Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect in IE, Signature issue in Chrome


  • Please log in to reply
16 replies to this topic

#1 dudljo

dudljo

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:21 AM

Posted 08 July 2012 - 04:21 AM

My laptop seems to be infected with a virus/rootkit/trojan that exhibits the following symptoms

  • In IE, without clicking on anything, I'm randomly redirected away from the page I'm on
  • In IE if I click on a page-link, I may sometimes be redirected to an advertising page
  • Using the Google-search from the IE tool-bar, if I put in a search, I get a page of valid results, but if I click on any of them, I get redirected to advertising pages

Figuring this may be to do with IE and Google-search, I then tried Chrome

Chrome seems to be ok, until you try and put a search in the URL-bar.
You then get the message :

"you attempted to reach www.google.co.uk but the server presented a certificate signed using a weak signature algorithm"

So, maybe the underlying problem is a hijacking of google software of my laptop?

Other sideline symptoms:

After any reboot, my desktop icons have changed size, and changing them back doesn't seem to hold on the next reboot.
Unhiding hidden files, extensions etc, also doesn't hold after each reboot.

I've tried:
A recent rkill, TDSSKiller, FixTDSS, and other things on those lines mentioned in similar forums on here. None of them find anything or fix anything. MalwareBytes doesn't find anything either.
Not convinced by anything else I've seen on the web that suggests I need to buy some software to fix it.

Oh - and this is on Windows 7 64-bit, with IE 8.


Would appreciate your help. Thanks in advance

Edited by dudljo, 08 July 2012 - 04:50 AM.


BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:21 AM

Posted 08 July 2012 - 05:58 AM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)



Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner


Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 dudljo

dudljo
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:21 AM

Posted 08 July 2012 - 12:43 PM

Thanks for your help. Run in the order you suggested. I've rebooted since, and the problem still remains, although the eset run did find three trojans.


TDSSKiller log

13:11:41.0855 10064 TDSS rootkit removing tool 2.7.44.0 Jul 2 2012 20:01:08
13:11:42.0448 10064 ============================================================
13:11:42.0448 10064 Current date / time: 2012/07/08 13:11:42.0448
13:11:42.0448 10064 SystemInfo:
13:11:42.0448 10064
13:11:42.0448 10064 OS Version: 6.1.7601 ServicePack: 1.0
13:11:42.0448 10064 Product type: Workstation
13:11:42.0448 10064 ComputerName: W510-100
13:11:42.0449 10064 UserName: jdudley
13:11:42.0449 10064 Windows directory: C:\Windows
13:11:42.0449 10064 System windows directory: C:\Windows
13:11:42.0449 10064 Running under WOW64
13:11:42.0449 10064 Processor architecture: Intel x64
13:11:42.0449 10064 Number of processors: 8
13:11:42.0449 10064 Page size: 0x1000
13:11:42.0449 10064 Boot type: Normal boot
13:11:42.0449 10064 ============================================================
13:11:43.0018 10064 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xFC59, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
13:11:43.0032 10064 ============================================================
13:11:43.0032 10064 \Device\Harddisk0\DR0:
13:11:43.0033 10064 MBR partitions:
13:11:43.0033 10064 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x39E871
13:11:43.0033 10064 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x39E8B0, BlocksNum 0x39FE5FE0
13:11:43.0033 10064 ============================================================
13:11:43.0064 10064 C: <-> \Device\Harddisk0\DR0\Partition1
13:11:43.0065 10064 ============================================================
13:11:43.0065 10064 Initialize success
13:11:43.0065 10064 ============================================================
13:11:49.0196 6732 ============================================================
13:11:49.0196 6732 Scan started
13:11:49.0196 6732 Mode: Manual; TDLFS;
13:11:49.0196 6732 ============================================================
13:11:51.0687 6732 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
13:11:51.0731 6732 1394ohci - ok
13:11:51.0792 6732 5U877 (7c6cde7051affec0f18079caf7448a9a) C:\Windows\system32\DRIVERS\5U877.sys
13:11:51.0859 6732 5U877 - ok
13:11:52.0002 6732 AbInitioService (c9fc998f1dc735908be61c6a63d958a3) C:\Program Files (x86)\Common Files\Ab Initio\abinitserv.exe
13:11:52.0059 6732 AbInitioService - ok
13:11:52.0204 6732 AbInitioWorkloadService (6f9e517983142718b728ca6695379dea) C:\AbInitio\V3-1-1\bin\abworkloadserv.exe
13:11:52.0262 6732 AbInitioWorkloadService - ok
13:11:52.0337 6732 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
13:11:52.0339 6732 ACPI - ok
13:11:52.0388 6732 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
13:11:52.0429 6732 AcpiPmi - ok
13:11:52.0504 6732 AcPrfMgrSvc (deeccadbd25f65d65293a09721b3a447) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
13:11:52.0505 6732 AcPrfMgrSvc - ok
13:11:52.0772 6732 AcronisAgent (806dc469f6a66050ac56294afe850753) C:\Program Files (x86)\Common Files\Acronis\Agent\agent.exe
13:11:52.0780 6732 AcronisAgent - ok
13:11:52.0885 6732 AcrSch2Svc (4e0c88a81b91475a9336e218c41d095e) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
13:11:52.0889 6732 AcrSch2Svc - ok
13:11:52.0930 6732 AcSvc (a7753804c6c66c9c80f4e29659fd721c) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
13:11:52.0932 6732 AcSvc - ok
13:11:53.0037 6732 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
13:11:53.0038 6732 AdobeARMservice - ok
13:11:53.0228 6732 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
13:11:53.0267 6732 adp94xx - ok
13:11:53.0318 6732 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
13:11:53.0354 6732 adpahci - ok
13:11:53.0382 6732 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
13:11:53.0398 6732 adpu320 - ok
13:11:53.0428 6732 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
13:11:53.0429 6732 AeLookupSvc - ok
13:11:53.0511 6732 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
13:11:53.0557 6732 AFD - ok
13:11:53.0617 6732 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
13:11:53.0625 6732 agp440 - ok
13:11:53.0665 6732 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
13:11:53.0672 6732 ALG - ok
13:11:53.0687 6732 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
13:11:53.0694 6732 aliide - ok
13:11:53.0708 6732 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
13:11:53.0714 6732 amdide - ok
13:11:53.0728 6732 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
13:11:53.0735 6732 AmdK8 - ok
13:11:53.0750 6732 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
13:11:53.0757 6732 AmdPPM - ok
13:11:53.0810 6732 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
13:11:53.0866 6732 amdsata - ok
13:11:53.0896 6732 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
13:11:53.0913 6732 amdsbs - ok
13:11:53.0931 6732 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
13:11:53.0932 6732 amdxata - ok
13:11:54.0015 6732 AppHostSvc (59d01fa91962c9c1e9b4022b2d3b46db) C:\Windows\system32\inetsrv\apphostsvc.dll
13:11:54.0054 6732 AppHostSvc - ok
13:11:54.0118 6732 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
13:11:54.0178 6732 AppID - ok
13:11:54.0221 6732 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
13:11:54.0227 6732 AppIDSvc - ok
13:11:54.0246 6732 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
13:11:54.0288 6732 Appinfo - ok
13:11:54.0441 6732 Apple Mobile Device (d8e18021f91ad79ca8491cb5a5da22d4) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
13:11:54.0443 6732 Apple Mobile Device - ok
13:11:54.0493 6732 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
13:11:54.0509 6732 AppMgmt - ok
13:11:54.0559 6732 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
13:11:54.0564 6732 arc - ok
13:11:54.0589 6732 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
13:11:54.0603 6732 arcsas - ok
13:11:54.0688 6732 aspnet_state (1838f16e9ce03b993fc500703b711dab) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\aspnet_state.exe
13:11:54.0695 6732 aspnet_state - ok
13:11:54.0725 6732 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
13:11:54.0731 6732 AsyncMac - ok
13:11:54.0798 6732 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
13:11:54.0802 6732 atapi - ok
13:11:54.0873 6732 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
13:11:54.0920 6732 AudioEndpointBuilder - ok
13:11:54.0927 6732 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
13:11:54.0932 6732 AudioSrv - ok
13:11:55.0012 6732 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
13:11:55.0056 6732 AxInstSV - ok
13:11:55.0122 6732 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
13:11:55.0159 6732 b06bdrv - ok
13:11:55.0191 6732 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
13:11:55.0208 6732 b57nd60a - ok
13:11:55.0311 6732 BBSvc (2ed050291bc1d7f9e322e328db3aaecf) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
13:11:55.0313 6732 BBSvc - ok
13:11:55.0389 6732 BBUpdate (785de7abda13309d6065305542829e76) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
13:11:55.0391 6732 BBUpdate - ok
13:11:55.0413 6732 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
13:11:55.0420 6732 BDESVC - ok
13:11:55.0428 6732 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
13:11:55.0435 6732 Beep - ok
13:11:55.0512 6732 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
13:11:55.0603 6732 BITS - ok
13:11:55.0658 6732 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
13:11:55.0670 6732 blbdrive - ok
13:11:55.0779 6732 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
13:11:55.0782 6732 Bonjour Service - ok
13:11:55.0850 6732 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
13:11:55.0852 6732 bowser - ok
13:11:55.0885 6732 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
13:11:55.0892 6732 BrFiltLo - ok
13:11:55.0906 6732 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
13:11:55.0917 6732 BrFiltUp - ok
13:11:56.0009 6732 bridge - ok
13:11:56.0060 6732 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
13:11:56.0101 6732 Browser - ok
13:11:56.0168 6732 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
13:11:56.0186 6732 Brserid - ok
13:11:56.0202 6732 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
13:11:56.0209 6732 BrSerWdm - ok
13:11:56.0255 6732 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
13:11:56.0261 6732 BrUsbMdm - ok
13:11:56.0288 6732 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
13:11:56.0293 6732 BrUsbSer - ok
13:11:56.0338 6732 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
13:11:56.0343 6732 BthEnum - ok
13:11:56.0358 6732 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
13:11:56.0367 6732 BTHMODEM - ok
13:11:56.0381 6732 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
13:11:56.0383 6732 BthPan - ok
13:11:56.0454 6732 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
13:11:56.0519 6732 BTHPORT - ok
13:11:56.0549 6732 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
13:11:56.0553 6732 bthserv - ok
13:11:56.0570 6732 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
13:11:56.0627 6732 BTHUSB - ok
13:11:56.0697 6732 btusbflt (2641a3fe3d7b0646308f33b67f3b5300) C:\Windows\system32\drivers\btusbflt.sys
13:11:56.0756 6732 btusbflt - ok
13:11:56.0818 6732 btwaudio (af838d8029ae7c27470862d63fa54d24) C:\Windows\system32\drivers\btwaudio.sys
13:11:56.0874 6732 btwaudio - ok
13:11:56.0935 6732 btwavdt (5c849bd7c78791c5cee9f4651d7fe38d) C:\Windows\system32\DRIVERS\btwavdt.sys
13:11:56.0995 6732 btwavdt - ok
13:11:57.0167 6732 btwdins (dcf8d8f1f87743509d9c0207cb28637d) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
13:11:57.0173 6732 btwdins - ok
13:11:57.0210 6732 btwl2cap (6149301dc3f81d6f9667a3fbac410975) C:\Windows\system32\DRIVERS\btwl2cap.sys
13:11:57.0283 6732 btwl2cap - ok
13:11:57.0311 6732 btwrchid (3e1991afa851a36dc978b0a1b0535c8b) C:\Windows\system32\DRIVERS\btwrchid.sys
13:11:57.0368 6732 btwrchid - ok
13:11:57.0451 6732 CAXHWAZL (9c4e50bea239e2d45099ec919f779db0) C:\Windows\system32\DRIVERS\CAXHWAZL.sys
13:11:57.0525 6732 CAXHWAZL - ok
13:11:57.0580 6732 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
13:11:57.0581 6732 cdfs - ok
13:11:57.0635 6732 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
13:11:57.0691 6732 cdrom - ok
13:11:57.0744 6732 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
13:11:57.0787 6732 CertPropSvc - ok
13:11:57.0797 6732 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
13:11:57.0802 6732 circlass - ok
13:11:57.0836 6732 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
13:11:57.0842 6732 CLFS - ok
13:11:57.0896 6732 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:11:57.0902 6732 clr_optimization_v2.0.50727_32 - ok
13:11:57.0944 6732 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
13:11:57.0951 6732 clr_optimization_v2.0.50727_64 - ok
13:11:58.0047 6732 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:11:58.0049 6732 clr_optimization_v4.0.30319_32 - ok
13:11:58.0081 6732 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
13:11:58.0082 6732 clr_optimization_v4.0.30319_64 - ok
13:11:58.0122 6732 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
13:11:58.0129 6732 CmBatt - ok
13:11:58.0162 6732 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
13:11:58.0168 6732 cmdide - ok
13:11:58.0234 6732 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
13:11:58.0237 6732 CNG - ok
13:11:58.0334 6732 cntlm (a6b3a78dcb2a6049f31dd585ca41853e) C:\Program Files (x86)\Cntlm\cygrunsrv.exe
13:11:58.0397 6732 cntlm - ok
13:11:58.0493 6732 CnxtHdAudService (22bc1c27274d1cb1c3a8c14cdba0cdf2) C:\Windows\system32\drivers\CHDRT64.sys
13:11:58.0588 6732 CnxtHdAudService - ok
13:11:58.0622 6732 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
13:11:58.0623 6732 Compbatt - ok
13:11:58.0673 6732 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
13:11:58.0734 6732 CompositeBus - ok
13:11:58.0751 6732 COMSysApp - ok
13:11:58.0772 6732 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
13:11:58.0778 6732 crcdisk - ok
13:11:58.0833 6732 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
13:11:58.0879 6732 CryptSvc - ok
13:11:58.0952 6732 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
13:11:59.0025 6732 CSC - ok
13:11:59.0074 6732 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
13:11:59.0079 6732 CscService - ok
13:11:59.0123 6732 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
13:11:59.0128 6732 DcomLaunch - ok
13:11:59.0171 6732 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
13:11:59.0194 6732 defragsvc - ok
13:11:59.0259 6732 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
13:11:59.0260 6732 DfsC - ok
13:11:59.0321 6732 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
13:11:59.0351 6732 Dhcp - ok
13:11:59.0375 6732 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
13:11:59.0378 6732 discache - ok
13:11:59.0422 6732 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
13:11:59.0422 6732 Disk - ok
13:11:59.0471 6732 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
13:11:59.0500 6732 Dnscache - ok
13:11:59.0554 6732 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
13:11:59.0594 6732 dot3svc - ok
13:11:59.0663 6732 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
13:11:59.0674 6732 Dot4 - ok
13:11:59.0717 6732 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\DRIVERS\Dot4Prt.sys
13:11:59.0759 6732 Dot4Print - ok
13:11:59.0804 6732 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
13:11:59.0809 6732 dot4usb - ok
13:11:59.0970 6732 DozeSvc (7719fb1a82b2972b1f326ad2f80c2606) C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE
13:12:00.0028 6732 DozeSvc - ok
13:12:00.0055 6732 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
13:12:00.0056 6732 DPS - ok
13:12:00.0101 6732 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
13:12:00.0107 6732 drmkaud - ok
13:12:00.0192 6732 dtpd - ok
13:12:00.0312 6732 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
13:12:00.0381 6732 DXGKrnl - ok
13:12:00.0442 6732 DzHDD64 (ce4cffd9f64b86bceb1c343fc9924d72) C:\Windows\system32\DRIVERS\DzHDD64.sys
13:12:00.0442 6732 DzHDD64 - ok
13:12:00.0502 6732 e1kexpress (3fac023e44bcae77e62770f8fd476a2a) C:\Windows\system32\DRIVERS\e1k62x64.sys
13:12:00.0555 6732 e1kexpress - ok
13:12:00.0627 6732 e1yexpress (d608110adb132e683360fca0f6b2bb53) C:\Windows\system32\DRIVERS\e1y60x64.sys
13:12:00.0687 6732 e1yexpress - ok
13:12:00.0756 6732 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
13:12:00.0760 6732 EapHost - ok
13:12:01.0001 6732 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
13:12:01.0096 6732 ebdrv - ok
13:12:01.0222 6732 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
13:12:01.0262 6732 EFS - ok
13:12:01.0360 6732 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
13:12:01.0433 6732 ehRecvr - ok
13:12:01.0460 6732 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
13:12:01.0467 6732 ehSched - ok
13:12:01.0545 6732 ElbyCDIO (a05fc7eca0966ebb70e4d17b855a853b) C:\Windows\system32\Drivers\ElbyCDIO.sys
13:12:01.0587 6732 ElbyCDIO - ok
13:12:01.0678 6732 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
13:12:01.0712 6732 elxstor - ok
13:12:01.0737 6732 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
13:12:01.0743 6732 ErrDev - ok
13:12:01.0826 6732 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
13:12:01.0828 6732 EventSystem - ok
13:12:02.0063 6732 EvtEng (8b6c9924b0d333dbf76086b8258a0891) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
13:12:02.0070 6732 EvtEng - ok
13:12:02.0215 6732 ewusbmbb - ok
13:12:02.0236 6732 ewusbnet - ok
13:12:02.0250 6732 ew_hwusbdev - ok
13:12:02.0303 6732 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
13:12:02.0320 6732 exfat - ok
13:12:02.0349 6732 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
13:12:02.0363 6732 fastfat - ok
13:12:02.0454 6732 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
13:12:02.0501 6732 Fax - ok
13:12:02.0539 6732 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
13:12:02.0545 6732 fdc - ok
13:12:02.0563 6732 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
13:12:02.0566 6732 fdPHost - ok
13:12:02.0580 6732 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
13:12:02.0581 6732 FDResPub - ok
13:12:02.0599 6732 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
13:12:02.0601 6732 FileInfo - ok
13:12:02.0616 6732 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
13:12:02.0621 6732 Filetrace - ok
13:12:02.0638 6732 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
13:12:02.0644 6732 flpydisk - ok
13:12:02.0696 6732 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
13:12:02.0698 6732 FltMgr - ok
13:12:02.0813 6732 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
13:12:02.0848 6732 FontCache - ok
13:12:02.0925 6732 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:12:02.0972 6732 FontCache3.0.0.0 - ok
13:12:03.0036 6732 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
13:12:03.0042 6732 FsDepends - ok
13:12:03.0066 6732 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
13:12:03.0110 6732 Fs_Rec - ok
13:12:03.0154 6732 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
13:12:03.0156 6732 fvevol - ok
13:12:03.0195 6732 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
13:12:03.0201 6732 gagp30kx - ok
13:12:03.0247 6732 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
13:12:03.0288 6732 GEARAspiWDM - ok
13:12:03.0371 6732 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
13:12:03.0375 6732 gpsvc - ok
13:12:03.0493 6732 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:12:03.0494 6732 gupdate - ok
13:12:03.0524 6732 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:12:03.0525 6732 gupdatem - ok
13:12:03.0556 6732 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
13:12:03.0558 6732 gusvc - ok
13:12:03.0613 6732 hcmon (ba207b48aa3d9d73fd4856400f852458) C:\Windows\system32\drivers\hcmon.sys
13:12:03.0660 6732 hcmon - ok
13:12:03.0696 6732 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
13:12:03.0702 6732 hcw85cir - ok
13:12:03.0772 6732 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
13:12:03.0836 6732 HdAudAddService - ok
13:12:03.0878 6732 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
13:12:03.0916 6732 HDAudBus - ok
13:12:03.0955 6732 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
13:12:03.0996 6732 HECIx64 - ok
13:12:04.0004 6732 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
13:12:04.0008 6732 HidBatt - ok
13:12:04.0027 6732 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
13:12:04.0033 6732 HidBth - ok
13:12:04.0049 6732 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
13:12:04.0055 6732 HidIr - ok
13:12:04.0074 6732 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
13:12:04.0078 6732 hidserv - ok
13:12:04.0128 6732 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
13:12:04.0167 6732 HidUsb - ok
13:12:04.0206 6732 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
13:12:04.0242 6732 hkmsvc - ok
13:12:04.0294 6732 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
13:12:04.0332 6732 HomeGroupListener - ok
13:12:04.0374 6732 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
13:12:04.0376 6732 HomeGroupProvider - ok
13:12:04.0413 6732 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
13:12:04.0456 6732 HpSAMD - ok
13:12:04.0614 6732 HsfXAudioService (447256d1c026654c5cd3cc17e7b20631) C:\Windows\SysWOW64\XAudio64.dll
13:12:04.0644 6732 HsfXAudioService - ok
13:12:04.0796 6732 HSF_DPV (5a518b63d408b2dbc1778788456e1a66) C:\Windows\system32\DRIVERS\CAX_DPV.sys
13:12:04.0920 6732 HSF_DPV - ok
13:12:05.0130 6732 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
13:12:05.0173 6732 HTTP - ok
13:12:05.0217 6732 huawei_enumerator - ok
13:12:05.0242 6732 hwdatacard - ok
13:12:05.0273 6732 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
13:12:05.0274 6732 hwpolicy - ok
13:12:05.0294 6732 hwusbfake - ok
13:12:05.0339 6732 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
13:12:05.0352 6732 i8042prt - ok
13:12:05.0411 6732 iaStor (178be05f5f9a58621f61bc3db367c4c2) C:\Windows\system32\DRIVERS\iaStor.sys
13:12:05.0414 6732 iaStor - ok
13:12:05.0528 6732 IAStorDataMgrSvc (efddd93e72a99e929872329bc28d9583) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
13:12:05.0574 6732 IAStorDataMgrSvc - ok
13:12:05.0638 6732 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
13:12:05.0698 6732 iaStorV - ok
13:12:05.0738 6732 IBMPMDRV (a9bd44426a69079240767fe4aee0ea71) C:\Windows\system32\DRIVERS\ibmpmdrv.sys
13:12:05.0780 6732 IBMPMDRV - ok
13:12:05.0794 6732 IBMPMSVC (57d4a3ed5497db0c5a53e680a9bdd1c6) C:\Windows\system32\ibmpmsvc.exe
13:12:05.0836 6732 IBMPMSVC - ok
13:12:05.0952 6732 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
13:12:06.0037 6732 idsvc - ok
13:12:06.0744 6732 igfx (31569a2e836c12014148bf7342716946) C:\Windows\system32\DRIVERS\igdkmd64.sys
13:12:06.0991 6732 igfx - ok
13:12:07.0136 6732 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
13:12:07.0143 6732 iirsp - ok
13:12:07.0230 6732 iked - ok
13:12:07.0332 6732 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
13:12:07.0367 6732 IKEEXT - ok
13:12:07.0405 6732 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
13:12:07.0410 6732 intelide - ok
13:12:07.0446 6732 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
13:12:07.0451 6732 intelppm - ok
13:12:07.0482 6732 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
13:12:07.0495 6732 IPBusEnum - ok
13:12:07.0537 6732 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:12:07.0583 6732 IpFilterDriver - ok
13:12:07.0628 6732 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
13:12:07.0673 6732 IPMIDRV - ok
13:12:07.0696 6732 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
13:12:07.0712 6732 IPNAT - ok
13:12:07.0829 6732 iPod Service (3c0d4b3e80fc4854ca325dd123cc4ded) C:\Program Files\iPod\bin\iPodService.exe
13:12:07.0834 6732 iPod Service - ok
13:12:07.0899 6732 ipsecd - ok
13:12:07.0938 6732 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
13:12:07.0944 6732 IRENUM - ok
13:12:07.0960 6732 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
13:12:07.0964 6732 isapnp - ok
13:12:08.0015 6732 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
13:12:08.0069 6732 iScsiPrt - ok
13:12:08.0132 6732 IviRegMgr (213822072085b5bbad9af30ab577d817) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
13:12:08.0133 6732 IviRegMgr - ok
13:12:08.0175 6732 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
13:12:08.0181 6732 kbdclass - ok
13:12:08.0221 6732 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
13:12:08.0262 6732 kbdhid - ok
13:12:08.0309 6732 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:12:08.0310 6732 KeyIso - ok
13:12:08.0327 6732 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
13:12:08.0328 6732 KSecDD - ok
13:12:08.0376 6732 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
13:12:08.0418 6732 KSecPkg - ok
13:12:08.0442 6732 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
13:12:08.0448 6732 ksthunk - ok
13:12:08.0495 6732 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
13:12:08.0518 6732 KtmRm - ok
13:12:08.0578 6732 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
13:12:08.0607 6732 LanmanServer - ok
13:12:08.0659 6732 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
13:12:08.0691 6732 LanmanWorkstation - ok
13:12:08.0763 6732 LENOVO.CAMMUTE (8b5eb24fce3926128138b769d50cee1b) C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
13:12:08.0807 6732 LENOVO.CAMMUTE - ok
13:12:08.0879 6732 LENOVO.MICMUTE (fce735941da27929dbfc1918f286ffd8) C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
13:12:08.0880 6732 LENOVO.MICMUTE - ok
13:12:08.0895 6732 lenovo.smi (2b9d8555dc004e240082d18e7725ce20) C:\Windows\system32\DRIVERS\smiifx64.sys
13:12:08.0937 6732 lenovo.smi - ok
13:12:08.0995 6732 LENOVO.TPKNRSVC (f1a055e1381528e947cdb959117b67d0) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
13:12:09.0044 6732 LENOVO.TPKNRSVC - ok
13:12:09.0104 6732 Lenovo.VIRTSCRLSVC (6f2cc57eb5836d2ac9bd37f3554d55f8) C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
13:12:09.0168 6732 Lenovo.VIRTSCRLSVC - ok
13:12:09.0229 6732 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
13:12:09.0236 6732 lltdio - ok
13:12:09.0297 6732 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
13:12:09.0317 6732 lltdsvc - ok
13:12:09.0335 6732 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
13:12:09.0340 6732 lmhosts - ok
13:12:09.0422 6732 LMS (25884ca77f8d926b69167bc231d3726e) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
13:12:09.0424 6732 LMS - ok
13:12:09.0746 6732 Lotus Notes Diagnostics (d26743ea9d0dd23c60be38942dd172d9) C:\Program Files (x86)\IBM\Lotus\Notes\nsd.exe
13:12:09.0794 6732 Lotus Notes Diagnostics - ok
13:12:09.0936 6732 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
13:12:09.0951 6732 LSI_FC - ok
13:12:09.0969 6732 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
13:12:09.0982 6732 LSI_SAS - ok
13:12:10.0001 6732 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
13:12:10.0005 6732 LSI_SAS2 - ok
13:12:10.0024 6732 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
13:12:10.0030 6732 LSI_SCSI - ok
13:12:10.0073 6732 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
13:12:10.0074 6732 luafv - ok
13:12:10.0180 6732 McAfeeEngineService (5d992ca633358dd0e7a16d88829da087) C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe
13:12:10.0181 6732 McAfeeEngineService - ok
13:12:10.0203 6732 McAfeeFramework (1b963d79740b187795407cd03e2f7b4d) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
13:12:10.0204 6732 McAfeeFramework - ok
13:12:10.0264 6732 mcdbus (79d51e7f5926e8ce1b3ebecebae28cff) C:\Windows\system32\DRIVERS\mcdbus.sys
13:12:10.0317 6732 mcdbus - ok
13:12:10.0336 6732 McShield (320bfa711222e371ef70e2acce7fa091) C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\McShield.exe
13:12:10.0337 6732 McShield - ok
13:12:10.0358 6732 McTaskManager (3077feefa81b025390092f7fbf2b51c5) C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe
13:12:10.0359 6732 McTaskManager - ok
13:12:10.0396 6732 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
13:12:10.0436 6732 Mcx2Svc - ok
13:12:10.0469 6732 mdmxsdk (fc631425ed761ea1f24738aa15ff5a7d) C:\Windows\system32\DRIVERS\mdmxsdk.sys
13:12:10.0512 6732 mdmxsdk - ok
13:12:10.0539 6732 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
13:12:10.0547 6732 megasas - ok
13:12:10.0606 6732 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
13:12:10.0626 6732 MegaSR - ok
13:12:10.0655 6732 mfeapfk (07795c10658fa4350d222c7ef9077798) C:\Windows\system32\drivers\mfeapfk.sys
13:12:10.0695 6732 mfeapfk - ok
13:12:10.0734 6732 mfeavfk (3825f334915733b85eed24f0640fadae) C:\Windows\system32\drivers\mfeavfk.sys
13:12:10.0781 6732 mfeavfk - ok
13:12:10.0854 6732 mfehidk (6fe6964a4b4797eb6ef253e0de8d64e4) C:\Windows\system32\drivers\mfehidk.sys
13:12:10.0857 6732 mfehidk - ok
13:12:10.0878 6732 mferkdet (5f21288266b9b51a61272b192365e87c) C:\Windows\system32\drivers\mferkdet.sys
13:12:10.0924 6732 mferkdet - ok
13:12:10.0949 6732 mfetdik (b6170fad509317a963be6d4c2e104d2f) C:\Windows\system32\drivers\mfetdik.sys
13:12:10.0990 6732 mfetdik - ok
13:12:11.0001 6732 mfevtp (edee0ad70a1461ab45bd62a07751a34b) C:\Windows\system32\mfevtps.exe
13:12:11.0041 6732 mfevtp - ok
13:12:11.0085 6732 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
13:12:11.0086 6732 MMCSS - ok
13:12:11.0437 6732 MMS (5fbac5dad4019521ef199d30a11a0f7a) C:\Program Files (x86)\Acronis\BackupAndRecovery\mms.exe
13:12:11.0457 6732 MMS - ok
13:12:11.0566 6732 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
13:12:11.0568 6732 Modem - ok
13:12:11.0603 6732 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
13:12:11.0607 6732 monitor - ok
13:12:11.0655 6732 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
13:12:11.0662 6732 mouclass - ok
13:12:11.0699 6732 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
13:12:11.0705 6732 mouhid - ok
13:12:11.0754 6732 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
13:12:11.0757 6732 mountmgr - ok
13:12:11.0802 6732 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
13:12:11.0854 6732 mpio - ok
13:12:11.0899 6732 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
13:12:11.0908 6732 mpsdrv - ok
13:12:11.0950 6732 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
13:12:12.0002 6732 MRxDAV - ok
13:12:12.0047 6732 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:12:12.0048 6732 mrxsmb - ok
13:12:12.0109 6732 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:12:12.0111 6732 mrxsmb10 - ok
13:12:12.0133 6732 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:12:12.0134 6732 mrxsmb20 - ok
13:12:12.0175 6732 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
13:12:12.0221 6732 msahci - ok
13:12:12.0244 6732 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
13:12:12.0302 6732 msdsm - ok
13:12:12.0328 6732 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
13:12:12.0330 6732 MSDTC - ok
13:12:12.0352 6732 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
13:12:12.0353 6732 Msfs - ok
13:12:12.0479 6732 msftesql (27dcd5f3cf89655556c5f89717d24d65) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe
13:12:12.0480 6732 msftesql - ok
13:12:12.0524 6732 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
13:12:12.0532 6732 mshidkmdf - ok
13:12:12.0543 6732 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
13:12:12.0546 6732 msisadrv - ok
13:12:12.0582 6732 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
13:12:12.0600 6732 MSiSCSI - ok
13:12:12.0603 6732 msiserver - ok
13:12:12.0645 6732 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
13:12:12.0651 6732 MSKSSRV - ok
13:12:12.0669 6732 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
13:12:12.0675 6732 MSPCLOCK - ok
13:12:12.0680 6732 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
13:12:12.0683 6732 MSPQM - ok
13:12:12.0743 6732 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
13:12:12.0745 6732 MsRPC - ok
13:12:12.0790 6732 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
13:12:12.0795 6732 mssmbios - ok
13:12:12.0818 6732 MSSQLSERVER - ok
13:12:12.0900 6732 MSSQLServerADHelper (af07844e1016c959ff54303b12f92993) C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
13:12:12.0901 6732 MSSQLServerADHelper - ok
13:12:12.0914 6732 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
13:12:12.0919 6732 MSTEE - ok
13:12:12.0935 6732 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
13:12:12.0941 6732 MTConfig - ok
13:12:13.0077 6732 Multi-user Cleanup Service (df2d448a89bd43074ee8e7a60adc266a) C:\Program Files (x86)\IBM\Lotus\Notes\ntmulti.exe
13:12:13.0078 6732 Multi-user Cleanup Service - ok
13:12:13.0095 6732 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
13:12:13.0096 6732 Mup - ok
13:12:13.0166 6732 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
13:12:13.0169 6732 napagent - ok
13:12:13.0243 6732 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
13:12:13.0262 6732 NativeWifiP - ok
13:12:13.0359 6732 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
13:12:13.0364 6732 NDIS - ok
13:12:13.0386 6732 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
13:12:13.0392 6732 NdisCap - ok
13:12:13.0428 6732 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
13:12:13.0434 6732 NdisTapi - ok
13:12:13.0467 6732 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
13:12:13.0508 6732 Ndisuio - ok
13:12:13.0556 6732 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
13:12:13.0606 6732 NdisWan - ok
13:12:13.0645 6732 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
13:12:13.0707 6732 NDProxy - ok
13:12:13.0729 6732 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
13:12:13.0730 6732 NetBIOS - ok
13:12:13.0755 6732 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
13:12:13.0794 6732 NetBT - ok
13:12:13.0847 6732 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:12:13.0848 6732 Netlogon - ok
13:12:13.0906 6732 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
13:12:13.0913 6732 Netman - ok
13:12:13.0962 6732 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
13:12:13.0965 6732 netprofm - ok
13:12:14.0047 6732 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:12:14.0058 6732 NetTcpPortSharing - ok
13:12:14.0595 6732 NETw5s64 (24f64343f14a119308456e1ca7507b26) C:\Windows\system32\DRIVERS\NETw5s64.sys
13:12:14.0792 6732 NETw5s64 - ok
13:12:15.0322 6732 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
13:12:15.0423 6732 netw5v64 - ok
13:12:16.0090 6732 NETwNs64 (5d262402b0634c998f8cbcead7dd8676) C:\Windows\system32\DRIVERS\NETwNs64.sys
13:12:16.0296 6732 NETwNs64 - ok
13:12:16.0415 6732 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
13:12:16.0424 6732 nfrd960 - ok
13:12:16.0495 6732 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
13:12:16.0497 6732 NlaSvc - ok
13:12:16.0509 6732 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
13:12:16.0509 6732 Npfs - ok
13:12:16.0534 6732 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
13:12:16.0539 6732 nsi - ok
13:12:16.0553 6732 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
13:12:16.0557 6732 nsiproxy - ok
13:12:16.0708 6732 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
13:12:16.0743 6732 Ntfs - ok
13:12:16.0833 6732 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
13:12:16.0840 6732 Null - ok
13:12:16.0890 6732 nusb3hub (8ebcb9165ee7f1571842f4d9d624a74c) C:\Windows\system32\DRIVERS\nusb3hub.sys
13:12:16.0935 6732 nusb3hub - ok
13:12:16.0963 6732 nusb3xhc (5d54dbb12bbfe07cc283fd39f2cd6d63) C:\Windows\system32\DRIVERS\nusb3xhc.sys
13:12:17.0013 6732 nusb3xhc - ok
13:12:17.0075 6732 NVHDA (e20abd5b229760158f753ca90b97e090) C:\Windows\system32\drivers\nvhda64v.sys
13:12:17.0125 6732 NVHDA - ok
13:12:17.0575 6732 NVIDIA Performance Driver Service (74f76af4695e7b183ea43ab41d620f82) C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
13:12:17.0666 6732 NVIDIA Performance Driver Service - ok
13:12:18.0566 6732 nvlddmkm (6ef8c7a051804570000670800f6174fe) C:\Windows\system32\DRIVERS\nvlddmkm.sys
13:12:18.0769 6732 nvlddmkm - ok
13:12:18.0921 6732 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
13:12:18.0981 6732 nvraid - ok
13:12:19.0039 6732 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
13:12:19.0098 6732 nvstor - ok
13:12:19.0153 6732 nvsvc (4094dff204ee3cf902648f0f14b8d344) C:\Windows\system32\nvvsvc.exe
13:12:19.0210 6732 nvsvc - ok
13:12:19.0251 6732 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
13:12:19.0269 6732 nv_agp - ok
13:12:19.0368 6732 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
13:12:19.0450 6732 odserv - ok
13:12:19.0484 6732 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
13:12:19.0497 6732 ohci1394 - ok
13:12:19.0567 6732 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:12:19.0568 6732 ose - ok
13:12:19.0941 6732 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
13:12:20.0089 6732 osppsvc - ok
13:12:20.0235 6732 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
13:12:20.0254 6732 p2pimsvc - ok
13:12:20.0306 6732 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
13:12:20.0319 6732 p2psvc - ok
13:12:20.0363 6732 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
13:12:20.0373 6732 Parport - ok
13:12:20.0414 6732 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
13:12:20.0415 6732 partmgr - ok
13:12:20.0440 6732 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
13:12:20.0446 6732 PcaSvc - ok
13:12:20.0495 6732 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
13:12:20.0496 6732 pci - ok
13:12:20.0535 6732 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
13:12:20.0542 6732 pciide - ok
13:12:20.0576 6732 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
13:12:20.0588 6732 pcmcia - ok
13:12:20.0605 6732 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
13:12:20.0608 6732 pcw - ok
13:12:20.0658 6732 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
13:12:20.0696 6732 PEAUTH - ok
13:12:20.0800 6732 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
13:12:20.0858 6732 PeerDistSvc - ok
13:12:20.0950 6732 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
13:12:20.0957 6732 PerfHost - ok
13:12:21.0164 6732 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
13:12:21.0171 6732 pla - ok
13:12:21.0249 6732 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
13:12:21.0283 6732 PlugPlay - ok
13:12:21.0341 6732 Pml Driver HPZ12 (64ca1485214340cacc315ffdfded73ef) C:\Windows\system32\HPZipm12.dll
13:12:21.0375 6732 Pml Driver HPZ12 - ok
13:12:21.0440 6732 pmxdrv (34bfc6ed31b4e8be940c884b8ac7d9df) C:\Windows\system32\drivers\pmxdrv.sys
13:12:21.0495 6732 pmxdrv - ok
13:12:21.0532 6732 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
13:12:21.0541 6732 PNRPAutoReg - ok
13:12:21.0579 6732 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
13:12:21.0582 6732 PNRPsvc - ok
13:12:21.0628 6732 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
13:12:21.0664 6732 PolicyAgent - ok
13:12:21.0697 6732 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
13:12:21.0704 6732 Power - ok
13:12:21.0822 6732 Power Manager DBC Service (2db6404b68aa554f4805bcb645ed8e11) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
13:12:21.0823 6732 Power Manager DBC Service - ok
13:12:21.0875 6732 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
13:12:21.0923 6732 PptpMiniport - ok
13:12:21.0951 6732 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
13:12:21.0956 6732 Processor - ok
13:12:22.0009 6732 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
13:12:22.0012 6732 ProfSvc - ok
13:12:22.0046 6732 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:12:22.0047 6732 ProtectedStorage - ok
13:12:22.0090 6732 psadd (515a7c5a0886fcc60901916785efd549) C:\Windows\system32\DRIVERS\psadd.sys
13:12:22.0131 6732 psadd - ok
13:12:22.0189 6732 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
13:12:22.0227 6732 Psched - ok
13:12:22.0307 6732 PwmEWSvc (ef283bc7e0091713c15414aaf64074eb) C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE
13:12:22.0366 6732 PwmEWSvc - ok
13:12:22.0410 6732 QCFilterlno (c2fc9f379145a53070260ab37356bfd6) C:\Windows\system32\DRIVERS\qcfilterlno.sys
13:12:22.0452 6732 QCFilterlno - ok
13:12:22.0495 6732 qcfilterlno2k (052031a92809b438683fdcf5b574234d) C:\Windows\system32\DRIVERS\qcfilterlno2k.sys
13:12:22.0532 6732 qcfilterlno2k - ok
13:12:22.0596 6732 qcusbnetlno (fbd850347d52a0795b1b126fa02c2266) C:\Windows\system32\DRIVERS\qcusbnetlno.sys
13:12:22.0642 6732 qcusbnetlno - ok
13:12:22.0725 6732 qcusbnetlno2k (d34a2573b12c858fae2b09fc3ced5caa) C:\Windows\system32\DRIVERS\qcusbnetlno2k.sys
13:12:22.0763 6732 qcusbnetlno2k - ok
13:12:22.0817 6732 qcusbserlno (d512ecb9b127a5a7ff09eebeee63fca3) C:\Windows\system32\DRIVERS\qcusbserlno.sys
13:12:22.0866 6732 qcusbserlno - ok
13:12:22.0935 6732 qcusbserlno2k (4ad8cb1e096872ee7a7f6fbeac91b54a) C:\Windows\system32\DRIVERS\qcusbserlno2k.sys
13:12:22.0974 6732 qcusbserlno2k - ok
13:12:23.0057 6732 QDLService (ef7df97d418b785c49e50014b6097a49) c:\QUALCOMM\QDLService\QDLService.exe
13:12:23.0059 6732 QDLService - ok
13:12:23.0139 6732 QDLService2kLenovo (a11531b61ce8cefb28879a99420dcb81) c:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kLenovo.exe
13:12:23.0141 6732 QDLService2kLenovo - ok
13:12:23.0271 6732 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
13:12:23.0347 6732 ql2300 - ok
13:12:23.0470 6732 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
13:12:23.0485 6732 ql40xx - ok
13:12:23.0525 6732 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
13:12:23.0543 6732 QWAVE - ok
13:12:23.0562 6732 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
13:12:23.0578 6732 QWAVEdrv - ok
13:12:23.0595 6732 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
13:12:23.0600 6732 RasAcd - ok
13:12:23.0636 6732 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
13:12:23.0640 6732 RasAgileVpn - ok
13:12:23.0655 6732 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
13:12:23.0669 6732 RasAuto - ok
13:12:23.0708 6732 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:12:23.0757 6732 Rasl2tp - ok
13:12:23.0839 6732 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
13:12:23.0869 6732 RasMan - ok
13:12:23.0916 6732 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
13:12:23.0928 6732 RasPppoe - ok
13:12:23.0944 6732 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
13:12:23.0956 6732 RasSstp - ok
13:12:24.0009 6732 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
13:12:24.0011 6732 rdbss - ok
13:12:24.0032 6732 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
13:12:24.0038 6732 rdpbus - ok
13:12:24.0048 6732 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:12:24.0051 6732 RDPCDD - ok
13:12:24.0097 6732 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
13:12:24.0147 6732 RDPDR - ok
13:12:24.0166 6732 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
13:12:24.0169 6732 RDPENCDD - ok
13:12:24.0176 6732 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
13:12:24.0179 6732 RDPREFMP - ok
13:12:24.0231 6732 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
13:12:24.0281 6732 RDPWD - ok
13:12:24.0355 6732 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
13:12:24.0356 6732 rdyboost - ok
13:12:24.0398 6732 regi - ok
13:12:24.0551 6732 RegSrvc (189c5a8d2098e0aa14fd157a954b34fc) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
13:12:24.0554 6732 RegSrvc - ok
13:12:24.0616 6732 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
13:12:24.0629 6732 RemoteAccess - ok
13:12:24.0666 6732 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
13:12:24.0681 6732 RemoteRegistry - ok
13:12:24.0736 6732 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
13:12:24.0752 6732 RFCOMM - ok
13:12:24.0810 6732 rimspci (3dca561aaf776aa2e356fb5b142aa5f8) C:\Windows\system32\DRIVERS\rimspe64.sys
13:12:24.0855 6732 rimspci - ok
13:12:24.0897 6732 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
13:12:24.0902 6732 RpcEptMapper - ok
13:12:24.0929 6732 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
13:12:24.0935 6732 RpcLocator - ok
13:12:25.0010 6732 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
13:12:25.0014 6732 RpcSs - ok
13:12:25.0053 6732 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
13:12:25.0060 6732 rspndr - ok
13:12:25.0089 6732 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
13:12:25.0131 6732 s3cap - ok
13:12:25.0165 6732 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:12:25.0166 6732 SamSs - ok
13:12:25.0212 6732 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
13:12:25.0254 6732 sbp2port - ok
13:12:25.0437 6732 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
13:12:25.0560 6732 SBSDWSCService - ok
13:12:25.0590 6732 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
13:12:25.0610 6732 SCardSvr - ok
13:12:25.0674 6732 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
13:12:25.0718 6732 scfilter - ok
13:12:25.0820 6732 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
13:12:25.0826 6732 Schedule - ok
13:12:25.0862 6732 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
13:12:25.0896 6732 SCPolicySvc - ok
13:12:25.0959 6732 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
13:12:26.0012 6732 sdbus - ok
13:12:26.0061 6732 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
13:12:26.0109 6732 SDRSVC - ok
13:12:26.0149 6732 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
13:12:26.0154 6732 secdrv - ok
13:12:26.0196 6732 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
13:12:26.0197 6732 seclogon - ok
13:12:26.0227 6732 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
13:12:26.0228 6732 SENS - ok
13:12:26.0260 6732 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
13:12:26.0264 6732 SensrSvc - ok
13:12:26.0302 6732 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
13:12:26.0308 6732 Serenum - ok
13:12:26.0327 6732 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
13:12:26.0332 6732 Serial - ok
13:12:26.0375 6732 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
13:12:26.0379 6732 sermouse - ok
13:12:26.0435 6732 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
13:12:26.0466 6732 SessionEnv - ok
13:12:26.0503 6732 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
13:12:26.0509 6732 sffdisk - ok
13:12:26.0525 6732 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
13:12:26.0530 6732 sffp_mmc - ok
13:12:26.0541 6732 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\DRIVERS\sffp_sd.sys
13:12:26.0580 6732 sffp_sd - ok
13:12:26.0597 6732 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
13:12:26.0603 6732 sfloppy - ok
13:12:26.0664 6732 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
13:12:26.0696 6732 ShellHWDetection - ok
13:12:26.0746 6732 Shockprf (380b52126e62c6c2d3c8ba805aadfdc7) C:\Windows\system32\DRIVERS\Apsx64.sys
13:12:26.0747 6732 Shockprf - ok
13:12:26.0787 6732 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
13:12:26.0793 6732 SiSRaid2 - ok
13:12:26.0813 6732 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
13:12:26.0820 6732 SiSRaid4 - ok
13:12:27.0143 6732 Skype C2C Service (2a99850c2a6edd6c6602e822c716edaf) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
13:12:27.0157 6732 Skype C2C Service - ok
13:12:27.0268 6732 SkypeUpdate (ddaa5f4a6b958fc313ebd02dd925752f) C:\Program Files (x86)\Skype\Updater\Updater.exe
13:12:27.0269 6732 SkypeUpdate - ok
13:12:27.0386 6732 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
13:12:27.0398 6732 Smb - ok
13:12:27.0494 6732 smihlp2 (c5b1a19b14f19b08ae72fcb20a3075b6) c:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys
13:12:27.0494 6732 smihlp2 - ok
13:12:27.0553 6732 snapman (e99fbd6bc94ae96214399a3310fbffa7) C:\Windows\system32\DRIVERS\snapman.sys
13:12:27.0555 6732 snapman - ok
13:12:27.0600 6732 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
13:12:27.0607 6732 SNMPTRAP - ok
13:12:27.0615 6732 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
13:12:27.0616 6732 spldr - ok
13:12:27.0686 6732 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
13:12:27.0730 6732 Spooler - ok
13:12:27.0986 6732 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
13:12:28.0053 6732 sppsvc - ok
13:12:28.0137 6732 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
13:12:28.0144 6732 sppuinotify - ok
13:12:28.0233 6732 SQLBrowser (b2ec3e1deac5f0a764bd3486d213a0af) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
13:12:28.0235 6732 SQLBrowser - ok
13:12:28.0351 6732 SQLSERVERAGENT (00b0e9f0ffd98b829345dff292650470) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\SQLAGENT90.EXE
13:12:28.0436 6732 SQLSERVERAGENT - ok
13:12:28.0506 6732 SQLWriter (d63fc56c7c3f9b576bc25f617e3f7963) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
13:12:28.0507 6732 SQLWriter - ok
13:12:28.0590 6732 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
13:12:28.0593 6732 srv - ok
13:12:28.0633 6732 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
13:12:28.0636 6732 srv2 - ok
13:12:28.0700 6732 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
13:12:28.0719 6732 SrvHsfHDA - ok
13:12:28.0820 6732 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
13:12:28.0900 6732 SrvHsfV92 - ok
13:12:29.0038 6732 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
13:12:29.0068 6732 SrvHsfWinac - ok
13:12:29.0097 6732 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
13:12:29.0099 6732 srvnet - ok
13:12:29.0132 6732 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
13:12:29.0139 6732 SSDPSRV - ok
13:12:29.0155 6732 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
13:12:29.0161 6732 SstpSvc - ok
13:12:29.0178 6732 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
13:12:29.0183 6732 stexstor - ok
13:12:29.0259 6732 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
13:12:29.0307 6732 stisvc - ok
13:12:29.0342 6732 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
13:12:29.0343 6732 storflt - ok
13:12:29.0354 6732 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
13:12:29.0359 6732 StorSvc - ok
13:12:29.0398 6732 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
13:12:29.0460 6732 storvsc - ok
13:12:29.0543 6732 SUService (e8029eb9b0d962675eae956af0f1fd87) c:\program files (x86)\lenovo\system update\suservice.exe
13:12:29.0543 6732 SUService - ok
13:12:29.0574 6732 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
13:12:29.0580 6732 swenum - ok
13:12:29.0651 6732 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
13:12:29.0655 6732 swprv - ok
13:12:29.0710 6732 sxuptp (e4154c5ce666b713de9398c053d8fb7e) C:\Windows\system32\DRIVERS\sxuptp.sys
13:12:29.0758 6732 sxuptp - ok
13:12:29.0900 6732 SynTP (7e8902f9929a5d9ffd0f545332ce0f10) C:\Windows\system32\DRIVERS\SynTP.sys
13:12:29.0978 6732 SynTP - ok
13:12:30.0200 6732 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
13:12:30.0250 6732 SysMain - ok
13:12:30.0360 6732 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
13:12:30.0397 6732 TabletInputService - ok
13:12:30.0456 6732 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
13:12:30.0487 6732 TapiSrv - ok
13:12:30.0503 6732 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
13:12:30.0517 6732 TBS - ok
13:12:30.0696 6732 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
13:12:30.0726 6732 Tcpip - ok
13:12:30.0949 6732 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
13:12:30.0959 6732 TCPIP6 - ok
13:12:31.0062 6732 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
13:12:31.0108 6732 tcpipreg - ok
13:12:31.0142 6732 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
13:12:31.0148 6732 TDPIPE - ok
13:12:31.0184 6732 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
13:12:31.0225 6732 TDTCP - ok
13:12:31.0276 6732 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
13:12:31.0319 6732 tdx - ok
13:12:31.0354 6732 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
13:12:31.0386 6732 TermDD - ok
13:12:31.0444 6732 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
13:12:31.0448 6732 TermService - ok
13:12:31.0475 6732 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
13:12:31.0483 6732 Themes - ok
13:12:31.0639 6732 ThinkVantage Registry Monitor Service (39ac444e07fdbd8c2e8e291a65d515d3) C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
13:12:31.0644 6732 ThinkVantage Registry Monitor Service - ok
13:12:31.0672 6732 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
13:12:31.0673 6732 THREADORDER - ok
13:12:31.0809 6732 timounter (904082caf38e435e9bd19d4e3f11bf6c) C:\Windows\system32\DRIVERS\timntr.sys
13:12:31.0814 6732 timounter - ok
13:12:31.0884 6732 Tomcat6 (adad1371f9d555c82258cc9f719e7647) C:\Program Files\Apache Software Foundation\Tomcat 6.0\bin\tomcat6.exe
13:12:31.0885 6732 Tomcat6 - ok
13:12:31.0920 6732 TPDIGIMN (5523c729f1ed31b63c88490af3d220fa) C:\Windows\system32\DRIVERS\ApsHM64.sys
13:12:31.0921 6732 TPDIGIMN - ok
13:12:31.0944 6732 TPHDEXLGSVC (ecb098a3404acb8a05f0673dc086bb43) C:\Windows\system32\TPHDEXLG64.exe
13:12:31.0946 6732 TPHDEXLGSVC - ok
13:12:32.0040 6732 TPHKLOAD (63626012e44caaa162677b57b6dcb542) C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
13:12:32.0041 6732 TPHKLOAD - ok
13:12:32.0086 6732 TPHKSVC (9e6e4a9789f76593cc5a6a5af8fc5929) C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
13:12:32.0139 6732 TPHKSVC - ok
13:12:32.0181 6732 TPM (dbcc20c02e8a3e43b03c304a4e40a84f) C:\Windows\system32\drivers\tpm.sys
13:12:32.0186 6732 TPM - ok
13:12:32.0241 6732 TPPWRIF (7165b5a9b4867f64a6d6935f57d4196b) C:\Windows\system32\drivers\Tppwr64v.sys
13:12:32.0284 6732 TPPWRIF - ok
13:12:32.0340 6732 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
13:12:32.0346 6732 TrkWks - ok
13:12:32.0410 6732 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
13:12:32.0446 6732 TrustedInstaller - ok
13:12:32.0491 6732 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:12:32.0532 6732 tssecsrv - ok
13:12:32.0601 6732 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
13:12:32.0640 6732 TsUsbFlt - ok
13:12:32.0702 6732 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
13:12:32.0751 6732 tunnel - ok
13:12:32.0779 6732 TurboB (53ff5f00eab07e329abe48ae3de4f5d7) C:\Windows\system32\DRIVERS\TurboB.sys
13:12:32.0820 6732 TurboB - ok
13:12:32.0865 6732 TurboBoost (b670df651f00194434adc6b326743709) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
13:12:32.0866 6732 TurboBoost - ok
13:12:33.0068 6732 TVT Backup Service (4581a61ad590bc3ccdf2759d0bdd69fc) C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe
13:12:33.0075 6732 TVT Backup Service - ok
13:12:33.0192 6732 TVTI2C (4daae0413cd4e816258838e2fafb3147) C:\Windows\system32\DRIVERS\Tvti2c.sys
13:12:33.0236 6732 TVTI2C - ok
13:12:33.0261 6732 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
13:12:33.0268 6732 uagp35 - ok
13:12:33.0324 6732 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
13:12:33.0375 6732 udfs - ok
13:12:33.0514 6732 UDisk Monitor (0df4baafc86383ccf985fa902e29d7a4) C:\Program Files\Reliance Netconnect - Broadband+\bin\MonServiceUDisk.exe
13:12:33.0516 6732 UDisk Monitor - ok
13:12:33.0614 6732 ufad-ws60 (215462ae7e6a897d675e84dd1e3b3b56) C:\Program Files (x86)\VMware\VMware Player\vmware-ufad.exe
13:12:33.0673 6732 ufad-ws60 - ok
13:12:33.0709 6732 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
13:12:33.0717 6732 UI0Detect - ok
13:12:33.0760 6732 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
13:12:33.0765 6732 uliagpkx - ok
13:12:33.0819 6732 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
13:12:33.0858 6732 umbus - ok
13:12:33.0876 6732 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
13:12:33.0880 6732 UmPass - ok
13:12:33.0944 6732 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
13:12:33.0990 6732 UmRdpService - ok
13:12:34.0216 6732 UNS (2b971a72c0d6bd8a710e2748353773dd) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
13:12:34.0229 6732 UNS - ok
13:12:34.0345 6732 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
13:12:34.0351 6732 upnphost - ok
13:12:34.0437 6732 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
13:12:34.0478 6732 USBAAPL64 - ok
13:12:34.0547 6732 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
13:12:34.0590 6732 usbaudio - ok
13:12:34.0645 6732 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
13:12:34.0691 6732 usbccgp - ok
13:12:34.0747 6732 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
13:12:34.0759 6732 usbcir - ok
13:12:34.0781 6732 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
13:12:34.0820 6732 usbehci - ok
13:12:34.0898 6732 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
13:12:34.0961 6732 usbhub - ok
13:12:34.0999 6732 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
13:12:35.0043 6732 usbohci - ok
13:12:35.0092 6732 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
13:12:35.0097 6732 usbprint - ok
13:12:35.0139 6732 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
13:12:35.0143 6732 usbscan - ok
13:12:35.0186 6732 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:12:35.0225 6732 USBSTOR - ok
13:12:35.0265 6732 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
13:12:35.0309 6732 usbuhci - ok
13:12:35.0376 6732 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
13:12:35.0424 6732 usbvideo - ok
13:12:35.0450 6732 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
13:12:35.0456 6732 UxSms - ok
13:12:35.0494 6732 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:12:35.0495 6732 VaultSvc - ok
13:12:35.0541 6732 VClone (fd911873c0bb6945fa38c16e9a2b58f9) C:\Windows\system32\DRIVERS\VClone.sys
13:12:35.0580 6732 VClone - ok
13:12:35.0623 6732 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
13:12:35.0624 6732 vdrvroot - ok
13:12:35.0704 6732 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
13:12:35.0708 6732 vds - ok
13:12:35.0759 6732 vflt (00c7df4f50962ba218ab60d32869100b) C:\Windows\system32\DRIVERS\vfilter.sys
13:12:35.0808 6732 vflt - ok
13:12:35.0855 6732 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
13:12:35.0860 6732 vga - ok
13:12:35.0881 6732 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
13:12:35.0889 6732 VgaSave - ok
13:12:35.0943 6732 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
13:12:35.0996 6732 vhdmp - ok
13:12:36.0010 6732 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
13:12:36.0016 6732 viaide - ok
13:12:36.0150 6732 VMAuthdService (42f0ecaf36636841a4a006850695507f) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
13:12:36.0209 6732 VMAuthdService - ok
13:12:36.0236 6732 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
13:12:36.0277 6732 vmbus - ok
13:12:36.0298 6732 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
13:12:36.0338 6732 VMBusHID - ok
13:12:36.0374 6732 vmci (3d810a11c3e7fd4682a8824f54c1a04f) C:\Windows\system32\drivers\vmci.sys
13:12:36.0416 6732 vmci - ok
13:12:36.0458 6732 vmkbd (1af6462718e5ab0ed55014a6ef3790ef) C:\Windows\system32\drivers\VMkbd.sys
13:12:36.0516 6732 vmkbd - ok
13:12:36.0573 6732 VMnetAdapter (9d54f1339e78c95bf3d9939ebcb66378) C:\Windows\system32\DRIVERS\vmnetadapter.sys
13:12:36.0621 6732 VMnetAdapter - ok
13:12:36.0643 6732 VMnetBridge (fb54ef3aa613d2832fd3812e7cb2fc75) C:\Windows\system32\DRIVERS\vmnetbridge.sys
13:12:36.0688 6732 VMnetBridge - ok
13:12:36.0703 6732 VMnetDHCP - ok
13:12:36.0760 6732 VMnetuserif (daf5e04eb56cd0ed945fb2fdd94812db) C:\Windows\system32\drivers\vmnetuserif.sys
13:12:36.0802 6732 VMnetuserif - ok
13:12:36.0851 6732 vmusb (415b167695c4b5960a13098622ef3d80) C:\Windows\system32\Drivers\vmusb.sys
13:12:36.0891 6732 vmusb - ok
13:12:37.0005 6732 VMUSBArbService (f22098dbdd13c1221c274496b3e18da7) C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
13:12:37.0107 6732 VMUSBArbService - ok
13:12:37.0137 6732 VMware NAT Service - ok
13:12:37.0171 6732 vmx86 (ae7f667db83e108e83c86a56b821e9a6) C:\Windows\system32\drivers\vmx86.sys
13:12:37.0212 6732 vmx86 - ok
13:12:37.0261 6732 vnet (a99ca064ad11266fe7067a79bf78bbb5) C:\Windows\system32\DRIVERS\virtualnet.sys
13:12:37.0301 6732 vnet - ok
13:12:37.0336 6732 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
13:12:37.0337 6732 volmgr - ok
13:12:37.0402 6732 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
13:12:37.0404 6732 volmgrx - ok
13:12:37.0460 6732 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
13:12:37.0505 6732 volsnap - ok
13:12:37.0559 6732 vpcbus (b4a73ca4ef9a02b9738cea9ad5fe5917) C:\Windows\system32\DRIVERS\vpchbus.sys
13:12:37.0610 6732 vpcbus - ok
13:12:37.0650 6732 vpcnfltr (e675fb2b48c54f09895482e2253b289c) C:\Windows\system32\DRIVERS\vpcnfltr.sys
13:12:37.0689 6732 vpcnfltr - ok
13:12:37.0706 6732 vpcusb (5fb42082b0d19a0268705f1dd343df20) C:\Windows\system32\DRIVERS\vpcusb.sys
13:12:37.0754 6732 vpcusb - ok
13:12:37.0821 6732 vpcvmm (207b6539799cc1c112661a9b620dd233) C:\Windows\system32\drivers\vpcvmm.sys
13:12:37.0862 6732 vpcvmm - ok
13:12:37.0921 6732 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
13:12:37.0939 6732 vsmraid - ok
13:12:38.0065 6732 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
13:12:38.0073 6732 VSS - ok
13:12:38.0169 6732 vstor2-ws60 (e61c910e2ddf4797c1b1f9239636e894) C:\Program Files (x86)\VMware\VMware Player\vstor2-ws60.sys
13:12:38.0213 6732 vstor2-ws60 - ok
13:12:38.0314 6732 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
13:12:38.0318 6732 vwifibus - ok
13:12:38.0362 6732 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
13:12:38.0368 6732 vwififlt - ok
13:12:38.0440 6732 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
13:12:38.0443 6732 W32Time - ok
13:12:38.0528 6732 W3SVC (b32009db1972e7f2c227499289c4384a) C:\Windows\system32\inetsrv\iisw3adm.dll
13:12:38.0559 6732 W3SVC - ok
13:12:38.0581 6732 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
13:12:38.0588 6732 WacomPen - ok
13:12:38.0634 6732 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
13:12:38.0674 6732 WANARP - ok
13:12:38.0682 6732 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
13:12:38.0683 6732 Wanarpv6 - ok
13:12:38.0690 6732 WAS (b32009db1972e7f2c227499289c4384a) C:\Windows\system32\inetsrv\iisw3adm.dll
13:12:38.0693 6732 WAS - ok
13:12:38.0842 6732 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
13:12:38.0848 6732 WatAdminSvc - ok
13:12:38.0992 6732 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
13:12:39.0077 6732 wbengine - ok
13:12:39.0199 6732 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
13:12:39.0206 6732 WbioSrvc - ok
13:12:39.0282 6732 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
13:12:39.0313 6732 wcncsvc - ok
13:12:39.0356 6732 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
13:12:39.0361 6732 WcsPlugInService - ok
13:12:39.0405 6732 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
13:12:39.0411 6732 Wd - ok
13:12:39.0476 6732 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
13:12:39.0488 6732 Wdf01000 - ok
13:12:39.0508 6732 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
13:12:39.0510 6732 WdiServiceHost - ok
13:12:39.0514 6732 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
13:12:39.0516 6732 WdiSystemHost - ok
13:12:39.0550 6732 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
13:12:39.0593 6732 WebClient - ok
13:12:39.0625 6732 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
13:12:39.0644 6732 Wecsvc - ok
13:12:39.0660 6732 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
13:12:39.0665 6732 wercplsupport - ok
13:12:39.0708 6732 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
13:12:39.0713 6732 WerSvc - ok
13:12:39.0743 6732 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
13:12:39.0746 6732 WfpLwf - ok
13:12:39.0753 6732 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
13:12:39.0759 6732 WIMMount - ok
13:12:39.0865 6732 winachsf (7387ce6730baab8254da0ce3776a4b28) C:\Windows\system32\DRIVERS\CAX_CNXT.sys
13:12:39.0924 6732 winachsf - ok
13:12:39.0931 6732 WinHttpAutoProxySvc - ok
13:12:39.0998 6732 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
13:12:40.0015 6732 Winmgmt - ok
13:12:40.0182 6732 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
13:12:40.0272 6732 WinRM - ok
13:12:40.0431 6732 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUSB.sys
13:12:40.0470 6732 WinUsb - ok
13:12:40.0556 6732 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
13:12:40.0561 6732 Wlansvc - ok
13:12:40.0866 6732 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
13:12:40.0909 6732 wlidsvc - ok
13:12:41.0048 6732 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
13:12:41.0053 6732 WmiAcpi - ok
13:12:41.0118 6732 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
13:12:41.0136 6732 wmiApSrv - ok
13:12:41.0164 6732 WMPNetworkSvc - ok
13:12:41.0190 6732 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
13:12:41.0196 6732 WPCSvc - ok
13:12:41.0243 6732 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
13:12:41.0273 6732 WPDBusEnum - ok
13:12:41.0295 6732 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
13:12:41.0300 6732 ws2ifsl - ok
13:12:41.0305 6732 WSearch - ok
13:12:41.0509 6732 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
13:12:41.0522 6732 wuauserv - ok
13:12:41.0687 6732 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
13:12:41.0738 6732 WudfPf - ok
13:12:41.0787 6732 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
13:12:41.0788 6732 WUDFRd - ok
13:12:41.0804 6732 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
13:12:41.0841 6732 wudfsvc - ok
13:12:41.0893 6732 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
13:12:41.0899 6732 WwanSvc - ok
13:12:41.0949 6732 XAudio (9907bc1cc78c37073ac78a4541710b61) C:\Windows\system32\DRIVERS\XAudio64.sys
13:12:41.0994 6732 XAudio - ok
13:12:42.0176 6732 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
13:12:42.0179 6732 YahooAUService - ok
13:12:42.0240 6732 ztemtusbser (aab0387be48a6226b94d36b7072f9b08) C:\Windows\system32\DRIVERS\CT_ZTEMT_U_USBSER.sys
13:12:42.0286 6732 ztemtusbser - ok
13:12:42.0547 6732 MBR (0x1B8) (ffd2fdaf6050dfadcddbc8642e2b45cd) \Device\Harddisk0\DR0
13:12:43.0121 6732 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
13:12:43.0121 6732 \Device\Harddisk0\DR0 - detected TDSS File System (1)
13:12:43.0124 6732 Boot (0x1200) (3a172dd653b56b6d31861494ab694e81) \Device\Harddisk0\DR0\Partition0
13:12:43.0128 6732 \Device\Harddisk0\DR0\Partition0 - ok
13:12:43.0146 6732 Boot (0x1200) (1b8a0acea29577d1aad4495c6f12c807) \Device\Harddisk0\DR0\Partition1
13:12:43.0149 6732 \Device\Harddisk0\DR0\Partition1 - ok
13:12:43.0149 6732 ============================================================
13:12:43.0149 6732 Scan finished
13:12:43.0149 6732 ============================================================
13:12:43.0158 7548 Detected object count: 1
13:12:43.0158 7548 Actual detected object count: 1
13:13:39.0330 7548 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
13:13:39.0330 7548 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

------------

aswMBR log


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-08 13:16:56
-----------------------------
13:16:56.391 OS Version: Windows x64 6.1.7601 Service Pack 1
13:16:56.392 Number of processors: 8 586 0x1E05
13:16:56.394 ComputerName: W510-100 UserName: jdudley
13:16:59.673 Initialize success
13:18:33.410 AVAST engine defs: 12070800
13:18:36.018 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
13:18:36.022 Disk 0 Vendor: ST950042 0002 Size: 476940MB BusType: 3
13:18:36.034 Disk 0 MBR read successfully
13:18:36.037 Disk 0 MBR scan
13:18:36.046 Disk 0 unknown MBR code
13:18:36.051 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 1853 MB offset 63
13:18:36.071 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 475083 MB offset 3795120
13:18:36.099 Disk 0 scanning C:\Windows\system32\drivers
13:19:10.666 Service scanning
13:20:04.310 Modules scanning
13:20:04.321 Disk 0 trace - called modules:
13:20:04.353 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
13:20:04.360 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800fbbe790]
13:20:04.368 3 CLASSPNP.SYS[fffff88001d1243f] -> nt!IofCallDriver -> [0xfffffa800dbb1400]
13:20:04.375 5 ACPI.sys[fffff88000d4d7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800dbb4050]
13:20:08.223 AVAST engine scan C:\Windows
13:20:13.025 AVAST engine scan C:\Windows\system32
13:27:18.109 AVAST engine scan C:\Windows\system32\drivers
13:28:06.183 AVAST engine scan C:\Users\jdudley
13:36:21.101 AVAST engine scan C:\ProgramData
13:40:16.628 Scan finished successfully
13:40:39.151 Disk 0 MBR has been saved successfully to "F:\Bleeping Computer logs\MBR.dat"
13:40:39.176 The log file has been saved successfully to "F:\Bleeping Computer logs\aswMBR.txt"


-------------------


eset log


C:\Windows\Installer\{cf77ec27-39e7-8307-93c7-4ae7e2e77130}\U\00000008.@ Win64/Agent.BA trojan cleaned by deleting - quarantined
C:\Windows\Installer\{cf77ec27-39e7-8307-93c7-4ae7e2e77130}\U\80000000.@ Win64/Sirefef.AE trojan cleaned by deleting - quarantined
C:\Windows\Installer\{cf77ec27-39e7-8307-93c7-4ae7e2e77130}\U\80000032.@ a variant of Win32/Sirefef.FD trojan cleaned by deleting - quarantined
Operating memory a variant of Win32/Sirefef.EZ trojan

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:21 AM

Posted 08 July 2012 - 11:13 PM

Download

systemlook

Launch it and copy this script and paste in the BOX

:filefind
services.exe
:folderfind
{cf77ec27-39e7-8307-93c7-4ae7e2e77130}

Click on LOOK,post the generated log

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log


Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

#5 dudljo

dudljo
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:21 AM

Posted 09 July 2012 - 05:52 AM

Hi,

Thank you for your help.

Just to add some more information, after running the last 3 utilities you specified (systemlook, MBAM, minitoolbox), I'm still getting the certificate error in Chrome pertaining to www.google.co.uk. IE seems to be more stable, but I haven't really tested it in anger. I'm also still getting the desktop-icon resize issue after reboot.

But - and I hope I haven't confused the issue - I've had to move WiFi networks from where I first reported the problem. Not sure if that will change some of the diagnostic information you're trying to gather.

Here's the logs that you requested :

SystemLook

SystemLook 30.07.11 by jpshortstuff
Log created at 08:09 on 09/07/2012 by jdudley
Administrator - Elevation successful

========== filefind ==========

Searching for "services.exe"
C:\Windows\System32\services.exe --a---- 328704 bytes [23:19 13/07/2009] [01:39 14/07/2009] 014A9CB92514E27C0107614DF764BC06
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe --a---- 328704 bytes [23:19 13/07/2009] [01:39 14/07/2009] 24ACB7E5BE595468E3B9AA488B9B4FCB

========== folderfind ==========

Searching for "{cf77ec27-39e7-8307-93c7-4ae7e2e77130}"
C:\Users\jdudley\AppData\Local\{cf77ec27-39e7-8307-93c7-4ae7e2e77130} d--hs-- [08:44 11/01/2012]
C:\Windows\Installer\{cf77ec27-39e7-8307-93c7-4ae7e2e77130} d--hs-- [08:44 11/01/2012]

-= EOF =-



Mini Toolbox

MiniToolBox by Farbar Version: 25-06-2012
Ran by jdudley (administrator) on 09-07-2012 at 11:41:38
Microsoft Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

65.170.40.142 notes.abinitio.com notes
65.170.40.143 estes.abinitio.com estes


========================= IP Configuration: ================================

Intel® Centrino® Advanced-N 6200 AGN = Wireless Network Connection 7 (Connected)
VMware Virtual Ethernet Adapter for VMnet1 = VMware Network Adapter VMnet1 (Hardware not present)
VMware Virtual Ethernet Adapter for VMnet8 = VMware Network Adapter VMnet8 (Hardware not present)
Intel® 82577LM Gigabit Network Connection = Local Area Connection (Media disconnected)
Qualcomm Gobi 2000 HS-USB Mobile Broadband Device 9205 = Mobile Broadband Connection (Media disconnected)
Bluetooth Device (Personal Area Network) = Bluetooth Network Connection 12 (Media disconnected)
The following helper DLL cannot be loaded: WSHELPER.DLL.


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
set interface interface="Local Area Connection* 6-Shrew Soft Lightweight Filter-0000" forwarding=disabled advertise=disabled mtu=1380 metric=0 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled
set interface interface="Local Area Connection* 11" forwarding=disabled advertise=disabled mtu=1380 metric=0 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled
set interface interface="Local Area Connection* 27" forwarding=disabled advertise=disabled mtu=1380 metric=0 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled
set interface interface="Local Area Connection* 30" forwarding=disabled advertise=disabled mtu=1380 metric=0 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled
add address name="Local Area Connection* 6-Shrew Soft Lightweight Filter-0000" address=10.55.30.53 mask=255.255.255.0
add address name="Local Area Connection* 11" address=10.55.30.116 mask=255.255.255.0
add address name="Local Area Connection* 11" address=10.55.30.13 mask=255.255.255.0
add address name="Local Area Connection* 11" address=10.55.30.77 mask=255.255.255.0
add address name="Local Area Connection* 11" address=10.55.30.162 mask=255.255.255.0
add address name="Local Area Connection* 11" address=10.55.30.234 mask=255.255.255.0
add address name="Local Area Connection* 11" address=10.55.30.98 mask=255.255.255.0
add address name="Local Area Connection* 11" address=10.55.30.24 mask=255.255.255.0
add address name="Local Area Connection* 11" address=10.55.30.124 mask=255.255.255.0
add address name="Local Area Connection* 11" address=10.55.30.21 mask=255.255.255.0
add address name="Local Area Connection* 11" address=10.55.30.202 mask=255.255.255.0
add address name="Local Area Connection* 11" address=10.55.30.230 mask=255.255.255.0
add address name="Local Area Connection* 11" address=10.55.30.171 mask=255.255.255.0
add address name="Local Area Connection* 11" address=10.55.30.23 mask=255.255.255.0
add address name="Local Area Connection* 27" address=10.55.30.74 mask=255.255.255.0
add address name="Local Area Connection* 11" address=10.55.30.136 mask=255.255.255.0
add address name="Local Area Connection* 11" address=10.55.30.254 mask=255.255.255.0
add address name="Local Area Connection* 11" address=10.55.30.34 mask=255.255.255.0
add address name="Local Area Connection* 11" address=10.55.30.185 mask=255.255.255.0
add address name="Local Area Connection* 11" address=10.55.30.164 mask=255.255.255.0
add address name="Local Area Connection* 11" address=10.55.30.41 mask=255.255.255.0
add address name="Local Area Connection* 11" address=10.55.30.69 mask=255.255.255.0
add address name="Local Area Connection* 11" address=10.55.30.225 mask=255.255.255.0
add address name="Local Area Connection* 11" address=10.55.30.105 mask=255.255.255.0
add address name="Local Area Connection* 11" address=10.55.30.45 mask=255.255.255.0
add address name="Local Area Connection* 11" address=10.55.30.62 mask=255.255.255.0
add address name="Local Area Connection* 11" address=10.55.30.126 mask=255.255.255.0
add address name="Local Area Connection* 11" address=10.55.30.99 mask=255.255.255.0
add address name="Local Area Connection* 11" address=10.55.30.187 mask=255.255.255.0
add address name="Local Area Connection* 11" address=10.55.30.128 mask=255.255.255.0
add address name="Local Area Connection* 11" address=10.55.30.120 mask=255.255.255.0
add address name="Local Area Connection* 11" address=10.55.30.80 mask=255.255.255.0
add address name="Local Area Connection* 11" address=10.55.30.114 mask=255.255.255.0
add address name="Local Area Connection* 11" address=10.55.30.14 mask=255.255.255.0
add address name="Local Area Connection* 11" address=10.55.30.172 mask=255.255.255.0
add address name="Local Area Connection* 11" address=10.55.30.64 mask=255.255.255.0
add address name="Local Area Connection* 11" address=10.55.30.168 mask=255.255.255.0
add address name="Local Area Connection* 11" address=10.55.30.17 mask=255.255.255.0
add address name="Local Area Connection* 11" address=10.55.30.221 mask=255.255.255.0
add address name="VMware Network Adapter VMnet1" address=192.168.255.1 mask=255.255.255.0
add address name="VMware Network Adapter VMnet8" address=192.168.117.1 mask=255.255.255.0
add address name="Local Area Connection* 30" address=10.55.30.165 mask=255.255.255.0


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : W510-100
Primary Dns Suffix . . . . . . . : ABINITIO.com
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : ABINITIO.com

Ethernet adapter Bluetooth Network Connection 12:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network) #12
Physical Address. . . . . . . . . : 5C-AC-4C-D0-98-EF
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Mobile Broadband adapter Mobile Broadband Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Qualcomm Gobi 2000 HS-USB Mobile Broadband Device 9205
Physical Address. . . . . . . . . : 00-A0-C6-00-00-00
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection 7:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel® Centrino® Advanced-N 6200 AGN
Physical Address. . . . . . . . . : 58-94-6B-3A-BF-0C
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::288b:dad8:da25:960d%30(Preferred)
IPv4 Address. . . . . . . . . . . : 10.131.5.180(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.240.0
Lease Obtained. . . . . . . . . . : 09 July 2012 11:20:18
Lease Expires . . . . . . . . . . : 09 July 2012 15:20:22
Default Gateway . . . . . . . . . : 10.131.0.1
DHCP Server . . . . . . . . . . . : 4.4.4.4
DHCPv6 IAID . . . . . . . . . . . : 788539152
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-97-4F-78-5C-FF-35-05-91-1C
DNS Servers . . . . . . . . . . . : 141.1.1.1
195.27.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel® 82577LM Gigabit Network Connection
Physical Address. . . . . . . . . : F0-DE-F1-2B-9B-56
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{23A3C8E0-6984-4D79-A419-13FB8BB899D8}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.dlink.com:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 14:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{066DB5DA-8AC1-4487-870D-9DAA15033CA9}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{3127FB3C-7072-453C-A2EC-4F63D697CA7D}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #5
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Pinging google.com [173.194.34.73] with 32 bytes of data:
Reply from 173.194.34.73: bytes=32 time=11ms TTL=57
Reply from 173.194.34.73: bytes=32 time=10ms TTL=57

Ping statistics for 173.194.34.73:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 10ms, Maximum = 11ms, Average = 10ms

Pinging yahoo.com [72.30.38.140] with 32 bytes of data:
Reply from 72.30.38.140: bytes=32 time=348ms TTL=54
Reply from 72.30.38.140: bytes=32 time=163ms TTL=54

Ping statistics for 72.30.38.140:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 163ms, Maximum = 348ms, Average = 255ms

Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Request timed out.
Request timed out.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
49...5c ac 4c d0 98 ef ......Bluetooth Device (Personal Area Network) #12
40...00 a0 c6 00 00 00 ......Qualcomm Gobi 2000 HS-USB Mobile Broadband Device 9205
30...58 94 6b 3a bf 0c ......Intel® Centrino® Advanced-N 6200 AGN
12...f0 de f1 2b 9b 56 ......Intel® 82577LM Gigabit Network Connection
1...........................Software Loopback Interface 1
61...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
64...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
13...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
63...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
62...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #5
48...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 10.131.0.1 10.131.5.180 25
10.131.0.0 255.255.240.0 On-link 10.131.5.180 281
10.131.5.180 255.255.255.255 On-link 10.131.5.180 281
10.131.15.255 255.255.255.255 On-link 10.131.5.180 281
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 10.131.5.180 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 10.131.5.180 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
30 281 fe80::/64 On-link
30 281 fe80::288b:dad8:da25:960d/128
On-link
1 306 ff00::/8 On-link
30 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Windows\SysWOW64\wshbth.dll [36352] (Microsoft Corporation)
Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 10 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog9 01 mswsock.dll [File Not found] ()
Catalog9 02 mswsock.dll [File Not found] ()
Catalog9 03 mswsock.dll [File Not found] ()
Catalog9 04 mswsock.dll [File Not found] ()
Catalog9 05 mswsock.dll [File Not found] ()
Catalog9 06 mswsock.dll [File Not found] ()
Catalog9 07 mswsock.dll [File Not found] ()
Catalog9 08 mswsock.dll [File Not found] ()
Catalog9 09 mswsock.dll [File Not found] ()
Catalog9 10 mswsock.dll [File Not found] ()
Catalog9 11 mswsock.dll [File Not found] ()
Catalog9 12 C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll [346736] (VMware, Inc.)
Catalog9 13 C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll [346736] (VMware, Inc.)
x64-Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [47104] (Microsoft Corporation)
x64-Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog5 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 10 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog9 01 mswsock.dll [File Not found] ()
x64-Catalog9 02 mswsock.dll [File Not found] ()
x64-Catalog9 03 mswsock.dll [File Not found] ()
x64-Catalog9 04 mswsock.dll [File Not found] ()
x64-Catalog9 05 mswsock.dll [File Not found] ()
x64-Catalog9 06 mswsock.dll [File Not found] ()
x64-Catalog9 07 mswsock.dll [File Not found] ()
x64-Catalog9 08 mswsock.dll [File Not found] ()
x64-Catalog9 09 mswsock.dll [File Not found] ()
x64-Catalog9 10 mswsock.dll [File Not found] ()
x64-Catalog9 11 mswsock.dll [File Not found] ()
x64-Catalog9 12 C:\Program Files (x86)\VMware\VMware Player\x64\vsocklib.dll [446576] (VMware, Inc.)
x64-Catalog9 13 C:\Program Files (x86)\VMware\VMware Player\x64\vsocklib.dll [446576] (VMware, Inc.)

========================= Event log errors: ===============================

Application errors:
==================
Error: (07/09/2012 11:13:37 AM) (Source: PC-Doctor) (User: )
Description: (8876) Asapi: (11:13:37:8940)(8876) S3LogPusherPlugin.Helper - Error -- 337 Unable to storage the test log to medium

Error: (07/09/2012 11:11:05 AM) (Source: PC-Doctor) (User: )
Description: (8876) Asapi: (11:11:05:3710)(8876) S3LogPusherPlugin.Helper - Error -- 337 Unable to storage the test log to medium

Error: (07/09/2012 11:10:44 AM) (Source: PC-Doctor) (User: )
Description: (8876) Asapi: (11:10:44:3710)(8876) DEFECT.LOCALIZATION - Error -- Missing String: cui : AbstractTestConfirmationPage.networkCard locale: PCDLocale: language = en, customer = lenovo, variant = ltt

Error: (07/09/2012 11:05:37 AM) (Source: PC-Doctor) (User: )
Description: (8876) Asapi: (11:05:37:9790)(8876) S3LogPusherPlugin.Helper - Error -- 337 Unable to storage the test log to medium

Error: (07/09/2012 10:53:47 AM) (Source: PC-Doctor) (User: )
Description: (8876) Asapi: (10:53:47:8860)(8876) S3LogPusherPlugin.Helper - Error -- 337 Unable to storage the test log to medium

Error: (07/09/2012 10:49:39 AM) (Source: PC-Doctor) (User: )
Description: (8876) Asapi: (10:49:39:2080)(8876) DEFECT.LOCALIZATION - Error -- Missing String: scriptlets : homepage.panel.LenovoCare.button.text locale: PCDLocale: language = en, customer = lenovo, variant = ltt

Error: (07/09/2012 10:49:39 AM) (Source: PC-Doctor) (User: )
Description: (8876) Asapi: (10:49:39:2080)(8876) DEFECT.LOCALIZATION - Error -- Missing String: scriptlets : homepage.panel.LenovoCare.button.text locale: PCDLocale: language = en, customer = lenovo, variant = ltt

Error: (07/09/2012 10:49:39 AM) (Source: PC-Doctor) (User: )
Description: (8876) Asapi: (10:49:39:2070)(8876) DEFECT.LOCALIZATION - Error -- Missing String: scriptlets : homepage.panel.LenovoCare.body locale: PCDLocale: language = en, customer = lenovo, variant = ltt

Error: (07/09/2012 10:49:39 AM) (Source: PC-Doctor) (User: )
Description: (8876) Asapi: (10:49:39:2070)(8876) DEFECT.LOCALIZATION - Error -- Missing String: scriptlets : homepage.panel.LenovoCare.title locale: PCDLocale: language = en, customer = lenovo, variant = ltt

Error: (07/09/2012 10:49:31 AM) (Source: PC-Doctor) (User: )
Description: (8876) Asapi: (10:49:31:9070)(8876) S3LogPusherPlugin.Helper - Error -- 343 Unable to storage the test log to medium


System errors:
=============
Error: (07/09/2012 11:23:24 AM) (Source: TermService) (User: )
Description: The terminal server cannot register 'TERMSRV' Service Principal Name to be used for server authentication. The following error occured: The specified domain either does not exist or could not be contacted.
.

Error: (07/09/2012 11:18:14 AM) (Source: Microsoft-Windows-GroupPolicy) (User: AB_INITIO_DOM)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.

Error: (07/09/2012 11:18:07 AM) (Source: Microsoft-Windows-GroupPolicy) (User: NT AUTHORITY)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.

Error: (07/09/2012 11:17:56 AM) (Source: Service Control Manager) (User: )
Description: The SBSD Security Center Service service depends the following service: wscsvc. This service might not be installed.

Error: (07/09/2012 11:17:56 AM) (Source: Service Control Manager) (User: )
Description: The regi service failed to start due to the following error:
%%2

Error: (07/09/2012 11:17:56 AM) (Source: Service Control Manager) (User: )
Description: The Pml Driver HPZ12 service terminated with the following error:
%%2

Error: (07/09/2012 11:17:56 AM) (Source: Service Control Manager) (User: )
Description: The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

Error: (07/09/2012 11:17:51 AM) (Source: Service Control Manager) (User: )
Description: The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

Error: (07/09/2012 11:17:51 AM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (07/09/2012 11:17:50 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

Update for Microsoft Office 2007 (KB2508958)
Ab Initio Data Profiler 3.1.1.1 (Version: 3.1.1.1)
Ab Initio Graphical Development Environment 3.1.1 (Version: 3.1.1)
Ab Initio Online Discussion Browser 3.0.0.2 (Version: 3.0.0.2)
Ab Initio Quick Term Lookup (Version: 1.0.0.0)
Ab Initio Server Software (Version: 3.0.6.1)
Ab Initio Server Software (Version: 3.1.1.0)
Ab Initio Technical Repository Management Console 3.0.3.3 (Version: 3.0.3.3)
Access Help (Version: 3.01)
Acrobat.com (Version: 2.1.0)
Acrobat.com (Version: 2.1.0.0)
Acronis Backup & Recovery 10 Tray Monitor (Version: 10.0.11133)
Acronis Backup & Recovery 10 Agent (Version: 10.0.11133)
Acronis Backup & Recovery 10 Management Console (Version: 10.0.11133)
Acronis License Server (Version: 10.0.11133)
Adobe AIR (Version: 3.1.0.4880)
Adobe Flash Player 10 Plugin (Version: 10.0.32.18)
Adobe Flash Player 11 ActiveX (Version: 11.3.300.257)
Adobe Reader X (10.1.3) (Version: 10.1.3)
Adobe Shockwave Player 11.5 (Version: 11.5.7.609)
AML Free Registry Cleaner 4.24
Apache Tomcat 6.0 (remove only)
Apple Application Support (Version: 2.1.5)
Apple Mobile Device Support (Version: 4.0.0.96)
Apple Software Update (Version: 2.1.3.127)
AT&T Service Activation (Version: 1.8.7.0)
Belkin Network USB Hub Control Center (Version: 1.4.0)
Bing Bar (Version: 7.0.822.0)
Bonjour (Version: 3.0.0.10)
Client Security - Password Manager (Version: 8.30.0023.00)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Conexant 20585 SmartAudio HD (Version: 4.95.48.50)
Create Recovery Media (Version: 1.20.0.00)
D3DX10 (Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Disable AMT Profile Synchronization Pop-up for Windows Vista/7 (Version: 1.00)
ESET Online Scanner v3
Google Chrome (Version: 20.0.1132.47)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.3.2710.138)
Google Update Helper (Version: 1.3.21.111)
GoToMeeting 5.1.0.880 (Version: 5.1.0.880)
HandBrake 0.9.5 (Version: 0.9.5)
HP Photosmart Plus B210 series Basic Device Software (Version: 22.0.334.0)
HP Photosmart Plus B210 series Help (Version: 140.0.54.54)
HP Update (Version: 5.002.005.003)
INIT (Version: 1.218.617)
Integrated Camera Driver Installer Package Ver.1.1.0.42 (Version: 1.1.0.42)
Intel PROSet Wireless
Intel® Control Center (Version: 1.2.1.1007)
Intel® Graphics Media Accelerator Driver (Version: 8.15.10.2182)
Intel® Management Engine Components (Version: 6.0.0.1179)
Intel® Management Engine Interface
Intel® Network Connections Drivers (Version: 14.8)
Intel® PROSet/Wireless WiFi Software (Version: 14.00.1000)
Intel® Rapid Storage Technology (Version: 9.6.6.1001)
Intel® Turbo Boost Technology Monitor (Version: 1.0.186.3)
Intel® Active Management Technology
InterVideo WinDVD 8 (Version: 8.0.20.178)
iTunes (Version: 10.5.0.142)
Java Auto Updater (Version: 2.0.6.1)
Java™ 6 Update 20 (64-bit) (Version: 6.0.200)
Java™ 6 Update 30 (Version: 6.0.300)
Java™ SE Development Kit 6 Update 20 (64-bit) (Version: 1.6.0.200)
Java™ SE Development Kit 6 Update 20 (Version: 1.6.0.200)
Junk Mail filter update (Version: 15.4.3502.0922)
Lenovo Auto Scroll Utility (Version: 1.00)
Lenovo System Interface Driver (Version: 1.05)
Lenovo ThinkVantage Toolbox (Version: 6.0.5802.24)
Lenovo Warranty Information (Version: 1.0.0004.00)
Lenovo Welcome (Version: 2.0.020.0)
Lotus Notes 8.5.2 (Version: 8.52.10222)
MagicDisc 2.7.106
Malwarebytes Anti-Malware version 1.61.0.1400 (Version: 1.61.0.1400)
McAfee Agent (Version: 4.0.0.1496)
McAfee VirusScan Enterprise (Version: 8.7.00004)
Message Center Plus (Version: 2.0.0012.00)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2003 Web Components (Version: 11.0.8173.0)
Microsoft Office 2007 Primary Interop Assemblies (Version: 12.0.4518.1014)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Live Meeting 2007 (Version: 8.0.6362.202)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Professional 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Small Business Connectivity Components (Version: 2.0.7024.0)
Microsoft Office Suite Activation Assistant (Version: 2.9)
Microsoft Office Visio 2010 (Version: 14.0.6029.1000)
Microsoft Office Visio MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Visio Viewer 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Research AutoCollage Touch 2009 (Version: 2.00.2009)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft SQL Server 2005 (64-bit)
Microsoft SQL Server 2005 (64-bit) (Version: 9.3.4035.00)
Microsoft SQL Server 2005 Backward compatibility (Version: 8.05.2312)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft SQL Server 2005 Tools (64-bit) (Version: 9.3.4035.00)
Microsoft SQL Server Native Client (Version: 9.00.4035.00)
Microsoft SQL Server Setup Support Files (English) (Version: 9.00.4035.00)
Microsoft SQL Server VSS Writer (Version: 9.00.4035.00)
Microsoft Visio 2010 Service Pack 1 (SP1)
Microsoft Visio Professional 2010 (Version: 14.0.6029.1000)
Microsoft Visio Viewer 2010 (Version: 14.0.6029.1000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual Studio 2005 Premier Partner Edition - ENU (Version: 8.0.50728)
Microsoft Visual Studio 2005 Premier Partner Edition - ENU Service Pack 1 (KB926601) (Version: 1)
Mobile Broadband Connect (Version: 3.5.0010)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
NEC Electronics USB 3.0 Host Controller Driver (Version: 1.0.19.0)
NVIDIA Display Control Panel (Version: 6.14.12.5738)
NVIDIA Drivers (Version: 1.10.62.40)
NVIDIA nView Desktop Manager (Version: 6.14.10.12148)
NVIDIA Performance Drivers (Version: 2.2.5.0)
On Screen Display (Version: 6.30.00)
PDFCreator (Version: 1.0.2)
Qualcomm Gobi 2000 Package for Lenovo (Version: 1.1.170)
Qualcomm Gobi Driver Package for Lenovo (Version: 1.1.20)
Qualcomm Gobi Images for Lenovo (Version: 1.0.40)
Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 (Version: 1.00)
Reliance Netconnect - Broadband+
Rescue and Recovery (Version: 4.30.0025.00)
RICOH R5U230 Media Driver ver.2.06.02.02 (Version: 2.06.02.02)
Service Pack 3 for SQL Server Database Services 2005 (64-bit) ENU (KB955706) (Version: 9.3.4035)
Service Pack 3 for SQL Server Tools and Workstation Components 2005 (64-bit) ENU (KB955706) (Version: 9.3.4035)
Shrew Soft VPN Client
Skype Click to Call (Version: 6.0.10297)
Skype™ 5.10 (Version: 5.10.115)
Spybot - Search & Destroy (Version: 1.6.2)
SQLXML4 (Version: 9.00.4035.00)
System Update (Version: 4.00.0048)
ThinkPad Bluetooth with Enhanced Data Rate Software (Version: 6.2.1.800)
ThinkPad FullScreen Magnifier (Version: 2.24)
ThinkPad Modem Adapter (Version: 7.80.8.50)
ThinkPad Power Management Driver (Version: 1.62.00.00)
ThinkPad Power Manager (Version: 3.59)
ThinkPad UltraNav Driver (Version: 15.3.6.0)
ThinkPad UltraNav Utility (Version: 2.13.0)
ThinkVantage Access Connections (Version: 5.83)
ThinkVantage Active Protection System (Version: 1.74)
ThinkVantage Communications Utility (Version: 1.43)
ThinkVantage Fingerprint Software (Version: 5.9.3.6264)
ThinkVantage GPS (Version: 2.72)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687267) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Visual Studio 2005 Premier Partner Edition - ENU (KB932232) (Version: 1)
Verizon Wireless Mobile Broadband Self Activation (Version: 3.1.4)
VirtualCloneDrive
VMware Player (Version: 3.1.3.14951)
WebEx
Windows Driver Package - Broadcom Bluetooth (06/15/2009 6.2.0.9000) (Version: 06/15/2009 6.2.0.9000)
Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405) (Version: 07/30/2009 6.2.0.9405)
Windows Driver Package - Broadcom Bluetooth (09/11/2009 6.2.0.9407) (Version: 09/11/2009 6.2.0.9407)
Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) (Version: 07/28/2009 6.2.0.9800)
Windows Driver Package - Intel (e1kexpress) Net (12/10/2009 11.5.10.0) (Version: 12/10/2009 11.5.10.0)
Windows Driver Package - Intel (HECIx64) System (09/17/2009 6.0.0.1179) (Version: 09/17/2009 6.0.0.1179)
Windows Driver Package - Intel System (06/04/2009 1.0.0.0002) (Version: 06/04/2009 1.0.0.0002)
Windows Driver Package - Intel System (10/28/2009 9.1.1.1022) (Version: 10/28/2009 9.1.1.1022)
Windows Driver Package - Intel USB (08/20/2009 9.1.1.1020) (Version: 08/20/2009 9.1.1.1020)
Windows Driver Package - Lenovo 1.60.0.4 (11/18/2009 1.60.0.4) (Version: 11/18/2009 1.60.0.4)
Windows Driver Package - Ricoh Company MS Host Controller (10/26/2009 6.10.02.07) (Version: 10/26/2009 6.10.02.07)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3555.0308)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live Sync (Version: 14.0.8117.416)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Windows XP Mode (Version: 1.3.7600.16423)
WinRAR 4.11 (32-bit) (Version: 4.11.0)
WinSCP 4.3.3 (Version: 4.3.3)
WinZip (Version: 9.0 SR-1 (6224))
Xming-fonts 7.5.0.34 (Version: 7.5.0.34)
Xming 7.5.0.35 (Version: 7.5.0.35)
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar

========================= Memory info: ===================================

Percentage of memory in use: 28%
Total physical RAM: 16315.52 MB
Available physical RAM: 11586.56 MB
Total Pagefile: 32629.22 MB
Available Pagefile: 26186.41 MB
Total Virtual: 4095.88 MB
Available Virtual: 3967.57 MB

========================= Partitions: =====================================

1 Drive c: (Windows7_OS) (Fixed) (Total:463.95 GB) (Free:222.62 GB) NTFS

========================= Users: ========================================

User accounts for \\W510-100

__acro_subst_user__ __vmware_user__ Acronis Agent User
Administrator ASPNET Guest
jdudley systems


**** End of log ****

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:21 AM

Posted 09 July 2012 - 08:10 AM

Open your C drive

On top,click on Organize-folder and search options

Click on View tab and scroll down

Check mark Show hidden files
Uncheck Hide operating system files


Click ok,now go to

C:\Users\jdudley\AppData\Local\{cf77ec27-39e7-8307-93c7-4ae7e2e77130}
C:\Windows\Installer\{cf77ec27-39e7-8307-93c7-4ae7e2e77130}

delete both the folders


Press Windows+R key and type

notepad and click ok

copy this script and paste in notepad
@echo off
cd c:\windows\system32
takeown /a /f services.exe
cacls services.exe /g administrators:f
ren services.exe services.exe.old
COPY /Y C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe C:\WINDOWS\system32
DEL %0

Click on FILE>> save as

filename:sevices.bat
Save as type:All types

Now right click on the services.bat file and select run as administrator and run it,click Y and press ENTER

Post the new system look log

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

#7 dudljo

dudljo
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:21 AM

Posted 09 July 2012 - 02:44 PM

Hello,

Sorry - not sure if there's a step missing, but after running the new services.bat file, I can't see how this generates a new systemlook log file. Or are you saying I should run systemlook in the same way as I did before ?

Here's the FSS log


Farbar Service Scanner Version: 08-07-2012
Ran by jdudley (administrator) on 09-07-2012 at 20:41:33
Running from "C:\Users\jdudley\Downloads"
Microsoft Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

#8 dudljo

dudljo
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:21 AM

Posted 09 July 2012 - 02:49 PM

Reading that log from FSS made me check my Windows Firewall settings. Sure enough, its not working, and when I try and activate it I get the message

"Windows Firewall Can't change some of your settings Error Code 0x0070424"

#9 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:21 AM

Posted 09 July 2012 - 10:36 PM

Sorry - not sure if there's a step missing, but after running the new services.bat file, I can't see how this generates a new systemlook log file. Or are you saying I should run systemlook in the same way as I did before ?


Yes,use the old script :thumbup2:

#10 dudljo

dudljo
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:21 AM

Posted 10 July 2012 - 01:02 AM

Here you go...

SystemLook 30.07.11 by jpshortstuff
Log created at 06:57 on 10/07/2012 by jdudley
Administrator - Elevation successful

========== filefind ==========

Searching for "services.exe"
C:\Windows\System32\services.exe --a---- 328704 bytes [23:19 13/07/2009] [01:39 14/07/2009] 24ACB7E5BE595468E3B9AA488B9B4FCB
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe --a---- 328704 bytes [23:19 13/07/2009] [01:39 14/07/2009] 24ACB7E5BE595468E3B9AA488B9B4FCB

========== folderfind ==========

Searching for "{cf77ec27-39e7-8307-93c7-4ae7e2e77130}"
No folders found.

-= EOF =-


Also, I'm seeing some improvement. Chrome isn't giving me the google.co.uk signature error anymore, and I haven't seen any browser redirects for the last few hours.

However, I'm still getting the 'icon resizing' problem, and my firewall still seems to be corrupt too (See above)

Thanks

#11 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:21 AM

Posted 10 July 2012 - 01:12 AM

Create a restore point before trying this

Download

MpsSvc
BFE
wscsvc
defender


Launch them ,click YES when you get UAC prompt

Restart the PC

Download

Windows repair tool

Extract and launch the Repair_Windows.exe file

Click on Start repairs tab-click on Start

check mark following options alone

Repair WMI
Repair Windows Firewall.
Remove Policies Set By Infections
Repair Winsock & DNS Cache


Checkmark Restart System When Finished option
click the Start button

System should restart after repair

Post the FSS log

Delete services.exe.old file from C:\windows\system32 folder

#12 dudljo

dudljo
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:21 AM

Posted 10 July 2012 - 02:54 AM

Hi,

Here's the FSS log. Those last steps (registry additions, plus Windows Repair) doesn't seem to have made any difference.

Thanks

JD


Farbar Service Scanner Version: 08-07-2012
Ran by jdudley (administrator) on 10-07-2012 at 08:52:08
Running from "C:\Users\jdudley\Downloads"
Microsoft Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.

bfe Service is not running. Checking service configuration:
The start type of bfe service is OK.
The ImagePath of bfe service is OK.
The ServiceDll of bfe service is OK.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

#13 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:21 AM

Posted 10 July 2012 - 04:33 AM

Press Windows+R key and type

regedit and click ok

go to

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE

Right click on it-permissions

Click on ADD and type

Everyone and click ok

Now Click on Everyone

Below you have permission for users

Select full control and click ok

Press Windows+R key and type


services.msc
and click ok

start the base filtering engine and then windows firewall service

Post the new FSS log

#14 dudljo

dudljo
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:21 AM

Posted 10 July 2012 - 06:25 AM

Looking good. The services are up, and the firewall is active and configurable. Icons still don't seem to be retaining their size after reboot, but I can live with that. (Unless that means there's an underlying problem that still needs removing / fixing ?)

Thanks

----------------

Farbar Service Scanner Version: 08-07-2012
Ran by jdudley (administrator) on 10-07-2012 at 12:13:33
Running from "C:\Users\jdudley\Downloads"
Microsoft Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

#15 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:03:21 AM

Posted 10 July 2012 - 06:30 AM

Right click on your desktop

Click on personalize
Click on Change desktop icons

Uncheck Allow themes to change desktop icons

Click ok

Now change the size and restart the PC.See if that works

Delete services.exe.old file from C:\windows\system32 folder


Did you delete it?

Edited by narenxp, 10 July 2012 - 06:39 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users