Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected - "Run As" popup


  • This topic is locked This topic is locked
9 replies to this topic

#1 TylerS19

TylerS19

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:06:24 AM

Posted 30 April 2012 - 03:41 PM

Hello and thanks in advance for any help you can offer.

Recently I attempted to go to a website I thought was legitimate and Malwarebytes blocked the connection. I quickly updated AVG, Malwarebytes anti-malware, and Ad-Aware and ran all three, though nothing was found.

Unfortunately now a"Run As" popup which asks which user I want to run "this" program pops up every so often and continues to pop up unless I click to run it. Malwarebytes prompts me that it stopped a program the first time the run as popup appears. When I boot the computer into safe mode AVG continues to consume ram until the computer shuts down, I tried terminating the program (through the task manager) but the computer still shuts down after a minute or two in safe mode; it works fine in regular bootup.

I'm running Windows XP Pro and use Firefox.

Thanks!

Edited by TylerS19, 01 May 2012 - 08:52 AM.


BC AdBot (Login to Remove)

 


#2 TylerS19

TylerS19
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:06:24 AM

Posted 02 May 2012 - 01:30 PM

For some reason I couldn't find the edit button.. New, sporadic symptom, when I click a link from a Google search it will occasionally open a google ads result, rather than the one I clicked.

#3 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:10:24 AM

Posted 03 May 2012 - 07:29 PM

Hello,

I will be helping you with your problems

Some points for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do NOT run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.

NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

----------------------------------------------

Please do the following:

Step 1

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Step 2

Please download Farbar Service Scanner to your Desktop and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Step 3

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

NOTE: When using "Reset FF Proxy Settings" option Firefox should be closed.

Step 4

  • Launch Malwarebytes' Anti-Malware (MBAM)
  • Click on the tab update, then click Check for Updates
  • If an update is found, it will download and install the latest version.
  • Then on the Scanner tab select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad.
  • Post the log in your next reply.

NOTE: Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#4 TylerS19

TylerS19
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:06:24 AM

Posted 04 May 2012 - 09:12 AM

Just a quick note - I was able to get my computer to stay in safe mode, I opened the task manager and killed AVG, waited several minutes with the task manager open (until everything had fully booted up) and opened mbam and avg separately. MBAM was able to find and remove something. Below are the things you asked for:

Checkup.txt
Results of screen317's Security Check version 0.99.32
Windows XP Service Pack 3 x86
Internet Explorer 6 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

AVG Free 8.5
ESET Online Scanner v3
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:

Ad-Aware
SpywareBlaster 4.6
CCleaner
Java DB 10.5.3.0
Java™ 6 Update 30
Java™ SE Development Kit 6 Update 21
Java version out of date!
Adobe Flash Player 11.2.202.233
Adobe Reader 9 Adobe Reader out of date!
Mozilla Firefox (12.0.)
Mozilla Thunderbird (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Ad-Aware AAWService.exe
Ad-Aware AAWTray.exe is disabled!
Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
Malwarebytes' Anti-Malware mbam.exe
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
``````````End of Log````````````

FSS.txt
Farbar Service Scanner Version: 30-04-2012 01
Ran by Tyler (administrator) on 04-05-2012 at 09:41:19
Running from "C:\Documents and Settings\Tyler\Desktop\Downloads"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is set to Disabled. The default start type is Auto.
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.


Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall"=DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============
Srservice Service is not running. Checking service configuration:
The start type of Srservice service is OK.
The ImagePath of Srservice service is OK.
The ServiceDll of Srservice service is OK.

sr Service is not running. Checking service configuration:
The start type of sr service is set to Disabled. The default start type is Boot.
The ImagePath of sr: "\SystemRoot\system32\DRIVERS\sr.sys".


System Restore Disabled Policy:
========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=DWORD:1


Security Center:
============

Windows Update:
============
wuauserv Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking LEGACY_wuauserv: ATTENTION!=====> Unable to open LEGACY_wuauserv\0000 registry key. The key does not exist.


Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
AegisP(10) DNE(13) Gpc(6) IPSec(4) irda(8) NetBT(5) PSched(7) s24trans(9) Tcpip(3) TVTPktFilter(12)
0x0C0000000400000001000000020000000300000005000000060000000700000008000000090000000A0000000C0000000D000000
IpSec Tag value is correct.

**** End of log ****

Result.txt
MiniToolBox by Farbar Version: 18-01-2012
Ran by Tyler (administrator) on 04-05-2012 at 09:48:55
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"network.proxy.http", "127.0.0.1"
"network.proxy.http_port", 51152
"network.proxy.type", 0

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================
127.0.0.1 localhost

127.0.0.1 localhost

========================= IP Configuration: ================================

Cisco Systems VPN Adapter = Local Area Connection 3 (Disconnected)
Intel® PRO/Wireless 3945ABG Network Connection = Wireless Network Connection (Connected)
Intel® PRO/1000 PL Network Connection = Local Area Connection (Media disconnected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Wireless Network Connection"

set address name="Wireless Network Connection" source=dhcp
set dns name="Wireless Network Connection" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection" source=dhcp

# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : LENOVO-64B6E920

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : phub.net.cable.rogers.com



Ethernet adapter Wireless Network Connection:



Connection-specific DNS Suffix . : phub.net.cable.rogers.com

Description . . . . . . . . . . . : Intel® PRO/Wireless 3945ABG Network Connection

Physical Address. . . . . . . . . : 00-19-D2-C0-6B-9C

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.100

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 64.71.255.198

Lease Obtained. . . . . . . . . . : May 4, 2012 9:20:48 AM

Lease Expires . . . . . . . . . . : May 5, 2012 9:20:48 AM



Ethernet adapter Local Area Connection:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Intel® PRO/1000 PL Network Connection

Physical Address. . . . . . . . . : 00-16-41-E6-68-9C

Server: dns.rnc.net.cable.rogers.com
Address: 64.71.255.198

Name: google.com
Addresses: 74.125.226.37, 74.125.226.35, 74.125.226.34, 74.125.226.40
74.125.226.39, 74.125.226.36, 74.125.226.33, 74.125.226.32, 74.125.226.46
74.125.226.38, 74.125.226.41



Pinging google.com [74.125.226.32] with 32 bytes of data:



Reply from 74.125.226.32: bytes=32 time=19ms TTL=56

Reply from 74.125.226.32: bytes=32 time=16ms TTL=56



Ping statistics for 74.125.226.32:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 16ms, Maximum = 19ms, Average = 17ms

Server: dns.rnc.net.cable.rogers.com
Address: 64.71.255.198

Name: yahoo.com
Addresses: 209.191.122.70, 72.30.38.140, 98.139.183.24



Pinging yahoo.com [72.30.38.140] with 32 bytes of data:



Reply from 72.30.38.140: bytes=32 time=203ms TTL=52

Reply from 72.30.38.140: bytes=32 time=211ms TTL=52



Ping statistics for 72.30.38.140:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 203ms, Maximum = 211ms, Average = 207ms

Server: dns.rnc.net.cable.rogers.com
Address: 64.71.255.198

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Request timed out.

Request timed out.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 19 d2 c0 6b 9c ...... Intel® PRO/Wireless 3945ABG Network Connection - Packet Scheduler Miniport
0x30003 ...00 16 41 e6 68 9c ...... Intel® PRO/1000 PL Network Connection - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.100 25
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.1.100 192.168.1.100 20
192.168.1.0 255.255.255.0 192.168.1.100 192.168.1.100 25
192.168.1.100 255.255.255.255 127.0.0.1 127.0.0.1 25
192.168.1.255 255.255.255.255 192.168.1.100 192.168.1.100 25
224.0.0.0 240.0.0.0 192.168.1.100 192.168.1.100 25
255.255.255.255 255.255.255.255 192.168.1.100 30003 1
255.255.255.255 255.255.255.255 192.168.1.100 192.168.1.100 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (05/03/2012 11:00:22 AM) (Source: Microsoft Office 12) (User: )
Description: EventType officelifeboathang, P1 winword.exe, P2 12.0.6545.5000, P3 ntdll.dll, P4 5.1.2600.6055, P5 NIL, P6 NIL, P7 NIL, P8 NIL, P9 officelifeboathang0, P10 officelifeboathang1.

Error: (05/02/2012 04:25:30 PM) (Source: Lavasoft Ad-Aware Service) (User: )
Description: Only one instance of service process is allowed.

Error: (05/02/2012 09:09:23 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 34177719

Error: (05/02/2012 09:09:23 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 34177719

Error: (05/02/2012 09:09:23 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/01/2012 05:48:36 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2954687

Error: (05/01/2012 05:48:36 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2954687

Error: (05/01/2012 05:48:36 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/01/2012 05:48:20 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2938390

Error: (05/01/2012 05:48:20 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2938390


System errors:
=============
Error: (03/27/2012 09:12:47 AM) (Source: Dhcp) (User: )
Description: Your computer has lost the lease to its IP address 192.168.100.10 on the
Network Card with network address 001641E6689C.

Error: (03/27/2012 09:11:58 AM) (Source: Dhcp) (User: )
Description: The IP address lease 99.240.155.10 for the Network Card with network address 001641E6689C has been
denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).

Error: (03/27/2012 09:10:26 AM) (Source: Server) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{C1534563-F3E1-488A-9909-2E7DFF95756A} because another computer on the network has the same name. The server could not start.

Error: (03/26/2012 00:02:35 PM) (Source: Dhcp) (User: )
Description: The IP address lease 99.240.155.10 for the Network Card with network address 001641E6689C has been
denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Error: (03/26/2012 00:02:25 PM) (Source: W32Time) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 15 minutes.
NtpClient has no source of accurate time.

Error: (03/26/2012 00:02:25 PM) (Source: W32Time) (User: )
Description: Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15
minutes.
The error was: A socket operation was attempted to an unreachable host. (0x80072751)

Error: (03/26/2012 00:01:09 PM) (Source: W32Time) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 14 minutes.
NtpClient has no source of accurate time.

Error: (03/26/2012 00:01:09 PM) (Source: W32Time) (User: )
Description: Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15
minutes.
The error was: A socket operation was attempted to an unreachable host. (0x80072751)

Error: (03/26/2012 00:01:06 PM) (Source: W32Time) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 14 minutes.
NtpClient has no source of accurate time.

Error: (03/26/2012 00:01:06 PM) (Source: W32Time) (User: )
Description: Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15
minutes.
The error was: A socket operation was attempted to an unreachable host. (0x80072751)


Microsoft Office Sessions:
=========================
Error: (06/27/2011 07:50:36 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 13, Application Name: Microsoft Office OneNote, Application Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 30622 seconds with 4680 seconds of active time. This session ended with a crash.

Error: (09/05/2008 06:19:33 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6308.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 59382 seconds with 0 seconds of active time. This session ended with a crash.


=========================== Installed Programs ============================

ÁTorrent (Version: 1.8.0)
ABBYY FineReader 6.0 Sprint (Version: 6.00.2146.41621)
Access Help (Version: 1.00)
Acquia Dev Desktop (Version: 7.9.9)
AcronisáDiskáDirectoráHome (Version: 11.0.216)
Ad-Aware (Version: 9.5.0)
Ad-Aware (Version: 9.6.0)
Adobe Anchor Service CS3 (Version: 1.0)
Adobe Asset Services CS3 (Version: 3)
Adobe Bridge CS3 (Version: 2)
Adobe Bridge Start Meeting (Version: 1.0)
Adobe Camera Raw 4.0 (Version: 4.0)
Adobe CMaps (Version: 1.0)
Adobe Color Common Settings (Version: 1.0)
Adobe Color EU Extra Settings (Version: 1.0)
Adobe Color JA Extra Settings (Version: 1.0)
Adobe Color NA Recommended Settings (Version: 1.0)
Adobe Default Language CS3 (Version: 1.0)
Adobe Device Central CS3 (Version: 1.0)
Adobe Dreamweaver CS3 (Version: 9)
Adobe Dreamweaver CS3 (Version: 9.0)
Adobe ExtendScript Toolkit 2 (Version: 2.0)
Adobe Extension Manager CS3 (Version: 1.8)
Adobe Flash Player 11 Plugin (Version: 11.2.202.233)
Adobe Flash Player ActiveX (Version: 9.0.124.0)
Adobe Fonts All (Version: 1.0)
Adobe Help Viewer CS3 (Version: 1)
Adobe InDesign CS3 (Version: 5.0)
Adobe InDesign CS3 Icon Handler (Version: 5.0)
Adobe Linguistics CS3 (Version: 3.0.0)
Adobe PDF Library Files (Version: 8.0)
Adobe Photoshop CS (Version: CS)
Adobe Reader 9.5.1 (Version: 9.5.1)
Adobe Setup (Version: 1.0)
Adobe SING CS3 (Version: 0.1)
Adobe Stock Photos CS3 (Version: 1.5)
Adobe Type Support (Version: 1.0)
Adobe Update Manager CS3 (Version: 5.1.0)
Adobe Version Cue CS3 Client (Version: 3)
Adobe WinSoft Linguistics Plugin (Version: 1.0)
Adobe XMP Panels CS3 (Version: 1.0)
Apple Application Support (Version: 2.1.6)
Apple Mobile Device Support (Version: 4.0.0.97)
Apple Software Update (Version: 2.1.3.127)
ATI - Software Uninstall Utility (Version: 6.14.10.1014)
ATI Catalyst Control Center (Version: 1.2.2447.13670)
ATI Display Driver (Version: 8.293.1-060913a-036475C-Lenovo)
ATI HYDRAVISION (Version: 3.25.0006)
Audacity 2.0
AVG Free 8.5
Bonjour (Version: 3.0.0.10)
Bullzip PDF Printer 5.0.0.609
CCleaner (Version: 3.08)
CDBurnerXP (Version: 4.2.4.1430)
Cisco Systems VPN Client 5.0.00.0340 (Version: 5.0.0)
Client Security Solution (Version: 7.00.0022.00)
Critical Update for Windows Media Player 11 (KB959772)
Diskeeper Lite (Version: 9.0.541)
DivX Codec (Version: 6.8.5)
DivX Converter (Version: 7.1.0)
DivX Player (Version: 7.2.0)
DivX Plus DirectShow Filters
DivX Web Player (Version: 1.5.0)
EASEUS Partition Master 6.5.2 Home Edition
ESET Online Scanner v3
FFmpeg v0.6.2 for Audacity
FileZilla Client 3.0.11.1 (Version: 3.0.11.1)
FrostWire 4.21.3 (Version: 4.21.3.0)
FrostWire 5.0.8 (Version: 5.0.8.0)
Genie Backup Assistant
Google Chrome (Version: 13.0.782.215)
Google Desktop (Version: -)
Google Desktop (Version: 4.2006.814.1947)
Google Talk Plugin (Version: 2.8.7.6830)
Google Update Helper (Version: 1.3.21.65)
Gothic 3 (Version: 1.0.0)
Gothic III - Forsaken Gods (Version: 1.00.0000)
GPL Ghostscript Lite 8.61
HASP4 Device Drivers
HeidiSQL 3.2 (Version: 3.2)
Help Center (Version: 1.04b)
High Definition Audio Driver Package - KB888111 (Version: 20040219.000000)
Intel® PRO Network Connections Drivers
Intel® PROSet/Wireless Software (Version: 10.5.0.0 API)
iTunes (Version: 10.5.2.11)
Java Auto Updater (Version: 2.0.6.1)
Java DB 10.5.3.0 (Version: 10.5.3.0)
Java™ 6 Update 30 (Version: 6.0.300)
Java™ SE Development Kit 6 Update 21 (Version: 1.6.0.210)
JGoodies JDiskReport 1.3.1 (Version: 1.3.1 (2008-07-30 08:01:08))
KeyScrambler
LAME v3.99.3 (for Windows)
Lexmark Printable Web (Version: 1.0.0.0)
Lexmark Printer Software Uninstall
Lexmark S600 Series
Lexmark Tools for Office (Version: 1.29.0.0)
LG Bluetooth Drivers (Version: 1.1)
LG MC USB U330 driver (Version: 1.0.0.0000)
LG USB Modem Drivers (Version: 4.9.4)
LimeWire 5.5.9 (Version: 5.5.9)
LiveReg (Symantec Corporation) (Version: 2.4.2.2295)
LiveUpdate 2.6 (Symantec Corporation) (Version: 2.6.18.0)
Logitech Desktop Messenger (Version: 2.54.11)
Logitech Legacy USB Camera Driver Package
Logitech QuickCam (Version: 11.80.1065)
Logitech QuickCam Driver Package
Magic ISO Maker v5.5 (build 0265)
Magic ISO Maker v5.5 (build 0281)
Malwarebytes Anti-Malware version 1.61.0.1400 (Version: 1.61.0.1400)
mCore (Version: 7.10.0000)
mDriver (Version: 7.10.0000)
Message Center (Version: 1.05)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6425.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Professional 2007 (Version: 12.0.6425.1000)
Microsoft Office Professional 2007 Trial (Version: 12.0.6425.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Silverlight (Version: 4.0.60129.0)
Microsoft Software Update for Web Folders (English) 12 (Version: 12.0.6425.1000)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
MINITAB 14 Student (Version: 14)
mMHouse (Version: 7.10.0000)
Mozilla Firefox 12.0 (x86 en-US) (Version: 12.0)
Mozilla Maintenance Service (Version: 12.0)
Mozilla Thunderbird 12.0.1 (x86 en-US) (Version: 12.0.1)
mPfMgr (Version: 7.10.0000)
mProSafe (Version: 9.00.0000)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MUSHclient (remove only)
mWlsSafe (Version: 7.10.0000)
mXML (Version: 7.10.0000)
MySQL Connector/ODBC 5.1 (Version: 5.1.6)
Newsletter Ease (Version: 1.0.0)
PDF Settings (Version: 1.0)
Picasa 2 (Version: 2.0)
Productivity Center Supplement for ThinkPad (Version: 1.02b)
QuickTime (Version: 7.50.61.0)
RealPlayer
RecordNow Audio (Version: 2.0.4)
RecordNow Copy (Version: 2.0.4)
RecordNow Data (Version: 2.0.4)
Remove Multimedia Center
Rescue and Recovery (Version: 3.10.0022.00)
Roadkil's Unstoppable Copier Version 5.2
SDFormatter
Segoe UI (Version: 14.0.4327.805)
SimSynth™ 2.x DEMO
Skype Toolbars (Version: 1.0.4051)
SkypeÖ 4.2 (Version: 4.2.163)
SnctionedMed (Version: 5.0.0.0)
Sonic DLA (Version: 5.2.0)
Sonic Express Labeler (Version: 2.1.0)
Sonic Icons for Lenovo (Version: 1.0.2)
Sonic Update Manager (Version: 3.0.0)
SoundMAX (Version: 5.10.01.4310)
SPSS Statistics 17.0 (Version: 17.0.1)
SpywareBlaster 4.6 (Version: 4.6.0)
System Migration Assistant (Version: 5.10.0043)
System Update (Version: 2.00.0084)
TeamViewer 7 (Version: 7.0.12799)
Tencent QQ (Version: 1.51.1910.0)
ThinkPad Bluetooth with Enhanced Data Rate Software (Version: 5.0.1.2900)
ThinkPad Configuration (Version: 1.54)
ThinkPad EasyEject Utility (Version: 2.22a)
ThinkPad FullScreen Magnifier (Version: 1.17)
ThinkPad Keyboard Customizer Utility (Version: 1.3.42.0)
ThinkPad Modem (Version: 7.39.00.50)
ThinkPad PC Card Power Policy (Version: 1.02)
ThinkPad Power Management Driver (Version: 1.33)
ThinkPad Power Manager (Version: 1.13c)
ThinkPad Presentation Director (Version: 2.54)
ThinkPad UltraNav Driver (Version: 7.5.17.20)
ThinkPad UltraNav Wizard (Version: 3.05)
ThinkVantage Access Connections (Version: 4.20)
ThinkVantage Active Protection System (Version: 1.41)
ThinkVantage Away Manager (Version: 2.0.7.0)
ThinkVantage Fingerprint Software 5.5 (Version: 5.5.0.2918)
ThinkVantage Productivity Center (Version: 1.11)
ThinkVantage System Update Toolbar Button for IE (Version: 1.0.0)
ThinkVantage Technologies Welcome Message (Version: 1.14)
TOSHIBA e-STUDIO AddressBook Viewer (Version: 1.11.000)
TOSHIBA e-STUDIO File Downloader (Version: 1.11.000)
TOSHIBA e-STUDIO Remote Scan driver (Version: 1.11.000)
TOSHIBA e-STUDIO TWAIN Driver (Version: 1.10.000)
TrackPoint Accessibility Features (Version: 1.11.0.0)
Trellian Dictionary v1.0 (Version: 1.0)
Trellian LiveUpgrade v2.0
Trellian SiteMapper 2.0 (Version: 2.0)
Uninstall LG PC Suite III
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office Outlook 2007 (KB2412171)
Update for Outlook 2007 Junk Email Filter (KB2508979)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB942763) (Version: 1)
Update for Windows XP (KB951072-v2) (Version: 2)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB961503) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
Update for Windows XP (KB976749) (Version: 1)
Update for Windows XP (KB978207) (Version: 1)
Update for Windows XP (KB980182) (Version: 1)
VC80CRTRedist - 8.0.50727.762 (Version: 1.0.0)
Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (Version: 9.0.30729.01)
VLC media player 1.0.3 (Version: 1.0.3)
Wallpapers
WBFS Manager 3.0 (Version: 3.0)
WebFldrs XP (Version: 9.50.7523)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.8.0031.9)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Live Call (Version: 14.0.8117.0416)
Windows Live Communications Platform (Version: 14.0.8117.416)
Windows Live Essentials (Version: 14.0.8117.0416)
Windows Live Essentials (Version: 14.0.8117.416)
Windows Live Messenger (Version: 14.0.8117.0416)
Windows Live Sign-in Assistant (Version: 5.000.818.6)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Media Connect
Windows Media Format 11 runtime
Windows XP Service Pack 3 (Version: 20080414.031525)
WinRAR archiver
XP Themes (Version: 1.00.0000)
Zoiper (Version: 2.30)

========================= Devices: ================================

Name: Cisco Systems VPN Adapter
Description: Cisco Systems VPN Adapter
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


========================= Memory info: ===================================

Percentage of memory in use: 61%
Total physical RAM: 2046.36 MB
Available physical RAM: 797.06 MB
Total Pagefile: 4964.09 MB
Available Pagefile: 4083.25 MB
Total Virtual: 2047.88 MB
Available Virtual: 1969.39 MB

========================= Partitions: =====================================

1 Drive c: (Preload) (Fixed) (Total:85.03 GB) (Free:17.22 GB) NTFS
3 Drive e: (KINGSTON) (Removable) (Total:3.73 GB) (Free:2.67 GB) FAT32
4 Drive r: (SECUREDRIVE) (Removable) (Total:0.49 GB) (Free:0.49 GB) FAT

========================= Users: ========================================

User accounts for \\LENOVO-64B6E920

Administrator ASPNET Guest
HelpAssistant SUPPORT_388945a0 Tyler

========================= Minidump Files ==================================

C:\WINDOWS\Minidump\Mini091511-01.dmp

**** End of log ****

MBAM Log
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.04.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 6.0.2900.5512
Tyler :: LENOVO-64B6E920 [administrator]

Protection: Enabled

04/05/2012 9:54:23 AM
mbam-log-2012-05-04 (09-54-23).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 222120
Time elapsed: 14 minute(s),

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#5 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:10:24 AM

Posted 05 May 2012 - 05:44 PM

Hi

Step 1

MBAM was able to find and remove something

We need to find out what this was.

Please list the names of the MBAM log files in
C:\Documents and Settings\Tyler\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\
folder in your next reply.

Step 2

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe on yourr desktop to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click on change parameters
  • Select Detect TDLFS file system
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.


Step 3

How is your computer running now?

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#6 TylerS19

TylerS19
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:06:24 AM

Posted 05 May 2012 - 05:57 PM

Good afternoon,

There are about 90 files in that folder, I went through and found the one that removed the infection, it's pasted below:

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.26.02

Windows XP Service Pack 3 x86 NTFS (Safe Mode)
Internet Explorer 6.0.2900.5512
Tyler :: LENOVO-64B6E920 [administrator]

02/05/2012 4:57:10 PM
mbam-log-2012-05-02 (16-57-10).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 217570
Time elapsed: 12 minute(s), 21 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|pagcpi (Trojan.Agent.LTGen) -> Data: rundll32.exe "C:\DOCUME~1\Tyler\LOCALS~1\Temp\pagcpi.dll",Vec4Normalize -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|agevnv (Trojan.Agent.LTGen) -> Data: rundll32.exe "C:\DOCUME~1\Tyler\LOCALS~1\Temp\agevnv.dll",ConvertToExifTiff -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Documents and Settings\Tyler\Local Settings\temp\agevnv.dll (Trojan.Agent.LTGen) -> Quarantined and deleted successfully.

(end)





I'll download and run the tool soon.

#7 TylerS19

TylerS19
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:06:24 AM

Posted 07 May 2012 - 01:15 PM

Thanks for the quick reply.

I ran the scan and it did find something, "cure" was not an option so I selected skip (skip, quarantine, and delete were the options).

Below is a pasted copy of the log:

14:11:29.0593 3164 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
14:11:29.0953 3164 ============================================================
14:11:29.0953 3164 Current date / time: 2012/05/07 14:11:29.0953
14:11:29.0953 3164 SystemInfo:
14:11:29.0953 3164
14:11:29.0953 3164 OS Version: 5.1.2600 ServicePack: 3.0
14:11:29.0953 3164 Product type: Workstation
14:11:29.0953 3164 ComputerName: LENOVO-64B6E920
14:11:29.0953 3164 UserName: Tyler
14:11:29.0953 3164 Windows directory: C:\WINDOWS
14:11:29.0953 3164 System windows directory: C:\WINDOWS
14:11:29.0953 3164 Processor architecture: Intel x86
14:11:29.0953 3164 Number of processors: 2
14:11:29.0953 3164 Page size: 0x1000
14:11:29.0953 3164 Boot type: Normal boot
14:11:29.0953 3164 ============================================================
14:11:34.0375 3164 Drive \Device\Harddisk0\DR0 - Size: 0x174A446000 (93.16 Gb), SectorSize: 0x200, Cylinders: 0x3279, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054
14:11:34.0390 3164 Drive \Device\Harddisk1\DR5 - Size: 0xEEE00000 (3.73 Gb), SectorSize: 0x200, Cylinders: 0x1E7, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
14:11:34.0390 3164 ============================================================
14:11:34.0390 3164 \Device\Harddisk0\DR0:
14:11:34.0406 3164 MBR partitions:
14:11:34.0406 3164 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xAA106E1
14:11:34.0406 3164 \Device\Harddisk1\DR5:
14:11:34.0406 3164 MBR partitions:
14:11:34.0406 3164 \Device\Harddisk1\DR5\Partition0: MBR, Type 0xC, StartLBA 0x1F80, BlocksNum 0x775080
14:11:34.0406 3164 ============================================================
14:11:34.0421 3164 C: <-> \Device\Harddisk0\DR0\Partition0
14:11:34.0437 3164 ============================================================
14:11:34.0437 3164 Initialize success
14:11:34.0437 3164 ============================================================
14:12:10.0968 8504 ============================================================
14:12:10.0968 8504 Scan started
14:12:10.0968 8504 Mode: Manual; TDLFS;
14:12:10.0968 8504 ============================================================
14:12:11.0265 8504 Abiosdsk - ok
14:12:11.0281 8504 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
14:12:11.0453 8504 abp480n5 - ok
14:12:11.0468 8504 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys
14:12:11.0640 8504 ac97intc - ok
14:12:11.0687 8504 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
14:12:11.0875 8504 ACPI - ok
14:12:11.0906 8504 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
14:12:12.0140 8504 ACPIEC - ok
14:12:12.0281 8504 AcPrfMgrSvc (f8c80392fe8e82a6f18a4d9af8e57f88) C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
14:12:12.0281 8504 AcPrfMgrSvc - ok
14:12:12.0312 8504 AcSvc (0a5201cb7e5e65a340ee1348532aa454) C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
14:12:12.0312 8504 AcSvc - ok
14:12:12.0359 8504 ADIHdAudAddService (66614b9fdc7e74ab736a84d89f7b06b6) C:\WINDOWS\system32\drivers\ADIHdAud.sys
14:12:12.0531 8504 ADIHdAudAddService - ok
14:12:12.0609 8504 Adobe LM Service (5ddc0a8d2cd60bda593ddaf45821ce08) C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
14:12:12.0906 8504 Adobe LM Service - ok
14:12:12.0984 8504 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
14:12:12.0984 8504 AdobeFlashPlayerUpdateSvc - ok
14:12:13.0015 8504 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
14:12:13.0265 8504 adpu160m - ok
14:12:13.0312 8504 AEAudioService (03be587e90c8b37c7ff1fe2e9c1d1c90) C:\WINDOWS\system32\drivers\AEAudio.sys
14:12:13.0546 8504 AEAudioService - ok
14:12:13.0593 8504 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
14:12:13.0625 8504 aec - ok
14:12:13.0656 8504 AegisP (15e655baa989444f56787ef558823643) C:\WINDOWS\system32\DRIVERS\AegisP.sys
14:12:13.0906 8504 AegisP - ok
14:12:13.0937 8504 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
14:12:14.0156 8504 AFD - ok
14:12:14.0187 8504 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
14:12:14.0421 8504 agp440 - ok
14:12:14.0453 8504 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
14:12:14.0656 8504 agpCPQ - ok
14:12:14.0703 8504 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
14:12:14.0968 8504 Aha154x - ok
14:12:14.0984 8504 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
14:12:15.0171 8504 aic78u2 - ok
14:12:15.0187 8504 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
14:12:15.0421 8504 aic78xx - ok
14:12:15.0453 8504 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
14:12:15.0453 8504 Alerter - ok
14:12:15.0468 8504 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
14:12:15.0718 8504 ALG - ok
14:12:15.0734 8504 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
14:12:15.0953 8504 AliIde - ok
14:12:16.0000 8504 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
14:12:16.0234 8504 alim1541 - ok
14:12:16.0265 8504 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
14:12:16.0515 8504 amdagp - ok
14:12:16.0562 8504 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
14:12:16.0796 8504 amsint - ok
14:12:16.0828 8504 ANC (11ab185a7af224800bbfb5b836974a17) C:\WINDOWS\system32\drivers\ANC.SYS
14:12:17.0000 8504 ANC - ok
14:12:17.0109 8504 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:12:17.0109 8504 Apple Mobile Device - ok
14:12:17.0156 8504 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
14:12:17.0406 8504 AppMgmt - ok
14:12:17.0437 8504 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
14:12:17.0593 8504 asc - ok
14:12:17.0625 8504 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
14:12:17.0812 8504 asc3350p - ok
14:12:17.0843 8504 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
14:12:18.0031 8504 asc3550 - ok
14:12:18.0156 8504 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
14:12:18.0609 8504 aspnet_state - ok
14:12:18.0656 8504 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
14:12:18.0890 8504 AsyncMac - ok
14:12:18.0921 8504 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
14:12:18.0937 8504 atapi - ok
14:12:18.0937 8504 Atdisk - ok
14:12:19.0000 8504 Ati HotKey Poller (eedac720ac52a12edbe1d1f9933b59e7) C:\WINDOWS\system32\Ati2evxx.exe
14:12:19.0000 8504 Ati HotKey Poller - ok
14:12:19.0156 8504 ati2mtag (e150424208c8a91deed8c45019a6cdd2) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
14:12:19.0390 8504 ati2mtag - ok
14:12:19.0593 8504 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
14:12:19.0796 8504 Atmarpc - ok
14:12:19.0843 8504 atmeltpm (dbf0d7e2df33b469eb55406fea759350) C:\WINDOWS\system32\DRIVERS\atmeltpm.sys
14:12:20.0078 8504 atmeltpm - ok
14:12:20.0125 8504 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
14:12:20.0125 8504 AudioSrv - ok
14:12:20.0140 8504 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
14:12:20.0312 8504 audstub - ok
14:12:20.0453 8504 avg8wd (db338a6bd3976904eb0f8343f51e64eb) C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
14:12:20.0453 8504 avg8wd - ok
14:12:20.0515 8504 AvgLdx86 (bc12f2404bb6f2b6b2ff3c4c246cb752) C:\WINDOWS\System32\Drivers\avgldx86.sys
14:12:20.0750 8504 AvgLdx86 - ok
14:12:20.0765 8504 AvgMfx86 (5903d729d4f0c5bca74123c96a1b29e0) C:\WINDOWS\System32\Drivers\avgmfx86.sys
14:12:20.0968 8504 AvgMfx86 - ok
14:12:21.0015 8504 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
14:12:21.0250 8504 Beep - ok
14:12:21.0312 8504 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
14:12:21.0437 8504 BITS - ok
14:12:21.0515 8504 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
14:12:21.0531 8504 Bonjour Service - ok
14:12:21.0562 8504 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
14:12:21.0593 8504 Browser - ok
14:12:21.0671 8504 BTKRNL (dbd408226b00c20158864f30a5a84451) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
14:12:21.0968 8504 BTKRNL - ok
14:12:22.0078 8504 btwdins (cb2a3bae9aad6b42f7b6473363bbc168) C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
14:12:22.0093 8504 btwdins - ok
14:12:22.0109 8504 BTWUSB (7cd8e4303fda5b11da325340778d99d9) C:\WINDOWS\system32\Drivers\btwusb.sys
14:12:22.0359 8504 BTWUSB - ok
14:12:22.0437 8504 catchme - ok
14:12:22.0484 8504 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
14:12:22.0718 8504 cbidf - ok
14:12:22.0718 8504 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
14:12:22.0718 8504 cbidf2k - ok
14:12:22.0750 8504 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
14:12:22.0937 8504 CCDECODE - ok
14:12:22.0953 8504 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
14:12:23.0125 8504 cd20xrnt - ok
14:12:23.0156 8504 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
14:12:23.0328 8504 Cdaudio - ok
14:12:23.0359 8504 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
14:12:23.0671 8504 Cdfs - ok
14:12:23.0703 8504 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
14:12:24.0015 8504 Cdrom - ok
14:12:24.0031 8504 Changer - ok
14:12:24.0062 8504 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
14:12:24.0312 8504 CiSvc - ok
14:12:24.0328 8504 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
14:12:24.0562 8504 ClipSrv - ok
14:12:24.0828 8504 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:12:25.0421 8504 clr_optimization_v2.0.50727_32 - ok
14:12:25.0437 8504 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
14:12:25.0671 8504 CmBatt - ok
14:12:25.0718 8504 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
14:12:25.0890 8504 CmdIde - ok
14:12:25.0921 8504 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
14:12:26.0125 8504 Compbatt - ok
14:12:26.0125 8504 COMSysApp - ok
14:12:26.0156 8504 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
14:12:26.0359 8504 Cpqarray - ok
14:12:26.0406 8504 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
14:12:26.0421 8504 CryptSvc - ok
14:12:26.0437 8504 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\WINDOWS\system32\DRIVERS\CVirtA.sys
14:12:26.0609 8504 CVirtA - ok
14:12:26.0781 8504 CVPND (08d8fa119f2ad6ac0377fb667523482e) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
14:12:26.0828 8504 CVPND - ok
14:12:27.0015 8504 CVPNDRVA (1c2999966f0f36aa44eaecbee70cf770) C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
14:12:27.0296 8504 CVPNDRVA - ok
14:12:27.0328 8504 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
14:12:27.0500 8504 dac2w2k - ok
14:12:27.0515 8504 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
14:12:27.0687 8504 dac960nt - ok
14:12:27.0765 8504 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
14:12:27.0781 8504 DcomLaunch - ok
14:12:27.0812 8504 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
14:12:27.0828 8504 Dhcp - ok
14:12:27.0859 8504 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
14:12:28.0078 8504 Disk - ok
14:12:28.0203 8504 Diskeeper (0711d2e0f17b31e537b2770a618da41f) C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
14:12:28.0218 8504 Diskeeper - ok
14:12:28.0250 8504 DLABOIOM (35cbc02546335ea41a5d516da6626c8a) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
14:12:28.0468 8504 DLABOIOM - ok
14:12:28.0515 8504 DLACDBHM (ec6ae8bc9f773382d2eed49e4dfdae2a) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
14:12:28.0703 8504 DLACDBHM - ok
14:12:28.0734 8504 DLADResN (19e3db16de2bb3db81b172a78d140b03) C:\WINDOWS\system32\DLA\DLADResN.SYS
14:12:28.0875 8504 DLADResN - ok
14:12:28.0906 8504 DLAIFS_M (e4859ca5bd8412a9a60d62067a653522) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
14:12:29.0031 8504 DLAIFS_M - ok
14:12:29.0062 8504 DLAOPIOM (20c24a3d1cf0825487c93f806625805e) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
14:12:29.0265 8504 DLAOPIOM - ok
14:12:29.0281 8504 DLAPoolM (8a530da5dc81954bcf1966813f699b49) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
14:12:29.0421 8504 DLAPoolM - ok
14:12:29.0468 8504 DLARTL_N (0605b66052f82b6f07204dbdb61c13ff) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
14:12:29.0687 8504 DLARTL_N - ok
14:12:29.0765 8504 DLAUDFAM (7eda68af6a91bf64af6f301e39928ebf) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
14:12:29.0968 8504 DLAUDFAM - ok
14:12:30.0000 8504 DLAUDF_M (a18423bbc6d92b01fdf3c51e7510ee70) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
14:12:30.0140 8504 DLAUDF_M - ok
14:12:30.0156 8504 dmadmin - ok
14:12:30.0250 8504 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
14:12:30.0437 8504 dmboot - ok
14:12:30.0500 8504 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
14:12:30.0703 8504 dmio - ok
14:12:30.0718 8504 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
14:12:31.0015 8504 dmload - ok
14:12:31.0046 8504 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
14:12:31.0062 8504 dmserver - ok
14:12:31.0078 8504 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
14:12:31.0109 8504 DMusic - ok
14:12:31.0156 8504 DNE (7b4fdfbe97c047175e613aa96f3de987) C:\WINDOWS\system32\DRIVERS\dne2000.sys
14:12:31.0296 8504 DNE - ok
14:12:31.0328 8504 Dnscache (474b4dc3983173e4b4c9740b0dac98a6) C:\WINDOWS\System32\dnsrslvr.dll
14:12:31.0328 8504 Dnscache - ok
14:12:31.0375 8504 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
14:12:31.0578 8504 Dot3svc - ok
14:12:31.0609 8504 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
14:12:31.0734 8504 dpti2o - ok
14:12:31.0781 8504 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
14:12:31.0828 8504 drmkaud - ok
14:12:31.0875 8504 DRVMCDB (48c7008d23dcfce0d0232f49307efced) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
14:12:32.0015 8504 DRVMCDB - ok
14:12:32.0062 8504 DRVNDDM (05467e44a42c777dd1534bb4539b16d1) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
14:12:32.0265 8504 DRVNDDM - ok
14:12:32.0312 8504 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
14:12:32.0562 8504 E100B - ok
14:12:32.0625 8504 e1express (00560c3fedf8958fcdc7c68b7906f66f) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
14:12:32.0843 8504 e1express - ok
14:12:32.0890 8504 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
14:12:33.0140 8504 EapHost - ok
14:12:33.0187 8504 EGATHDRV (2d0fc676d159525f6cd74c3302c7a61c) C:\WINDOWS\SYSTEM32\EGATHDRV.SYS
14:12:33.0359 8504 EGATHDRV - ok
14:12:33.0406 8504 epmntdrv (f07ba56b0235f15eff8f10dc6389c42e) C:\WINDOWS\system32\epmntdrv.sys
14:12:33.0562 8504 epmntdrv - ok
14:12:33.0593 8504 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
14:12:33.0593 8504 ERSvc - ok
14:12:33.0609 8504 EuGdiDrv (1f2f4ab15ce03ecc257feb2f6dc5a013) C:\WINDOWS\system32\EuGdiDrv.sys
14:12:33.0781 8504 EuGdiDrv - ok
14:12:33.0812 8504 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
14:12:33.0828 8504 Eventlog - ok
14:12:33.0875 8504 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
14:12:33.0875 8504 EventSystem - ok
14:12:33.0968 8504 EvtEng (6a197698a141ffe7651b962ae3172008) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
14:12:33.0984 8504 EvtEng - ok
14:12:34.0031 8504 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
14:12:34.0234 8504 Fastfat - ok
14:12:34.0281 8504 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
14:12:34.0281 8504 FastUserSwitchingCompatibility - ok
14:12:34.0296 8504 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
14:12:34.0515 8504 Fdc - ok
14:12:34.0562 8504 FilterService (50104c5f1ee1e295781caf9521ca2e56) C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys
14:12:34.0734 8504 FilterService - ok
14:12:34.0765 8504 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
14:12:34.0968 8504 Fips - ok
14:12:35.0046 8504 FLEXnet Licensing Service (227846995afeefa70d328bf5334a86a5) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
14:12:35.0281 8504 FLEXnet Licensing Service - ok
14:12:35.0312 8504 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
14:12:35.0531 8504 Flpydisk - ok
14:12:35.0578 8504 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
14:12:35.0875 8504 FltMgr - ok
14:12:35.0968 8504 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
14:12:36.0109 8504 FontCache3.0.0.0 - ok
14:12:36.0140 8504 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
14:12:36.0312 8504 Fs_Rec - ok
14:12:36.0343 8504 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
14:12:36.0562 8504 Ftdisk - ok
14:12:36.0640 8504 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
14:12:36.0812 8504 GEARAspiWDM - ok
14:12:36.0843 8504 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
14:12:36.0968 8504 Gpc - ok
14:12:37.0015 8504 gupdate1c9e89826ac7d22 - ok
14:12:37.0031 8504 gupdatem - ok
14:12:37.0109 8504 Hardlock (c1cc0c9742b881c42f1cc628e6f9ebd1) C:\WINDOWS\system32\drivers\hardlock.sys
14:12:37.0328 8504 Hardlock - ok
14:12:37.0375 8504 Haspnt (2dd25f060dc9f79b5cdf33d90ed93669) C:\WINDOWS\system32\drivers\Haspnt.sys
14:12:37.0562 8504 Haspnt - ok
14:12:37.0609 8504 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
14:12:37.0843 8504 HDAudBus - ok
14:12:37.0906 8504 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
14:12:37.0906 8504 helpsvc - ok
14:12:37.0906 8504 HidServ - ok
14:12:37.0937 8504 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
14:12:38.0093 8504 HidUsb - ok
14:12:38.0125 8504 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
14:12:38.0343 8504 hkmsvc - ok
14:12:38.0375 8504 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
14:12:38.0546 8504 hpn - ok
14:12:38.0671 8504 HSF_DPV (b1fc0b027df4374f9e5b796cfdf797b3) C:\WINDOWS\system32\DRIVERS\hsx_dpv.sys
14:12:38.0859 8504 HSF_DPV - ok
14:12:38.0890 8504 HSXHWAZL (3af45f5b4157c88ffae24d89ba408302) C:\WINDOWS\system32\DRIVERS\hsxhwazl.sys
14:12:39.0093 8504 HSXHWAZL - ok
14:12:39.0156 8504 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
14:12:39.0312 8504 HTTP - ok
14:12:39.0359 8504 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
14:12:39.0375 8504 HTTPFilter - ok
14:12:39.0406 8504 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
14:12:39.0593 8504 i2omgmt - ok
14:12:39.0625 8504 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
14:12:39.0796 8504 i2omp - ok
14:12:39.0828 8504 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
14:12:39.0953 8504 i8042prt - ok
14:12:40.0046 8504 iaStor (309c4d86d989fb1fcf64bd30dc81c51b) C:\WINDOWS\system32\DRIVERS\iaStor.sys
14:12:40.0265 8504 iaStor - ok
14:12:40.0296 8504 IBMPMDRV (067a88764593b1f46a6cfb00c69c11eb) C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys
14:12:40.0468 8504 IBMPMDRV - ok
14:12:40.0500 8504 IBMPMSVC (21abd7e16659602723f984f512c65e02) C:\WINDOWS\system32\ibmpmsvc.exe
14:12:40.0500 8504 IBMPMSVC - ok
14:12:40.0531 8504 IBMTPCHK (bfc9f3adaad74e13f9ce16c8bd336f95) C:\WINDOWS\system32\Drivers\IBMBLDID.sys
14:12:40.0703 8504 IBMTPCHK - ok
14:12:40.0812 8504 IDriverT (daf66902f08796f9c694901660e5a64a) C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
14:12:40.0953 8504 IDriverT - ok
14:12:41.0156 8504 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
14:12:41.0359 8504 idsvc - ok
14:12:41.0406 8504 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
14:12:41.0562 8504 Imapi - ok
14:12:41.0609 8504 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
14:12:41.0828 8504 ImapiService - ok
14:12:41.0875 8504 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
14:12:41.0984 8504 ini910u - ok
14:12:42.0031 8504 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
14:12:42.0171 8504 IntelIde - ok
14:12:42.0218 8504 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
14:12:42.0406 8504 intelppm - ok
14:12:42.0437 8504 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
14:12:42.0593 8504 Ip6Fw - ok
14:12:42.0625 8504 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
14:12:42.0812 8504 IpFilterDriver - ok
14:12:42.0843 8504 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
14:12:43.0015 8504 IpInIp - ok
14:12:43.0046 8504 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
14:12:43.0171 8504 IpNat - ok
14:12:43.0312 8504 iPod Service (178fe38b7740f598391eb2f51ae4ccac) C:\Program Files\iPod\bin\iPodService.exe
14:12:43.0328 8504 iPod Service - ok
14:12:43.0343 8504 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
14:12:43.0500 8504 IPSec - ok
14:12:43.0531 8504 IPSSVC (4d1d3b3644737746fb98c4d272fb4a86) C:\WINDOWS\system32\IPSSVC.EXE
14:12:43.0546 8504 IPSSVC - ok
14:12:43.0578 8504 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys
14:12:43.0734 8504 irda - ok
14:12:43.0750 8504 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
14:12:43.0937 8504 IRENUM - ok
14:12:43.0984 8504 Irmon (49cc4533ce897cb2e93c1e84a818fde5) C:\WINDOWS\System32\irmon.dll
14:12:44.0203 8504 Irmon - ok
14:12:44.0250 8504 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
14:12:44.0437 8504 isapnp - ok
14:12:44.0562 8504 JavaQuickStarterService (9aa67569d5257462e230767510b0c815) C:\Program Files\Java\jre6\bin\jqs.exe
14:12:44.0562 8504 JavaQuickStarterService - ok
14:12:44.0593 8504 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
14:12:44.0687 8504 Kbdclass - ok
14:12:44.0734 8504 KeyScrambler (83a174ac30d12186e5c2e56d362d3604) C:\WINDOWS\system32\drivers\keyscrambler.sys
14:12:44.0875 8504 KeyScrambler - ok
14:12:44.0921 8504 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
14:12:44.0937 8504 kmixer - ok
14:12:44.0984 8504 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
14:12:45.0187 8504 KSecDD - ok
14:12:45.0218 8504 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
14:12:45.0234 8504 lanmanserver - ok
14:12:45.0265 8504 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
14:12:45.0265 8504 lanmanworkstation - ok
14:12:45.0515 8504 Lavasoft Ad-Aware Service (ea38136981c61c571d52c380daad46ef) C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
14:12:45.0562 8504 Lavasoft Ad-Aware Service - ok
14:12:45.0625 8504 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
14:12:45.0812 8504 Lavasoft Kernexplorer - ok
14:12:45.0984 8504 Lbd (336abe8721cbc3110f1c6426da633417) C:\WINDOWS\system32\DRIVERS\Lbd.sys
14:12:46.0109 8504 Lbd - ok
14:12:46.0109 8504 lbrtfdc - ok
14:12:46.0171 8504 LexBceS (a5a631c38858bfdbe7f608b4486723e2) C:\WINDOWS\system32\LEXBCES.EXE
14:12:46.0187 8504 LexBceS - ok
14:12:46.0234 8504 LgBttPort (4dd47b5af0b24871ebb9efc012a7474e) C:\WINDOWS\system32\DRIVERS\lgbtport.sys
14:12:46.0359 8504 LgBttPort - ok
14:12:46.0359 8504 lgbusenum (1d038ca6c529203087a990e5e97887b4) C:\WINDOWS\system32\DRIVERS\lgbtbus.sys
14:12:46.0500 8504 lgbusenum - ok
14:12:46.0531 8504 LGVMODEM (26f1976a330195d62a6224c76968cf0d) C:\WINDOWS\system32\DRIVERS\lgvmodem.sys
14:12:46.0703 8504 LGVMODEM - ok
14:12:46.0734 8504 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
14:12:46.0734 8504 LmHosts - ok
14:12:46.0750 8504 LVcKap - ok
14:12:46.0859 8504 LVCOMSer (38440fe1a65b1fe3d246c5c4cad22f53) C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
14:12:46.0859 8504 LVCOMSer - ok
14:12:46.0859 8504 LVMVDrv - ok
14:12:46.0921 8504 LVPr2Mon (a6919138f29ae45e90e99fa94737e04c) C:\WINDOWS\system32\Drivers\LVPr2Mon.sys
14:12:47.0078 8504 LVPr2Mon - ok
14:12:47.0140 8504 LVPrcSrv (28bd0e4b6c050b591b8cb35b9ad284e6) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
14:12:47.0156 8504 LVPrcSrv - ok
14:12:47.0234 8504 LVRS (b895839b8743e400d7c7dae156f74e7e) C:\WINDOWS\system32\DRIVERS\lvrs.sys
14:12:47.0468 8504 LVRS - ok
14:12:47.0531 8504 LVUSBSta (23f8ef78bb9553e465a476f3cee5ca18) C:\WINDOWS\system32\drivers\LVUSBSta.sys
14:12:47.0625 8504 LVUSBSta - ok
14:12:48.0109 8504 LVUVC (8bc0d5f6e3898f465a94c6d03afb5a20) C:\WINDOWS\system32\DRIVERS\lvuvc.sys
14:12:48.0531 8504 LVUVC - ok
14:12:48.0656 8504 lxed_device - ok
14:12:48.0718 8504 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\WINDOWS\system32\drivers\mbam.sys
14:12:48.0906 8504 MBAMProtector - ok
14:12:49.0046 8504 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
14:12:49.0062 8504 MBAMService - ok
14:12:49.0093 8504 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
14:12:49.0296 8504 mdmxsdk - ok
14:12:49.0328 8504 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
14:12:49.0578 8504 Messenger - ok
14:12:49.0687 8504 Microsoft Office Groove Audit Service (7c4c76b39d5525c4a465e0be32528e19) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
14:12:50.0156 8504 Microsoft Office Groove Audit Service - ok
14:12:50.0187 8504 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
14:12:50.0375 8504 mnmdd - ok
14:12:50.0421 8504 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
14:12:50.0671 8504 mnmsrvc - ok
14:12:50.0718 8504 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
14:12:50.0875 8504 Modem - ok
14:12:50.0906 8504 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
14:12:51.0078 8504 Mouclass - ok
14:12:51.0109 8504 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
14:12:51.0203 8504 mouhid - ok
14:12:51.0218 8504 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
14:12:51.0359 8504 MountMgr - ok
14:12:51.0406 8504 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
14:12:52.0000 8504 MozillaMaintenance - ok
14:12:52.0046 8504 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
14:12:52.0187 8504 mraid35x - ok
14:12:52.0250 8504 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
14:12:52.0296 8504 MRxDAV - ok
14:12:52.0359 8504 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
14:12:52.0578 8504 MRxSmb - ok
14:12:52.0609 8504 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
14:12:52.0812 8504 MSDTC - ok
14:12:52.0843 8504 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
14:12:53.0062 8504 Msfs - ok
14:12:53.0062 8504 MSIServer - ok
14:12:53.0078 8504 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
14:12:53.0296 8504 MSKSSRV - ok
14:12:53.0328 8504 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
14:12:53.0484 8504 MSPCLOCK - ok
14:12:53.0500 8504 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
14:12:53.0609 8504 MSPQM - ok
14:12:53.0656 8504 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
14:12:53.0906 8504 mssmbios - ok
14:12:53.0937 8504 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
14:12:54.0140 8504 MSTEE - ok
14:12:54.0187 8504 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
14:12:54.0343 8504 Mup - ok
14:12:54.0390 8504 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
14:12:54.0562 8504 NABTSFEC - ok
14:12:54.0609 8504 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
14:12:54.0859 8504 napagent - ok
14:12:54.0890 8504 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
14:12:55.0093 8504 NDIS - ok
14:12:55.0109 8504 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
14:12:55.0296 8504 NdisIP - ok
14:12:55.0312 8504 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
14:12:55.0468 8504 NdisTapi - ok
14:12:55.0515 8504 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
14:12:55.0515 8504 Ndisuio - ok
14:12:55.0546 8504 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
14:12:55.0687 8504 NdisWan - ok
14:12:55.0718 8504 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
14:12:55.0906 8504 NDProxy - ok
14:12:55.0953 8504 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
14:12:56.0015 8504 NetBIOS - ok
14:12:56.0046 8504 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
14:12:56.0250 8504 NetBT - ok
14:12:56.0281 8504 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
14:12:56.0453 8504 NetDDE - ok
14:12:56.0453 8504 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
14:12:56.0468 8504 NetDDEdsdm - ok
14:12:56.0500 8504 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
14:12:56.0500 8504 Netlogon - ok
14:12:56.0531 8504 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
14:12:56.0546 8504 Netman - ok
14:12:56.0687 8504 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:12:56.0906 8504 NetTcpPortSharing - ok
14:12:57.0093 8504 NETw3x32 (e2f396f71a793a04839dbb6af304a026) C:\WINDOWS\system32\DRIVERS\NETw3x32.sys
14:12:57.0281 8504 NETw3x32 - ok
14:12:57.0453 8504 Nla (832e4dd8964ab7acc880b2837cb1ed20) C:\WINDOWS\System32\mswsock.dll
14:12:57.0453 8504 Nla - ok
14:12:57.0515 8504 NMSAccessU (fd306fbcce7adb1077b709742e7148e9) C:\Program Files\CDBurnerXP\NMSAccessU.exe
14:12:57.0531 8504 NMSAccessU - ok
14:12:57.0593 8504 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
14:12:57.0765 8504 Npfs - ok
14:12:57.0781 8504 NSCIRDA (2adc0ca9945c65284b3d19bc18765974) C:\WINDOWS\system32\DRIVERS\nscirda.sys
14:12:57.0921 8504 NSCIRDA - ok
14:12:58.0000 8504 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
14:12:58.0109 8504 Ntfs - ok
14:12:58.0156 8504 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
14:12:58.0156 8504 NtLmSsp - ok
14:12:58.0203 8504 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
14:12:58.0468 8504 NtmsSvc - ok
14:12:58.0500 8504 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
14:12:58.0671 8504 Null - ok
14:12:58.0890 8504 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
14:12:59.0125 8504 nv - ok
14:12:59.0312 8504 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
14:12:59.0515 8504 NwlnkFlt - ok
14:12:59.0546 8504 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
14:12:59.0718 8504 NwlnkFwd - ok
14:12:59.0906 8504 odserv (1f0e05dff4f5a833168e49be1256f002) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
14:13:00.0234 8504 odserv - ok
14:13:00.0515 8504 OS Selector (9bfd0a072459782e3638362a4473e283) C:\Program Files\Acronis\DiskDirector\OSS\reinstall_svc.exe
14:13:00.0562 8504 OS Selector - ok
14:13:00.0640 8504 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:13:01.0156 8504 ose - ok
14:13:01.0500 8504 osixrnptqfqrjikp - ok
14:13:01.0546 8504 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
14:13:01.0687 8504 Parport - ok
14:13:01.0703 8504 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
14:13:01.0906 8504 PartMgr - ok
14:13:01.0937 8504 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
14:13:01.0953 8504 ParVdm - ok
14:13:01.0968 8504 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
14:13:02.0156 8504 PCI - ok
14:13:02.0156 8504 PCIDump - ok
14:13:02.0187 8504 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
14:13:02.0406 8504 PCIIde - ok
14:13:02.0453 8504 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
14:13:02.0625 8504 Pcmcia - ok
14:13:02.0625 8504 PDCOMP - ok
14:13:02.0625 8504 PDFRAME - ok
14:13:02.0640 8504 PDRELI - ok
14:13:02.0640 8504 PDRFRAME - ok
14:13:02.0687 8504 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
14:13:02.0828 8504 perc2 - ok
14:13:02.0843 8504 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
14:13:02.0984 8504 perc2hib - ok
14:13:03.0062 8504 PID_0928 (4fd88efe733a120837d365f2cd143742) C:\WINDOWS\system32\DRIVERS\LV561AV.SYS
14:13:03.0250 8504 PID_0928 - ok
14:13:03.0281 8504 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
14:13:03.0296 8504 PlugPlay - ok
14:13:03.0312 8504 pmem (dedef40e1d05842639491365cb2c069e) C:\WINDOWS\System32\drivers\pmemnt.sys
14:13:03.0484 8504 pmem - ok
14:13:03.0531 8504 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
14:13:03.0531 8504 PolicyAgent - ok
14:13:03.0562 8504 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
14:13:03.0718 8504 PptpMiniport - ok
14:13:03.0812 8504 PrivateDisk (ebe579425ccb8377bfc7c0b50c05eb56) C:\Program Files\Lenovo\SafeGuard PrivateDisk\PrivateDiskM.sys
14:13:03.0953 8504 PrivateDisk - ok
14:13:03.0984 8504 PROCDD (6f9e6e874fd74ee6dd0bbecde9d3f795) C:\WINDOWS\system32\DRIVERS\PROCDD.SYS
14:13:04.0156 8504 PROCDD - ok
14:13:04.0203 8504 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
14:13:04.0343 8504 Processor - ok
14:13:04.0343 8504 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
14:13:04.0343 8504 ProtectedStorage - ok
14:13:04.0390 8504 psadd (fb4c54f3a168b178dabf15eebaed8276) C:\WINDOWS\system32\Drivers\psadd.sys
14:13:04.0562 8504 psadd - ok
14:13:04.0593 8504 PsaSrv (a39e2901c4a75781d1be845bd47d1131) C:\WINDOWS\system32\PsaSrv.exe
14:13:04.0890 8504 PsaSrv - ok
14:13:04.0953 8504 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
14:13:05.0093 8504 PSched - ok
14:13:05.0125 8504 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
14:13:05.0265 8504 Ptilink - ok
14:13:05.0281 8504 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
14:13:05.0437 8504 PxHelp20 - ok
14:13:05.0468 8504 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
14:13:05.0625 8504 ql1080 - ok
14:13:05.0640 8504 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
14:13:05.0859 8504 Ql10wnt - ok
14:13:05.0875 8504 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
14:13:06.0062 8504 ql12160 - ok
14:13:06.0062 8504 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
14:13:06.0187 8504 ql1240 - ok
14:13:06.0203 8504 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
14:13:06.0328 8504 ql1280 - ok
14:13:06.0359 8504 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
14:13:06.0500 8504 RasAcd - ok
14:13:06.0546 8504 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
14:13:06.0718 8504 RasAuto - ok
14:13:06.0765 8504 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
14:13:06.0953 8504 Rasirda - ok
14:13:07.0000 8504 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
14:13:07.0093 8504 Rasl2tp - ok
14:13:07.0156 8504 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
14:13:07.0171 8504 RasMan - ok
14:13:07.0171 8504 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
14:13:07.0312 8504 RasPppoe - ok
14:13:07.0359 8504 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
14:13:07.0578 8504 Raspti - ok
14:13:07.0640 8504 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
14:13:07.0718 8504 Rdbss - ok
14:13:07.0734 8504 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
14:13:07.0890 8504 RDPCDD - ok
14:13:07.0953 8504 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
14:13:08.0062 8504 rdpdr - ok
14:13:08.0093 8504 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
14:13:08.0296 8504 RDPWD - ok
14:13:08.0343 8504 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
14:13:08.0578 8504 RDSessMgr - ok
14:13:08.0625 8504 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
14:13:08.0828 8504 redbook - ok
14:13:08.0937 8504 RegSrvc (d8f61aaae73a1fbde6f538becc891f2f) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
14:13:08.0937 8504 RegSrvc - ok
14:13:09.0000 8504 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
14:13:09.0234 8504 RemoteAccess - ok
14:13:09.0281 8504 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
14:13:09.0312 8504 RemoteRegistry - ok
14:13:09.0359 8504 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
14:13:09.0562 8504 RpcLocator - ok
14:13:09.0640 8504 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
14:13:09.0640 8504 RpcSs - ok
14:13:09.0687 8504 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
14:13:09.0906 8504 RSVP - ok
14:13:10.0000 8504 S24EventMonitor (25f697e3afa7b337bbcaddbce38e6934) C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
14:13:10.0031 8504 S24EventMonitor - ok
14:13:10.0062 8504 s24trans (2862adb14481ac28f98105ff33a99eb0) C:\WINDOWS\system32\DRIVERS\s24trans.sys
14:13:10.0281 8504 s24trans - ok
14:13:10.0312 8504 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
14:13:10.0312 8504 SamSs - ok
14:13:10.0359 8504 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
14:13:10.0546 8504 SCardSvr - ok
14:13:10.0578 8504 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
14:13:10.0593 8504 Schedule - ok
14:13:10.0640 8504 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
14:13:10.0656 8504 Secdrv - ok
14:13:10.0671 8504 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
14:13:10.0671 8504 seclogon - ok
14:13:10.0671 8504 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
14:13:10.0687 8504 SENS - ok
14:13:10.0703 8504 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
14:13:10.0890 8504 serenum - ok
14:13:10.0921 8504 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
14:13:11.0062 8504 Serial - ok
14:13:11.0109 8504 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
14:13:11.0265 8504 Sfloppy - ok
14:13:11.0328 8504 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
14:13:11.0359 8504 SharedAccess - ok
14:13:11.0406 8504 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
14:13:11.0406 8504 ShellHWDetection - ok
14:13:11.0437 8504 ShockMgr (1a9b76c8e0d77bcaca24fdf36781b59d) C:\WINDOWS\system32\drivers\ShockMgr.sys
14:13:11.0593 8504 ShockMgr - ok
14:13:11.0625 8504 Shockprf (cb0c065af3ac9ac307408ea021cdd20e) C:\WINDOWS\system32\drivers\Shockprf.sys
14:13:11.0796 8504 Shockprf - ok
14:13:11.0812 8504 Simbad - ok
14:13:11.0843 8504 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
14:13:12.0015 8504 sisagp - ok
14:13:12.0046 8504 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
14:13:12.0171 8504 SLIP - ok
14:13:12.0203 8504 Smapint (26341d0dd225d19fd50e0ee3c3c77502) C:\WINDOWS\system32\drivers\Smapint.sys
14:13:12.0359 8504 Smapint - ok
14:13:12.0421 8504 smi2 (3ba9d0c8a0fbd9fb4029b6cd87c8ce0b) C:\Program Files\SMI2\smi2.sys
14:13:12.0593 8504 smi2 - ok
14:13:12.0640 8504 smihlp (01a4388e45ba272082bfc35b0c8dbf8a) C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys
14:13:12.0734 8504 smihlp - ok
14:13:12.0781 8504 snapman (c6dafc9af23d54ca0e222b215d5e8378) C:\WINDOWS\system32\DRIVERS\snapman.sys
14:13:12.0906 8504 snapman - ok
14:13:12.0937 8504 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
14:13:13.0140 8504 SONYPVU1 - ok
14:13:13.0156 8504 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
14:13:13.0265 8504 Sparrow - ok
14:13:13.0265 8504 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
14:13:13.0296 8504 splitter - ok
14:13:13.0343 8504 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
14:13:13.0343 8504 Spooler - ok
14:13:13.0359 8504 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
14:13:13.0500 8504 sr - ok
14:13:13.0546 8504 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
14:13:13.0546 8504 srservice - ok
14:13:13.0609 8504 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
14:13:13.0718 8504 Srv - ok
14:13:13.0750 8504 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
14:13:13.0750 8504 SSDPSRV - ok
14:13:13.0796 8504 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
14:13:13.0953 8504 StillCam - ok
14:13:14.0015 8504 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
14:13:14.0015 8504 stisvc - ok
14:13:14.0046 8504 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
14:13:14.0250 8504 streamip - ok
14:13:14.0343 8504 SUService (1b1ee7daa523e8ca72bbdc6db155dc26) c:\program files\lenovo\system update\suservice.exe
14:13:14.0343 8504 SUService - ok
14:13:14.0359 8504 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
14:13:14.0531 8504 swenum - ok
14:13:14.0578 8504 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
14:13:14.0593 8504 swmidi - ok
14:13:14.0609 8504 SwPrv - ok
14:13:14.0656 8504 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
14:13:14.0843 8504 symc810 - ok
14:13:14.0843 8504 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
14:13:14.0984 8504 symc8xx - ok
14:13:15.0000 8504 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
14:13:15.0093 8504 sym_hi - ok
14:13:15.0109 8504 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
14:13:15.0234 8504 sym_u3 - ok
14:13:15.0281 8504 SynTP (7c02db7416d52c02b131d0e3a8d2337c) C:\WINDOWS\system32\DRIVERS\SynTP.sys
14:13:15.0421 8504 SynTP - ok
14:13:15.0437 8504 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
14:13:15.0453 8504 sysaudio - ok
14:13:15.0500 8504 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
14:13:15.0687 8504 SysmonLog - ok
14:13:15.0750 8504 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
14:13:15.0750 8504 TapiSrv - ok
14:13:15.0812 8504 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
14:13:16.0031 8504 Tcpip - ok
14:13:16.0062 8504 TcUsb (fc6fe02f400308606a911640e72326b5) C:\WINDOWS\system32\Drivers\tcusb.sys
14:13:16.0187 8504 TcUsb - ok
14:13:16.0218 8504 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
14:13:16.0312 8504 TDPIPE - ok
14:13:16.0328 8504 TDSMAPI (564b337034271b7bddcabfddc91c6b7a) C:\WINDOWS\system32\drivers\TDSMAPI.SYS
14:13:16.0531 8504 TDSMAPI - ok
14:13:16.0578 8504 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
14:13:16.0718 8504 TDTCP - ok
14:13:16.0765 8504 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
14:13:16.0890 8504 TermDD - ok
14:13:16.0984 8504 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
14:13:17.0156 8504 TermService - ok
14:13:17.0203 8504 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
14:13:17.0218 8504 Themes - ok
14:13:17.0328 8504 ThinkVantage Registry Monitor Service (bec875caf94e9fd6bc95b84bd07c1e99) C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
14:13:17.0343 8504 ThinkVantage Registry Monitor Service - ok
14:13:17.0390 8504 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
14:13:17.0593 8504 TlntSvr - ok
14:13:17.0640 8504 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
14:13:17.0781 8504 TosIde - ok
14:13:17.0828 8504 TPHDEXLGSVC (a3552782e8d402f3aa513765d93c852d) C:\WINDOWS\system32\TPHDEXLG.EXE
14:13:17.0828 8504 TPHDEXLGSVC - ok
14:13:17.0859 8504 TPHKDRV (29f3601d4233a53f819010fee8c04a60) C:\WINDOWS\system32\drivers\TPHKDRV.sys
14:13:17.0984 8504 TPHKDRV - ok
14:13:18.0000 8504 TpKmpSVC (dfb268ff0a6dcb9280015ff527f892ff) C:\WINDOWS\system32\TpKmpSVC.exe
14:13:18.0000 8504 TpKmpSVC - ok
14:13:18.0046 8504 TPPWRIF (44672de6cea9569c21c4b7a8d2560750) C:\WINDOWS\system32\drivers\Tppwrif.sys
14:13:18.0265 8504 TPPWRIF - ok
14:13:18.0312 8504 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
14:13:18.0312 8504 TrkWks - ok
14:13:18.0328 8504 TSMAPIP (f2aba3066d7921d7fcdbd66dea88be11) C:\WINDOWS\system32\drivers\TSMAPIP.SYS
14:13:18.0500 8504 TSMAPIP - ok
14:13:18.0640 8504 TSSCoreService (cf3bc148a6979bcf5af8591e687c1390) C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
14:13:18.0656 8504 TSSCoreService - ok
14:13:18.0859 8504 TVT Backup Service (ec38192f2f5361b48bc387c2db337264) C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
14:13:18.0906 8504 TVT Backup Service - ok
14:13:19.0046 8504 TVT Scheduler (fe1d3ef5caa8ee28a8b66fa1f180681b) C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
14:13:19.0078 8504 TVT Scheduler - ok
14:13:19.0234 8504 tvtfilter (dd957007df98aecffaaa2656d4b981e4) C:\WINDOWS\system32\drivers\tvtfilter.sys
14:13:19.0406 8504 tvtfilter - ok
14:13:19.0484 8504 tvtnetwk (2e72c66682e9274c97ae3f5a57c2fa33) C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
14:13:19.0484 8504 tvtnetwk - ok
14:13:19.0515 8504 TVTPktFilter (0727cce3ff1a4446f4a1d507361567ab) C:\WINDOWS\system32\DRIVERS\tvtpktfilter.sys
14:13:19.0656 8504 TVTPktFilter - ok
14:13:19.0687 8504 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
14:13:19.0828 8504 Udfs - ok
14:13:20.0078 8504 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
14:13:20.0218 8504 ultra - ok
14:13:20.0296 8504 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
14:13:20.0421 8504 Update - ok
14:13:20.0468 8504 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
14:13:20.0484 8504 upnphost - ok
14:13:20.0500 8504 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
14:13:20.0625 8504 UPS - ok
14:13:20.0656 8504 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
14:13:20.0765 8504 USBAAPL - ok
14:13:20.0796 8504 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
14:13:20.0921 8504 usbaudio - ok
14:13:20.0968 8504 usbbus (9419faac6552a51542dbba02971c841c) C:\WINDOWS\system32\DRIVERS\lgusbbus.sys
14:13:21.0109 8504 usbbus - ok
14:13:21.0156 8504 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
14:13:21.0265 8504 usbccgp - ok
14:13:21.0296 8504 UsbDiag (c0a466fa4ffec464320e159bc1bbdc0c) C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys
14:13:21.0390 8504 UsbDiag - ok
14:13:21.0406 8504 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
14:13:21.0546 8504 usbehci - ok
14:13:21.0593 8504 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
14:13:21.0703 8504 usbhub - ok
14:13:21.0718 8504 USBModem (f74a54774a9b0afeb3c40adec68aa600) C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys
14:13:21.0812 8504 USBModem - ok
14:13:21.0843 8504 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
14:13:21.0906 8504 usbprint - ok
14:13:21.0968 8504 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
14:13:22.0093 8504 usbscan - ok
14:13:22.0140 8504 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:13:22.0328 8504 USBSTOR - ok
14:13:22.0359 8504 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
14:13:22.0531 8504 usbuhci - ok
14:13:22.0593 8504 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
14:13:22.0750 8504 usbvideo - ok
14:13:22.0812 8504 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
14:13:22.0953 8504 VgaSave - ok
14:13:22.0984 8504 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
14:13:23.0093 8504 viaagp - ok
14:13:23.0109 8504 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
14:13:23.0234 8504 ViaIde - ok
14:13:23.0265 8504 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
14:13:23.0343 8504 VolSnap - ok
14:13:23.0390 8504 vsdatant (27b3dd12a19eec50220df15b64913dda) C:\WINDOWS\system32\vsdatant.sys
14:13:23.0656 8504 vsdatant - ok
14:13:23.0718 8504 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
14:13:23.0937 8504 VSS - ok
14:13:23.0968 8504 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
14:13:23.0984 8504 W32Time - ok
14:13:24.0000 8504 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
14:13:24.0125 8504 Wanarp - ok
14:13:24.0125 8504 WDICA - ok
14:13:24.0156 8504 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
14:13:24.0171 8504 wdmaud - ok
14:13:24.0203 8504 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
14:13:24.0218 8504 WebClient - ok
14:13:24.0296 8504 winachsf (11ec1afceb5c917ce73d3c301ff4291e) C:\WINDOWS\system32\DRIVERS\hsx_cnxt.sys
14:13:24.0406 8504 winachsf - ok
14:13:24.0484 8504 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
14:13:24.0500 8504 winmgmt - ok
14:13:24.0546 8504 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
14:13:25.0000 8504 WmdmPmSN - ok
14:13:25.0078 8504 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
14:13:25.0093 8504 Wmi - ok
14:13:25.0140 8504 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
14:13:25.0296 8504 WmiApSrv - ok
14:13:25.0453 8504 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
14:13:25.0468 8504 WMPNetworkSvc - ok
14:13:25.0515 8504 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
14:13:25.0515 8504 wscsvc - ok
14:13:25.0578 8504 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
14:13:25.0718 8504 WSTCODEC - ok
14:13:25.0750 8504 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
14:13:25.0843 8504 WudfPf - ok
14:13:25.0875 8504 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
14:13:25.0968 8504 WudfRd - ok
14:13:25.0984 8504 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
14:13:26.0515 8504 WudfSvc - ok
14:13:26.0625 8504 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
14:13:26.0625 8504 WZCSVC - ok
14:13:26.0734 8504 XMail (1619a3283d9125d44116a1ee9143e035) C:\Program Files\acquia-drupal\xmail\XMail.exe
14:13:26.0750 8504 XMail - ok
14:13:26.0796 8504 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
14:13:26.0968 8504 xmlprov - ok
14:13:27.0015 8504 MBR (0x1B8) (47d3ade2ede4db9b8735d14229855b71) \Device\Harddisk0\DR0
14:13:27.0062 8504 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
14:13:27.0062 8504 \Device\Harddisk0\DR0 - detected TDSS File System (1)
14:13:27.0062 8504 MBR (0x1B8) (65e858a8a0293be11a920b0bc99d695e) \Device\Harddisk1\DR5
14:13:28.0343 8504 \Device\Harddisk1\DR5 - ok
14:13:28.0359 8504 Boot (0x1200) (81ac79a0f72ce8975bb3f4deae6c3031) \Device\Harddisk0\DR0\Partition0
14:13:28.0359 8504 \Device\Harddisk0\DR0\Partition0 - ok
14:13:28.0359 8504 Boot (0x1200) (560e4574b43264aee709681186ce6fbe) \Device\Harddisk1\DR5\Partition0
14:13:28.0359 8504 \Device\Harddisk1\DR5\Partition0 - ok
14:13:28.0359 8504 ============================================================
14:13:28.0359 8504 Scan finished
14:13:28.0359 8504 ============================================================
14:13:28.0375 8400 Detected object count: 1
14:13:28.0375 8400 Actual detected object count: 1
14:14:06.0156 8400 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
14:14:06.0156 8400 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
14:14:10.0265 6888 Deinitialize success

#8 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:10:24 AM

Posted 07 May 2012 - 04:14 PM

Hi , we will need a deeper look.

Please follow the instructions in ==>This Guide<== starting at Step 6. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#9 TylerS19

TylerS19
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:06:24 AM

Posted 09 May 2012 - 02:36 PM

Steps have been completed, link to new post: http://www.bleepingcomputer.com/forums/topic453074.html

#10 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:24 PM

Posted 09 May 2012 - 05:08 PM

Now that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Removal Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the Malware Removal Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the Malware Removal Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the Malware Removal Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MR Team member is already assisting you and not open the thread to respond.

To avoid confusion, I am closing this topic.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users