Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Serifi virus


  • This topic is locked This topic is locked
23 replies to this topic

#1 zyyee

zyyee

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:40 AM

Posted 02 July 2012 - 11:18 PM

First of sorry the topic is wrong it should say Sirefef woops...
Hi, I currently run a windows 7 32bit and in my scan in MSE tonight i came across the sirefif.R virus. It restarts my computer each time i try to get rid of it... Looking at the forums I see that this is cureable. I would be greatly thankful for help on getting rid of this. Any extra details I would be greatly willing to add. Thank you for your time

Edited by zyyee, 02 July 2012 - 11:34 PM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:40 AM

Posted 02 July 2012 - 11:45 PM

Greetings And Welcome To The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

download Farbar Recovery Scan Tool and save it to a flash drive.


Plug the flash-drive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 zyyee

zyyee
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:40 AM

Posted 03 July 2012 - 12:16 AM

here it is

Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 01-07-2012
Ran by SYSTEM at 03-07-2012 01:11:32
Running from F:\
Windows 7 Enterprise Service Pack 1 (X86) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2307368 2011-11-17] (Synaptics Incorporated)
HKLM\...\Run: [Communicator] "C:\Program Files\Microsoft Lync\communicator.exe" /fromrunkey [12098648 2012-05-16] (Microsoft Corporation)
HKLM\...\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-03] (Adobe Systems Incorporated)
HKLM\...\Run: [ForteConfig] C:\Program Files\Conexant\ForteConfig\fmapp.exe [49568 2010-10-26] ()
HKLM\...\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" [1821576 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
HKLM\...\Run: [ALCKRESI.EXE] C:\Program Files\Lenovo\AutoLock\ALCKRESI.EXE [386408 2011-09-27] (Lenovo Group Limited)
HKLM\...\Run: [] [x]
HKLM\...\Run: [TpShocks] TpShocks.exe [x]
HKLM\...\Run: [IMSS] "C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" [112152 2011-01-17] (Intel Corporation)
HKLM\...\Run: [NUSB3MON] "C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM\...\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t [316032 2010-12-14] (Conexant systems, Inc.)
HKLM\...\Run: [PWMTRV] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor [1322048 2012-01-22] (Lenovo Group Limited)
HKLM\...\Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [44096 2012-01-16] (Lenovo Group Limited)
HKLM\...\Run: [AcWin7Hlpr] C:\Program Files\Lenovo\Access Connections\AcTBenabler.exe [33344 2011-10-20] (Lenovo)
HKLM\...\Run: [Logitech Download Assistant] C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch [1246544 2010-11-03] (Logitech, Inc.)
HKLM\...\Run: [EKIJ5000StatusMonitor] C:\Windows\system32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe [1638400 2010-09-02] (Eastman Kodak Company)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM\...\Run: [UVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe [36864 2006-08-09] (Ulead Systems, Inc.)
HKLM\...\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet [1634112 2012-02-29] ()
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [142616 2012-01-10] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [177432 2012-01-10] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [177944 2012-01-10] (Intel Corporation)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421736 2012-03-27] (Apple Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [500208 2010-03-05] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM\...\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKU\Administrator\...\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized [17351304 2011-10-13] (Skype Technologies S.A.)
HKU\zajacrc\...\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe [3077528 2011-10-21] ()
HKU\zajacrc\...\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent [1242448 2011-12-29] (Valve Corporation)
HKU\zajacrc\...\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe [354304 2009-07-13] (Microsoft Corporation)
HKU\zajacrc\...\Run: [DAT6EF7.tmp.exe] C:\Users\zajacrc\AppData\Local\Temp\DAT6EF7.tmp.exe [45056 2012-07-02] (RunCore)
HKU\zajacrc.ROSE-HULMAN\...\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized [17351304 2011-10-13] (Skype Technologies S.A.)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
AppInit_DLLs: C:\Windows\system32\nvinit.dll
Lsa: [Notification Packages] scecli
ACGina
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\zajacrc\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> (No File)
Startup: C:\Users\zajacrc\Start Menu\Programs\Startup\WASTE.lnk
ShortcutTarget: WASTE.lnk -> C:\Program Files\WASTE\WASTE.exe (GNU)

================================ Services (Whitelisted) ==================

2 AcPrfMgrSvc; C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe [134208 2011-10-20] (Lenovo)
2 AcSvc; C:\Program Files\Lenovo\Access Connections\AcSvc.exe [269376 2011-10-20] (Lenovo)
2 CxAudMsg; C:\Windows\system32\CxAudMsg32.exe [190592 2010-12-17] (Conexant Systems Inc.)
2 dsNcService; C:\Program Files\Juniper Networks\Common Files\dsNcService.exe [615792 2010-02-18] (Juniper Networks)
2 eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [20992 2009-07-13] (Microsoft Corporation)
2 HyperW7Svc; C:\Program Files\Lenovo\RapidBoot\HyperW7Svc.exe [107880 2010-12-03] (Lenovo Group Limited)
2 jhi_service; C:\Program Files\Intel\Services\IPT\jhi_service.exe [210896 2011-02-07] (Intel Corporation)
2 LENOVO.CAMMUTE; C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe [43584 2012-01-16] (Lenovo Group Limited)
2 LENOVO.MICMUTE; C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe [101736 2011-07-12] (Lenovo Group Limited)
2 LENOVO.TPKNRSVC; C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe [62016 2012-01-16] (Lenovo Group Limited)
2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [127336 2011-07-12] (Lenovo Group Limited)
3 Microsoft SharePoint Workspace Audit Service; "C:\Program Files\Microsoft Office\Office14\GROOVE.EXE" /auditservice [31125880 2011-06-12] (Microsoft Corporation)
4 NetMsmqActivator; "C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe" -NetMsmqActivator [124240 2010-03-18] (Microsoft Corporation)
4 NetPipeActivator; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [124240 2010-03-18] (Microsoft Corporation)
4 NetTcpActivator; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [124240 2010-03-18] (Microsoft Corporation)
4 NetTcpPortSharing; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [124240 2010-03-18] (Microsoft Corporation)
2 nvUpdatusService; C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2348352 2012-02-29] (NVIDIA Corporation)
3 osppsvc; "C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE" [4640000 2010-01-09] (Microsoft Corporation)
3 Power Manager DBC Service; "C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE" [89152 2012-01-22] (Lenovo)
2 PSI_SVC_2; "C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe" [193824 2010-03-11] (Protexis Inc.)
3 PwmEWSvc; C:\Program Files\ThinkPad\Utilities\PWMEWSVC.EXE [175168 2012-01-22] (Lenovo Group Limited)
2 SAService; C:\Windows\System32\SAsrv.exe [446592 2010-11-18] (Conexant Systems, Inc.)
2 SROSVC; C:\Program Files\Lenovo\Screen Reading Optimizer\SROSVC.exe [446800 2011-09-01] (Lenovo Group Limited)
2 Stereo Service; C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [382272 2012-02-29] (NVIDIA Corporation)
2 SUService; "C:\Program Files\Lenovo\System Update\SUService.exe" [28672 2011-07-25] (Lenovo Group Limited)
3 SwitchBoard; "C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [517096 2010-02-19] (Adobe Systems Incorporated)
2 TPHKLOAD; C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe [131432 2011-07-12] (Lenovo Group Limited)
2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-09-28] (Ulead Systems, Inc.)
2 MSSQL$SQLEXPRESS; "c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS [x]
4 MSSQLServerADHelper100; "c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE" [x]
3 rpcapd; "C:\Program Files\WinPcap\rpcapd.exe" -d -f "C:\Program Files\WinPcap\rpcapd.ini" [x]
4 SQLAgent$SQLEXPRESS; "c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE" -i SQLEXPRESS [x]
4 SQLBrowser; "c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe" [x]
2 SQLWriter; "c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [x]

========================== Drivers (Whitelisted) =============

3 BTWAMPFL; C:\Windows\System32\DRIVERS\btwampfl.sys [377896 2011-10-17] (Broadcom Corporation.)
3 dmodusb; C:\Windows\System32\DRIVERS\dmodusb.sys [26240 2009-05-11] (Windows ® Codename Longhorn DDK provider)
3 dsNcAdpt; C:\Windows\System32\DRIVERS\dsNcAdpt.sys [26624 2010-02-18] (Juniper Networks)
3 e1cexpress; C:\Windows\System32\DRIVERS\e1c6232.sys [282792 2012-01-11] (Intel Corporation)
3 emAudio; C:\Windows\System32\drivers\emAudio.sys [24576 2008-04-03] (eMPIA Technology, Inc.)
3 FTDIBUS; C:\Windows\system32\drivers\ftdibus.sys [60104 2010-07-12] (FTDI Ltd.)
3 FTSER2K; C:\Windows\system32\drivers\ftser2k.sys [73032 2010-07-12] (FTDI Ltd.)
3 intaud_WaveExtensible; C:\Windows\System32\drivers\intelaud.sys [29080 2011-06-21] (Intel Corporation)
3 iwdbus; C:\Windows\System32\DRIVERS\iwdbus.sys [22424 2011-06-21] (Intel Corporation)
3 LenovoRd; C:\Windows\System32\Drivers\LenovoRd.sys [88832 2009-05-11] (Lenovo)
3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\mbamswissarmy.sys [40776 2012-07-02] (Malwarebytes Corporation)
3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [41088 2010-10-19] (Intel Corporation)
3 NETwNs32; C:\Windows\System32\DRIVERS\NETwNs32.sys [7522304 2011-10-31] (Intel Corporation)
3 NETwNv32; C:\Windows\System32\DRIVERS\NETwNv32.sys [7336448 2011-05-01] (Intel Corporation)
2 NPF; C:\Windows\System32\drivers\npf.sys [50704 2009-10-20] (CACE Technologies, Inc.)
3 nusb3hub; C:\Windows\System32\DRIVERS\nusb3hub.sys [62336 2010-12-10] (Renesas Electronics Corporation)
3 nusb3xhc; C:\Windows\System32\DRIVERS\nusb3xhc.sys [141440 2010-12-10] (Renesas Electronics Corporation)
1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [172864 2012-02-29] (NVIDIA Corporation)
0 nvpciflt; C:\Windows\System32\DRIVERS\nvpciflt.sys [24896 2012-02-29] (NVIDIA Corporation)
1 PHCORE; \??\C:\Program Files\Lenovo\RapidBoot\PHCORE.SYS [33640 2010-12-03] (Lenovo Group Limited)
2 risdxc; C:\Windows\System32\DRIVERS\risdxc86.sys [76288 2011-05-25] (REDC)
4 RsFx0103; C:\Windows\System32\DRIVERS\RsFx0103.sys [239336 2009-03-29] (Microsoft Corporation)
3 SilverLink; C:\Windows\System32\Drivers\SilvrLnk.sys [21456 2005-02-01] (Texas Instruments Incorporated)
3 slabbus; C:\Windows\system32\drivers\slabbus.sys [58368 2007-02-28] (MCCI Corporation)
3 slabser; C:\Windows\system32\drivers\slabser.sys [75776 2007-02-28] (MCCI Corporation)
3 ubloxusb; C:\Windows\system32\drivers\ubloxusb.sys [71424 2007-11-26] (u-blox AG)
3 USB28xxBGA; C:\Windows\System32\DRIVERS\emBDA.sys [583680 2010-08-19] (eMPIA Technology, Inc.)
3 USB28xxOEM; C:\Windows\System32\DRIVERS\emOEM.sys [840704 2010-08-19] (eMPIA Technology, Inc.)
3 WinDriver6; C:\Windows\System32\drivers\windrvr6.sys [195968 2011-06-20] (Jungo)
2 XilinxPC4Driver; C:\Windows\System32\drivers\xpc4drvr.sys [16000 2011-06-20] (Xilinx, Inc.)
3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-07-03 01:11 - 2012-07-03 01:11 - 00000000 ____D C:\FRST
2012-07-02 20:58 - 2012-07-02 20:58 - 00884230 ____A C:\Users\zajacrc\Downloads\FRST.exe
2012-07-02 19:54 - 2012-07-02 19:54 - 00000332 ____A C:\Start_.cmd
2012-07-02 19:54 - 2012-07-02 19:54 - 00000000 ___SD C:\32788R22FWJFW
2012-07-02 19:54 - 2012-07-02 19:54 - 00000000 ____D C:\Windows\erdnt
2012-07-02 19:54 - 2012-07-02 19:54 - 00000000 ____D C:\Qoobox
2012-07-02 19:54 - 2012-07-02 19:54 - 00000000 ____D C:\ComboFix
2012-07-02 19:53 - 2012-07-02 19:53 - 04568951 ____R (Swearware) C:\Users\zajacrc\Downloads\ComboFix.exe
2012-07-02 19:50 - 2012-07-02 19:50 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-07-02 19:24 - 2012-07-02 19:30 - 00040776 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys
2012-07-02 19:24 - 2012-07-02 19:24 - 00000000 ____D C:\Users\zajacrc\AppData\Roaming\Malwarebytes
2012-07-02 19:23 - 2012-07-02 19:23 - 00001073 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-02 19:23 - 2012-07-02 19:23 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-07-02 19:23 - 2012-07-02 19:23 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2012-07-02 19:23 - 2012-04-04 11:56 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-07-02 19:22 - 2012-07-02 19:23 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\zajacrc\Downloads\mbam-setup-1.61.0.1400.exe
2012-07-02 19:17 - 2012-07-02 19:44 - 00001945 ____A C:\Windows\epplauncher.mif
2012-07-02 19:16 - 2012-07-02 19:17 - 10288512 ____A (Microsoft Corporation) C:\Users\zajacrc\Downloads\mseinstall.exe
2012-06-19 19:50 - 2012-06-02 14:19 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-19 19:50 - 2012-06-02 14:19 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-19 19:50 - 2012-06-02 14:19 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-19 19:50 - 2012-06-02 14:19 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-19 19:50 - 2012-06-02 14:19 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-19 19:50 - 2012-06-02 14:12 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-19 19:50 - 2012-06-02 14:12 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-19 19:50 - 2012-06-02 11:19 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-19 19:50 - 2012-06-02 11:12 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-15 17:08 - 2012-06-15 17:08 - 00000000 ____D C:\Users\zajacrc\AppData\Local\Macromedia
2012-06-14 19:30 - 2012-05-14 19:03 - 00981504 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-14 19:30 - 2012-05-14 19:00 - 00048128 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-14 19:30 - 2012-05-14 17:05 - 02343936 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-14 19:30 - 2012-05-04 01:59 - 00514560 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
2012-06-14 19:30 - 2012-04-30 20:44 - 00164352 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-06-14 19:30 - 2012-04-27 20:41 - 00919040 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll
2012-06-14 19:30 - 2012-04-27 19:17 - 00183808 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-06-14 19:30 - 2012-04-25 20:45 - 00129536 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-06-14 19:30 - 2012-04-25 20:45 - 00058880 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-06-14 19:30 - 2012-04-25 20:41 - 00008192 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-06-14 19:30 - 2012-04-23 20:36 - 01158656 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-06-14 19:30 - 2012-04-23 20:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-06-14 19:30 - 2012-04-23 20:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-06-14 19:30 - 2012-04-19 21:00 - 01231360 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-14 19:30 - 2012-04-19 21:00 - 00132096 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-14 19:30 - 2012-04-19 20:57 - 06027776 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-14 19:30 - 2012-04-19 20:57 - 00627712 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-06-14 19:30 - 2012-04-19 20:57 - 00067584 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-14 19:30 - 2012-04-19 20:56 - 11020800 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-14 19:30 - 2012-04-19 20:56 - 02073600 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-14 19:30 - 2012-04-19 20:56 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-14 19:30 - 2012-04-19 19:16 - 01638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-14 19:30 - 2012-04-16 20:34 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-14 19:30 - 2012-04-07 03:26 - 02342400 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
2012-06-13 20:41 - 2012-06-13 20:41 - 00000000 ____D C:\Users\zajacrc\AppData\Roaming\NVIDIA
2012-06-10 23:42 - 2012-03-04 07:52 - 00000000 ____D C:\Users\zajacrc\Desktop\Chiddy Bang - The Swelly Express (DatPiff.com)
2012-06-10 23:40 - 2012-06-10 23:41 - 65695104 ____A C:\Users\zajacrc\Downloads\The_Swelly_Express-(DatPiff.com).zip
2012-06-10 23:32 - 2012-03-23 17:00 - 00000000 ____D C:\Users\zajacrc\Desktop\Mac Miller - Macadelic (DatPiff.com)
2012-06-10 23:32 - 2012-03-04 03:15 - 00000000 ____D C:\Users\zajacrc\Desktop\Mac Miller - The Jukebox Prelude To Class Clown (DatPiff.com)
2012-06-10 23:32 - 2012-03-04 01:54 - 00000000 ____D C:\Users\zajacrc\Desktop\Mac Miller - KIDS (DatPiff.com)
2012-06-10 23:31 - 2012-03-04 12:27 - 00000000 ____D C:\Users\zajacrc\Desktop\Huey Mack - Freshman 15 (DatPiff.com)
2012-06-10 23:31 - 2012-03-04 01:45 - 00000000 ____D C:\Users\zajacrc\Desktop\Mac Miller - Best Day Ever (DatPiff.com)
2012-06-09 23:57 - 2012-06-09 23:59 - 170537479 ____A C:\Users\zajacrc\Downloads\The_Jukebox_Prelude_To_Class_Clown-(DatPiff.com).zip
2012-06-09 23:56 - 2012-06-09 23:58 - 81353473 ____A C:\Users\zajacrc\Downloads\Best_Day_Ever-(DatPiff.com).zip
2012-06-09 23:56 - 2012-06-09 23:58 - 72234557 ____A C:\Users\zajacrc\Downloads\KIDS-(DatPiff.com).zip
2012-06-09 23:55 - 2012-06-09 23:58 - 153073993 ____A C:\Users\zajacrc\Downloads\Macadelic-(DatPiff.com).zip
2012-06-09 23:50 - 2012-06-09 23:50 - 47643439 ____A C:\Users\zajacrc\Downloads\Freshman_15-(DatPiff.com).zip
2012-06-09 23:40 - 2012-06-09 23:40 - 03117714 ____A C:\Users\zajacrc\Downloads\Huey Mack - Carly Rae Jepsen Call Me Maybe Remix.mp3

============ 3 Months Modified Files ========================

2012-07-02 21:03 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-02 21:03 - 2009-07-13 20:39 - 00066212 ____A C:\Windows\setupact.log
2012-07-02 21:00 - 2011-08-10 22:12 - 01201184 ____A C:\Windows\WindowsUpdate.log
2012-07-02 21:00 - 2010-11-20 13:01 - 00870496 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-02 20:58 - 2012-07-02 20:58 - 00884230 ____A C:\Users\zajacrc\Downloads\FRST.exe
2012-07-02 20:04 - 2009-07-13 20:34 - 00022192 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-02 20:04 - 2009-07-13 20:34 - 00022192 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-02 19:54 - 2012-07-02 19:54 - 00000332 ____A C:\Start_.cmd
2012-07-02 19:53 - 2012-07-02 19:53 - 04568951 ____R (Swearware) C:\Users\zajacrc\Downloads\ComboFix.exe
2012-07-02 19:44 - 2012-07-02 19:17 - 00001945 ____A C:\Windows\epplauncher.mif
2012-07-02 19:30 - 2012-07-02 19:24 - 00040776 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys
2012-07-02 19:28 - 2009-07-13 15:11 - 00259072 ____A (Microsoft Corporation) C:\Windows\System32\services.exe
2012-07-02 19:26 - 2010-11-20 13:48 - 00081324 ____A C:\Windows\PFRO.log
2012-07-02 19:23 - 2012-07-02 19:23 - 00001073 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-02 19:23 - 2012-07-02 19:22 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\zajacrc\Downloads\mbam-setup-1.61.0.1400.exe
2012-07-02 19:17 - 2012-07-02 19:16 - 10288512 ____A (Microsoft Corporation) C:\Users\zajacrc\Downloads\mseinstall.exe
2012-07-02 17:23 - 2012-04-12 23:02 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-07-02 17:23 - 2011-06-27 07:44 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-06-29 18:23 - 2012-05-04 05:32 - 00000991 ____A C:\Users\zajacrc\Desktop\Dropbox.lnk
2012-06-15 11:30 - 2009-07-13 20:33 - 03837016 ____A C:\Windows\System32\FNTCACHE.DAT
2012-06-14 23:04 - 2011-06-24 12:40 - 56731752 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-06-10 23:41 - 2012-06-10 23:40 - 65695104 ____A C:\Users\zajacrc\Downloads\The_Swelly_Express-(DatPiff.com).zip
2012-06-09 23:59 - 2012-06-09 23:57 - 170537479 ____A C:\Users\zajacrc\Downloads\The_Jukebox_Prelude_To_Class_Clown-(DatPiff.com).zip
2012-06-09 23:58 - 2012-06-09 23:56 - 81353473 ____A C:\Users\zajacrc\Downloads\Best_Day_Ever-(DatPiff.com).zip
2012-06-09 23:58 - 2012-06-09 23:56 - 72234557 ____A C:\Users\zajacrc\Downloads\KIDS-(DatPiff.com).zip
2012-06-09 23:58 - 2012-06-09 23:55 - 153073993 ____A C:\Users\zajacrc\Downloads\Macadelic-(DatPiff.com).zip
2012-06-09 23:50 - 2012-06-09 23:50 - 47643439 ____A C:\Users\zajacrc\Downloads\Freshman_15-(DatPiff.com).zip
2012-06-09 23:40 - 2012-06-09 23:40 - 03117714 ____A C:\Users\zajacrc\Downloads\Huey Mack - Carly Rae Jepsen Call Me Maybe Remix.mp3
2012-06-02 14:19 - 2012-06-19 19:50 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-19 19:50 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-19 19:50 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-19 19:50 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-19 19:50 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:12 - 2012-06-19 19:50 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:12 - 2012-06-19 19:50 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 11:19 - 2012-06-19 19:50 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 11:12 - 2012-06-19 19:50 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-05-24 07:33 - 2011-06-24 12:31 - 00000136 ____A C:\Windows\System32\config\netlogon.ftl
2012-05-17 06:18 - 2012-05-17 06:17 - 04834647 ____A C:\Users\zajacrc\Downloads\Huey_Mack_-_Looking_at_The_Sky.mp3
2012-05-16 23:35 - 2012-05-16 23:35 - 00000401 ____A C:\Users\zajacrc\Documents\untitled.txt
2012-05-14 19:03 - 2012-06-14 19:30 - 00981504 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-05-14 19:00 - 2012-06-14 19:30 - 00048128 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-05-14 17:05 - 2012-06-14 19:30 - 02343936 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-11 15:53 - 2012-05-11 15:53 - 00000775 ____A C:\Users\Public\Desktop\World of Tanks.lnk
2012-05-11 15:52 - 2012-05-11 15:51 - 07457336 ____A (Wargaming.net ) C:\Users\zajacrc\Downloads\WoT_internet_install_us.exe
2012-05-07 10:05 - 2012-05-07 10:05 - 00513199 ____A C:\Users\zajacrc\Documents\Copy of Baseball Cards.xlsx
2012-05-04 05:29 - 2012-05-04 05:28 - 18154528 ____A (Dropbox, Inc.) C:\Users\zajacrc\Downloads\Dropbox 1.4.0.exe
2012-05-04 01:59 - 2012-06-14 19:30 - 00514560 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
2012-04-30 20:44 - 2012-06-14 19:30 - 00164352 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-04-27 20:41 - 2012-06-14 19:30 - 00919040 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll
2012-04-27 19:17 - 2012-06-14 19:30 - 00183808 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-26 16:17 - 2012-04-26 16:17 - 00047416 ____A C:\Users\zajacrc\Documents\lab 2 error prop.mw
2012-04-25 20:45 - 2012-06-14 19:30 - 00129536 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-04-25 20:45 - 2012-06-14 19:30 - 00058880 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-04-25 20:41 - 2012-06-14 19:30 - 00008192 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-04-23 20:36 - 2012-06-14 19:30 - 01158656 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-04-23 20:36 - 2012-06-14 19:30 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-04-23 20:36 - 2012-06-14 19:30 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-04-19 21:00 - 2012-06-14 19:30 - 01231360 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-04-19 21:00 - 2012-06-14 19:30 - 00132096 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-04-19 20:57 - 2012-06-14 19:30 - 06027776 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-04-19 20:57 - 2012-06-14 19:30 - 00627712 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-04-19 20:57 - 2012-06-14 19:30 - 00067584 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-04-19 20:56 - 2012-06-14 19:30 - 11020800 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-04-19 20:56 - 2012-06-14 19:30 - 02073600 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-04-19 20:56 - 2012-06-14 19:30 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-04-19 19:16 - 2012-06-14 19:30 - 01638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-04-16 20:34 - 2012-06-14 19:30 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-04-12 23:09 - 2009-07-13 18:04 - 00000478 ____A C:\Windows\win.ini
2012-04-10 09:11 - 2012-04-10 09:11 - 00001133 ____A C:\Users\zajacrc\Desktop\t@b ZweiStein v0.958 686.lnk
2012-04-10 09:10 - 2012-04-10 09:09 - 02688584 ____A (t@b ) C:\Users\zajacrc\Downloads\t@b_zweistein_win32_686_0703161351.exe
2012-04-10 06:41 - 2011-08-10 07:27 - 00142000 ____A C:\Users\zajacrc\AppData\Local\GDIPFONTCACHEV1.DAT
2012-04-08 17:47 - 2012-04-08 17:47 - 00001759 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-04-07 03:26 - 2012-06-14 19:30 - 02342400 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll


ZeroAccess:
C:\Windows\Installer\{113d17c8-e906-f3d3-9307-f922880e6c7f}
C:\Windows\Installer\{113d17c8-e906-f3d3-9307-f922880e6c7f}\L
C:\Windows\Installer\{113d17c8-e906-f3d3-9307-f922880e6c7f}\U
C:\Windows\Installer\{113d17c8-e906-f3d3-9307-f922880e6c7f}\U\00000001.@
C:\Windows\Installer\{113d17c8-e906-f3d3-9307-f922880e6c7f}\U\80000000.@
C:\Windows\Installer\{113d17c8-e906-f3d3-9307-f922880e6c7f}\U\800000cb.@

ZeroAccess:
C:\Users\zajacrc\AppData\Local\{113d17c8-e906-f3d3-9307-f922880e6c7f}
C:\Users\zajacrc\AppData\Local\{113d17c8-e906-f3d3-9307-f922880e6c7f}\@
C:\Users\zajacrc\AppData\Local\{113d17c8-e906-f3d3-9307-f922880e6c7f}\L
C:\Users\zajacrc\AppData\Local\{113d17c8-e906-f3d3-9307-f922880e6c7f}\n
C:\Users\zajacrc\AppData\Local\{113d17c8-e906-f3d3-9307-f922880e6c7f}\U
C:\Users\zajacrc\AppData\Local\{113d17c8-e906-f3d3-9307-f922880e6c7f}\U\00000001.@
C:\Users\zajacrc\AppData\Local\{113d17c8-e906-f3d3-9307-f922880e6c7f}\U\80000000.@
C:\Users\zajacrc\AppData\Local\{113d17c8-e906-f3d3-9307-f922880e6c7f}\U\800000cb.@

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe A302BBFF2A7278C0E239EE5D471D86A9 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 13%
Total physical RAM: 3979.23 MB
Available physical RAM: 3442.33 MB
Total Pagefile: 3977.52 MB
Available Pagefile: 3448.89 MB
Total Virtual: 2047.88 MB
Available Virtual: 1968.68 MB

======================= Partitions =========================

1 Drive c: (OSDisk) (Fixed) (Total:297.79 GB) (Free:93.75 GB) NTFS
3 Drive f: (TRAVELDRIVE) (Removable) (Total:0.96 GB) (Free:0.96 GB) FAT
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
5 Drive y: (BDEDrive) (Fixed) (Total:0.29 GB) (Free:0.25 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 11 MB
Disk 1 Online 984 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 297 GB 1024 KB
Partition 2 Primary 300 MB 297 GB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C OSDisk NTFS Partition 297 GB Healthy

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 Y BDEDrive NTFS Partition 300 MB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 983 MB 16 KB

==================================================================================

Disk: 1
Partition 1
Type : 0E
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F TRAVELDRIVE FAT Removable 983 MB Healthy

==================================================================================

==========================================================

Last Boot: 2012-06-27 23:43

======================= End Of Log ==========================

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:40 AM

Posted 03 July 2012 - 12:21 AM

Greetings

Ok lets see if we can find a replacement for the infected file

In Vista or Windows 7: Boot to System Recovery Options and run FRST.

Type the following in the edit box after "Search:".

services.exe

It then should look like:

Search: services.exe

Click Search button and post the log (Search.txt) it makes to your reply.


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 zyyee

zyyee
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:40 AM

Posted 03 July 2012 - 12:39 AM

here is that log

Farbar Recovery Scan Tool Version: 01-07-2012
Ran by SYSTEM at 2012-07-03 01:29:29
Running from F:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe
[2009-07-13 15:11] - [2009-07-13 17:14] - 0259072 ____A (Microsoft Corporation) 5F1B6A9C35D3D5CA72D6D6FDEF9747D6

C:\Windows\System32\services.exe
[2009-07-13 15:11] - [2012-07-02 19:28] - 0259072 ____A (Microsoft Corporation) A302BBFF2A7278C0E239EE5D471D86A9

=== End Of Search ===

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:40 AM

Posted 03 July 2012 - 12:48 AM

Hello

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flash drive as fixlist.txt

Replace: C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe C:\Windows\System32\services.exe
C:\Windows\Installer\{113d17c8-e906-f3d3-9307-f922880e6c7f}
C:\Users\zajacrc\AppData\Local\{113d17c8-e906-f3d3-9307-f922880e6c7f}


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flash drive (Fixlog.txt) please post it to your reply.

Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 zyyee

zyyee
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:40 AM

Posted 03 July 2012 - 01:01 AM

ok heres that log now

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 01-07-2012
Ran by SYSTEM at 2012-07-03 01:57:00 Run:1
Running from F:\

==============================================

C:\Windows\System32\services.exe moved successfully.
C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe copied successfully to C:\Windows\System32\services.exe
C:\Windows\Installer\{113d17c8-e906-f3d3-9307-f922880e6c7f} moved successfully.
C:\Users\zajacrc\AppData\Local\{113d17c8-e906-f3d3-9307-f922880e6c7f} moved successfully.

==== End of Fixlog ====

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:40 AM

Posted 03 July 2012 - 01:03 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 zyyee

zyyee
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:40 AM

Posted 03 July 2012 - 09:23 AM

ok so i ran combofix and now everything seems to be back to normal... Ive run a complete sweep of Mbam and then one of MSE an I think it is all gone now... here is the log though
Mbam came back with a few things it could easily remove and so did MSE... I redid the sweeps a second time and they now come back clean. Also now widows firewall can be turned on again.
there was no problems that ever occured following your directions.

ComboFix 12-07-02.01 - zajacrc 07/03/2012 2:09.1.8 - x86
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.1.1033.18.2981.1746 [GMT -4:00]
Running from: c:\users\zajacrc\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\users\zajacrc\AppData\Local\Temp\DAT6EF7.tmp.exe
c:\windows\Installer\{113d17c8-e906-f3d3-9307-f922880e6c7f}\@
c:\windows\Installer\{113d17c8-e906-f3d3-9307-f922880e6c7f}\n
c:\windows\Installer\{113d17c8-e906-f3d3-9307-f922880e6c7f}\U\00000001.@
c:\windows\Installer\{113d17c8-e906-f3d3-9307-f922880e6c7f}\U\80000000.@
c:\windows\Installer\{113d17c8-e906-f3d3-9307-f922880e6c7f}\U\800000cb.@
c:\windows\system32\html
c:\windows\system32\html\calendar.html
c:\windows\system32\html\calendarbottom.html
c:\windows\system32\html\calendartop.html
c:\windows\system32\html\crystalexportdialog.htm
c:\windows\system32\html\crystalprinthost.html
c:\windows\system32\images
c:\windows\system32\images\toolbar\calendar.gif
c:\windows\system32\images\toolbar\crlogo.gif
c:\windows\system32\images\toolbar\export.gif
c:\windows\system32\images\toolbar\export_over.gif
c:\windows\system32\images\toolbar\exportd.gif
c:\windows\system32\images\toolbar\First.gif
c:\windows\system32\images\toolbar\first_over.gif
c:\windows\system32\images\toolbar\Firstd.gif
c:\windows\system32\images\toolbar\gotopage.gif
c:\windows\system32\images\toolbar\gotopage_over.gif
c:\windows\system32\images\toolbar\gotopaged.gif
c:\windows\system32\images\toolbar\grouptree.gif
c:\windows\system32\images\toolbar\grouptree_over.gif
c:\windows\system32\images\toolbar\grouptreed.gif
c:\windows\system32\images\toolbar\grouptreepressed.gif
c:\windows\system32\images\toolbar\Last.gif
c:\windows\system32\images\toolbar\last_over.gif
c:\windows\system32\images\toolbar\Lastd.gif
c:\windows\system32\images\toolbar\Next.gif
c:\windows\system32\images\toolbar\next_over.gif
c:\windows\system32\images\toolbar\Nextd.gif
c:\windows\system32\images\toolbar\Prev.gif
c:\windows\system32\images\toolbar\prev_over.gif
c:\windows\system32\images\toolbar\Prevd.gif
c:\windows\system32\images\toolbar\print.gif
c:\windows\system32\images\toolbar\print_over.gif
c:\windows\system32\images\toolbar\printd.gif
c:\windows\system32\images\toolbar\Refresh.gif
c:\windows\system32\images\toolbar\refresh_over.gif
c:\windows\system32\images\toolbar\refreshd.gif
c:\windows\system32\images\toolbar\Search.gif
c:\windows\system32\images\toolbar\search_over.gif
c:\windows\system32\images\toolbar\searchd.gif
c:\windows\system32\images\toolbar\up.gif
c:\windows\system32\images\toolbar\up_over.gif
c:\windows\system32\images\toolbar\upd.gif
c:\windows\system32\images\tree\begindots.gif
c:\windows\system32\images\tree\beginminus.gif
c:\windows\system32\images\tree\beginplus.gif
c:\windows\system32\images\tree\blank.gif
c:\windows\system32\images\tree\blankdots.gif
c:\windows\system32\images\tree\dots.gif
c:\windows\system32\images\tree\lastdots.gif
c:\windows\system32\images\tree\lastminus.gif
c:\windows\system32\images\tree\lastplus.gif
c:\windows\system32\images\tree\Magnify.gif
c:\windows\system32\images\tree\minus.gif
c:\windows\system32\images\tree\minusbox.gif
c:\windows\system32\images\tree\plus.gif
c:\windows\system32\images\tree\plusbox.gif
c:\windows\system32\images\tree\singleminus.gif
c:\windows\system32\images\tree\singleplus.gif
.
.
((((((((((((((((((((((((( Files Created from 2012-06-03 to 2012-07-03 )))))))))))))))))))))))))))))))
.
.
2012-07-03 09:11 . 2012-07-03 09:11 -------- d-----w- C:\FRST
2012-07-03 06:22 . 2012-07-03 06:22 -------- d-----w- c:\users\zajacrc.ROSE-HULMAN\AppData\Local\temp
2012-07-03 06:22 . 2012-07-03 06:22 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-07-03 06:22 . 2012-07-03 06:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-03 06:22 . 2012-07-03 06:22 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-07-03 03:50 . 2012-07-03 03:50 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-07-03 03:24 . 2012-07-03 03:30 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-07-03 03:24 . 2012-07-03 03:24 -------- d-----w- c:\users\zajacrc\AppData\Roaming\Malwarebytes
2012-07-03 03:23 . 2012-07-03 03:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-03 03:23 . 2012-07-03 03:23 -------- d-----w- c:\programdata\Malwarebytes
2012-07-03 03:23 . 2012-04-04 19:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-20 03:50 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-20 03:50 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-20 03:50 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-20 03:50 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-20 03:50 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-20 03:50 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-20 03:50 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-20 03:50 . 2012-06-02 19:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-20 03:50 . 2012-06-02 19:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-16 01:08 . 2012-06-16 01:08 -------- d-----w- c:\users\zajacrc\AppData\Local\Macromedia
2012-06-14 04:41 . 2012-06-14 04:41 -------- d-----w- c:\users\zajacrc\AppData\Roaming\NVIDIA
2012-06-07 07:53 . 2012-06-07 07:53 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll
2012-06-07 07:53 . 2012-06-07 07:53 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-03 01:23 . 2012-04-13 07:02 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-03 01:23 . 2011-06-27 15:44 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-17 04:53 . 2011-08-29 16:14 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 12:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 12:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 12:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 12:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 12:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 12:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 12:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 12:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 12:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\zajacrc\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\zajacrc\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\zajacrc\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2011-10-22 3077528]
"Steam"="c:\program files\Steam\Steam.exe" [2011-12-30 1242448]
"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [2009-07-14 354304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-11-17 2307368]
"Communicator"="c:\program files\Microsoft Lync\communicator.exe" [2012-05-16 12098648]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"ForteConfig"="c:\program files\Conexant\ForteConfig\fmapp.exe" [2010-10-26 49568]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 1821576]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"ALCKRESI.EXE"="c:\program files\Lenovo\AutoLock\ALCKRESI.EXE" [2011-09-27 386408]
"TpShocks"="TpShocks.exe" [2011-03-29 337256]
"IMSS"="c:\program files\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" [2011-01-17 112152]
"NUSB3MON"="c:\program files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-12-14 316032]
"PWMTRV"="c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2012-01-23 1322048]
"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2012-01-16 44096]
"AcWin7Hlpr"="c:\program files\Lenovo\Access Connections\AcTBenabler.exe" [2011-10-20 33344]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-04 1246544]
"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2010-09-02 1638400]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"UVS10 Preload"="c:\program files\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe" [2006-08-09 36864]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-02-29 1634112]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-01-10 142616]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-01-10 177432]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-01-10 177944]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
.
c:\users\zajacrc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\zajacrc\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
WASTE.lnk - c:\program files\WASTE\WASTE.exe [2005-2-4 427008]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2011-10-17 898336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"disablecad"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi9"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1965730717-1486086910-2027319071-52134\Scripts\Logon\0\0]
"Script"=Students.bat
.
R2 HyperW7Svc;HyperW7 Service;c:\program files\Lenovo\RapidBoot\HyperW7Svc.exe [x]
R3 dmodusb;dmodusb;c:\windows\system32\DRIVERS\dmodusb.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 DozeSvc;Lenovo Doze Mode Service;c:\program files\ThinkPad\Utilities\DOZESVC.EXE [x]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 NETwNv32;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETwNv32.sys [x]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.EXE [x]
R3 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files\ThinkPad\Utilities\PWMEWSVC.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 ubloxusb;ubloxusb;c:\windows\system32\drivers\ubloxusb.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [x]
S0 DozeHDD;DozeHDD;c:\windows\System32\DRIVERS\DozeHDD.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM86.sys [x]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiif32.sys [x]
S1 nvkflt;nvkflt;c:\windows\system32\DRIVERS\nvkflt.sys [x]
S1 PHCORE;PHCORE;c:\program files\Lenovo\RapidBoot\PHCORE.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg32.exe [x]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [x]
S2 jhi_service;Intel® Identity Protection Technology Host Interface Service;c:\program files\Intel\Services\IPT\jhi_service.exe [x]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [x]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [x]
S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [x]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [x]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [x]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [x]
S2 risdxc;risdxc;c:\windows\system32\DRIVERS\risdxc86.sys [x]
S2 SAService;Conexant SmartAudio service;c:\windows\system32\SAsrv.exe [x]
S2 SROSVC;Screen Reading Optimizer Service Program;c:\program files\Lenovo\Screen Reading Optimizer\SROSVC.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [x]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys [x]
S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c6232.sys [x]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [x]
S3 LenovoRd;LenovoRd;c:\windows\system32\Drivers\LenovoRd.sys [x]
S3 MEI;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECI.sys [x]
S3 NETwNs32;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETwNs32.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HsfXAudioService REG_MULTI_SZ HsfXAudioService
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.rose-hulman.edu
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\zajacrc\AppData\Roaming\Mozilla\Firefox\Profiles\ugzptq25.default\
FF - prefs.js: browser.startup.homepage - hxxp://hupitgaming.com/
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(4192)
c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
c:\program files\TortoiseSVN\bin\TortoiseStub.dll
c:\program files\TortoiseSVN\bin\TortoiseSVN.dll
c:\program files\TortoiseSVN\bin\intl3_tsvn.dll
c:\users\zajacrc\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
c:\progra~1\MICROS~3\Office14\GROOVEEX.DLL
c:\program files\Lenovo\Access Connections\ACDeskBand.dll
c:\program files\Lenovo\Access Connections\AcLocSettings.dll
c:\program files\Lenovo\Access Connections\AcCryptHlpr.dll
c:\program files\Lenovo\Access Connections\ACHelper.dll
c:\program files\Lenovo\Access Connections\AcSvcStub.dll
c:\program files\ThinkPad\Utilities\PWMTR32V.DLL
c:\progra~1\ThinkPad\UTILIT~1\US\PWMRT32V.DLL
c:\progra~1\ThinkPad\UTILIT~1\PWMIF32V.DLL
c:\windows\system32\igfxexps.dll
c:\program files\ThinkPad\Bluetooth Software\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\program files\Lenovo\Access Connections\AcPrfMgrSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\ThinkPad\Bluetooth Software\btwdins.exe
c:\program files\Juniper Networks\Common Files\dsNcService.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Lenovo\Access Connections\AcSvc.exe
c:\progra~1\Lenovo\HOTKEY\tpnumlk.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\rundll32.exe
c:\progra~1\Lenovo\Zoom\TPSCREX.EXE
c:\progra~1\Lenovo\HOTKEY\TPONSCR.EXE
c:\windows\system32\WUDFHost.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\taskhost.exe
c:\progra~1\LENOVO\VIRTSCRL\virtscrl.exe
c:\windows\system32\rundll32.exe
c:\progra~1\Lenovo\HOTKEY\tpnumlkd.exe
c:\program files\NVIDIA Corporation\Display\nvtray.exe
c:\program files\Lenovo\Screen Reading Optimizer\SRORest.exe
c:\windows\system32\conhost.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\igfxext.exe
c:\program files\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Lenovo\System Update\SUService.exe
c:\program files\TortoiseSVN\bin\TSVNCache.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2012-07-03 02:33:17 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-03 06:33
.
Pre-Run: 101,676,249,088 bytes free
Post-Run: 102,159,962,112 bytes free
.
- - End Of File - - A6F1B825C8C852F9B20175330653D6EA

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:40 AM

Posted 03 July 2012 - 01:21 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 zyyee

zyyee
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:40 AM

Posted 03 July 2012 - 02:03 PM

ok here are the logs for those two scans there was no problems running them

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-03 14:35:56
-----------------------------
14:35:56.074 OS Version: Windows 6.1.7601 Service Pack 1
14:35:56.074 Number of processors: 8 586 0x2A07
14:35:56.074 ComputerName: ZAJACRC-1 UserName: zajacrc
14:35:57.061 Initialize success
14:37:01.026 AVAST engine defs: 12070300
14:37:46.893 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
14:37:46.895 Disk 0 Vendor: TOSHIBA_ MC10 Size: 305245MB BusType: 3
14:37:46.910 Disk 0 MBR read successfully
14:37:46.912 Disk 0 MBR scan
14:37:46.958 Disk 0 Windows 7 default MBR code
14:37:46.967 Disk 0 Partition 1 00 07 HPFS/NTFS NTFS 304932 MB offset 2048
14:37:47.018 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 300 MB offset 624502784
14:37:47.041 Disk 0 scanning sectors +625117184
14:37:47.120 Disk 0 scanning C:\Windows\system32\drivers
14:38:02.140 Service scanning
14:38:19.461 Service MpKsl91b53013 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{39A02A75-2DA3-4FF9-A393-264723969103}\MpKsl91b53013.sys **LOCKED** 32
14:38:44.636 Modules scanning
14:38:55.913 Disk 0 trace - called modules:
14:38:55.935 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll iaStor.sys
14:38:55.938 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x88419ac8]
14:38:55.942 3 CLASSPNP.SYS[8bbcb59e] -> nt!IofCallDriver -> [0x860e5868]
14:38:55.946 5 ACPI.sys[8b2c23d4] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x8609c028]
14:38:56.849 AVAST engine scan C:\Windows
14:39:00.631 AVAST engine scan C:\Windows\system32
14:42:35.505 AVAST engine scan C:\Windows\system32\drivers
14:42:52.256 AVAST engine scan C:\Users\zajacrc
14:49:57.296 AVAST engine scan C:\ProgramData
14:52:20.579 Scan finished successfully
15:01:20.586 Disk 0 MBR has been saved successfully to "E:\MBR.dat"
15:01:20.641 The log file has been saved successfully to "E:\aswMBR.txt"



14:32:03.0715 6108 TDSS rootkit removing tool 2.7.44.0 Jul 2 2012 20:01:08
14:32:04.0059 6108 ============================================================
14:32:04.0059 6108 Current date / time: 2012/07/03 14:32:04.0059
14:32:04.0059 6108 SystemInfo:
14:32:04.0059 6108
14:32:04.0060 6108 OS Version: 6.1.7601 ServicePack: 1.0
14:32:04.0060 6108 Product type: Workstation
14:32:04.0060 6108 ComputerName: ZAJACRC-1
14:32:04.0060 6108 UserName: zajacrc
14:32:04.0060 6108 Windows directory: C:\Windows
14:32:04.0060 6108 System windows directory: C:\Windows
14:32:04.0060 6108 Processor architecture: Intel x86
14:32:04.0060 6108 Number of processors: 8
14:32:04.0060 6108 Page size: 0x1000
14:32:04.0060 6108 Boot type: Normal boot
14:32:04.0060 6108 ============================================================
14:32:04.0650 6108 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
14:32:14.0025 6108 Drive \Device\Harddisk1\DR1 - Size: 0x1D1C0F00000 (1863.01 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
14:32:14.0028 6108 Drive \Device\Harddisk2\DR2 - Size: 0x3D800000 (0.96 Gb), SectorSize: 0x200, Cylinders: 0x7D, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
14:32:14.0029 6108 ============================================================
14:32:14.0029 6108 \Device\Harddisk0\DR0:
14:32:14.0075 6108 MBR partitions:
14:32:14.0075 6108 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x25392000
14:32:14.0075 6108 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x25392800, BlocksNum 0x96000
14:32:14.0075 6108 \Device\Harddisk1\DR1:
14:32:14.0076 6108 MBR partitions:
14:32:14.0076 6108 \Device\Harddisk1\DR1\Partition0: MBR, Type 0xC, StartLBA 0x800, BlocksNum 0xE8E07000
14:32:14.0076 6108 \Device\Harddisk2\DR2:
14:32:14.0076 6108 MBR partitions:
14:32:14.0076 6108 \Device\Harddisk2\DR2\Partition0: MBR, Type 0xE, StartLBA 0x20, BlocksNum 0x1EBFE0
14:32:14.0076 6108 ============================================================
14:32:14.0118 6108 C: <-> \Device\Harddisk0\DR0\Partition0
14:32:14.0118 6108 F: <-> \Device\Harddisk1\DR1\Partition0
14:32:14.0118 6108 ============================================================
14:32:14.0118 6108 Initialize success
14:32:14.0118 6108 ============================================================
14:32:25.0596 5876 ============================================================
14:32:25.0596 5876 Scan started
14:32:25.0596 5876 Mode: Manual;
14:32:25.0596 5876 ============================================================
14:32:25.0971 5876 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\DRIVERS\1394ohci.sys
14:32:25.0974 5876 1394ohci - ok
14:32:26.0032 5876 5U877 (1875f492c399db858e77c1b29366d54b) C:\Windows\system32\DRIVERS\5U877.sys
14:32:26.0034 5876 5U877 - ok
14:32:26.0089 5876 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
14:32:26.0093 5876 ACPI - ok
14:32:26.0126 5876 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
14:32:26.0127 5876 AcpiPmi - ok
14:32:26.0245 5876 AcPrfMgrSvc (1933db4808793f3bd7ab34a39a809425) C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe
14:32:26.0247 5876 AcPrfMgrSvc - ok
14:32:26.0291 5876 AcSvc (e7af543334b21d84124709061a9ae4d7) C:\Program Files\Lenovo\Access Connections\AcSvc.exe
14:32:26.0294 5876 AcSvc - ok
14:32:26.0387 5876 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
14:32:26.0388 5876 AdobeARMservice - ok
14:32:26.0457 5876 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\drivers\adp94xx.sys
14:32:26.0462 5876 adp94xx - ok
14:32:26.0507 5876 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\drivers\adpahci.sys
14:32:26.0511 5876 adpahci - ok
14:32:26.0548 5876 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\drivers\adpu320.sys
14:32:26.0550 5876 adpu320 - ok
14:32:26.0581 5876 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
14:32:26.0582 5876 AeLookupSvc - ok
14:32:26.0625 5876 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
14:32:26.0628 5876 AFD - ok
14:32:26.0661 5876 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
14:32:26.0662 5876 agp440 - ok
14:32:26.0694 5876 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\drivers\djsvs.sys
14:32:26.0696 5876 aic78xx - ok
14:32:26.0731 5876 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
14:32:26.0732 5876 ALG - ok
14:32:26.0776 5876 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
14:32:26.0777 5876 aliide - ok
14:32:26.0781 5876 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
14:32:26.0782 5876 amdagp - ok
14:32:26.0793 5876 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
14:32:26.0795 5876 amdide - ok
14:32:26.0827 5876 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\drivers\amdk8.sys
14:32:26.0828 5876 AmdK8 - ok
14:32:26.0833 5876 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\drivers\amdppm.sys
14:32:26.0834 5876 AmdPPM - ok
14:32:26.0873 5876 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
14:32:26.0875 5876 amdsata - ok
14:32:26.0894 5876 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\drivers\amdsbs.sys
14:32:26.0897 5876 amdsbs - ok
14:32:26.0919 5876 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
14:32:26.0920 5876 amdxata - ok
14:32:26.0937 5876 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
14:32:26.0938 5876 AppID - ok
14:32:26.0980 5876 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
14:32:26.0981 5876 AppIDSvc - ok
14:32:26.0994 5876 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
14:32:26.0996 5876 Appinfo - ok
14:32:27.0120 5876 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:32:27.0123 5876 Apple Mobile Device - ok
14:32:27.0158 5876 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
14:32:27.0160 5876 AppMgmt - ok
14:32:27.0183 5876 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\drivers\arc.sys
14:32:27.0184 5876 arc - ok
14:32:27.0216 5876 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\drivers\arcsas.sys
14:32:27.0218 5876 arcsas - ok
14:32:27.0299 5876 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
14:32:27.0314 5876 aspnet_state - ok
14:32:27.0332 5876 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
14:32:27.0333 5876 AsyncMac - ok
14:32:27.0377 5876 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
14:32:27.0378 5876 atapi - ok
14:32:27.0448 5876 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
14:32:27.0453 5876 AudioEndpointBuilder - ok
14:32:27.0458 5876 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
14:32:27.0462 5876 Audiosrv - ok
14:32:27.0492 5876 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
14:32:27.0494 5876 AxInstSV - ok
14:32:27.0555 5876 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\drivers\bxvbdx.sys
14:32:27.0561 5876 b06bdrv - ok
14:32:27.0583 5876 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
14:32:27.0586 5876 b57nd60x - ok
14:32:27.0611 5876 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
14:32:27.0612 5876 BDESVC - ok
14:32:27.0620 5876 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
14:32:27.0621 5876 Beep - ok
14:32:27.0697 5876 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
14:32:27.0703 5876 BFE - ok
14:32:27.0729 5876 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
14:32:27.0730 5876 blbdrive - ok
14:32:27.0838 5876 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
14:32:27.0843 5876 Bonjour Service - ok
14:32:27.0869 5876 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
14:32:27.0871 5876 bowser - ok
14:32:27.0908 5876 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\BrFiltLo.sys
14:32:27.0909 5876 BrFiltLo - ok
14:32:27.0925 5876 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\BrFiltUp.sys
14:32:27.0927 5876 BrFiltUp - ok
14:32:27.0968 5876 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
14:32:27.0970 5876 BridgeMP - ok
14:32:28.0009 5876 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
14:32:28.0011 5876 Browser - ok
14:32:28.0038 5876 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
14:32:28.0041 5876 Brserid - ok
14:32:28.0059 5876 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
14:32:28.0060 5876 BrSerWdm - ok
14:32:28.0087 5876 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
14:32:28.0088 5876 BrUsbMdm - ok
14:32:28.0099 5876 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
14:32:28.0100 5876 BrUsbSer - ok
14:32:28.0145 5876 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\DRIVERS\BthEnum.sys
14:32:28.0146 5876 BthEnum - ok
14:32:28.0160 5876 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
14:32:28.0161 5876 BTHMODEM - ok
14:32:28.0185 5876 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
14:32:28.0186 5876 BthPan - ok
14:32:28.0254 5876 BTHPORT (c2fbf6d271d9a94d839c416bf186ead9) C:\Windows\system32\Drivers\BTHport.sys
14:32:28.0258 5876 BTHPORT - ok
14:32:28.0310 5876 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
14:32:28.0311 5876 bthserv - ok
14:32:28.0319 5876 BTHUSB (c81e9413a25a439f436b1d4b6a0cf9e9) C:\Windows\system32\Drivers\BTHUSB.sys
14:32:28.0320 5876 BTHUSB - ok
14:32:28.0385 5876 BTWAMPFL (390946c125c045bd548cd66354607eb6) C:\Windows\system32\DRIVERS\btwampfl.sys
14:32:28.0390 5876 BTWAMPFL - ok
14:32:28.0424 5876 btwaudio (8b9cf1270a03571a16087e6c5dfa14ef) C:\Windows\system32\drivers\btwaudio.sys
14:32:28.0426 5876 btwaudio - ok
14:32:28.0456 5876 btwavdt (a795563474129cfeb3d64988e68f8607) C:\Windows\system32\DRIVERS\btwavdt.sys
14:32:28.0458 5876 btwavdt - ok
14:32:28.0593 5876 btwdins (432d888eef8de36d4ed7005136021cf7) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
14:32:28.0601 5876 btwdins - ok
14:32:28.0620 5876 btwl2cap (53f0edc6faf9ce6c5e53ee7ef8d411c0) C:\Windows\system32\DRIVERS\btwl2cap.sys
14:32:28.0621 5876 btwl2cap - ok
14:32:28.0656 5876 btwrchid (772f7672f4c0bcc6085b2ac511cdc335) C:\Windows\system32\DRIVERS\btwrchid.sys
14:32:28.0657 5876 btwrchid - ok
14:32:28.0777 5876 catchme - ok
14:32:28.0805 5876 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
14:32:28.0807 5876 cdfs - ok
14:32:28.0844 5876 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
14:32:28.0846 5876 cdrom - ok
14:32:28.0895 5876 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
14:32:28.0896 5876 CertPropSvc - ok
14:32:28.0912 5876 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\drivers\circlass.sys
14:32:28.0913 5876 circlass - ok
14:32:28.0950 5876 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
14:32:28.0953 5876 CLFS - ok
14:32:29.0027 5876 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:32:29.0029 5876 clr_optimization_v2.0.50727_32 - ok
14:32:30.0250 5876 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:32:30.0308 5876 clr_optimization_v4.0.30319_32 - ok
14:32:30.0369 5876 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
14:32:30.0370 5876 CmBatt - ok
14:32:30.0384 5876 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
14:32:30.0385 5876 cmdide - ok
14:32:30.0484 5876 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
14:32:30.0489 5876 CNG - ok
14:32:30.0600 5876 CnxtHdAudService (c8603c5c58c6a0c6fedff6dcef7e1e47) C:\Windows\system32\drivers\CHDRT32.sys
14:32:30.0615 5876 CnxtHdAudService - ok
14:32:30.0729 5876 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\drivers\compbatt.sys
14:32:30.0730 5876 Compbatt - ok
14:32:30.0753 5876 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\DRIVERS\CompositeBus.sys
14:32:30.0754 5876 CompositeBus - ok
14:32:30.0770 5876 COMSysApp - ok
14:32:30.0846 5876 cphs (085d4e5714bc641286c43239e8cb267f) C:\Windows\system32\IntelCpHeciSvc.exe
14:32:30.0849 5876 cphs - ok
14:32:30.0866 5876 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\drivers\crcdisk.sys
14:32:30.0868 5876 crcdisk - ok
14:32:30.0922 5876 CryptSvc (06e771aa596b8761107ab57e99f128d7) C:\Windows\system32\cryptsvc.dll
14:32:30.0924 5876 CryptSvc - ok
14:32:30.0951 5876 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
14:32:30.0956 5876 CSC - ok
14:32:31.0013 5876 CscService (15f93b37f6801943360d9eb42485d5d3) C:\Windows\System32\cscsvc.dll
14:32:31.0019 5876 CscService - ok
14:32:31.0082 5876 CxAudMsg (a4e503ce89cd1287892cb6ab58bbe75c) C:\Windows\system32\CxAudMsg32.exe
14:32:31.0084 5876 CxAudMsg - ok
14:32:31.0152 5876 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
14:32:31.0158 5876 DcomLaunch - ok
14:32:31.0202 5876 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
14:32:31.0205 5876 defragsvc - ok
14:32:31.0263 5876 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
14:32:31.0265 5876 DfsC - ok
14:32:31.0306 5876 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
14:32:31.0308 5876 Dhcp - ok
14:32:31.0326 5876 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
14:32:31.0326 5876 discache - ok
14:32:31.0355 5876 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\drivers\disk.sys
14:32:31.0356 5876 Disk - ok
14:32:31.0401 5876 dmodusb (c075bb113693fa7b00cb25bfd1d824c7) C:\Windows\system32\DRIVERS\dmodusb.sys
14:32:31.0412 5876 dmodusb - ok
14:32:31.0431 5876 dmvsc (2a958ef85db1b61ffca65044fa4bce9e) C:\Windows\system32\drivers\dmvsc.sys
14:32:31.0433 5876 dmvsc - ok
14:32:31.0481 5876 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
14:32:31.0483 5876 Dnscache - ok
14:32:31.0504 5876 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
14:32:31.0507 5876 dot3svc - ok
14:32:31.0564 5876 DozeHDD (6d279bb0de1d8e34f454e1b353f4d738) C:\Windows\system32\DRIVERS\DozeHDD.sys
14:32:31.0565 5876 DozeHDD - ok
14:32:31.0654 5876 DozeSvc (01e2180c3d72cb0adcc43fb83d18942a) C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE
14:32:31.0658 5876 DozeSvc - ok
14:32:31.0681 5876 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
14:32:31.0683 5876 DPS - ok
14:32:31.0725 5876 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
14:32:31.0726 5876 drmkaud - ok
14:32:31.0756 5876 dsNcAdpt (b2c3f71b86e25c3df78339ddb40a7562) C:\Windows\system32\DRIVERS\dsNcAdpt.sys
14:32:31.0758 5876 dsNcAdpt - ok
14:32:31.0820 5876 dsNcService (b9750c064b43c7a3bbc8a74f1127aa4e) C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
14:32:31.0827 5876 dsNcService - ok
14:32:31.0886 5876 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
14:32:31.0894 5876 DXGKrnl - ok
14:32:31.0946 5876 e1cexpress (1bd726a72df3eab9cb0fd396304ec1fb) C:\Windows\system32\DRIVERS\e1c6232.sys
14:32:31.0949 5876 e1cexpress - ok
14:32:31.0979 5876 E1G60 (22ef8965101685add128f03a2b03ce16) C:\Windows\system32\DRIVERS\E1G60I32.sys
14:32:31.0980 5876 E1G60 - ok
14:32:32.0034 5876 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
14:32:32.0036 5876 EapHost - ok
14:32:32.0195 5876 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\drivers\evbdx.sys
14:32:32.0229 5876 ebdrv - ok
14:32:32.0333 5876 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
14:32:32.0335 5876 EFS - ok
14:32:32.0401 5876 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
14:32:32.0432 5876 ehRecvr - ok
14:32:32.0444 5876 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
14:32:32.0463 5876 ehSched - ok
14:32:32.0540 5876 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\drivers\elxstor.sys
14:32:32.0545 5876 elxstor - ok
14:32:32.0598 5876 emAudio (7f2bda1b3effd16b1d155e58176f02c8) C:\Windows\system32\drivers\emAudio.sys
14:32:32.0599 5876 emAudio - ok
14:32:32.0615 5876 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
14:32:32.0616 5876 ErrDev - ok
14:32:32.0685 5876 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
14:32:32.0688 5876 EventSystem - ok
14:32:32.0863 5876 EvtEng (67faad0a3c1257646e2b6c5027db6193) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
14:32:32.0873 5876 EvtEng - ok
14:32:33.0005 5876 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
14:32:33.0007 5876 exfat - ok
14:32:33.0027 5876 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
14:32:33.0029 5876 fastfat - ok
14:32:33.0105 5876 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
14:32:33.0112 5876 Fax - ok
14:32:33.0130 5876 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\drivers\fdc.sys
14:32:33.0131 5876 fdc - ok
14:32:33.0162 5876 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
14:32:33.0163 5876 fdPHost - ok
14:32:33.0175 5876 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
14:32:33.0177 5876 FDResPub - ok
14:32:33.0193 5876 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
14:32:33.0194 5876 FileInfo - ok
14:32:33.0198 5876 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
14:32:33.0199 5876 Filetrace - ok
14:32:33.0212 5876 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\drivers\flpydisk.sys
14:32:33.0213 5876 flpydisk - ok
14:32:33.0252 5876 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
14:32:33.0254 5876 FltMgr - ok
14:32:33.0301 5876 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
14:32:33.0310 5876 FontCache - ok
14:32:33.0358 5876 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
14:32:33.0358 5876 FontCache3.0.0.0 - ok
14:32:33.0397 5876 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
14:32:33.0398 5876 FsDepends - ok
14:32:33.0419 5876 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys
14:32:33.0420 5876 Fs_Rec - ok
14:32:33.0457 5876 FTDIBUS (8142d5d886829b9876cb93af59475c09) C:\Windows\system32\drivers\ftdibus.sys
14:32:33.0458 5876 FTDIBUS - ok
14:32:33.0463 5876 FTSER2K (63d72a4cf9f163b59db0ceed940a7d76) C:\Windows\system32\drivers\ftser2k.sys
14:32:33.0465 5876 FTSER2K - ok
14:32:33.0489 5876 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
14:32:33.0491 5876 fvevol - ok
14:32:33.0515 5876 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\drivers\gagp30kx.sys
14:32:33.0517 5876 gagp30kx - ok
14:32:33.0571 5876 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
14:32:33.0572 5876 GEARAspiWDM - ok
14:32:33.0629 5876 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
14:32:33.0636 5876 gpsvc - ok
14:32:33.0679 5876 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
14:32:33.0681 5876 hcw85cir - ok
14:32:33.0734 5876 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
14:32:33.0738 5876 HdAudAddService - ok
14:32:33.0770 5876 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\DRIVERS\HDAudBus.sys
14:32:33.0772 5876 HDAudBus - ok
14:32:33.0775 5876 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\drivers\HidBatt.sys
14:32:33.0776 5876 HidBatt - ok
14:32:33.0791 5876 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\drivers\hidbth.sys
14:32:33.0799 5876 HidBth - ok
14:32:33.0817 5876 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\drivers\hidir.sys
14:32:33.0819 5876 HidIr - ok
14:32:33.0840 5876 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\System32\hidserv.dll
14:32:33.0842 5876 hidserv - ok
14:32:33.0884 5876 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
14:32:33.0885 5876 HidUsb - ok
14:32:33.0922 5876 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
14:32:33.0924 5876 hkmsvc - ok
14:32:33.0942 5876 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
14:32:33.0945 5876 HomeGroupListener - ok
14:32:33.0999 5876 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
14:32:34.0002 5876 HomeGroupProvider - ok
14:32:34.0053 5876 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
14:32:34.0055 5876 HpSAMD - ok
14:32:34.0101 5876 HsfXAudioService (bfbdbca42710795c4446c54243970fd1) C:\Windows\system32\XAudio32.dll
14:32:34.0107 5876 HsfXAudioService - ok
14:32:34.0195 5876 HSF_DPV (caaa4433360fd337cf68a1b0719f9cc1) C:\Windows\system32\DRIVERS\HSX_DPV.sys
14:32:34.0207 5876 HSF_DPV - ok
14:32:34.0230 5876 HSXHWAZL (cb049fa2ce718f7468be50f3d7192370) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
14:32:34.0233 5876 HSXHWAZL - ok
14:32:34.0265 5876 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
14:32:34.0271 5876 HTTP - ok
14:32:34.0278 5876 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
14:32:34.0278 5876 hwpolicy - ok
14:32:34.0391 5876 HyperW7Svc (724442fe4a3e9edc15fc6ba329ecddb7) C:\Program Files\Lenovo\RapidBoot\HyperW7Svc.exe
14:32:34.0393 5876 HyperW7Svc - ok
14:32:34.0448 5876 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
14:32:34.0450 5876 i8042prt - ok
14:32:34.0500 5876 iaStor (287fd6be9a9938f103789ce0267b7980) C:\Windows\system32\drivers\iaStor.sys
14:32:34.0502 5876 iaStor - ok
14:32:34.0530 5876 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
14:32:34.0534 5876 iaStorV - ok
14:32:34.0585 5876 IBMPMDRV (e3ffc8cb45b3f55264ee10f084b2731b) C:\Windows\system32\DRIVERS\ibmpmdrv.sys
14:32:34.0587 5876 IBMPMDRV - ok
14:32:34.0607 5876 IBMPMSVC (5565982522ee9d4e8921feb304d4226f) C:\Windows\system32\ibmpmsvc.exe
14:32:34.0609 5876 IBMPMSVC - ok
14:32:34.0716 5876 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
14:32:34.0727 5876 idsvc - ok
14:32:35.0452 5876 igfx (0feb90f92a8ab77a7e5e6ba052138351) C:\Windows\system32\DRIVERS\igdkmd32.sys
14:32:35.0723 5876 igfx - ok
14:32:35.0863 5876 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\drivers\iirsp.sys
14:32:35.0864 5876 iirsp - ok
14:32:35.0936 5876 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
14:32:35.0943 5876 IKEEXT - ok
14:32:35.0996 5876 intaud_WaveExtensible (fd41daa6063dd7f292a943aa92acfea6) C:\Windows\system32\drivers\intelaud.sys
14:32:36.0007 5876 intaud_WaveExtensible - ok
14:32:36.0033 5876 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
14:32:36.0034 5876 intelide - ok
14:32:36.0061 5876 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
14:32:36.0062 5876 intelppm - ok
14:32:36.0078 5876 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
14:32:36.0080 5876 IPBusEnum - ok
14:32:36.0104 5876 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:32:36.0105 5876 IpFilterDriver - ok
14:32:36.0174 5876 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
14:32:36.0180 5876 iphlpsvc - ok
14:32:36.0205 5876 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
14:32:36.0206 5876 IPMIDRV - ok
14:32:36.0214 5876 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
14:32:36.0216 5876 IPNAT - ok
14:32:36.0323 5876 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
14:32:36.0331 5876 iPod Service - ok
14:32:36.0348 5876 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
14:32:36.0349 5876 IRENUM - ok
14:32:36.0380 5876 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
14:32:36.0382 5876 isapnp - ok
14:32:36.0407 5876 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
14:32:36.0410 5876 iScsiPrt - ok
14:32:36.0452 5876 iwdbus (7bbeee55c44955616eb6afb398f39daa) C:\Windows\system32\DRIVERS\iwdbus.sys
14:32:36.0461 5876 iwdbus - ok
14:32:36.0557 5876 jhi_service (6faf199fdffdd2376973143c3e012765) C:\Program Files\Intel\Services\IPT\jhi_service.exe
14:32:36.0558 5876 jhi_service - ok
14:32:36.0592 5876 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
14:32:36.0593 5876 kbdclass - ok
14:32:36.0626 5876 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys
14:32:36.0627 5876 kbdhid - ok
14:32:36.0674 5876 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
14:32:36.0675 5876 KeyIso - ok
14:32:36.0686 5876 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
14:32:36.0687 5876 KSecDD - ok
14:32:36.0700 5876 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
14:32:36.0702 5876 KSecPkg - ok
14:32:36.0753 5876 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
14:32:36.0757 5876 KtmRm - ok
14:32:36.0818 5876 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\System32\srvsvc.dll
14:32:36.0822 5876 LanmanServer - ok
14:32:36.0836 5876 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
14:32:36.0839 5876 LanmanWorkstation - ok
14:32:36.0903 5876 LENOVO.CAMMUTE (a4973df3264791952d6d7ab56565dd55) C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
14:32:36.0904 5876 LENOVO.CAMMUTE - ok
14:32:36.0959 5876 LENOVO.MICMUTE (340288b3b2edc8afd5ff127df85142a7) C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
14:32:36.0961 5876 LENOVO.MICMUTE - ok
14:32:36.0985 5876 lenovo.smi (9aac267a225f3caebb9e633f7eb16e4b) C:\Windows\system32\DRIVERS\smiif32.sys
14:32:36.0987 5876 lenovo.smi - ok
14:32:37.0022 5876 LENOVO.TPKNRSVC (05d72de005be625ce60ce3be4fab9714) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
14:32:37.0023 5876 LENOVO.TPKNRSVC - ok
14:32:37.0031 5876 Lenovo.VIRTSCRLSVC (158b67696ec8602ce71f9aa4f14aa96f) C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
14:32:37.0032 5876 Lenovo.VIRTSCRLSVC - ok
14:32:37.0088 5876 LenovoRd (bc5bfed7dbea82fc3daa7fe16177ecbe) C:\Windows\system32\Drivers\LenovoRd.sys
14:32:37.0089 5876 LenovoRd - ok
14:32:37.0148 5876 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
14:32:37.0150 5876 lltdio - ok
14:32:37.0193 5876 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
14:32:37.0196 5876 lltdsvc - ok
14:32:37.0215 5876 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
14:32:37.0217 5876 lmhosts - ok
14:32:37.0320 5876 LMS (97f9eaac985a663394cd8f54dcd3e73a) C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
14:32:37.0324 5876 LMS - ok
14:32:37.0366 5876 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\drivers\lsi_fc.sys
14:32:37.0368 5876 LSI_FC - ok
14:32:37.0373 5876 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\drivers\lsi_sas.sys
14:32:37.0374 5876 LSI_SAS - ok
14:32:37.0408 5876 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\drivers\lsi_sas2.sys
14:32:37.0409 5876 LSI_SAS2 - ok
14:32:37.0427 5876 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\drivers\lsi_scsi.sys
14:32:37.0429 5876 LSI_SCSI - ok
14:32:37.0467 5876 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
14:32:37.0468 5876 luafv - ok
14:32:37.0504 5876 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
14:32:37.0506 5876 Mcx2Svc - ok
14:32:37.0545 5876 mdmxsdk (a027de1e6c11bd2daf61f6f276b2299f) C:\Windows\system32\DRIVERS\mdmxsdk.sys
14:32:37.0546 5876 mdmxsdk - ok
14:32:37.0563 5876 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\drivers\megasas.sys
14:32:37.0564 5876 megasas - ok
14:32:37.0606 5876 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\drivers\MegaSR.sys
14:32:37.0609 5876 MegaSR - ok
14:32:37.0665 5876 MEI (d86ac00883b9c98b570e7643aaf8e554) C:\Windows\system32\DRIVERS\HECI.sys
14:32:37.0667 5876 MEI - ok
14:32:37.0740 5876 Microsoft SharePoint Workspace Audit Service - ok
14:32:37.0773 5876 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
14:32:37.0775 5876 MMCSS - ok
14:32:37.0784 5876 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
14:32:37.0785 5876 Modem - ok
14:32:37.0826 5876 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
14:32:37.0826 5876 monitor - ok
14:32:37.0837 5876 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
14:32:37.0838 5876 mouclass - ok
14:32:37.0860 5876 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
14:32:37.0861 5876 mouhid - ok
14:32:37.0888 5876 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
14:32:37.0889 5876 mountmgr - ok
14:32:37.0980 5876 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
14:32:37.0982 5876 MozillaMaintenance - ok
14:32:38.0049 5876 MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\Windows\system32\DRIVERS\MpFilter.sys
14:32:38.0051 5876 MpFilter - ok
14:32:38.0088 5876 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
14:32:38.0090 5876 mpio - ok
14:32:38.0221 5876 MpKsl0aa8c831 (a69630d039c38018689190234f866d77) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{39A02A75-2DA3-4FF9-A393-264723969103}\MpKsl0aa8c831.sys
14:32:38.0234 5876 MpKsl0aa8c831 - ok
14:32:38.0270 5876 MpKsl91b53013 (a69630d039c38018689190234f866d77) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{39A02A75-2DA3-4FF9-A393-264723969103}\MpKsl91b53013.sys
14:32:38.0271 5876 MpKsl91b53013 - ok
14:32:38.0290 5876 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
14:32:38.0291 5876 mpsdrv - ok
14:32:38.0367 5876 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
14:32:38.0374 5876 MpsSvc - ok
14:32:38.0418 5876 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
14:32:38.0420 5876 MRxDAV - ok
14:32:38.0453 5876 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:32:38.0455 5876 mrxsmb - ok
14:32:38.0497 5876 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:32:38.0499 5876 mrxsmb10 - ok
14:32:38.0511 5876 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:32:38.0513 5876 mrxsmb20 - ok
14:32:38.0551 5876 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
14:32:38.0552 5876 msahci - ok
14:32:38.0571 5876 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
14:32:38.0573 5876 msdsm - ok
14:32:38.0606 5876 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
14:32:38.0609 5876 MSDTC - ok
14:32:38.0638 5876 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
14:32:38.0639 5876 Msfs - ok
14:32:38.0674 5876 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
14:32:38.0675 5876 mshidkmdf - ok
14:32:38.0688 5876 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
14:32:38.0689 5876 msisadrv - ok
14:32:38.0736 5876 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
14:32:38.0738 5876 MSiSCSI - ok
14:32:38.0741 5876 msiserver - ok
14:32:38.0764 5876 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
14:32:38.0765 5876 MSKSSRV - ok
14:32:38.0864 5876 MsMpSvc (24516bf4e12a46cb67302e2cdcb8cddf) c:\Program Files\Microsoft Security Client\MsMpEng.exe
14:32:38.0864 5876 MsMpSvc - ok
14:32:38.0867 5876 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
14:32:38.0868 5876 MSPCLOCK - ok
14:32:38.0883 5876 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
14:32:38.0884 5876 MSPQM - ok
14:32:38.0908 5876 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
14:32:38.0911 5876 MsRPC - ok
14:32:38.0942 5876 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
14:32:38.0943 5876 mssmbios - ok
14:32:38.0994 5876 MSSQL$SQLEXPRESS - ok
14:32:39.0043 5876 MSSQLServerADHelper100 (f1761c8fb2b25a32c6d63e36bb88c3ae) c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
14:32:39.0045 5876 MSSQLServerADHelper100 - ok
14:32:39.0070 5876 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
14:32:39.0071 5876 MSTEE - ok
14:32:39.0085 5876 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\drivers\MTConfig.sys
14:32:39.0086 5876 MTConfig - ok
14:32:39.0106 5876 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
14:32:39.0108 5876 Mup - ok
14:32:39.0173 5876 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
14:32:39.0177 5876 napagent - ok
14:32:39.0242 5876 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
14:32:39.0245 5876 NativeWifiP - ok
14:32:39.0313 5876 NDIS (3723262737d90f58059ceda7373b0387) C:\Windows\system32\drivers\ndis.sys
14:32:39.0320 5876 NDIS - ok
14:32:39.0351 5876 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
14:32:39.0352 5876 NdisCap - ok
14:32:39.0364 5876 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
14:32:39.0365 5876 NdisTapi - ok
14:32:39.0390 5876 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
14:32:39.0391 5876 Ndisuio - ok
14:32:39.0404 5876 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
14:32:39.0406 5876 NdisWan - ok
14:32:39.0433 5876 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
14:32:39.0434 5876 NDProxy - ok
14:32:39.0486 5876 Net Driver HPZ12 (69c503c004f49aee8b8e3067cc047ba7) C:\Windows\system32\HPZinw12.dll
14:32:39.0488 5876 Net Driver HPZ12 - ok
14:32:39.0511 5876 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
14:32:39.0512 5876 NetBIOS - ok
14:32:39.0535 5876 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
14:32:39.0537 5876 NetBT - ok
14:32:39.0574 5876 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
14:32:39.0575 5876 Netlogon - ok
14:32:39.0635 5876 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
14:32:39.0639 5876 Netman - ok
14:32:39.0715 5876 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
14:32:39.0717 5876 NetMsmqActivator - ok
14:32:39.0727 5876 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
14:32:39.0728 5876 NetPipeActivator - ok
14:32:39.0758 5876 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
14:32:39.0762 5876 netprofm - ok
14:32:39.0778 5876 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
14:32:39.0779 5876 NetTcpActivator - ok
14:32:39.0781 5876 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
14:32:39.0781 5876 NetTcpPortSharing - ok
14:32:40.0121 5876 NETwNs32 (6de8d8d6e23f42d819eae39fa3f6f31d) C:\Windows\system32\DRIVERS\NETwNs32.sys
14:32:40.0187 5876 NETwNs32 - ok
14:32:40.0624 5876 NETwNv32 (eed5470b625109fbe3d585dff2a7f265) C:\Windows\system32\DRIVERS\NETwNv32.sys
14:32:40.0719 5876 NETwNv32 - ok
14:32:40.0851 5876 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\drivers\nfrd960.sys
14:32:40.0853 5876 nfrd960 - ok
14:32:40.0900 5876 NisDrv (b52f26bade7d7e4a79706e3fd91834cd) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
14:32:40.0901 5876 NisDrv - ok
14:32:40.0993 5876 NisSrv (290c0d4c4889398797f8df3be00b9698) c:\Program Files\Microsoft Security Client\NisSrv.exe
14:32:40.0996 5876 NisSrv - ok
14:32:41.0041 5876 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
14:32:41.0044 5876 NlaSvc - ok
14:32:41.0098 5876 NPF (b9730495e0cf674680121e34bd95a73b) C:\Windows\system32\drivers\npf.sys
14:32:41.0099 5876 NPF - ok
14:32:41.0126 5876 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
14:32:41.0128 5876 Npfs - ok
14:32:41.0155 5876 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
14:32:41.0157 5876 nsi - ok
14:32:41.0193 5876 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
14:32:41.0193 5876 nsiproxy - ok
14:32:41.0263 5876 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
14:32:41.0274 5876 Ntfs - ok
14:32:41.0361 5876 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
14:32:41.0362 5876 Null - ok
14:32:41.0404 5876 nusb3hub (f0cbf252811bc5fc49e7ecca3ee9519f) C:\Windows\system32\DRIVERS\nusb3hub.sys
14:32:41.0405 5876 nusb3hub - ok
14:32:41.0439 5876 nusb3xhc (bdc5ff9b669b5475e3a6e47e5608205c) C:\Windows\system32\DRIVERS\nusb3xhc.sys
14:32:41.0441 5876 nusb3xhc - ok
14:32:41.0494 5876 NVHDA (3d7fb57354703809b5f0c23287fac1d6) C:\Windows\system32\drivers\nvhda32v.sys
14:32:41.0496 5876 NVHDA - ok
14:32:41.0532 5876 nvkflt (9487b4ad803ea1d20d8b3772c715e362) C:\Windows\system32\DRIVERS\nvkflt.sys
14:32:41.0534 5876 nvkflt - ok
14:32:41.0967 5876 nvlddmkm (e891b3979f0cf2740c1b073f834221fe) C:\Windows\system32\DRIVERS\nvlddmkm.sys
14:32:42.0060 5876 nvlddmkm - ok
14:32:42.0184 5876 nvpciflt (15014e905e7e4a26182bb3ff8b662b1d) C:\Windows\system32\DRIVERS\nvpciflt.sys
14:32:42.0185 5876 nvpciflt - ok
14:32:42.0232 5876 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
14:32:42.0233 5876 nvraid - ok
14:32:42.0242 5876 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
14:32:42.0244 5876 nvstor - ok
14:32:42.0322 5876 NVSvc (ae2de8e165dcb93a66b21748e6f913df) C:\Windows\system32\nvvsvc.exe
14:32:42.0328 5876 NVSvc - ok
14:32:42.0537 5876 nvUpdatusService (c78581c14699c46fe0f0817416383134) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
14:32:42.0556 5876 nvUpdatusService - ok
14:32:42.0681 5876 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
14:32:42.0682 5876 nv_agp - ok
14:32:42.0804 5876 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
14:32:42.0808 5876 odserv - ok
14:32:42.0826 5876 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
14:32:42.0828 5876 ohci1394 - ok
14:32:42.0862 5876 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:32:42.0864 5876 ose - ok
14:32:43.0089 5876 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
14:32:43.0128 5876 osppsvc - ok
14:32:43.0241 5876 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
14:32:43.0245 5876 p2pimsvc - ok
14:32:43.0293 5876 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
14:32:43.0298 5876 p2psvc - ok
14:32:43.0352 5876 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\drivers\parport.sys
14:32:43.0353 5876 Parport - ok
14:32:43.0392 5876 partmgr (3f34a1b4c5f6475f320c275e63afce9b) C:\Windows\system32\drivers\partmgr.sys
14:32:43.0394 5876 partmgr - ok
14:32:43.0409 5876 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\drivers\parvdm.sys
14:32:43.0410 5876 Parvdm - ok
14:32:43.0431 5876 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
14:32:43.0434 5876 PcaSvc - ok
14:32:43.0479 5876 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
14:32:43.0481 5876 pci - ok
14:32:43.0497 5876 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
14:32:43.0498 5876 pciide - ok
14:32:43.0526 5876 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\drivers\pcmcia.sys
14:32:43.0529 5876 pcmcia - ok
14:32:43.0546 5876 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
14:32:43.0547 5876 pcw - ok
14:32:43.0597 5876 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
14:32:43.0603 5876 PEAUTH - ok
14:32:43.0679 5876 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll
14:32:43.0689 5876 PeerDistSvc - ok
14:32:43.0798 5876 PHCORE (e64b025b45a83ea2170953323cc7dc6c) C:\Program Files\Lenovo\RapidBoot\PHCORE.SYS
14:32:43.0799 5876 PHCORE - ok
14:32:43.0864 5876 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
14:32:43.0879 5876 pla - ok
14:32:44.0079 5876 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
14:32:44.0084 5876 PlugPlay - ok
14:32:44.0159 5876 Pml Driver HPZ12 (12b4549d515cb26bb8d375038017ca65) C:\Windows\system32\HPZipm12.dll
14:32:44.0160 5876 Pml Driver HPZ12 - ok
14:32:44.0192 5876 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
14:32:44.0194 5876 PNRPAutoReg - ok
14:32:44.0217 5876 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
14:32:44.0219 5876 PNRPsvc - ok
14:32:44.0280 5876 Point32 (896d916de06f5502d301e8c4dc442ae8) C:\Windows\system32\DRIVERS\point32.sys
14:32:44.0282 5876 Point32 - ok
14:32:44.0339 5876 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
14:32:44.0343 5876 PolicyAgent - ok
14:32:44.0390 5876 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
14:32:44.0393 5876 Power - ok
14:32:44.0503 5876 Power Manager DBC Service (6f51482adced13cebfe0f1054f2116f2) C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
14:32:44.0505 5876 Power Manager DBC Service - ok
14:32:44.0541 5876 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
14:32:44.0543 5876 PptpMiniport - ok
14:32:44.0558 5876 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\drivers\processr.sys
14:32:44.0560 5876 Processor - ok
14:32:44.0618 5876 ProfSvc (cadefac453040e370a1bdff3973be00d) C:\Windows\system32\profsvc.dll
14:32:44.0621 5876 ProfSvc - ok
14:32:44.0658 5876 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
14:32:44.0659 5876 ProtectedStorage - ok
14:32:44.0698 5876 psadd (80ddc44934305224aebfc37a264803c2) C:\Windows\system32\DRIVERS\psadd.sys
14:32:44.0711 5876 psadd - ok
14:32:44.0740 5876 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
14:32:44.0742 5876 Psched - ok
14:32:44.0811 5876 PSI_SVC_2 (f036cfb275d0c55f4e45fbbf5f98b3c8) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
14:32:44.0812 5876 PSI_SVC_2 - ok
14:32:44.0871 5876 PwmEWSvc (af8b60d65f8b39c4fac6be8641923f37) C:\Program Files\ThinkPad\Utilities\PWMEWSVC.EXE
14:32:44.0873 5876 PwmEWSvc - ok
14:32:44.0928 5876 PxHelp20 (40fedd328f98245ad201cf5f9f311724) C:\Windows\system32\Drivers\PxHelp20.sys
14:32:44.0929 5876 PxHelp20 - ok
14:32:45.0008 5876 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\drivers\ql2300.sys
14:32:45.0020 5876 ql2300 - ok
14:32:45.0223 5876 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\drivers\ql40xx.sys
14:32:45.0225 5876 ql40xx - ok
14:32:45.0266 5876 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
14:32:45.0269 5876 QWAVE - ok
14:32:45.0291 5876 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
14:32:45.0292 5876 QWAVEdrv - ok
14:32:45.0309 5876 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
14:32:45.0310 5876 RasAcd - ok
14:32:45.0346 5876 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
14:32:45.0347 5876 RasAgileVpn - ok
14:32:45.0360 5876 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
14:32:45.0363 5876 RasAuto - ok
14:32:45.0378 5876 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:32:45.0379 5876 Rasl2tp - ok
14:32:45.0415 5876 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
14:32:45.0419 5876 RasMan - ok
14:32:45.0429 5876 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
14:32:45.0430 5876 RasPppoe - ok
14:32:45.0446 5876 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
14:32:45.0448 5876 RasSstp - ok
14:32:45.0472 5876 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
14:32:45.0475 5876 rdbss - ok
14:32:45.0485 5876 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
14:32:45.0487 5876 rdpbus - ok
14:32:45.0500 5876 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:32:45.0500 5876 RDPCDD - ok
14:32:45.0543 5876 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
14:32:45.0545 5876 RDPDR - ok
14:32:45.0566 5876 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
14:32:45.0566 5876 RDPENCDD - ok
14:32:45.0575 5876 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
14:32:45.0575 5876 RDPREFMP - ok
14:32:45.0593 5876 RdpVideoMiniport (68a0387f58e226deee23d9715955572a) C:\Windows\system32\drivers\rdpvideominiport.sys
14:32:45.0595 5876 RdpVideoMiniport - ok
14:32:45.0636 5876 RDPWD (f031683e6d1fea157abb2ff260b51e61) C:\Windows\system32\drivers\RDPWD.sys
14:32:45.0639 5876 RDPWD - ok
14:32:45.0669 5876 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
14:32:45.0671 5876 rdyboost - ok
14:32:45.0723 5876 regi (24d3b49dab660a8b8afa40240e735e24) C:\Windows\system32\drivers\regi.sys
14:32:45.0724 5876 regi - ok
14:32:45.0847 5876 RegSrvc (640b77265ce0225ece46512813f293ea) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
14:32:45.0851 5876 RegSrvc - ok
14:32:45.0892 5876 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
14:32:45.0894 5876 RemoteAccess - ok
14:32:45.0935 5876 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
14:32:45.0937 5876 RemoteRegistry - ok
14:32:45.0991 5876 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
14:32:45.0992 5876 RFCOMM - ok
14:32:46.0031 5876 risdxc (d6481828c5e6296942c6b441c481d60e) C:\Windows\system32\DRIVERS\risdxc86.sys
14:32:46.0033 5876 risdxc - ok
14:32:46.0080 5876 rpcapd (a780d3eaa74582ea1deb6bd9c7a3d9c9) C:\Program Files\WinPcap\rpcapd.exe
14:32:46.0082 5876 rpcapd - ok
14:32:46.0106 5876 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
14:32:46.0108 5876 RpcEptMapper - ok
14:32:46.0140 5876 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
14:32:46.0142 5876 RpcLocator - ok
14:32:46.0194 5876 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
14:32:46.0197 5876 RpcSs - ok
14:32:46.0253 5876 RsFx0103 (fd692c6ffade58f7c4c3c3c9a0ec35bd) C:\Windows\system32\DRIVERS\RsFx0103.sys
14:32:46.0256 5876 RsFx0103 - ok
14:32:46.0287 5876 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
14:32:46.0288 5876 rspndr - ok
14:32:46.0319 5876 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
14:32:46.0320 5876 s3cap - ok
14:32:46.0350 5876 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
14:32:46.0351 5876 SamSs - ok
14:32:46.0423 5876 SAService (1e5d06f915260e9270287a1839a98671) C:\Windows\system32\SAsrv.exe
14:32:46.0428 5876 SAService - ok
14:32:46.0463 5876 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
14:32:46.0465 5876 sbp2port - ok
14:32:46.0504 5876 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
14:32:46.0507 5876 SCardSvr - ok
14:32:46.0515 5876 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
14:32:46.0516 5876 scfilter - ok
14:32:46.0554 5876 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
14:32:46.0562 5876 Schedule - ok
14:32:46.0603 5876 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
14:32:46.0604 5876 SCPolicySvc - ok
14:32:46.0615 5876 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
14:32:46.0618 5876 SDRSVC - ok
14:32:46.0665 5876 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
14:32:46.0666 5876 secdrv - ok
14:32:46.0686 5876 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
14:32:46.0688 5876 seclogon - ok
14:32:46.0705 5876 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\system32\sens.dll
14:32:46.0707 5876 SENS - ok
14:32:46.0743 5876 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
14:32:46.0746 5876 SensrSvc - ok
14:32:46.0771 5876 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
14:32:46.0772 5876 Serenum - ok
14:32:46.0787 5876 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
14:32:46.0788 5876 Serial - ok
14:32:46.0810 5876 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\drivers\sermouse.sys
14:32:46.0811 5876 sermouse - ok
14:32:46.0837 5876 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
14:32:46.0840 5876 SessionEnv - ok
14:32:46.0843 5876 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
14:32:46.0844 5876 sffdisk - ok
14:32:46.0847 5876 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
14:32:46.0848 5876 sffp_mmc - ok
14:32:46.0870 5876 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
14:32:46.0871 5876 sffp_sd - ok
14:32:46.0888 5876 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\drivers\sfloppy.sys
14:32:46.0889 5876 sfloppy - ok
14:32:46.0981 5876 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
14:32:46.0985 5876 SharedAccess - ok
14:32:47.0033 5876 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
14:32:47.0037 5876 ShellHWDetection - ok
14:32:47.0096 5876 Shockprf (1624530d05155f4e5a4736531523bff5) C:\Windows\system32\DRIVERS\Apsx86.sys
14:32:47.0098 5876 Shockprf - ok
14:32:47.0145 5876 SilverLink (392834adb35deb199b03ae6a6caab23a) C:\Windows\System32\Drivers\SilvrLnk.sys
14:32:47.0146 5876 SilverLink - ok
14:32:47.0180 5876 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
14:32:47.0181 5876 sisagp - ok
14:32:47.0210 5876 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\drivers\SiSRaid2.sys
14:32:47.0211 5876 SiSRaid2 - ok
14:32:47.0224 5876 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\drivers\sisraid4.sys
14:32:47.0225 5876 SiSRaid4 - ok
14:32:47.0263 5876 slabbus (70d7480eba6e5d2a1687809324237d98) C:\Windows\system32\drivers\slabbus.sys
14:32:47.0264 5876 slabbus - ok
14:32:47.0271 5876 slabser (044c01804923a37e771a2b9750406979) C:\Windows\system32\drivers\slabser.sys
14:32:47.0272 5876 slabser - ok
14:32:47.0286 5876 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
14:32:47.0288 5876 Smb - ok
14:32:47.0330 5876 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
14:32:47.0333 5876 SNMPTRAP - ok
14:32:47.0341 5876 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
14:32:47.0342 5876 spldr - ok
14:32:47.0370 5876 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
14:32:47.0374 5876 Spooler - ok
14:32:47.0516 5876 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
14:32:47.0543 5876 sppsvc - ok
14:32:47.0647 5876 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
14:32:47.0649 5876 sppuinotify - ok
14:32:47.0752 5876 SQLAgent$SQLEXPRESS (a687b5b326afcfcf182c4931d1ff9771) c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE
14:32:47.0756 5876 SQLAgent$SQLEXPRESS - ok
14:32:47.0805 5876 SQLBrowser (b54b48f6d92423440c264e91225c5ff1) c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
14:32:47.0807 5876 SQLBrowser - ok
14:32:47.0830 5876 SQLWriter (637a0f23f9012358e92e6f99835494d1) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
14:32:47.0831 5876 SQLWriter - ok
14:32:47.0914 5876 SROSVC (d2aeeb5c15b4b256dc4ec2ce8219b090) C:\Program Files\Lenovo\Screen Reading Optimizer\SROSVC.exe
14:32:47.0918 5876 SROSVC - ok
14:32:48.0031 5876 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
14:32:48.0034 5876 srv - ok
14:32:48.0063 5876 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
14:32:48.0066 5876 srv2 - ok
14:32:48.0079 5876 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
14:32:48.0081 5876 srvnet - ok
14:32:48.0121 5876 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
14:32:48.0124 5876 SSDPSRV - ok
14:32:48.0142 5876 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
14:32:48.0145 5876 SstpSvc - ok
14:32:48.0213 5876 Steam Client Service - ok
14:32:48.0322 5876 Stereo Service (fc0a58529a02b1eed55ddc58696b7908) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
14:32:48.0326 5876 Stereo Service - ok
14:32:48.0341 5876 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\drivers\stexstor.sys
14:32:48.0342 5876 stexstor - ok
14:32:48.0399 5876 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
14:32:48.0405 5876 StiSvc - ok
14:32:48.0443 5876 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
14:32:48.0444 5876 storflt - ok
14:32:48.0477 5876 StorSvc (0bf669f0a910beda4a32258d363af2a5) C:\Windows\system32\storsvc.dll
14:32:48.0480 5876 StorSvc - ok
14:32:48.0514 5876 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
14:32:48.0515 5876 storvsc - ok
14:32:48.0636 5876 SUService (59b5a060a31bd4bab030c4fcd1048292) C:\Program Files\Lenovo\System Update\SUService.exe
14:32:48.0637 5876 SUService - ok
14:32:48.0651 5876 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
14:32:48.0652 5876 swenum - ok
14:32:48.0764 5876 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
14:32:48.0769 5876 SwitchBoard - ok
14:32:48.0813 5876 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
14:32:48.0818 5876 swprv - ok
14:32:48.0855 5876 Synth3dVsc (f2ad8960812fd111e20e84659ef19d43) C:\Windows\system32\drivers\Synth3dVsc.sys
14:32:48.0856 5876 Synth3dVsc - ok
14:32:48.0906 5876 SynTP (b41404ee2aacfb08dd1b3a6afa0b62eb) C:\Windows\system32\DRIVERS\SynTP.sys
14:32:48.0909 5876 SynTP - ok
14:32:48.0969 5876 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
14:32:48.0981 5876 SysMain - ok
14:32:49.0000 5876 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
14:32:49.0003 5876 TabletInputService - ok
14:32:49.0029 5876 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
14:32:49.0033 5876 TapiSrv - ok
14:32:49.0045 5876 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
14:32:49.0047 5876 TBS - ok
14:32:49.0164 5876 Tcpip (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\drivers\tcpip.sys
14:32:49.0175 5876 Tcpip - ok
14:32:49.0289 5876 TCPIP6 (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\DRIVERS\tcpip.sys
14:32:49.0295 5876 TCPIP6 - ok
14:32:49.0389 5876 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
14:32:49.0390 5876 tcpipreg - ok
14:32:49.0408 5876 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
14:32:49.0409 5876 TDPIPE - ok
14:32:49.0436 5876 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
14:32:49.0438 5876 TDTCP - ok
14:32:49.0470 5876 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
14:32:49.0472 5876 tdx - ok
14:32:49.0488 5876 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\DRIVERS\termdd.sys
14:32:49.0489 5876 TermDD - ok
14:32:49.0505 5876 terminpt (052306fd76793d5d5ab5d9891fd1adbb) C:\Windows\system32\drivers\terminpt.sys
14:32:49.0506 5876 terminpt - ok
14:32:49.0565 5876 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
14:32:49.0571 5876 TermService - ok
14:32:49.0586 5876 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
14:32:49.0589 5876 Themes - ok
14:32:49.0623 5876 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
14:32:49.0624 5876 THREADORDER - ok
14:32:49.0671 5876 TPDIGIMN (d2378fbbd668d9fe9b6b5e3139d506d3) C:\Windows\system32\DRIVERS\ApsHM86.sys
14:32:49.0672 5876 TPDIGIMN - ok
14:32:49.0707 5876 TPHDEXLGSVC (a34a1e6b5461273846d30f5898602a72) C:\Windows\system32\TPHDEXLG.exe
14:32:49.0710 5876 TPHDEXLGSVC - ok
14:32:49.0808 5876 TPHKLOAD (9cd364ecb3a10b24c7cac8ff89993a67) C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
14:32:49.0810 5876 TPHKLOAD - ok
14:32:49.0826 5876 TPHKSVC (c04bb65441913ab621c58a8bd3169b23) C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
14:32:49.0828 5876 TPHKSVC - ok
14:32:49.0878 5876 TPM (5ad05191dc8b444a7ba4d79b76c42a30) C:\Windows\system32\drivers\tpm.sys
14:32:49.0879 5876 TPM - ok
14:32:49.0941 5876 TPPWRIF (c16ec6a5390904d3971179553852025b) C:\Windows\system32\drivers\Tppwr32v.sys
14:32:49.0942 5876 TPPWRIF - ok
14:32:49.0991 5876 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
14:32:49.0994 5876 TrkWks - ok
14:32:50.0053 5876 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
14:32:50.0055 5876 TrustedInstaller - ok
14:32:50.0089 5876 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:32:50.0090 5876 tssecsrv - ok
14:32:50.0101 5876 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
14:32:50.0102 5876 TsUsbFlt - ok
14:32:50.0122 5876 TsUsbGD (01246f0baad7b68ec0f472aa41e33282) C:\Windows\system32\drivers\TsUsbGD.sys
14:32:50.0124 5876 TsUsbGD - ok
14:32:50.0132 5876 tsusbhub (045acb987c650d8186c6b4a692223860) C:\Windows\system32\drivers\tsusbhub.sys
14:32:50.0134 5876 tsusbhub - ok
14:32:50.0174 5876 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
14:32:50.0176 5876 tunnel - ok
14:32:50.0181 5876 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\drivers\uagp35.sys
14:32:50.0182 5876 uagp35 - ok
14:32:50.0208 5876 ubloxusb (6102bcf874a209799e6e42a728c338ee) C:\Windows\system32\drivers\ubloxusb.sys
14:32:50.0210 5876 ubloxusb - ok
14:32:50.0233 5876 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
14:32:50.0236 5876 udfs - ok
14:32:50.0275 5876 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
14:32:50.0278 5876 UI0Detect - ok
14:32:50.0369 5876 UleadBurningHelper (f13da74969897359a88f2a739f54a250) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
14:32:50.0370 5876 UleadBurningHelper - ok
14:32:50.0410 5876 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
14:32:50.0412 5876 uliagpkx - ok
14:32:50.0433 5876 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\DRIVERS\umbus.sys
14:32:50.0435 5876 umbus - ok
14:32:50.0452 5876 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\drivers\umpass.sys
14:32:50.0453 5876 UmPass - ok
14:32:50.0472 5876 UmRdpService (409994a8eaceee4e328749c0353527a0) C:\Windows\System32\umrdp.dll
14:32:50.0475 5876 UmRdpService - ok
14:32:50.0684 5876 UNS (a69cd6bdb82872999d2e46f9324ada83) C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
14:32:50.0707 5876 UNS - ok
14:32:50.0808 5876 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
14:32:50.0813 5876 upnphost - ok
14:32:50.0900 5876 USB28xxBGA (ae246f574c9089e284d9d34b63694c45) C:\Windows\system32\DRIVERS\emBDA.sys
14:32:50.0905 5876 USB28xxBGA - ok
14:32:50.0955 5876 USB28xxOEM (3b2a32c73238f537eb5e695d12acfb74) C:\Windows\system32\DRIVERS\emOEM.sys
14:32:50.0963 5876 USB28xxOEM - ok
14:32:50.0995 5876 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\Windows\system32\Drivers\usbaapl.sys
14:32:50.0996 5876 USBAAPL - ok
14:32:51.0040 5876 usbaudio (1d9f2bd026e8e2d45033a4df3f16b78c) C:\Windows\system32\drivers\usbaudio.sys
14:32:51.0042 5876 usbaudio - ok
14:32:51.0080 5876 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
14:32:51.0081 5876 usbccgp - ok
14:32:51.0139 5876 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
14:32:51.0141 5876 usbcir - ok
14:32:51.0161 5876 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
14:32:51.0163 5876 usbehci - ok
14:32:51.0227 5876 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
14:32:51.0230 5876 usbhub - ok
14:32:51.0250 5876 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
14:32:51.0251 5876 usbohci - ok
14:32:51.0260 5876 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
14:32:51.0261 5876 usbprint - ok
14:32:51.0290 5876 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
14:32:51.0291 5876 usbscan - ok
14:32:51.0294 5876 usbser (31181de6190b39fc8007dffd1a48ffd6) C:\Windows\system32\drivers\usbser.sys
14:32:51.0296 5876 usbser - ok
14:32:51.0320 5876 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:32:51.0322 5876 USBSTOR - ok
14:32:51.0335 5876 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys
14:32:51.0336 5876 usbuhci - ok
14:32:51.0372 5876 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
14:32:51.0374 5876 UxSms - ok
14:32:51.0408 5876 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
14:32:51.0409 5876 VaultSvc - ok
14:32:51.0451 5876 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
14:32:51.0452 5876 vdrvroot - ok
14:32:51.0485 5876 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
14:32:51.0491 5876 vds - ok
14:32:51.0523 5876 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
14:32:51.0524 5876 vga - ok
14:32:51.0527 5876 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
14:32:51.0528 5876 VgaSave - ok
14:32:51.0530 5876 VGPU - ok
14:32:51.0540 5876 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
14:32:51.0542 5876 vhdmp - ok
14:32:51.0557 5876 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
14:32:51.0559 5876 viaagp - ok
14:32:51.0563 5876 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\drivers\viac7.sys
14:32:51.0565 5876 ViaC7 - ok
14:32:51.0582 5876 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
14:32:51.0584 5876 viaide - ok
14:32:51.0593 5876 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
14:32:51.0595 5876 vmbus - ok
14:32:51.0611 5876 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
14:32:51.0612 5876 VMBusHID - ok
14:32:51.0635 5876 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
14:32:51.0636 5876 volmgr - ok
14:32:51.0657 5876 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
14:32:51.0660 5876 volmgrx - ok
14:32:51.0710 5876 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
14:32:51.0713 5876 volsnap - ok
14:32:51.0740 5876 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\drivers\vsmraid.sys
14:32:51.0742 5876 vsmraid - ok
14:32:51.0815 5876 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
14:32:51.0826 5876 VSS - ok
14:32:51.0840 5876 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
14:32:51.0841 5876 vwifibus - ok
14:32:51.0864 5876 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
14:32:51.0866 5876 vwififlt - ok
14:32:51.0897 5876 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
14:32:51.0901 5876 W32Time - ok
14:32:51.0925 5876 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\drivers\wacompen.sys
14:32:51.0927 5876 WacomPen - ok
14:32:51.0963 5876 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
14:32:51.0965 5876 WANARP - ok
14:32:51.0967 5876 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
14:32:51.0967 5876 Wanarpv6 - ok
14:32:52.0018 5876 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
14:32:52.0030 5876 wbengine - ok
14:32:52.0049 5876 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
14:32:52.0053 5876 WbioSrvc - ok
14:32:52.0095 5876 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
14:32:52.0100 5876 wcncsvc - ok
14:32:52.0111 5876 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
14:32:52.0114 5876 WcsPlugInService - ok
14:32:52.0168 5876 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\drivers\wd.sys
14:32:52.0169 5876 Wd - ok
14:32:52.0199 5876 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
14:32:52.0203 5876 Wdf01000 - ok
14:32:52.0220 5876 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
14:32:52.0223 5876 WdiServiceHost - ok
14:32:52.0225 5876 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
14:32:52.0227 5876 WdiSystemHost - ok
14:32:52.0246 5876 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
14:32:52.0251 5876 WebClient - ok
14:32:52.0271 5876 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
14:32:52.0275 5876 Wecsvc - ok
14:32:52.0281 5876 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
14:32:52.0283 5876 wercplsupport - ok
14:32:52.0339 5876 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
14:32:52.0342 5876 WerSvc - ok
14:32:52.0350 5876 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
14:32:52.0351 5876 WfpLwf - ok
14:32:52.0366 5876 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
14:32:52.0367 5876 WIMMount - ok
14:32:52.0446 5876 winachsf (bc43a66ed6898f405a4acf6179a5f9b1) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
14:32:52.0452 5876 winachsf - ok
14:32:52.0562 5876 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
14:32:52.0568 5876 WinDefend - ok
14:32:52.0699 5876 WinDriver6 (0a597f84bc8af4229b529f655bb2ba14) C:\Windows\system32\drivers\windrvr6.sys
14:32:52.0752 5876 WinDriver6 - ok
14:32:52.0754 5876 WinHttpAutoProxySvc - ok
14:32:52.0825 5876 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
14:32:52.0826 5876 Winmgmt - ok
14:32:52.0905 5876 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
14:32:52.0916 5876 WinRM - ok
14:32:52.0997 5876 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
14:32:52.0998 5876 WinUsb - ok
14:32:53.0085 5876 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
14:32:53.0094 5876 Wlansvc - ok
14:32:53.0148 5876 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
14:32:53.0148 5876 WmiAcpi - ok
14:32:53.0218 5876 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
14:32:53.0260 5876 wmiApSrv - ok
14:32:53.0368 5876 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
14:32:53.0378 5876 WMPNetworkSvc - ok
14:32:53.0467 5876 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
14:32:53.0469 5876 WPCSvc - ok
14:32:53.0484 5876 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
14:32:53.0487 5876 WPDBusEnum - ok
14:32:53.0533 5876 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
14:32:53.0533 5876 ws2ifsl - ok
14:32:53.0561 5876 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\system32\wscsvc.dll
14:32:53.0564 5876 wscsvc - ok
14:32:53.0566 5876 WSearch - ok
14:32:53.0699 5876 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
14:32:53.0717 5876 wuauserv - ok
14:32:53.0802 5876 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
14:32:53.0803 5876 WudfPf - ok
14:32:53.0833 5876 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:32:53.0835 5876 WUDFRd - ok
14:32:53.0875 5876 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
14:32:53.0878 5876 wudfsvc - ok
14:32:53.0892 5876 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
14:32:53.0896 5876 WwanSvc - ok
14:32:53.0936 5876 XAudio (311faffb280fca0d4a7739e2474eac9f) C:\Windows\system32\DRIVERS\XAudio32.sys
14:32:53.0937 5876 XAudio - ok
14:32:53.0969 5876 XilinxPC4Driver (6104f397127feeccce16bd16cd3843a6) C:\Windows\System32\drivers\xpc4drvr.sys
14:32:53.0969 5876 XilinxPC4Driver - ok
14:32:54.0009 5876 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
14:32:54.0166 5876 \Device\Harddisk0\DR0 - ok
14:32:54.0169 5876 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
14:32:54.0171 5876 \Device\Harddisk1\DR1 - ok
14:32:54.0174 5876 MBR (0x1B8) (671b81004fdd1588fa9ed1331c9ceca9) \Device\Harddisk2\DR2
14:33:01.0610 5876 \Device\Harddisk2\DR2 - ok
14:33:01.0625 5876 Boot (0x1200) (062314b5f6a139c0f6065a7e5ecee011) \Device\Harddisk0\DR0\Partition0
14:33:01.0627 5876 \Device\Harddisk0\DR0\Partition0 - ok
14:33:01.0650 5876 Boot (0x1200) (202a2284db6a716e9d9e24fc5961f21e) \Device\Harddisk0\DR0\Partition1
14:33:01.0652 5876 \Device\Harddisk0\DR0\Partition1 - ok
14:33:01.0654 5876 Boot (0x1200) (d83120a8a0b7b89e69b7d0da3d851f9f) \Device\Harddisk1\DR1\Partition0
14:33:01.0654 5876 \Device\Harddisk1\DR1\Partition0 - ok
14:33:01.0657 5876 Boot (0x1200) (0bfbec495881089846779b01be002e95) \Device\Harddisk2\DR2\Partition0
14:33:01.0657 5876 \Device\Harddisk2\DR2\Partition0 - ok
14:33:01.0658 5876 ============================================================
14:33:01.0658 5876 Scan finished
14:33:01.0658 5876 ============================================================
14:33:01.0663 7116 Detected object count: 0
14:33:01.0664 7116 Actual detected object count: 0

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:40 AM

Posted 03 July 2012 - 02:52 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 zyyee

zyyee
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:40 AM

Posted 03 July 2012 - 03:15 PM

here is the report from combofix
there was no problems everything seems to be running smoothly

ComboFix 12-07-02.01 - zajacrc 07/03/2012 16:03:30.2.8 - x86
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.1.1033.18.2981.1342 [GMT -4:00]
Running from: c:\users\zajacrc\Downloads\ComboFix.exe
Command switches used :: c:\users\zajacrc\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-06-03 to 2012-07-03 )))))))))))))))))))))))))))))))
.
.
2012-07-03 20:12 . 2012-07-03 20:12 -------- d-----w- c:\users\zajacrc.ROSE-HULMAN\AppData\Local\temp
2012-07-03 20:12 . 2012-07-03 20:12 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-07-03 03:50 . 2012-07-03 03:50 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-07-03 03:24 . 2012-07-03 03:24 -------- d-----w- c:\users\zajacrc\AppData\Roaming\Malwarebytes
2012-07-03 03:23 . 2012-07-03 03:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-03 03:23 . 2012-07-03 03:23 -------- d-----w- c:\programdata\Malwarebytes
2012-07-03 03:23 . 2012-04-04 19:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-20 03:50 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-20 03:50 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-20 03:50 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-20 03:50 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-20 03:50 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-20 03:50 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-20 03:50 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-20 03:50 . 2012-06-02 19:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-20 03:50 . 2012-06-02 19:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-16 01:08 . 2012-06-16 01:08 -------- d-----w- c:\users\zajacrc\AppData\Local\Macromedia
2012-06-14 04:41 . 2012-06-14 04:41 -------- d-----w- c:\users\zajacrc\AppData\Roaming\NVIDIA
2012-06-07 07:53 . 2012-06-07 07:53 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll
2012-06-07 07:53 . 2012-06-07 07:53 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-03 01:23 . 2012-04-13 07:02 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-03 01:23 . 2011-06-27 15:44 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-19 21:36 . 2012-04-19 21:36 30136 ----a-w- c:\windows\system32\drivers\intelaud.sys
2012-04-19 21:36 . 2012-04-19 21:36 22456 ----a-w- c:\windows\system32\drivers\iwdbus.sys
2012-06-17 04:53 . 2011-08-29 16:14 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 12:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 12:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 12:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 12:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 12:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 12:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 12:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 12:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 12:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\zajacrc\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\zajacrc\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\zajacrc\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2011-10-22 3077528]
"Steam"="c:\program files\Steam\Steam.exe" [2011-12-30 1242448]
"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [2009-07-14 354304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-11-17 2307368]
"Communicator"="c:\program files\Microsoft Lync\communicator.exe" [2012-05-16 12098648]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"ForteConfig"="c:\program files\Conexant\ForteConfig\fmapp.exe" [2010-10-26 49568]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 1821576]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"ALCKRESI.EXE"="c:\program files\Lenovo\AutoLock\ALCKRESI.EXE" [2011-09-27 386408]
"TpShocks"="TpShocks.exe" [2011-03-29 337256]
"IMSS"="c:\program files\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" [2011-01-17 112152]
"NUSB3MON"="c:\program files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-12-14 316032]
"PWMTRV"="c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2012-01-23 1322048]
"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2012-01-16 44096]
"AcWin7Hlpr"="c:\program files\Lenovo\Access Connections\AcTBenabler.exe" [2011-10-20 33344]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-04 1246544]
"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2010-09-02 1638400]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"UVS10 Preload"="c:\program files\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe" [2006-08-09 36864]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-02-29 1634112]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-19 144664]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-19 180504]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-19 187672]
.
c:\users\zajacrc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\zajacrc\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
WASTE.lnk - c:\program files\WASTE\WASTE.exe [2005-2-4 427008]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2011-10-17 898336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"disablecad"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1965730717-1486086910-2027319071-52134\Scripts\Logon\0\0]
"Script"=Students.bat
.
R2 HyperW7Svc;HyperW7 Service;c:\program files\Lenovo\RapidBoot\HyperW7Svc.exe [x]
R3 dmodusb;dmodusb;c:\windows\system32\DRIVERS\dmodusb.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 DozeSvc;Lenovo Doze Mode Service;c:\program files\ThinkPad\Utilities\DOZESVC.EXE [x]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 NETwNv32;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETwNv32.sys [x]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.EXE [x]
R3 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files\ThinkPad\Utilities\PWMEWSVC.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 ubloxusb;ubloxusb;c:\windows\system32\drivers\ubloxusb.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [x]
S0 DozeHDD;DozeHDD;c:\windows\System32\DRIVERS\DozeHDD.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM86.sys [x]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiif32.sys [x]
S1 MpKsl0aa8c831;MpKsl0aa8c831;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{39A02A75-2DA3-4FF9-A393-264723969103}\MpKsl0aa8c831.sys [x]
S1 nvkflt;nvkflt;c:\windows\system32\DRIVERS\nvkflt.sys [x]
S1 PHCORE;PHCORE;c:\program files\Lenovo\RapidBoot\PHCORE.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg32.exe [x]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [x]
S2 jhi_service;Intel® Identity Protection Technology Host Interface Service;c:\program files\Intel\Services\IPT\jhi_service.exe [x]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [x]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [x]
S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [x]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [x]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [x]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [x]
S2 risdxc;risdxc;c:\windows\system32\DRIVERS\risdxc86.sys [x]
S2 SAService;Conexant SmartAudio service;c:\windows\system32\SAsrv.exe [x]
S2 SROSVC;Screen Reading Optimizer Service Program;c:\program files\Lenovo\Screen Reading Optimizer\SROSVC.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [x]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys [x]
S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 cphs;Intel® Content Protection HECI Service;c:\windows\system32\IntelCpHeciSvc.exe [x]
S3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c6232.sys [x]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [x]
S3 LenovoRd;LenovoRd;c:\windows\system32\Drivers\LenovoRd.sys [x]
S3 MEI;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECI.sys [x]
S3 NETwNs32;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETwNs32.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 36944841
*NewlyCreated* - ASWMBR
*NewlyCreated* - MPKSL91B53013
*Deregistered* - 36944841
*Deregistered* - aswMBR
*Deregistered* - MpKsl91b53013
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HsfXAudioService REG_MULTI_SZ HsfXAudioService
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.rose-hulman.edu
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\zajacrc\AppData\Roaming\Mozilla\Firefox\Profiles\ugzptq25.default\
FF - prefs.js: browser.startup.homepage - hxxp://hupitgaming.com/
FF - prefs.js: network.proxy.type - 0
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(1904)
c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
c:\program files\TortoiseSVN\bin\TortoiseStub.dll
c:\program files\TortoiseSVN\bin\TortoiseSVN.dll
c:\program files\TortoiseSVN\bin\intl3_tsvn.dll
c:\users\zajacrc\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
c:\program files\ThinkPad\Bluetooth Software\btmmhook.dll
c:\program files\Lenovo\Access Connections\ACDeskBand.dll
c:\program files\Lenovo\Access Connections\AcLocSettings.dll
c:\program files\Lenovo\Access Connections\AcCryptHlpr.dll
c:\program files\Lenovo\Access Connections\ACHelper.dll
c:\program files\Lenovo\Access Connections\AcSvcStub.dll
c:\program files\ThinkPad\Utilities\PWMTR32V.DLL
c:\progra~1\ThinkPad\UTILIT~1\US\PWMRT32V.DLL
c:\progra~1\ThinkPad\UTILIT~1\PWMIF32V.DLL
c:\windows\system32\igfxexps.dll
.
Completion time: 2012-07-03 16:13:49
ComboFix-quarantined-files.txt 2012-07-03 20:13
ComboFix2.txt 2012-07-03 06:33
.
Pre-Run: 100,836,749,312 bytes free
Post-Run: 100,962,320,384 bytes free
.
- - End Of File - - 9C6352F7BD58DC7DCC9292CF80941EF4

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:40 AM

Posted 03 July 2012 - 05:03 PM

Hello

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 zyyee

zyyee
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:40 AM

Posted 03 July 2012 - 06:51 PM

ok heres what it gave back when i put that into run


Update for Microsoft Office 2007 (KB2508958)
32 Bit HP CIO Components Installer
Adobe AIR
Adobe Community Help
Adobe Creative Suite 5 Master Collection
Adobe Encore CS5 Third Party Royalty Content
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Media Encoder CS5 Dolby
Adobe Media Encoder CS5 PCI
Adobe Media Player
Adobe Reader X (10.1.3)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bonjour
Burn.Now 4.5
Conexant 20672 SmartAudio HD
Corel Burn.Now Lenovo Edition
Corel WinDVD
Crystal Reports Basic for Visual Studio 2008
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Digilent Software
Dropbox
iCloud
Intel PROSet Wireless
Intel® Control Center
Intel® Identity Protection Technology 1.0.74.0
Intel® Management Engine Components
Intel® Network Connections Drivers
Intel® OpenCL CPU Runtime
Intel® Processor Graphics
Intel® PROSet/Wireless WiFi Software
Intel® WiDi
iRobot Create Simulator
iTunes
Java Auto Updater
Java DB 10.6.2.1
Java™ 6 Update 31
Java™ SE Development Kit 6 Update 26
Juniper Networks Network Connect 6.5.0
Juniper Networks Setup Client Activex Control
League of Legends
LEGO MINDSTORMS NXT - English Language Pack
LEGO MINDSTORMS NXT Driver
LEGO MINDSTORMS NXT Migration Package
LEGO MINDSTORMS NXT Software v2.0
Lenovo Auto Scroll Utility
Lenovo Patch Utility
Lenovo Screen Reading Optimizer
Lenovo System Interface Driver
Logger Pro 3.8.4
Malwarebytes Anti-Malware version 1.61.0.1400
Maple 15
MATLAB R2011a
Microsoft .NET Compact Framework 2.0 SP2
Microsoft .NET Compact Framework 3.5
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Device Emulator version 3.0 - ENU
Microsoft Document Explorer 2008
Microsoft IntelliPoint 8.2
Microsoft Lync 2010
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2007
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2007
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing (English) 2010
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office SharePoint Designer 2007
Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)
Microsoft Office SharePoint Designer 2010
Microsoft Office SharePoint Designer MUI (English) 2007
Microsoft Office SharePoint Designer MUI (English) 2010
Microsoft Office Visual Web Developer 2007
Microsoft Office Visual Web Developer MUI (English) 2007
Microsoft Office Word MUI (English) 2010
Microsoft SharePoint Designer 2010
Microsoft SharePoint Designer 2010 Service Pack 1 (SP1)
Microsoft Silverlight
Microsoft SQL Server 2008
Microsoft SQL Server 2008 Browser
Microsoft SQL Server 2008 Common Files
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 Native Client
Microsoft SQL Server 2008 RsFx Driver
Microsoft SQL Server 2008 Setup Support Files
Microsoft SQL Server Compact 3.5 Design Tools ENU
Microsoft SQL Server Compact 3.5 ENU
Microsoft SQL Server Compact 3.5 for Devices ENU
Microsoft SQL Server Database Publishing Wizard 1.2
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Visual Studio 2005 Tools for Office Runtime
Microsoft Visual Studio Web Authoring Component
Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
Microsoft Windows SDK for Visual Studio 2008 Tools
Microsoft Windows SDK for Visual Studio 2008 Win32 Tools
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
MinGW-Get version 0.3-alpha-1
Mozilla Firefox 13.0.1 (x86 en-US)
Mozilla Maintenance Service
MSDN Library for Visual Studio 2008 SP1
MSDN Library for Visual Studio 2008 SP1 - ENU
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NVIDIA 3D Vision Driver 296.10
NVIDIA Control Panel 296.10
NVIDIA Graphics Driver 296.10
NVIDIA HD Audio Driver 1.3.12.0
NVIDIA Install Application
NVIDIA nView 136.18
NVIDIA Optimus 1.7.11
NVIDIA PhysX
NVIDIA PhysX System Software 9.12.0213
NVIDIA Stereoscopic 3D Driver
NVIDIA Update Components
On Screen Display
Pando Media Booster
PDF Settings CS5
Pdf995
PdfEdit995
PxMergeModule
Python 3.2
Python 3.2 pyserial-py3k-2.5
Python 3.2 pywin32-216.1
QuickTime
RapidBoot
Renesas Electronics USB 3.0 Host Controller Driver
RICOH_Media_Driver_v2.14.18.01
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition
Service Pack 1 for SQL Server 2008 (KB968369)
Signature995
Skype Click to Call
Skype™ 5.5
Solid Edge ST3
Solid Edge Standard Parts Administrator
Solid Edge Standard Parts Machinery Library
Solid Edge Standard Parts Piping Library
Sql Server Customer Experience Improvement Program
Steam
System Requirements Lab for Intel
System Update
t@b ZS4 Video Editor v0.958-686
ThinkPad Bluetooth with Enhanced Data Rate Software
ThinkPad FullScreen Magnifier
ThinkPad Hotkey Features Integration Setup
ThinkPad Modem Adapter
ThinkPad Power Management Driver
ThinkPad Power Manager
ThinkPad UltraNav Driver
ThinkPad UltraNav Utility
ThinkVantage Access Connections
ThinkVantage Active Protection System
ThinkVantage AutoLock
ThinkVantage Communications Utility
TortoiseSVN 1.6.16.21511 (32 bit)
Ulead VideoStudio SE DVD
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Sharepoint Designer 2007 Help (KB963675)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
USB TV Device Driver
VanDyke Software SecureCRT and SecureFX 6.6
Visual Studio 2005 Tools for Office Second Edition Runtime
Visual Studio Tools for the Office system 3.0 Runtime
VLC media player 1.1.11
WASTE
Windows Mobile 5.0 SDK R2 for Pocket PC
Windows Mobile 5.0 SDK R2 for Smartphone
WinPcap 4.1.1
WinRAR 4.01 (32-bit)
World of Tanks
Xilinx ISE Design Suite 13.2 (C:\Xilinx\13.2\ISE_DS)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users