209 56764 WANARP - ok
23:08:29.0227 56764 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
23:08:29.0228 56764 Wanarpv6 - ok
23:08:29.0375 56764 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
23:08:29.0423 56764 WatAdminSvc - ok
23:08:29.0523 56764 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
23:08:29.0557 56764 wbengine - ok
23:08:29.0605 56764 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
23:08:29.0611 56764 WbioSrvc - ok
23:08:29.0684 56764 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
23:08:29.0704 56764 wcncsvc - ok
23:08:29.0750 56764 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
23:08:29.0759 56764 WcsPlugInService - ok
23:08:29.0849 56764 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
23:08:29.0852 56764 Wd - ok
23:08:29.0907 56764 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
23:08:29.0926 56764 Wdf01000 - ok
23:08:29.0982 56764 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
23:08:29.0987 56764 WdiServiceHost - ok
23:08:30.0001 56764 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
23:08:30.0004 56764 WdiSystemHost - ok
23:08:30.0066 56764 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
23:08:30.0074 56764 WebClient - ok
23:08:30.0130 56764 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
23:08:30.0137 56764 Wecsvc - ok
23:08:30.0177 56764 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
23:08:30.0185 56764 wercplsupport - ok
23:08:30.0234 56764 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
23:08:30.0240 56764 WerSvc - ok
23:08:30.0315 56764 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
23:08:30.0318 56764 WfpLwf - ok
23:08:30.0358 56764 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
23:08:30.0361 56764 WIMMount - ok
23:08:30.0438 56764 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
23:08:30.0465 56764 WinDefend - ok
23:08:30.0508 56764 WinHttpAutoProxySvc - ok
23:08:30.0612 56764 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
23:08:30.0619 56764 Winmgmt - ok
23:08:30.0710 56764 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
23:08:30.0753 56764 WinRM - ok
23:08:30.0862 56764 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
23:08:30.0865 56764 WinUsb - ok
23:08:30.0927 56764 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
23:08:30.0962 56764 Wlansvc - ok
23:08:31.0038 56764 wlcrasvc (6067acef367e79914af628fa1e9b5330) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
23:08:31.0062 56764 wlcrasvc - ok
23:08:31.0135 56764 wlidsvc (fb01d4ae207b9efdbabfc55dc95c7e31) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
23:08:31.0187 56764 wlidsvc - ok
23:08:31.0304 56764 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
23:08:31.0307 56764 WmiAcpi - ok
23:08:31.0428 56764 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
23:08:31.0437 56764 wmiApSrv - ok
23:08:31.0574 56764 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
23:08:31.0617 56764 WMPNetworkSvc - ok
23:08:31.0682 56764 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
23:08:31.0694 56764 WPCSvc - ok
23:08:31.0765 56764 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
23:08:31.0774 56764 WPDBusEnum - ok
23:08:31.0830 56764 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
23:08:31.0833 56764 ws2ifsl - ok
23:08:31.0873 56764 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\System32\wscsvc.dll
23:08:31.0879 56764 wscsvc - ok
23:08:31.0906 56764 WSearch - ok
23:08:32.0022 56764 wuauserv (3026418a50c5b4761befa632cedb7406) C:\Windows\system32\wuaueng.dll
23:08:32.0101 56764 wuauserv - ok
23:08:32.0178 56764 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
23:08:32.0181 56764 WudfPf - ok
23:08:32.0234 56764 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
23:08:32.0238 56764 WUDFRd - ok
23:08:32.0305 56764 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
23:08:32.0313 56764 wudfsvc - ok
23:08:32.0367 56764 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
23:08:32.0389 56764 WwanSvc - ok
23:08:32.0525 56764 ZTEusbmdm6k (3862318f85be7a91957ada5e814ed58c) C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys
23:08:32.0528 56764 ZTEusbmdm6k - ok
23:08:32.0570 56764 ZTEusbnmea (3862318f85be7a91957ada5e814ed58c) C:\Windows\system32\DRIVERS\ZTEusbnmea.sys
23:08:32.0573 56764 ZTEusbnmea - ok
23:08:32.0667 56764 ZTEusbser6k (3862318f85be7a91957ada5e814ed58c) C:\Windows\system32\DRIVERS\ZTEusbser6k.sys
23:08:32.0671 56764 ZTEusbser6k - ok
23:08:32.0839 56764 MBR (0x1B8) (4d3df799f91f23bd025ce550100f7662) \Device\Harddisk0\DR0
23:08:32.0876 56764 \Device\Harddisk0\DR0 - ok
23:08:32.0910 56764 Boot (0x1200) (7635bf983df3cc02360fc8e48524f904) \Device\Harddisk0\DR0\Partition0
23:08:32.0911 56764 \Device\Harddisk0\DR0\Partition0 - ok
23:08:32.0953 56764 Boot (0x1200) (17ce923dca9191a13c32facbb91ef525) \Device\Harddisk0\DR0\Partition1
23:08:32.0955 56764 \Device\Harddisk0\DR0\Partition1 - ok
23:08:32.0995 56764 Boot (0x1200) (5e7c9dabe2a58d293862e5c989fc0522) \Device\Harddisk0\DR0\Partition2
23:08:32.0996 56764 \Device\Harddisk0\DR0\Partition2 - ok
23:08:33.0001 56764 ============================================================
23:08:33.0002 56764 Scan finished
23:08:33.0002 56764 ============================================================
23:08:33.0022 57096 Detected object count: 0
23:08:33.0022 57096 Actual detected object count: 0

#4 phoenix1206

phoenix1206
  • Topic Starter

  • Members
  • 80 posts
  • OFFLINE
  •  
  • Local time:06:06 AM

Posted 18 April 2012 - 10:57 AM

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-18 23:16:09
-----------------------------
23:16:09.001 OS Version: Windows 6.1.7601 Service Pack 1
23:16:09.001 Number of processors: 2 586 0x170A
23:16:09.006 ComputerName: PHOENIX-THINK UserName: Phoenix
23:16:40.454 Initialize success
23:31:25.096 AVAST engine defs: 12041801
23:31:58.120 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
23:31:58.124 Disk 0 Vendor: WDC_WD32 14.0 Size: 305245MB BusType: 3
23:31:58.176 Disk 0 MBR read successfully
23:31:58.179 Disk 0 MBR scan
23:31:58.534 Disk 0 unknown MBR code
23:31:58.700 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 1200 MB offset 2048
23:31:58.722 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 293543 MB offset 2459648
23:31:58.974 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 10500 MB offset 603635712
23:31:59.153 Disk 0 scanning sectors +625140400
23:31:59.870 Disk 0 scanning C:\Windows\system32\drivers
23:32:52.759 Service scanning
23:33:17.031 Service KL1 C:\Windows\system32\DRIVERS\kl1.sys **LOCKED** 5
23:33:17.267 Service kl2 C:\Windows\system32\DRIVERS\kl2.sys **LOCKED** 5
23:33:17.644 Service KLIM6 C:\Windows\system32\DRIVERS\klim6.sys **LOCKED** 5
23:33:17.695 Service klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys **LOCKED** 5
23:33:57.886 Modules scanning
23:34:18.451 Disk 0 trace - called modules:
23:34:18.468 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll iaStor.sys
23:34:18.475 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87101030]
23:34:18.483 3 CLASSPNP.SYS[8420459e] -> nt!IofCallDriver -> [0x862bc920]
23:34:18.491 5 ACPI.sys[842ad3d4] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x85949028]
23:34:27.067 AVAST engine scan C:\Windows
23:34:35.619 AVAST engine scan C:\Windows\system32
23:41:01.572 AVAST engine scan C:\Windows\system32\drivers
23:42:07.903 AVAST engine scan C:\Users\Phoenix
23:52:07.111 Disk 0 MBR has been saved successfully to "C:\Users\Phoenix\Desktop\MBR.dat"
23:52:07.554 The log file has been saved successfully to "C:\Users\Phoenix\Desktop\aswMBR.txt"

Attached Files

  • Attached File  MBR.zip   566bytes   0 downloads


#5 phoenix1206

phoenix1206
  • Topic Starter

  • Members
  • 80 posts
  • OFFLINE
  •  
  • Local time:06:06 AM

Posted 18 April 2012 - 10:59 AM

I have got a MRT.exe in C:\a22551d7109481568b5f90. Is it normal? It is the only folder in this folder.

#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,955 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:06 AM

Posted 18 April 2012 - 01:13 PM

When your computer is clean you can delete the file and the folder.
Not sure I may need you to run the MBR.exe later. Not sure.

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

#7 phoenix1206

phoenix1206
  • Topic Starter

  • Members
  • 80 posts
  • OFFLINE
  •  
  • Local time:06:06 AM

Posted 18 April 2012 - 09:30 PM

Please find the log as per attached. Thanks

Attached Files



#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,955 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:06 AM

Posted 19 April 2012 - 09:42 AM

The ComboFix log is clean.

Third party programs if not up to date can be an open door for an infection

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please let me know what problem remains with this computer.

#9 phoenix1206

phoenix1206
  • Topic Starter

  • Members
  • 80 posts
  • OFFLINE
  •  
  • Local time:06:06 AM

Posted 19 April 2012 - 10:29 AM

Results of screen317's Security Check version 0.99.32
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
MuseScore 0.9.6.3 MuseScore score typesetter
Kaspersky Internet Security 2012
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

CCleaner
Java™ 6 Update 31
Adobe Flash Player 11.2.202.228
Adobe Reader 9 Adobe Reader out of date!
Mozilla Firefox (11.0.)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Ashampoo Ashampoo Anti-Malware AAMW_Service.exe
Ashampoo Ashampoo Anti-Malware AAMW_WSC_Service_Vista.exe
Kaspersky Lab Kaspersky Internet Security 2012 avp.exe
Kaspersky Lab Kaspersky Internet Security 2012 klwtblfs.exe
``````````End of Log````````````

#10 phoenix1206

phoenix1206
  • Topic Starter

  • Members
  • 80 posts
  • OFFLINE
  •  
  • Local time:06:06 AM

Posted 19 April 2012 - 10:32 AM

One thing more. Today after executing the Combofix and TDSS Killer, my PC has got a blue screen with the file dxgmmsl.sys 0x0000008E. After reboot, it didn't recur. But I was wondering if it's normal.

#11 nasdaq

nasdaq

  • Malware Response Team
  • 39,955 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:06 AM

Posted 19 April 2012 - 01:27 PM

If you search dxgmmsl.sys with Google you will find out that this is possibly a Graphics card or some other Hardware problem.
If you get more of these BSOD check it out.


Security Issue.

Get the latest version of the Adobe Reader.
http://get.adobe.com/reader/
Before your download I suggest you unckeck the box on the top right "Include in your download" this is not required. While the installation is in progress you can also deny the installation of any other programs that may be suggested.

When installed remove your old version of the Reader using the Add/Remove Programs applet if present.
===

If all is well then:

Time for some housekeeping

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bold text into the Run box and click OK:

ComboFix /Uninstall
===

Delete the other tools we used.

#12 phoenix1206

phoenix1206
  • Topic Starter

  • Members
  • 80 posts
  • OFFLINE
  •  
  • Local time:06:06 AM

Posted 19 April 2012 - 10:13 PM

updated the Acrobat Reader. Do I delete the files just by deleting the installer?

#13 nasdaq

nasdaq

  • Malware Response Team
  • 39,955 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:06 AM

Posted 20 April 2012 - 08:27 AM

Check the Add/Remove programs list. If you have an old version remove it.

The installer of the new version can be deleted.

#14 phoenix1206

phoenix1206
  • Topic Starter

  • Members
  • 80 posts
  • OFFLINE
  •  
  • Local time:06:06 AM

Posted 20 April 2012 - 10:51 AM

Thank you very much. So, I assume that it's case closed? Once again, thank you for your help.

#15 nasdaq

nasdaq

  • Malware Response Team
  • 39,955 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:06 AM

Posted 26 April 2012 - 09:00 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users