Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Rootkit.boot.pihar.c


  • This topic is locked This topic is locked
24 replies to this topic

#1 sag969

sag969

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:57 AM

Posted 26 July 2012 - 08:24 AM

Earlier this week we had a computer come in that would BSOD randomly after booting up. In both safe and normal mode, you could login to the computer and use it anywhere from 30 seconds-5 minutes before the blue screen occurs with a page fault or non page fault type BSOD.

To fix that, I ran Kaspersky's Rescue Disc 10. This scanned the harddrive and found rootkit.boot.pihar.c and disinfected it. However, now when rebooting, I immediately get a 7B BSOD while the Windows logo loads. In safe mode (all three versions) the BSOD occurs when trying to load classsys.pnp (or whatever that one is). Basically, there is no way to get back into Windows even though the computer now appears to be disinfected.

I've tried running chkdsk from my repair CD but no luck. I'm running Windows 7 32 bit.

I was unable to run DDS, but managed to run gmer from the recovery disk:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-07-25 17:55:07
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2 HTS721010G9SA00 rev.MCZIC14V
Running: qd5iuo8q.exe; Driver: X:\windows\TEMP\uwriqaoc.sys


---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 8BA48579 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 8BA6CF52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\ACPI_HAL \Device\00000002 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Services - GMER 1.0.15 ----

Service X:\windows\system32\svchost.exe (*** hidden *** ) [MANUAL] IKEEXT <-- ROOTKIT !!!
Service X:\windows\System32\svchost.exe (*** hidden *** ) [MANUAL] lmhosts <-- ROOTKIT !!!
Service X:\windows\System32\DRIVERS\netbt.sys (*** hidden *** ) [MANUAL] NetBT <-- ROOTKIT !!!
Service X:\windows\System32\drivers\tcpip.sys (*** hidden *** ) [BOOT] Tcpip <-- ROOTKIT !!!
Service X:\windows\System32\drivers\tdx.sys (*** hidden *** ) [SYSTEM] tdx <-- ROOTKIT !!!
Service X:\windows\system32\DRIVERS\USBSTOR.SYS (*** hidden *** ) [MANUAL] USBSTOR <-- ROOTKIT !!!
Service X:\windows\system32\svchost.exe (*** hidden *** ) [AUTO] Winmgmt <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Control\ComputerName\ComputerName@ComputerName MINWINPC
Reg HKLM\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\GenDisk@ClassGUID {4D36E967-E325-11CE-BFC1-08002BE10318}
Reg HKLM\SYSTEM\CurrentControlSet\Control\CriticalDeviceDatabase\STORAGE#Volume@ClassGUID {71A27CDD-812A-11D0-BEC7-08002BE2092F}
Reg HKLM\SYSTEM\CurrentControlSet\Control\IDConfigDB@CurrentConfig 0
Reg HKLM\SYSTEM\CurrentControlSet\services\Dhcp@DependOnService nsi?tcpip?NetBT?
Reg HKLM\SYSTEM\CurrentControlSet\services\IKEEXT@Start 3
Reg HKLM\SYSTEM\CurrentControlSet\services\lmhosts@ImagePath %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
Reg HKLM\SYSTEM\CurrentControlSet\services\lmhosts@Start 3
Reg HKLM\SYSTEM\CurrentControlSet\services\lmhosts@DependOnService Afd?
Reg HKLM\SYSTEM\CurrentControlSet\services\NetBT@Start 3
Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip@DisplayName @%SystemRoot%\system32\drivers\tcpip.sys,-10001
Reg HKLM\SYSTEM\CurrentControlSet\services\tdx@DisplayName tdx
Reg HKLM\SYSTEM\CurrentControlSet\services\tdx@ImagePath %SystemRoot%\System32\drivers\tdx.sys
Reg HKLM\SYSTEM\CurrentControlSet\services\tdx@DependOnService tcpip?
Reg HKLM\SYSTEM\CurrentControlSet\services\USBSTOR@ImagePath \SystemRoot\system32\DRIVERS\USBSTOR.SYS
Reg HKLM\SYSTEM\CurrentControlSet\services\Winmgmt@Start 2
Reg HKLM\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5@Num_Catalog_Entries 1
Reg HKLM\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5@Serial_Access_Num 1
Reg HKLM\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001@DisplayString Tcpip
Reg HKLM\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001@LibraryPath X:\Windows\system32\mswsock.dll
Reg HKLM\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9@Next_Catalog_Entry_ID 1001
Reg HKLM\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9@Num_Catalog_Entries 0
Reg HKLM\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\Protocol_Catalog9@Serial_Access_Num 1
Reg HKLM\SYSTEM\Setup@SetupType 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion@CurrentType Multiprocessor Checked
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion@SystemRoot X:\Windows
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit userinit.exe
Reg HKLM\SOFTWARE\Classes\CLSID\{093FF999-1EA0-4079-9525-9614C3504B74}\InProcServer32@ X:\Windows\System32\wshom.ocx
Reg HKLM\SOFTWARE\Classes\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}\InProcServer32@ X:\Windows\System32\wshom.ocx
Reg HKLM\SOFTWARE\Classes\CLSID\{F935DC22-1CF0-11D0-ADB9-00C04FD58A0B}\InProcServer32@ X:\Windows\System32\wshom.ocx
Reg HKLM\SOFTWARE\Classes\CLSID\{F935DC26-1CF0-11D0-ADB9-00C04FD58A0B}\InProcServer32@ X:\Windows\System32\wshom.ocx
Reg HKLM\SOFTWARE\Classes\Interface\{0AB5A3D0-E5B6-11D0-ABF5-00A0C90FFFC0}\TypeLib@ {420B2830-E718-11CF-893D-00A0C9054228}
Reg HKLM\SOFTWARE\Classes\Interface\{2A0B9D10-4B87-11D3-A97A-00104B365C9F}\TypeLib@ {420B2830-E718-11CF-893D-00A0C9054228}
Reg HKLM\SOFTWARE\Classes\Interface\{53BAD8C1-E718-11CF-893D-00A0C9054228}\TypeLib@ {420B2830-E718-11CF-893D-00A0C9054228}
Reg HKLM\SOFTWARE\Classes\Interface\{C7C3F5A0-88A3-11D0-ABCB-00A0C90FFFC0}\TypeLib@ {420B2830-E718-11CF-893D-00A0C9054228}
Reg HKLM\SOFTWARE\Classes\Interface\{C7C3F5A1-88A3-11D0-ABCB-00A0C90FFFC0}\TypeLib@ {420B2830-E718-11CF-893D-00A0C9054228}
Reg HKLM\SOFTWARE\Classes\Interface\{C7C3F5A2-88A3-11D0-ABCB-00A0C90FFFC0}\TypeLib@ {420B2830-E718-11CF-893D-00A0C9054228}
Reg HKLM\SOFTWARE\Classes\Interface\{C7C3F5A3-88A3-11D0-ABCB-00A0C90FFFC0}\TypeLib@ {420B2830-E718-11CF-893D-00A0C9054228}
Reg HKLM\SOFTWARE\Classes\Interface\{C7C3F5A4-88A3-11D0-ABCB-00A0C90FFFC0}\TypeLib@ {420B2830-E718-11CF-893D-00A0C9054228}
Reg HKLM\SOFTWARE\Classes\Interface\{C7C3F5A5-88A3-11D0-ABCB-00A0C90FFFC0}\TypeLib@ {420B2830-E718-11CF-893D-00A0C9054228}
Reg HKLM\SOFTWARE\Classes\TypeLib\{F935DC20-1CF0-11D0-ADB9-00C04FD58A0B}\1.0\0\win32@ X:\Windows\System32\wshom.ocx

---- EOF - GMER 1.0.15 ----

BC AdBot (Login to Remove)

 


#2 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:07:57 AM

Posted 27 July 2012 - 09:31 PM

:welcome:

GMER won't work properly from a Recovery CD.

Lets give it a try

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Click on Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
On the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the flash drive. Please copy and paste it to your reply.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#3 sag969

sag969
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:57 AM

Posted 30 July 2012 - 08:52 AM

Sorry for the delay, was not able to get back to the computer until this morning:

Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 25-07-2012 01
Ran by SYSTEM at 30-07-2012 09:47:33
Running from F:\Malware
Windows 7 Enterprise (X86) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2321680 2011-12-23] (Synaptics Incorporated)
HKLM\...\Run: [LENOVO.TPFNF6R] C:\Program Files\Lenovo\HOTKEY\TPFNF6R.exe [62752 2009-08-20] (Lenovo Group Limited)
HKLM\...\Run: [Discovery User Input] "C:\Program Files\FrontRange Solutions\Discovery Client Agent\User Input\userin32.exe" [241664 2012-04-11] ()
HKLM\...\Run: [Sophos AutoUpdate Monitor] C:\Program Files\Sophos\AutoUpdate\almon.exe [900120 2012-01-19] (Sophos Limited)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [40376 2012-03-27] (Adobe Systems Incorporated)
HKLM\...\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [640440 2012-03-26] (Adobe Systems Inc.)
HKLM\...\Run: [] [x]
HKLM\...\Run: [TpShocks] TpShocks.exe [x]
HKLM\...\Run: [PWMTRV] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor [4392512 2012-03-15] (Lenovo Group Limited)
HKLM\...\Run: [AcWin7Hlpr] C:\Program Files\Lenovo\Access Connections\AcTBenabler.exe [33344 2011-10-20] (Lenovo)
HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2012-03-27] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.)
HKU\mcomstoc\...\Run: [Update] rundll32.exe "C:\Windows\system32\config\systemprofile\AppData\Roaming\Real\Real\zchvwceaw.dll",DllRegisterServer [x]
HKU\mcomstoc\...\Run: [Spotify] "C:\Users\mcomstoc\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart [9478320 2012-05-11] (Spotify Ltd)
HKU\mcomstoc\...\Run: [Spotify Web Helper] "C:\Users\mcomstoc\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [932528 2012-05-11] ()
Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll [X]
Tcpip\Parameters: [DhcpNameServer] 141.166.30.6 141.166.24.7
AppInit_DLLs: C:\PROGRA~1\Sophos\SOPHOS~1\sophos_detoured.dll,C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
Lsa: [Notification Packages] scecli
C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
ACGina
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

================================ Services (Whitelisted) ==================

2 AcPrfMgrSvc; C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe [134208 2011-10-20] (Lenovo)
2 AcSvc; C:\Program Files\Lenovo\Access Connections\AcSvc.exe [269376 2011-10-20] (Lenovo)
2 CcmExec; C:\Windows\CCM\CcmExec.exe [981360 2012-02-20] (Microsoft Corporation)
2 CmRcService; C:\Windows\CCM\RemCtrl\CmRcService.exe [442224 2012-02-20] (Microsoft Corporation)
2 CVPND; "C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe" [1528624 2009-08-23] (Cisco Systems, Inc.)
2 DiscoveryClientAgent; "C:\Program Files\FrontRange Solutions\Discovery Client Agent\AUDIT\CAgent32.exe" [1539136 2012-04-11] ()
2 DiscoveryIPTransferAgent; "C:\Program Files\FrontRange Solutions\Discovery Client Agent\AUDIT\XferWan.exe" [601152 2012-04-11] ()
2 eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [20992 2009-07-13] (Microsoft Corporation)
3 LanProbe; "C:\Program Files\FrontRange Solutions\Discovery Client Agent\AUDIT\lpx86.exe" [236032 2012-04-11] ()
2 LENOVO.MICMUTE; C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe [101736 2011-07-12] (Lenovo Group Limited)
2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [127336 2011-07-12] (Lenovo Group Limited)
3 lpasvc; "C:\Program Files\Microsoft Policy Platform\policyHost.exe" /service [48936 2011-12-06] (Microsoft Corporation)
3 lppsvc; "C:\Program Files\Microsoft Policy Platform\policyHost.exe" /service [48936 2011-12-06] (Microsoft Corporation)
2 MDM; "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe" [335872 2006-10-26] (Microsoft Corporation)
2 ProtexisLicensing; C:\Windows\system32\PSIService.exe [177704 2007-06-05] ()
3 PwmEWSvc; C:\Program Files\ThinkPad\Utilities\PWMEWSVC.EXE [165440 2012-03-15] (Lenovo Group Limited)
2 SAVAdminService; "C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe" [216600 2012-05-11] (Sophos Limited)
2 SAVService; "C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe" [139840 2012-07-05] (Sophos Limited)
3 smstsmgr; C:\Windows\CCM\TSManager.exe /service [251760 2012-02-20] (Microsoft Corporation)
2 Sophos Agent; "C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe" -service -name Agent [282624 2012-01-19] (Sophos Limited)
2 Sophos AutoUpdate Service; "C:\Program Files\Sophos\AutoUpdate\ALsvc.exe" [232472 2012-05-11] (Sophos Limited)
2 Sophos Message Router; "C:\Program Files\Sophos\Remote Management System\RouterNT.exe" -service -name Router -ORBListenEndpoints iiop://:8193/ssl_port=8194 [806912 2012-01-19] (Sophos Limited)
2 Sophos Web Control Service; "C:\Program Files\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe" [357400 2012-05-11] (Sophos Limited)
2 SUService; "C:\Program Files\Lenovo\System Update\SUService.exe" [34104 2012-03-16] (Lenovo Group Limited)
2 swi_service; "C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe" [2862656 2012-07-05] (Sophos Limited)
2 swi_update; "C:\ProgramData\Sophos\Web Intelligence\swi_update.exe" [1465920 2012-07-05] (Sophos Limited)
2 TPHKLOAD; C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe [131432 2011-07-12] (Lenovo Group Limited)

========================== Drivers (Whitelisted) =============

3 5U875UVC; C:\Windows\System32\DRIVERS\5U875.sys [72320 2009-07-08] (Ricoh co.,Ltd.)
3 cdprku; \??\C:\Windows\system32\Drivers\cdprku.sys [26952 2012-05-02] ()
3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
2 CVPNDRVA; \??\C:\Windows\system32\Drivers\CVPNDRVA.sys [308859 2009-08-23] (Cisco Systems, Inc.)
3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [131984 2008-11-16] (Deterministic Networks, Inc.)
3 e1express; C:\Windows\System32\DRIVERS\e1e6232.sys [219352 2009-06-04] (Intel Corporation)
3 prepdrvr; \??\C:\Windows\CCM\prepdrv.sys [20848 2012-02-20] (Microsoft Corporation)
1 SAVOnAccess; C:\Windows\System32\DRIVERS\savonaccess.sys [123680 2012-05-11] (Sophos Limited)
3 sdcfilter; C:\Windows\System32\DRIVERS\sdcfilter.sys [33696 2011-10-23] (Sophos Limited)
1 SKMScan; C:\Windows\System32\DRIVERS\skmscan.sys [31736 2011-10-13] (Sophos Plc)
2 smihlp; \??\C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [12560 2009-03-13] (UPEK Inc.)
4 SophosBootDriver; C:\Windows\System32\DRIVERS\SophosBootDriver.sys [22536 2011-10-23] (Sophos Plc)
3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [165376 2009-09-22] (Microsoft Corporation)
1 vpcnfltr; C:\Windows\System32\DRIVERS\vpcnfltr.sys [55040 2009-09-22] (Microsoft Corporation)
3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [78336 2009-09-22] (Microsoft Corporation)
1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [294912 2009-09-22] (Microsoft Corporation)
3 catchme; \??\C:\Users\ADMINI~1\AppData\Local\Temp\catchme.sys [x]
3 NETw5s32; C:\Windows\System32\DRIVERS\NETw5s32.sys [x]
1 SASDIFSV; \??\C:\Users\ADMINI~1\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV.SYS [x]
1 SASKUTIL; \??\C:\Users\ADMINI~1\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL.SYS [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-07-25 15:24 - 2009-07-13 17:38 - 00383562 _RASH C:\bootmgr
2012-07-25 00:38 - 2012-07-25 03:18 - 00000000 ___AD C:\Kaspersky Rescue Disk 10.0
2012-07-24 10:47 - 2012-07-25 13:42 - 00000000 ____D C:\Windows\Standalone System Sweeper
2012-07-06 04:49 - 2012-07-10 13:18 - 00000530 ____A C:\Windows\Tasks\Thursday 3am Scan.job
2012-07-04 14:27 - 2012-07-25 13:40 - 00000000 ____D C:\Program Files\Common Files\Cisco Systems
2012-07-04 14:27 - 2012-05-11 03:58 - 00030744 ____A (Sophos Limited) C:\Windows\System32\SophosBootTasks.exe


============ 3 Months Modified Files ========================

2012-07-25 04:31 - 2010-05-11 06:11 - 00000128 ____A C:\Windows\System32\config\netlogon.ftl
2012-07-19 10:51 - 2012-05-07 08:58 - 00021128 ____A C:\Users\mcomstoc\Desktop\2012 Boys' Basketball Medical Information.xlsx
2012-07-19 10:49 - 2012-05-07 08:58 - 00106496 ____A C:\Users\mcomstoc\Desktop\2012 Boys' Basketball Mail-In Information.xls
2012-07-16 08:15 - 2010-05-05 10:24 - 01541765 ____A C:\Windows\WindowsUpdate.log
2012-07-16 07:31 - 2012-05-04 06:30 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-07-16 04:47 - 2009-07-13 20:34 - 00015344 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-16 04:47 - 2009-07-13 20:34 - 00015344 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-16 04:42 - 2010-04-20 12:02 - 00000570 ____A C:\Windows\SMSCFG.ini
2012-07-16 04:39 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-16 04:38 - 2010-04-15 08:19 - 00115526 ____A C:\Windows\PFRO.log
2012-07-16 04:38 - 2009-07-13 20:39 - 00081492 ____A C:\Windows\setupact.log
2012-07-15 15:31 - 2012-05-04 06:30 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-07-15 15:31 - 2011-06-09 04:15 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-07-10 13:18 - 2012-07-06 04:49 - 00000530 ____A C:\Windows\Tasks\Thursday 3am Scan.job
2012-07-03 06:20 - 2010-04-15 07:40 - 00785450 ____A C:\Windows\System32\PerfStringBackup.INI
2012-06-25 05:11 - 2009-07-13 20:33 - 00459416 ____A C:\Windows\System32\FNTCACHE.DAT
2012-06-25 04:59 - 2010-04-15 08:16 - 56731752 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-06-12 08:48 - 2012-06-12 08:48 - 00001759 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-05-31 09:22 - 2012-05-07 08:59 - 00016279 ____A C:\Users\mcomstoc\Desktop\2012 Elite Camp.xlsx
2012-05-20 12:03 - 2012-05-20 12:03 - 00000221 ____A C:\Users\mcomstoc\Desktop\Vanilla Whipped Cream Frosting - Fine Cooking Recipes, Techniques and Tips.url
2012-05-14 19:08 - 2012-06-25 04:49 - 00981504 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-05-14 19:06 - 2012-06-25 04:49 - 00048128 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-05-14 17:12 - 2012-06-25 04:48 - 02342400 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-11 10:03 - 2012-05-11 10:03 - 00001788 ____A C:\Users\mcomstoc\Desktop\Spotify.lnk
2012-05-11 07:07 - 2010-05-11 06:15 - 00013729 _RASH C:\Users\All Users\ntuser.pol
2012-05-11 05:20 - 2012-05-11 05:20 - 00004764 ____A C:\Windows\System32\CcmFramework.ini
2012-05-11 05:20 - 2012-05-11 05:20 - 00000621 ____A C:\Windows\System32\CcmFramework.h
2012-05-11 04:26 - 2012-05-11 04:25 - 00031232 ____A C:\Users\mcomstoc\Desktop\Bench Beer May 2012.xls
2012-05-11 03:58 - 2012-07-04 14:27 - 00030744 ____A (Sophos Limited) C:\Windows\System32\SophosBootTasks.exe
2012-05-11 03:58 - 2012-05-11 03:58 - 00123680 ____A (Sophos Limited) C:\Windows\System32\Drivers\savonaccess.sys
2012-05-04 11:09 - 2011-05-09 09:38 - 00003804 _RASH C:\Users\mcomstoc\ntuser.pol
2012-05-04 06:28 - 2012-05-04 06:28 - 00476960 ____A (Sun Microsystems, Inc.) C:\Windows\System32\npdeployJava1.dll
2012-05-04 06:28 - 2012-05-04 06:28 - 00472864 ____A (Sun Microsystems, Inc.) C:\Windows\System32\deployJava1.dll
2012-05-04 06:28 - 2012-05-04 06:28 - 00157472 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaws.exe
2012-05-04 06:28 - 2012-05-04 06:28 - 00149280 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaw.exe
2012-05-04 06:28 - 2012-05-04 06:28 - 00149280 ____A (Sun Microsystems, Inc.) C:\Windows\System32\java.exe
2012-05-04 05:49 - 2012-05-04 05:48 - 00001990 ____A C:\Users\Public\Desktop\Adobe Reader 9.lnk
2012-05-04 05:01 - 2012-05-04 05:01 - 00001408 ____A C:\Windows\Synaptics.log
2012-05-04 05:01 - 2012-05-04 04:54 - 00024416 ____A C:\Windows\DPINST.LOG
2012-05-04 05:00 - 2012-05-04 05:00 - 00001926 ____A C:\Users\Public\Desktop\System Migration Assistant.lnk
2012-05-03 09:50 - 2012-05-03 09:50 - 00010860 ____A C:\ComboFix.txt
2012-05-03 09:48 - 2009-07-13 18:04 - 00000215 ____A C:\Windows\system.ini
2012-05-03 09:25 - 2012-05-03 09:25 - 00000393 ____A C:\rkill.log
2012-05-03 07:10 - 2010-05-05 10:28 - 00125832 ____A C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2012-05-02 11:53 - 2009-07-13 20:53 - 00032650 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-05-02 11:31 - 2012-05-02 11:31 - 00026952 ____A C:\Windows\System32\Drivers\cdprku.sys
2012-05-02 11:29 - 2012-05-03 09:35 - 00001073 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk


========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 20%
Total physical RAM: 2046.43 MB
Available physical RAM: 1629.18 MB
Total Pagefile: 2046.43 MB
Available Pagefile: 1632.47 MB
Total Virtual: 2047.88 MB
Available Virtual: 1968.52 MB

======================= Partitions =========================

1 Drive c: (OSDisk) (Fixed) (Total:92.61 GB) (Free:51.72 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (BDEDrive) (Fixed) (Total:0.55 GB) (Free:0.51 GB) NTFS ==>[System with boot components (obtained from reading drive)]
4 Drive f: (BIGKINGSTON) (Removable) (Total:3.65 GB) (Free:3.24 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 93 GB 0 B
Disk 1 Online 3745 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 92 GB 1024 KB
Partition 2 Primary 560 MB 92 GB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C OSDisk NTFS Partition 92 GB Healthy

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D BDEDrive NTFS Partition 560 MB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3741 MB 4032 KB

==================================================================================

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F BIGKINGSTON FAT32 Removable 3741 MB Healthy

==================================================================================

==========================================================

Last Boot: 2012-07-19 08:48

======================= End Of Log ==========================

#4 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:07:57 AM

Posted 01 August 2012 - 10:32 PM

Download MBRFix from here. Save and extract its contents to the desktop. Open the MBRFix folder. It contains three files. Copy only the MBRFix.exe to the USB drive.

Download also the following file to the USB drive:

Insert the USB drive once again to the ailing computer and run FRST as you did before, except that this time around click on the Fix button and wait.

If successful, two files will be created in the USB drive. Attach the MBRDUMP.TXT file to your reply.

Please expect delays due to problems with my ISP.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#5 sag969

sag969
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:57 AM

Posted 02 August 2012 - 08:18 AM

The MBRdump.txt looks like garbage when you open in notepad:

3м |ؾ |  Ph ~ | V UFF AU]rUu  tFf`~ t&fh fvh h |h h BV  |V vNnfasNu ~  U2V ]랁>}Uunv ud `| du f#u;fTCPAu2r,fh fh  fh fSfSfUfh fh | fah Z2 | 2 < t  +d $$Invalid partition table Error loading operating system Missing operating system c{j[ !    0

I did attach the file as requested though.

Thanks!

Attached Files



#6 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:07:57 AM

Posted 02 August 2012 - 01:51 PM

There is no sign of the infection. Is your computer bootable?

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#7 sag969

sag969
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:57 AM

Posted 02 August 2012 - 02:00 PM

Unfortunately no. Booting into any mode (safe or normal) results in a 7B BSOD.

If this isn't fixable, I'm okay with reinstalling Windows - the files are all backed up. I just hate doing that and would prefer to find a solution that would be able to restore the boot record. I feel like the rootkit has been cleaned up, its just a matter of getting windows to boot again :-)

#8 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:07:57 AM

Posted 02 August 2012 - 05:14 PM

Run FRST, but his time around, remove all checkmarks from the application and click on Scan. Please post the resulting report (Frst.txt).

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#9 sag969

sag969
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:57 AM

Posted 03 August 2012 - 07:21 AM

Unchecked all boxes and ran FRST:

Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 25-07-2012 01
Ran by SYSTEM at 03-08-2012 08:20:35
Running from D:\Malware
(X86) OS Language: English(US)
Attention: Could not load system hive.ERROR: The process cannot access the file because it is being used by another process.

========================== Registry ==========================

HKLM\...\Winlogon: [Userinit] [x]
HKLM\...\Winlogon: [Shell] [x ] ()
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

========================== Services ==========================


========================== Drivers ===========================


========================== Drivers MD5 =======================


========================== NetSvcs (Whitelisted) ===========


========================= Known DLLs =========================


========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: <===== ATTENTION!
HKLM\...\exefile\DefaultIcon: <===== ATTENTION!
HKLM\...\exefile\open\command: <===== ATTENTION!

========================= Memory info ======================

Percentage of memory in use: 24%
Total physical RAM: 2046.43 MB
Available physical RAM: 1549.17 MB
Total Pagefile: 2046.43 MB
Available Pagefile: 1547 MB
Total Virtual: 2047.88 MB
Available Virtual: 1965.44 MB

======================= Partitions =========================

1 Drive c: (OSDisk) (Fixed) (Total:92.61 GB) (Free:56.01 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive d: (BIGKINGSTON) (Removable) (Total:3.65 GB) (Free:3.11 GB) FAT32
3 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 93 GB 0 B
Disk 1 Online 3745 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 92 GB 1024 KB
Partition 2 Primary 560 MB 92 GB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C OSDisk NTFS Partition 92 GB Healthy

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 BDEDrive NTFS Partition 560 MB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3741 MB 4032 KB

==================================================================================

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 D BIGKINGSTON FAT32 Removable 3741 MB Healthy

==================================================================================
==========================================================
TDL4: custom:26000022 <===== ATTENTION!


==========================================================

Last Boot: 2012-07-19 08:48

======================= End Of Log ==========================

#10 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:07:57 AM

Posted 04 August 2012 - 12:17 AM

It shows a TDL4 infection now, but the scan seems to be running from within Windows, or the Registry hives are hooked somehow.

Download the enclosed file.

Save it next to FRST, replacing any existing one.

Run FRST from an external environment, preferable from the Repair's Console Command prompt, except that this time around click on the Fix button and wait.

The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Attempt to boot in Normal Mode and let me know the outcome.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#11 sag969

sag969
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:57 AM

Posted 06 August 2012 - 08:01 AM

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 25-07-2012 01
Ran by SYSTEM at 2012-08-06 08:55:35 Run:2
Running from D:\Malware

==============================================


The operation completed successfully.
The operation completed successfully.

==== End of Fixlog ====

I tried to boot into both normal and safe mode with networking - both resulted in the same BSOD.

The only reason that I can think of that things might look funny is that I'm booting off my ERD cd and not the usual repair cd.

#12 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:07:57 AM

Posted 06 August 2012 - 03:22 PM

Run FRST, but his time around, remove all checkmarks from the application and click on Scan. Please post the resulting report (Frst.txt).

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#13 sag969

sag969
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:57 AM

Posted 06 August 2012 - 03:38 PM

Ran from ERD disc again, let me know if you would prefer to do from the default windows 7 startup/repair cmd window:

Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 05-08-2012 01
Ran by SYSTEM at 06-08-2012 16:36:06
Running from D:\Malware
(X86) OS Language: English(US)
Attention: Could not load system hive.ERROR: The process cannot access the file because it is being used by another process.

========================== Registry ==========================

HKLM\...\Winlogon: [Userinit] [x]
HKLM\...\Winlogon: [Shell] [x ] ()
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

========================== Services ==========================


========================== Drivers ===========================


========================== Drivers MD5 =======================


========================== NetSvcs (Whitelisted) ===========


========================= Known DLLs =========================


========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: <===== ATTENTION!
HKLM\...\exefile\DefaultIcon: <===== ATTENTION!
HKLM\...\exefile\open\command: <===== ATTENTION!

========================= Memory info ======================

Percentage of memory in use: 24%
Total physical RAM: 2046.43 MB
Available physical RAM: 1548 MB
Total Pagefile: 2046.43 MB
Available Pagefile: 1547.95 MB
Total Virtual: 2047.88 MB
Available Virtual: 1965.44 MB

======================= Partitions =========================

1 Drive c: (OSDisk) (Fixed) (Total:92.61 GB) (Free:56.01 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive d: (BIGKINGSTON) (Removable) (Total:3.65 GB) (Free:3.11 GB) FAT32
3 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 93 GB 0 B
Disk 1 Online 3745 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 92 GB 1024 KB
Partition 2 Primary 560 MB 92 GB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C OSDisk NTFS Partition 92 GB Healthy

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 BDEDrive NTFS Partition 560 MB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3741 MB 4032 KB

==================================================================================

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 D BIGKINGSTON FAT32 Removable 3741 MB Healthy

==================================================================================

==========================================================

Last Boot: 2012-07-19 08:48

======================= End Of Log ==========================

#14 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:07:57 AM

Posted 06 August 2012 - 09:26 PM

Ran from ERD disc again, let me know if you would prefer to do from the default windows 7 startup/repair cmd window:


Yes, please use the Windows 7 startup/repair cmd window. ERD seems to hook the registry.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#15 sag969

sag969
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:57 AM

Posted 07 August 2012 - 08:11 AM

Ok, run from the recovery console:

Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 05-08-2012 01
Ran by SYSTEM at 07-08-2012 09:01:30
Running from F:\Malware
Windows 7 Enterprise (X86) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry ==========================

HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2321680 2011-12-23] (Synaptics Incorporated)
HKLM\...\Run: [LENOVO.TPFNF6R] C:\Program Files\Lenovo\HOTKEY\TPFNF6R.exe [62752 2009-08-20] (Lenovo Group Limited)
HKLM\...\Run: [Discovery User Input] "C:\Program Files\FrontRange Solutions\Discovery Client Agent\User Input\userin32.exe" [241664 2012-04-11] ()
HKLM\...\Run: [Sophos AutoUpdate Monitor] C:\Program Files\Sophos\AutoUpdate\almon.exe [900120 2012-01-19] (Sophos Limited)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [40376 2012-03-27] (Adobe Systems Incorporated)
HKLM\...\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [640440 2012-03-26] (Adobe Systems Inc.)
HKLM\...\Run: [] [x]
HKLM\...\Run: [TpShocks] TpShocks.exe [x]
HKLM\...\Run: [PWMTRV] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor [4392512 2012-03-15] (Lenovo Group Limited)
HKLM\...\Run: [AcWin7Hlpr] C:\Program Files\Lenovo\Access Connections\AcTBenabler.exe [33344 2011-10-20] (Lenovo)
HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2012-03-27] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.)
HKU\mcomstoc\...\Run: [Update] rundll32.exe "C:\Windows\system32\config\systemprofile\AppData\Roaming\Real\Real\zchvwceaw.dll",DllRegisterServer [x]
HKU\mcomstoc\...\Run: [Spotify] "C:\Users\mcomstoc\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart [9478320 2012-05-11] (Spotify Ltd)
HKU\mcomstoc\...\Run: [Spotify Web Helper] "C:\Users\mcomstoc\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [932528 2012-05-11] ()
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe, [26112 2009-07-13] (Microsoft Corporation)
HKLM\...\Winlogon: [Shell] Explorer.exe [2614784 2011-02-25] (Microsoft Corporation)
Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll [X]
Tcpip\Parameters: [DhcpNameServer] 141.166.30.6 141.166.24.7
AppInit_DLLs: C:\PROGRA~1\Sophos\SOPHOS~1\sophos_detoured.dll,C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
Lsa: [Authentication Packages] msv1_0
Lsa: [Notification Packages] scecli
C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
ACGina
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

========================== Services ==========================

2 AcPrfMgrSvc; C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe [134208 2011-10-20] (Lenovo)
2 AcSvc; C:\Program Files\Lenovo\Access Connections\AcSvc.exe [269376 2011-10-20] (Lenovo)
3 AdobeFlashPlayerUpdateSvc; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [250056 2012-07-15] (Adobe Systems Incorporated)
3 AeLookupSvc; C:\Windows\System32\aelupsvc.dll [62464 2009-07-13] (Microsoft Corporation)
3 ALG; C:\Windows\System32\alg.exe [59392 2009-07-13] (Microsoft Corporation)
3 AppIDSvc; C:\Windows\System32\appidsvc.dll [27648 2009-07-13] (Microsoft Corporation)
3 Appinfo; C:\Windows\System32\appinfo.dll [46592 2009-07-13] (Microsoft Corporation)
2 Apple Mobile Device; "C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe" [55184 2012-05-24] (Apple Inc.)
3 AppMgmt; C:\Windows\System32\appmgmts.dll [149504 2009-07-13] (Microsoft Corporation)
3 aspnet_state; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [35160 2010-03-18] (Microsoft Corporation)
2 Ati External Event Utility; C:\Windows\System32\Ati2evxx.exe [606208 2007-06-21] (ATI Technologies Inc.)
2 AudioEndpointBuilder; C:\Windows\System32\Audiosrv.dll [473088 2009-07-13] (Microsoft Corporation)
2 Audiosrv; C:\Windows\System32\Audiosrv.dll [473088 2009-07-13] (Microsoft Corporation)
3 AxInstSV; C:\Windows\System32\AxInstSV.dll [88064 2009-07-13] (Microsoft Corporation)
3 BDESVC; C:\Windows\System32\bdesvc.dll [76800 2009-07-13] (Microsoft Corporation)
2 BFE; C:\Windows\System32\bfe.dll [493568 2009-07-13] (Microsoft Corporation)
3 BITS; C:\Windows\System32\qmgr.dll [589312 2009-07-13] (Microsoft Corporation)
2 Bonjour Service; "C:\Program Files\Bonjour\mDNSResponder.exe" [390504 2011-08-30] (Apple Inc.)
3 Browser; C:\Windows\System32\browser.dll [102400 2009-07-13] (Microsoft Corporation)
3 bthserv; C:\Windows\System32\bthserv.dll [64512 2009-07-13] (Microsoft Corporation)
2 btwdins; C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe [628000 2011-01-24] (Broadcom Corporation.)
2 CcmExec; C:\Windows\CCM\CcmExec.exe [981360 2012-02-20] (Microsoft Corporation)
3 CertPropSvc; C:\Windows\System32\certprop.dll [67584 2009-07-13] (Microsoft Corporation)
4 clr_optimization_v2.0.50727_32; C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [66384 2009-06-10] (Microsoft Corporation)
2 clr_optimization_v4.0.30319_32; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [130384 2010-03-18] (Microsoft Corporation)
2 CmRcService; C:\Windows\CCM\RemCtrl\CmRcService.exe [442224 2012-02-20] (Microsoft Corporation)
3 COMSysApp; C:\Windows\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} [7168 2009-07-13] (Microsoft Corporation)
2 CryptSvc; C:\Windows\System32\cryptsvc.dll [139264 2012-04-23] (Microsoft Corporation)
2 CscService; C:\Windows\System32\cscsvc.dll [544256 2009-07-13] (Microsoft Corporation)
2 CVPND; "C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe" [1528624 2009-08-23] (Cisco Systems, Inc.)
2 DcomLaunch; C:\Windows\System32\rpcss.dll [376320 2009-07-13] (Microsoft Corporation)
3 defragsvc; C:\Windows\System32\defragsvc.dll [218624 2009-07-13] (Microsoft Corporation)
2 Dhcp; C:\Windows\System32\dhcpcore.dll [253440 2009-07-13] (Microsoft Corporation)
2 DiscoveryClientAgent; "C:\Program Files\FrontRange Solutions\Discovery Client Agent\AUDIT\CAgent32.exe" [1539136 2012-04-11] ()
2 DiscoveryIPTransferAgent; "C:\Program Files\FrontRange Solutions\Discovery Client Agent\AUDIT\XferWan.exe" [601152 2012-04-11] ()
2 Dnscache; C:\Windows\System32\dnsrslvr.dll [132608 2011-03-02] (Microsoft Corporation)
3 dot3svc; C:\Windows\System32\dot3svc.dll [214016 2009-07-13] (Microsoft Corporation)
3 DozeSvc; C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE [280640 2012-03-15] (Lenovo.)
2 DPS; C:\Windows\System32\dps.dll [143360 2009-07-13] (Microsoft Corporation)
3 EapHost; C:\Windows\System32\eapsvc.dll [98304 2009-07-13] (Microsoft Corporation)
3 EFS; C:\Windows\System32\lsass.exe [22528 2011-11-16] (Microsoft Corporation)
3 ehRecvr; C:\Windows\ehome\ehRecvr.exe [556032 2010-08-03] (Microsoft Corporation)
3 ehSched; C:\Windows\ehome\ehsched.exe [94720 2009-07-13] (Microsoft Corporation)
2 eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [20992 2009-07-13] (Microsoft Corporation)
2 EventSystem; C:\Windows\System32\es.dll [271360 2009-07-13] (Microsoft Corporation)
2 EvtEng; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [936208 2011-11-01] (Intel® Corporation)
3 Fax; C:\Windows\System32\fxssvc.exe [522752 2009-07-13] (Microsoft Corporation)
3 fdPHost; C:\Windows\System32\fdPHost.dll [12800 2009-07-13] (Microsoft Corporation)
3 FDResPub; C:\Windows\System32\fdrespub.dll [28160 2009-07-13] (Microsoft Corporation)
3 FLEXnet Licensing Service; "C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe" [651720 2011-06-28] (Macrovision Europe Ltd.)
2 FontCache; C:\Windows\System32\FntCache.dll [802304 2011-02-18] (Microsoft Corporation)
2 FontCache3.0.0.0; C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [42856 2009-06-10] (Microsoft Corporation)
2 gpsvc; C:\Windows\System32\gpsvc.dll [591360 2009-07-13] (Microsoft Corporation)
3 hidserv; C:\Windows\System32\hidserv.dll [49152 2009-07-13] (Microsoft Corporation)
3 hkmsvc; C:\Windows\System32\kmsvc.dll [71168 2009-07-13] (Microsoft Corporation)
3 HomeGroupListener; C:\Windows\System32\ListSvc.dll [194560 2009-07-13] (Microsoft Corporation)
3 HomeGroupProvider; C:\Windows\System32\provsvc.dll [165376 2009-07-13] (Microsoft Corporation)
2 IBMPMSVC; C:\Windows\System32\ibmpmsvc.exe [40512 2012-02-29] (Lenovo.)
3 IDriverT; "C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe" [73728 2004-10-21] (Macrovision Corporation)
3 idsvc; "C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe" [878416 2009-06-10] (Microsoft Corporation)
2 IKEEXT; C:\Windows\System32\ikeext.dll [667136 2009-07-13] (Microsoft Corporation)
3 IPBusEnum; C:\Windows\System32\ipbusenum.dll [78848 2009-07-13] (Microsoft Corporation)
2 iphlpsvc; C:\Windows\System32\iphlpsvc.dll [497152 2009-07-13] (Microsoft Corporation)
3 iPod Service; "C:\Program Files\iPod\bin\iPodService.exe" [821648 2012-06-07] (Apple Inc.)
2 Irmon; C:\Windows\System32\irmon.dll [19968 2009-07-13] (Microsoft Corporation)
2 IviRegMgr; "C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe" [112152 2007-01-04] (InterVideo)
3 KeyIso; C:\Windows\System32\lsass.exe [22528 2011-11-16] (Microsoft Corporation)
3 KtmRm; C:\Windows\System32\msdtckrm.dll [308736 2009-07-13] (Microsoft Corporation)
2 LanmanServer; C:\Windows\System32\srvsvc.dll [168448 2010-08-26] (Microsoft Corporation)
2 LanmanWorkstation; C:\Windows\System32\wkssvc.dll [84480 2009-07-13] (Microsoft Corporation)
3 LanProbe; "C:\Program Files\FrontRange Solutions\Discovery Client Agent\AUDIT\lpx86.exe" [236032 2012-04-11] ()
2 LENOVO.MICMUTE; C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe [101736 2011-07-12] (Lenovo Group Limited)
2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [127336 2011-07-12] (Lenovo Group Limited)
3 lltdsvc; C:\Windows\System32\lltdsvc.dll [189952 2009-07-13] (Microsoft Corporation)
2 lmhosts; C:\Windows\System32\lmhsvc.dll [18432 2009-07-13] (Microsoft Corporation)
3 lpasvc; "C:\Program Files\Microsoft Policy Platform\policyHost.exe" /service [48936 2011-12-06] (Microsoft Corporation)
3 lppsvc; "C:\Program Files\Microsoft Policy Platform\policyHost.exe" /service [48936 2011-12-06] (Microsoft Corporation)
4 Mcx2Svc; C:\Windows\System32\Mcx2Svc.dll [67584 2009-07-13] (Microsoft Corporation)
2 MDM; "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe" [335872 2006-10-26] (Microsoft Corporation)
3 Microsoft Office Groove Audit Service; "C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe" [65888 2008-10-25] (Microsoft Corporation)
2 MMCSS; C:\Windows\System32\mmcss.dll [49664 2009-07-13] (Microsoft Corporation)
2 MpsSvc; C:\Windows\System32\mpssvc.dll [565760 2009-07-13] (Microsoft Corporation)
3 MSDTC; C:\Windows\System32\msdtc.exe [134144 2009-07-13] (Microsoft Corporation)
3 MSiSCSI; C:\Windows\System32\iscsiexe.dll [114688 2009-07-13] (Microsoft Corporation)
3 msiserver; C:\Windows\System32\msiexec.exe /V [73216 2009-07-13] (Microsoft Corporation)
3 napagent; C:\Windows\System32\qagentRT.dll [330240 2009-07-13] (Microsoft Corporation)
2 Netlogon; C:\Windows\System32\lsass.exe [22528 2011-11-16] (Microsoft Corporation)
3 Netman; C:\Windows\System32\netman.dll [280576 2009-07-13] (Microsoft Corporation)
4 NetMsmqActivator; "C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe" -NetMsmqActivator [124240 2010-03-18] (Microsoft Corporation)
4 NetPipeActivator; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [124240 2010-03-18] (Microsoft Corporation)
3 netprofm; C:\Windows\System32\netprofm.dll [360448 2009-07-13] (Microsoft Corporation)
4 NetTcpActivator; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [124240 2010-03-18] (Microsoft Corporation)
4 NetTcpPortSharing; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [124240 2010-03-18] (Microsoft Corporation)
2 NlaSvc; C:\Windows\System32\nlasvc.dll [242688 2009-07-13] (Microsoft Corporation)
2 nsi; C:\Windows\System32\nsisvc.dll [19456 2009-07-13] (Microsoft Corporation)
3 odserv; "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE" [441712 2008-11-03] (Microsoft Corporation)
3 ose; "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE" [145184 2006-10-26] (Microsoft Corporation)
3 p2pimsvc; C:\Windows\System32\pnrpsvc.dll [269824 2009-07-13] (Microsoft Corporation)
3 p2psvc; C:\Windows\System32\p2psvc.dll [327680 2009-07-13] (Microsoft Corporation)
3 PcaSvc; C:\Windows\System32\pcasvc.dll [154624 2009-07-13] (Microsoft Corporation)
3 PeerDistSvc; C:\Windows\System32\peerdistsvc.dll [1004544 2009-07-13] (Microsoft Corporation)
3 pla; C:\Windows\System32\pla.dll [1508864 2009-07-13] (Microsoft Corporation)
2 PlugPlay; C:\Windows\System32\umpnpmgr.dll [294912 2011-05-24] (Microsoft Corporation)
3 PNRPAutoReg; C:\Windows\System32\pnrpauto.dll [20480 2009-07-13] (Microsoft Corporation)
3 PNRPsvc; C:\Windows\System32\pnrpsvc.dll [269824 2009-07-13] (Microsoft Corporation)
3 PolicyAgent; C:\Windows\System32\ipsecsvc.dll [350720 2009-07-13] (Microsoft Corporation)
2 Power; C:\Windows\System32\umpo.dll [119808 2011-01-13] (Microsoft Corporation)
3 Power Manager DBC Service; "C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE" [1662528 2012-03-15] (Lenovo)
2 ProfSvc; C:\Windows\System32\profsvc.dll [163328 2012-05-01] (Microsoft Corporation)
3 ProtectedStorage; C:\Windows\System32\lsass.exe [22528 2011-11-16] (Microsoft Corporation)
2 ProtexisLicensing; C:\Windows\system32\PSIService.exe [177704 2007-06-05] ()
3 PwmEWSvc; C:\Program Files\ThinkPad\Utilities\PWMEWSVC.EXE [165440 2012-03-15] (Lenovo Group Limited)
3 QWAVE; C:\Windows\system32\qwave.dll [210944 2009-07-13] (Microsoft Corporation)
3 RasAuto; C:\Windows\System32\rasauto.dll [90624 2009-07-13] (Microsoft Corporation)
3 RasMan; C:\Windows\System32\rasmans.dll [285184 2009-07-13] (Microsoft Corporation)
2 RegSrvc; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [481552 2011-11-01] (Intel® Corporation)
4 RemoteAccess; C:\Windows\System32\mprdim.dll [75264 2009-07-13] (Microsoft Corporation)
3 RemoteRegistry; C:\Windows\System32\regsvc.dll [112640 2009-07-13] (Microsoft Corporation)
3 RoxMediaDB10; "C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe" [1124848 2009-08-04] (Sonic Solutions)
2 RpcEptMapper; C:\Windows\System32\RpcEpMap.dll [43520 2009-07-13] (Microsoft Corporation)
3 RpcLocator; C:\Windows\System32\locator.exe [9216 2009-07-13] (Microsoft Corporation)
2 RpcSs; C:\Windows\System32\rpcss.dll [376320 2009-07-13] (Microsoft Corporation)
2 SamSs; C:\Windows\System32\lsass.exe [22528 2011-11-16] (Microsoft Corporation)
2 SAVAdminService; "C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe" [216600 2012-05-11] (Sophos Limited)
2 SAVService; "C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe" [139840 2012-07-05] (Sophos Limited)
3 SCardSvr; C:\Windows\System32\SCardSvr.dll [132608 2009-07-13] (Microsoft Corporation)
2 Schedule; C:\Windows\System32\schedsvc.dll [749056 2010-11-01] (Microsoft Corporation)
3 SCPolicySvc; C:\Windows\System32\certprop.dll [67584 2009-07-13] (Microsoft Corporation)
3 SDRSVC; C:\Windows\System32\SDRSVC.dll [125952 2009-07-13] (Microsoft Corporation)
2 seclogon; C:\Windows\system32\seclogon.dll [21504 2009-07-13] (Microsoft Corporation)
2 SENS; C:\Windows\System32\sens.dll [49664 2009-07-13] (Microsoft Corporation)
3 SensrSvc; C:\Windows\System32\sensrsvc.dll [25088 2009-07-13] (Microsoft Corporation)
3 SessionEnv; C:\Windows\System32\sessenv.dll [99328 2009-07-13] (Microsoft Corporation)
2 SharedAccess; C:\Windows\System32\ipnathlp.dll [300544 2009-07-13] (Microsoft Corporation)
2 ShellHWDetection; C:\Windows\System32\shsvcs.dll [328192 2009-07-13] (Microsoft Corporation)
3 smstsmgr; C:\Windows\CCM\TSManager.exe /service [251760 2012-02-20] (Microsoft Corporation)
3 SNMPTRAP; C:\Windows\System32\snmptrap.exe [12800 2009-07-13] (Microsoft Corporation)
2 Sophos Agent; "C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe" -service -name Agent [282624 2012-01-19] (Sophos Limited)
2 Sophos AutoUpdate Service; "C:\Program Files\Sophos\AutoUpdate\ALsvc.exe" [232472 2012-05-11] (Sophos Limited)
2 Sophos Message Router; "C:\Program Files\Sophos\Remote Management System\RouterNT.exe" -service -name Router -ORBListenEndpoints iiop://:8193/ssl_port=8194 [806912 2012-01-19] (Sophos Limited)
2 Sophos Web Control Service; "C:\Program Files\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe" [357400 2012-05-11] (Sophos Limited)
2 Spooler; C:\Windows\System32\spoolsv.exe [316928 2010-08-20] (Microsoft Corporation)
2 sppsvc; C:\Windows\System32\sppsvc.exe [3179520 2009-07-13] (Microsoft Corporation)
3 sppuinotify; C:\Windows\System32\sppuinotify.dll [53760 2009-07-13] (Microsoft Corporation)
3 SSDPSRV; C:\Windows\System32\ssdpsrv.dll [162816 2009-07-13] (Microsoft Corporation)
3 SstpSvc; C:\Windows\System32\sstpsvc.dll [90112 2009-07-13] (Microsoft Corporation)
2 StiSvc; C:\Windows\System32\wiaservc.dll [462336 2009-07-13] (Microsoft Corporation)
3 stllssvr; "C:\Program Files\Common Files\SureThing Shared\stllssvr.exe" [74392 2009-04-30] (MicroVision Development, Inc.)
3 StorSvc; C:\Windows\System32\storsvc.dll [16384 2009-07-13] (Microsoft Corporation)
2 SUService; "C:\Program Files\Lenovo\System Update\SUService.exe" [34104 2012-03-16] (Lenovo Group Limited)
2 swi_service; "C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe" [2862656 2012-07-05] (Sophos Limited)
2 swi_update; "C:\ProgramData\Sophos\Web Intelligence\swi_update.exe" [1465920 2012-07-05] (Sophos Limited)
3 swprv; C:\Windows\System32\swprv.dll [313856 2009-07-13] (Microsoft Corporation)
2 SysMain; C:\Windows\System32\sysmain.dll [1169408 2009-07-13] (Microsoft Corporation)
3 TabletInputService; C:\Windows\System32\TabSvc.dll [73728 2009-07-13] (Microsoft Corporation)
3 TapiSrv; C:\Windows\System32\tapisrv.dll [241664 2009-07-13] (Microsoft Corporation)
3 TBS; C:\Windows\System32\tbssvc.dll [55808 2009-07-13] (Microsoft Corporation)
3 TermService; C:\Windows\System32\termsrv.dll [543232 2009-07-13] (Microsoft Corporation)
2 Themes; C:\Windows\System32\themeservice.dll [37376 2009-07-13] (Microsoft Corporation)
3 THREADORDER; C:\Windows\System32\mmcss.dll [49664 2009-07-13] (Microsoft Corporation)
3 TPHDEXLGSVC; C:\Windows\System32\TPHDEXLG.exe [40048 2011-03-29] (Lenovo.)
2 TPHKLOAD; C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe [131432 2011-07-12] (Lenovo Group Limited)
2 TPHKSVC; C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe [142696 2011-07-12] (Lenovo Group Limited)
2 TrkWks; C:\Windows\System32\trkwks.dll [77312 2009-07-13] (Microsoft Corporation)
3 TrustedInstaller; C:\Windows\servicing\TrustedInstaller.exe [204800 2009-07-13] (Microsoft Corporation)
3 UI0Detect; C:\Windows\System32\UI0Detect.exe [35840 2009-07-13] (Microsoft Corporation)
3 UmRdpService; C:\Windows\System32\umrdp.dll [154624 2009-07-13] (Microsoft Corporation)
3 upnphost; C:\Windows\System32\upnphost.dll [266752 2009-07-13] (Microsoft Corporation)
2 UxSms; C:\Windows\System32\uxsms.dll [29696 2009-07-13] (Microsoft Corporation)
3 VaultSvc; C:\Windows\System32\lsass.exe [22528 2011-11-16] (Microsoft Corporation)
3 vds; C:\Windows\System32\vds.exe [452608 2009-07-13] (Microsoft Corporation)
3 VSS; C:\Windows\System32\vssvc.exe [1025536 2009-07-13] (Microsoft Corporation)
3 W32Time; C:\Windows\System32\w32time.dll [288768 2009-07-13] (Microsoft Corporation)
3 WatAdminSvc; C:\Windows\System32\Wat\WatAdminSvc.exe [1343400 2010-04-15] (Microsoft Corporation)
3 wbengine; "C:\Windows\system32\wbengine.exe" [1202688 2009-07-13] (Microsoft Corporation)
2 WbioSrvc; C:\Windows\System32\wbiosrvc.dll [151552 2009-07-13] (Microsoft Corporation)
3 wcncsvc; C:\Windows\System32\wcncsvc.dll [276992 2010-09-13] (Microsoft Corporation)
3 WcsPlugInService; C:\Windows\System32\WcsPlugInService.dll [32768 2009-07-13] (Microsoft Corporation)
3 WdiServiceHost; C:\Windows\System32\wdi.dll [76288 2009-07-13] (Microsoft Corporation)
3 WdiSystemHost; C:\Windows\System32\wdi.dll [76288 2009-07-13] (Microsoft Corporation)
3 WebClient; C:\Windows\System32\webclnt.dll [204800 2010-12-20] (Microsoft Corporation)
3 Wecsvc; C:\Windows\System32\wecsvc.dll [147968 2009-07-13] (Microsoft Corporation)
3 wercplsupport; C:\Windows\System32\wercplsupport.dll [61440 2009-07-13] (Microsoft Corporation)
3 WerSvc; C:\Windows\System32\WerSvc.dll [65024 2009-07-13] (Microsoft Corporation)
2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-13] (Microsoft Corporation)
3 WinHttpAutoProxySvc; winhttp.dll [350720 2010-12-20] (Microsoft Corporation)
2 Winmgmt; C:\Windows\System32\wbem\WMIsvc.dll [168960 2009-07-13] (Microsoft Corporation)
3 WinRM; C:\Windows\System32\WsmSvc.dll [1175040 2009-07-13] (Microsoft Corporation)
2 Wlansvc; C:\Windows\System32\wlansvc.dll [829440 2009-07-13] (Microsoft Corporation)
3 wmiApSrv; C:\Windows\System32\wbem\WmiApSrv.exe [136192 2009-07-13] (Microsoft Corporation)
4 WMPNetworkSvc; "C:\Program Files\Windows Media Player\wmpnetwk.exe" [1121280 2010-03-04] (Microsoft Corporation)
3 WPCSvc; C:\Windows\System32\wpcsvc.dll [10752 2009-07-13] (Microsoft Corporation)
3 WPDBusEnum; C:\Windows\System32\wpdbusenum.dll [84480 2009-07-13] (Microsoft Corporation)
2 wscsvc; C:\Windows\System32\wscsvc.dll [73728 2010-12-20] (Microsoft Corporation)
2 WSearch; C:\Windows\System32\SearchIndexer.exe /Embedding [428032 2011-05-03] (Microsoft Corporation)
2 wuauserv; C:\Windows\System32\wuaueng.dll [1929952 2009-08-06] (Microsoft Corporation)
2 wudfsvc; C:\Windows\System32\WUDFSvc.dll [64512 2009-07-13] (Microsoft Corporation)
3 WwanSvc; C:\Windows\System32\wwansvc.dll [185856 2009-07-13] (Microsoft Corporation)

========================== Drivers ===========================

3 1394ohci; C:\Windows\System32\DRIVERS\1394ohci.sys [163328 2009-07-13] (Microsoft Corporation)
3 5U875UVC; C:\Windows\System32\DRIVERS\5U875.sys [72320 2009-07-08] (Ricoh co.,Ltd.)
0 ACPI; C:\Windows\System32\DRIVERS\ACPI.sys [274496 2009-07-13] (Microsoft Corporation)
3 AcpiPmi; C:\Windows\system32\DRIVERS\acpipmi.sys [9728 2009-07-13] (Microsoft Corporation)
3 adp94xx; C:\Windows\system32\DRIVERS\adp94xx.sys [422976 2009-07-13] (Adaptec, Inc.)
3 adpahci; C:\Windows\system32\DRIVERS\adpahci.sys [297552 2009-07-13] (Adaptec, Inc.)
3 adpu320; C:\Windows\system32\DRIVERS\adpu320.sys [146512 2009-07-13] (Adaptec, Inc.)
1 AFD; C:\Windows\system32\drivers\afd.sys [338944 2011-04-24] (Microsoft Corporation)
3 agp440; C:\Windows\system32\DRIVERS\agp440.sys [53312 2009-07-13] (Microsoft Corporation)
3 aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [70720 2009-07-13] (Adaptec, Inc.)
3 aliide; C:\Windows\system32\drivers\aliide.sys [14400 2009-07-13] (Acer Laboratories Inc.)
3 amdagp; C:\Windows\system32\DRIVERS\amdagp.sys [53312 2009-07-13] (Microsoft Corporation)
3 amdide; C:\Windows\system32\drivers\amdide.sys [14912 2009-07-13] (Microsoft Corporation)
3 AmdK8; C:\Windows\system32\DRIVERS\amdk8.sys [55296 2009-07-13] (Microsoft Corporation)
3 AmdPPM; C:\Windows\system32\DRIVERS\amdppm.sys [52736 2009-07-13] (Microsoft Corporation)
3 amdsata; C:\Windows\system32\DRIVERS\amdsata.sys [80256 2011-03-10] (Advanced Micro Devices)
3 amdsbs; C:\Windows\system32\DRIVERS\amdsbs.sys [159312 2009-07-13] (AMD Technologies Inc.)
0 amdxata; C:\Windows\System32\DRIVERS\amdxata.sys [22400 2011-03-10] (Advanced Micro Devices)
3 AppID; C:\Windows\system32\drivers\appid.sys [50176 2009-07-13] (Microsoft Corporation)
3 arc; C:\Windows\system32\DRIVERS\arc.sys [76368 2009-07-13] (Adaptec, Inc.)
3 arcsas; C:\Windows\system32\DRIVERS\arcsas.sys [86608 2009-07-13] (Adaptec, Inc.)
3 AsyncMac; C:\Windows\System32\DRIVERS\asyncmac.sys [17920 2009-07-13] (Microsoft Corporation)
0 atapi; C:\Windows\System32\drivers\atapi.sys [21584 2009-07-13] (Microsoft Corporation)
3 athr; C:\Windows\System32\DRIVERS\athr.sys [1096704 2009-07-13] (Atheros Communications, Inc.)
3 atikmdag; C:\Windows\System32\DRIVERS\atikmdag.sys [2600960 2007-06-21] (ATI Technologies Inc.)
3 ATSwpWDF; C:\Windows\System32\Drivers\ATSwpWDF.sys [625224 2009-12-03] (AuthenTec, Inc.)
3 b06bdrv; C:\Windows\system32\DRIVERS\bxvbdx.sys [430080 2009-07-13] (Broadcom Corporation)
3 b57nd60x; C:\Windows\System32\DRIVERS\b57nd60x.sys [229888 2009-07-13] (Broadcom Corporation)
1 Beep; C:\Windows\System32\Drivers\Beep.sys [6144 2009-07-13] (Microsoft Corporation)
1 blbdrive; C:\Windows\System32\DRIVERS\blbdrive.sys [35328 2009-07-13] (Microsoft Corporation)
3 bowser; C:\Windows\System32\DRIVERS\bowser.sys [69632 2011-02-22] (Microsoft Corporation)
3 BrFiltLo; C:\Windows\system32\DRIVERS\BrFiltLo.sys [13568 2009-07-13] (Brother Industries, Ltd.)
3 BrFiltUp; C:\Windows\system32\DRIVERS\BrFiltUp.sys [5248 2009-07-13] (Brother Industries, Ltd.)
3 BridgeMP; C:\Windows\System32\DRIVERS\bridge.sys [78336 2009-07-13] (Microsoft Corporation)
3 Brserid; C:\Windows\System32\Drivers\Brserid.sys [272128 2009-07-13] (Brother Industries Ltd.)
3 BrSerWdm; C:\Windows\System32\Drivers\BrSerWdm.sys [62336 2009-07-13] (Brother Industries Ltd.)
3 BrUsbMdm; C:\Windows\System32\Drivers\BrUsbMdm.sys [12160 2009-07-13] (Brother Industries Ltd.)
3 BrUsbSer; C:\Windows\System32\Drivers\BrUsbSer.sys [11904 2009-07-13] (Brother Industries Ltd.)
3 BthEnum; C:\Windows\system32\drivers\BthEnum.sys [34816 2009-07-13] (Microsoft Corporation)
3 BTHMODEM; C:\Windows\system32\DRIVERS\bthmodem.sys [56320 2009-07-13] (Microsoft Corporation)
3 BthPan; C:\Windows\System32\DRIVERS\bthpan.sys [93696 2009-07-13] (Microsoft Corporation)
3 BTHPORT; C:\Windows\System32\Drivers\BTHport.sys [393216 2011-04-27] (Microsoft Corporation)
3 BTHUSB; C:\Windows\System32\Drivers\BTHUSB.sys [60416 2011-04-27] (Microsoft Corporation)
3 btusbflt; C:\Windows\System32\drivers\btusbflt.sys [45736 2010-04-08] (Broadcom Corporation.)
3 btwaudio; C:\Windows\System32\drivers\btwaudio.sys [86056 2010-01-15] (Broadcom Corporation.)
3 btwavdt; C:\Windows\System32\drivers\btwavdt.sys [108072 2010-01-15] (Broadcom Corporation.)
3 btwl2cap; C:\Windows\System32\DRIVERS\btwl2cap.sys [29472 2009-04-07] (Broadcom Corporation.)
3 btwrchid; C:\Windows\System32\DRIVERS\btwrchid.sys [18472 2010-01-15] (Broadcom Corporation.)
4 cdfs; C:\Windows\System32\DRIVERS\cdfs.sys [70656 2009-07-13] (Microsoft Corporation)
3 cdprku; \??\C:\Windows\system32\Drivers\cdprku.sys [26952 2012-05-02] ()
1 cdrom; C:\Windows\System32\DRIVERS\cdrom.sys [108544 2009-07-13] (Microsoft Corporation)
3 circlass; C:\Windows\system32\DRIVERS\circlass.sys [37888 2009-07-13] (Microsoft Corporation)
0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-13] (Microsoft Corporation)
3 CmBatt; C:\Windows\System32\DRIVERS\CmBatt.sys [14080 2009-07-13] (Microsoft Corporation)
3 cmdide; C:\Windows\system32\drivers\cmdide.sys [15952 2009-07-13] (CMD Technology, Inc.)
0 CNG; C:\Windows\System32\Drivers\cng.sys [369352 2011-11-16] (Microsoft Corporation)
0 Compbatt; C:\Windows\System32\DRIVERS\compbatt.sys [19024 2009-07-13] (Microsoft Corporation)
3 CompositeBus; C:\Windows\System32\DRIVERS\CompositeBus.sys [31232 2009-07-13] (Microsoft Corporation)
4 crcdisk; C:\Windows\system32\DRIVERS\crcdisk.sys [22096 2009-07-13] (Microsoft Corporation)
1 CSC; C:\Windows\System32\drivers\csc.sys [387584 2009-07-13] (Microsoft Corporation)
3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
2 CVPNDRVA; \??\C:\Windows\system32\Drivers\CVPNDRVA.sys [308859 2009-08-23] (Cisco Systems, Inc.)
1 DfsC; C:\Windows\System32\Drivers\dfsc.sys [78336 2011-04-26] (Microsoft Corporation)
1 discache; C:\Windows\System32\drivers\discache.sys [32256 2009-07-13] (Microsoft Corporation)
0 Disk; C:\Windows\System32\DRIVERS\disk.sys [57424 2009-07-13] (Microsoft Corporation)
3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [131984 2008-11-16] (Deterministic Networks, Inc.)
0 DozeHDD; C:\Windows\System32\DRIVERS\DozeHDD.sys [25416 2012-03-15] (Lenovo.)
3 drmkaud; C:\Windows\System32\drivers\drmkaud.sys [5120 2009-07-13] (Microsoft Corporation)
3 DXGKrnl; C:\Windows\System32\drivers\dxgkrnl.sys [728448 2010-11-01] (Microsoft Corporation)
3 e1express; C:\Windows\System32\DRIVERS\e1e6232.sys [219352 2009-06-04] (Intel Corporation)
3 e1yexpress; C:\Windows\System32\DRIVERS\e1y6032.sys [225408 2008-08-22] (Intel Corporation)
3 ebdrv; C:\Windows\system32\DRIVERS\evbdx.sys [3100160 2009-07-13] (Broadcom Corporation)
3 elxstor; C:\Windows\system32\DRIVERS\elxstor.sys [453712 2009-07-13] (Emulex)
3 ErrDev; C:\Windows\system32\DRIVERS\errdev.sys [7168 2009-07-13] (Microsoft Corporation)
3 exfat; C:\Windows\System32\Drivers\exfat.sys [142336 2009-07-13] (Microsoft Corporation)
3 fastfat; C:\Windows\System32\Drivers\fastfat.sys [148480 2009-07-13] (Microsoft Corporation)
3 fdc; C:\Windows\system32\DRIVERS\fdc.sys [25088 2009-07-13] (Microsoft Corporation)
0 FileInfo; C:\Windows\System32\drivers\fileinfo.sys [58448 2009-07-13] (Microsoft Corporation)
3 Filetrace; C:\Windows\System32\drivers\filetrace.sys [28160 2009-07-13] (Microsoft Corporation)
3 flpydisk; C:\Windows\system32\DRIVERS\flpydisk.sys [19968 2009-07-13] (Microsoft Corporation)
0 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [198208 2009-07-13] (Microsoft Corporation)
3 FsDepends; C:\Windows\System32\drivers\FsDepends.sys [46160 2009-07-13] (Microsoft Corporation)
0 Fs_Rec; C:\Windows\System32\Drivers\Fs_Rec.sys [19312 2012-02-29] (Microsoft Corporation)
0 fvevol; C:\Windows\System32\DRIVERS\fvevol.sys [194488 2009-09-25] (Microsoft Corporation)
3 gagp30kx; C:\Windows\system32\DRIVERS\gagp30kx.sys [57936 2009-07-13] (Microsoft Corporation)
3 GEARAspiWDM; C:\Windows\System32\DRIVERS\GEARAspiWDM.sys [26600 2009-05-18] (GEAR Software Inc.)
3 hcw85cir; C:\Windows\system32\drivers\hcw85cir.sys [26624 2009-07-13] (Hauppauge Computer Works, Inc.)
3 HdAudAddService; C:\Windows\System32\drivers\HdAudio.sys [304128 2009-07-13] (Microsoft Corporation)
3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [108544 2009-07-13] (Microsoft Corporation)
3 HECI; C:\Windows\system32\DRIVERS\HECI.sys [40832 2009-06-23] (Intel Corporation)
3 HidBatt; C:\Windows\system32\DRIVERS\HidBatt.sys [21504 2009-07-13] (Microsoft Corporation)
3 HidBth; C:\Windows\system32\DRIVERS\hidbth.sys [91136 2009-07-13] (Microsoft Corporation)
3 HidIr; C:\Windows\system32\DRIVERS\hidir.sys [37888 2009-07-13] (Microsoft Corporation)
3 HidUsb; C:\Windows\system32\DRIVERS\hidusb.sys [24064 2009-07-13] (Microsoft Corporation)
3 HpSAMD; C:\Windows\system32\DRIVERS\HpSAMD.sys [67152 2009-07-13] (Hewlett-Packard Company)
3 HTTP; C:\Windows\System32\drivers\HTTP.sys [513024 2009-07-13] (Microsoft Corporation)
0 hwpolicy; C:\Windows\System32\drivers\hwpolicy.sys [13904 2009-07-13] (Microsoft Corporation)
3 i8042prt; C:\Windows\System32\DRIVERS\i8042prt.sys [80896 2009-07-13] (Microsoft Corporation)
3 iaStor; C:\Windows\system32\DRIVERS\iaStor.sys [330264 2009-08-07] (Intel Corporation)
3 iaStorV; C:\Windows\system32\DRIVERS\iaStorV.sys [332160 2011-03-10] (Intel Corporation)
3 IBMPMDRV; C:\Windows\System32\DRIVERS\ibmpmdrv.sys [35272 2012-02-29] (Lenovo.)
3 igfx; C:\Windows\System32\DRIVERS\igdkmd32.sys [4756480 2009-06-10] (Intel Corporation)
3 iirsp; C:\Windows\system32\DRIVERS\iirsp.sys [41040 2009-07-13] (Intel Corp./ICP vortex GmbH)
0 intelide; C:\Windows\System32\drivers\intelide.sys [15424 2009-07-13] (Microsoft Corporation)
3 intelppm; C:\Windows\System32\DRIVERS\intelppm.sys [53760 2009-07-13] (Microsoft Corporation)
3 IpFilterDriver; C:\Windows\System32\DRIVERS\ipfltdrv.sys [58880 2009-07-13] (Microsoft Corporation)
3 IPMIDRV; C:\Windows\system32\DRIVERS\IPMIDrv.sys [65536 2009-07-13] (Microsoft Corporation)
3 IPNAT; C:\Windows\System32\drivers\ipnat.sys [101888 2009-07-13] (Microsoft Corporation)
2 irda; C:\Windows\System32\DRIVERS\irda.sys [96768 2009-07-13] (Microsoft Corporation)
3 IRENUM; C:\Windows\System32\drivers\irenum.sys [13824 2009-07-13] (Microsoft Corporation)
3 isapnp; C:\Windows\system32\DRIVERS\isapnp.sys [46656 2009-07-13] (Microsoft Corporation)
3 iScsiPrt; C:\Windows\system32\DRIVERS\msiscsi.sys [186960 2009-07-13] (Microsoft Corporation)
3 kbdclass; C:\Windows\System32\DRIVERS\kbdclass.sys [42576 2009-07-13] (Microsoft Corporation)
3 kbdhid; C:\Windows\system32\DRIVERS\kbdhid.sys [28160 2009-07-13] (Microsoft Corporation)
0 KSecDD; C:\Windows\System32\Drivers\ksecdd.sys [67440 2011-11-16] (Microsoft Corporation)
0 KSecPkg; C:\Windows\System32\Drivers\ksecpkg.sys [134000 2011-11-16] (Microsoft Corporation)
1 lenovo.smi; C:\Windows\System32\DRIVERS\smiif32.sys [13680 2010-09-07] (Lenovo Group Limited)
2 lltdio; C:\Windows\System32\DRIVERS\lltdio.sys [48128 2009-07-13] (Microsoft Corporation)
3 LSI_FC; C:\Windows\system32\DRIVERS\lsi_fc.sys [95824 2009-07-13] (LSI Corporation)
3 LSI_SAS; C:\Windows\system32\DRIVERS\lsi_sas.sys [89168 2009-07-13] (LSI Corporation)
3 LSI_SAS2; C:\Windows\system32\DRIVERS\lsi_sas2.sys [54864 2009-07-13] (LSI Corporation)
3 LSI_SCSI; C:\Windows\system32\DRIVERS\lsi_scsi.sys [96848 2009-07-13] (LSI Corporation)
2 luafv; C:\Windows\system32\drivers\luafv.sys [86528 2009-07-13] (Microsoft Corporation)
2 mdmxsdk; C:\Windows\System32\DRIVERS\mdmxsdk.sys [12672 2006-06-18] (Conexant)
3 megasas; C:\Windows\system32\DRIVERS\megasas.sys [30800 2009-07-13] (LSI Corporation)
3 MegaSR; C:\Windows\system32\DRIVERS\MegaSR.sys [235584 2009-07-13] (LSI Corporation, Inc.)
3 Modem; C:\Windows\System32\drivers\modem.sys [31744 2009-07-13] (Microsoft Corporation)
3 monitor; C:\Windows\System32\DRIVERS\monitor.sys [23552 2009-07-13] (Microsoft Corporation)
3 mouclass; C:\Windows\System32\DRIVERS\mouclass.sys [41552 2009-07-13] (Microsoft Corporation)
3 mouhid; C:\Windows\system32\DRIVERS\mouhid.sys [26112 2009-07-13] (Microsoft Corporation)
0 mountmgr; C:\Windows\System32\drivers\mountmgr.sys [78416 2009-07-13] (Microsoft Corporation)
3 mpio; C:\Windows\system32\DRIVERS\mpio.sys [130624 2009-07-13] (Microsoft Corporation)
3 mpsdrv; C:\Windows\System32\drivers\mpsdrv.sys [60416 2009-07-13] (Microsoft Corporation)
3 MRxDAV; C:\Windows\system32\drivers\mrxdav.sys [115712 2009-07-13] (Microsoft Corporation)
3 mrxsmb; C:\Windows\System32\DRIVERS\mrxsmb.sys [123392 2011-05-03] (Microsoft Corporation)
3 mrxsmb10; C:\Windows\System32\DRIVERS\mrxsmb10.sys [222720 2011-07-08] (Microsoft Corporation)
3 mrxsmb20; C:\Windows\System32\DRIVERS\mrxsmb20.sys [96256 2011-05-03] (Microsoft Corporation)
3 msahci; C:\Windows\system32\drivers\msahci.sys [27528 2010-08-09] (Microsoft Corporation)
3 msdsm; C:\Windows\system32\DRIVERS\msdsm.sys [115792 2009-07-13] (Microsoft Corporation)
1 Msfs; C:\Windows\System32\Drivers\Msfs.sys [22528 2009-07-13] (Microsoft Corporation)
3 mshidkmdf; C:\Windows\System32\drivers\mshidkmdf.sys [4096 2009-07-13] (Microsoft Corporation)
0 msisadrv; C:\Windows\System32\DRIVERS\msisadrv.sys [13888 2009-07-13] (Microsoft Corporation)
3 MSKSSRV; C:\Windows\System32\drivers\MSKSSRV.sys [8320 2009-07-13] (Microsoft Corporation)
3 MSPCLOCK; C:\Windows\System32\drivers\MSPCLOCK.sys [5888 2009-07-13] (Microsoft Corporation)
3 MSPQM; C:\Windows\System32\drivers\MSPQM.sys [5504 2009-07-13] (Microsoft Corporation)
3 MsRPC; C:\Windows\System32\Drivers\MsRPC.sys [162896 2009-07-13] (Microsoft Corporation)
1 mssmbios; C:\Windows\System32\DRIVERS\mssmbios.sys [28240 2009-07-13] (Microsoft Corporation)
3 MSTEE; C:\Windows\System32\drivers\MSTEE.sys [6144 2009-07-13] (Microsoft Corporation)
3 MTConfig; C:\Windows\system32\DRIVERS\MTConfig.sys [12288 2009-07-13] (Microsoft Corporation)
0 Mup; C:\Windows\System32\Drivers\mup.sys [49728 2009-07-13] (Microsoft Corporation)
3 NativeWifiP; C:\Windows\System32\DRIVERS\nwifi.sys [267264 2009-07-13] (Microsoft Corporation)
0 NDIS; C:\Windows\System32\drivers\ndis.sys [710720 2009-07-13] (Microsoft Corporation)
3 NdisCap; C:\Windows\System32\DRIVERS\ndiscap.sys [27136 2009-07-13] (Microsoft Corporation)
3 NdisTapi; C:\Windows\System32\DRIVERS\ndistapi.sys [20992 2009-07-13] (Microsoft Corporation)
3 Ndisuio; C:\Windows\System32\DRIVERS\ndisuio.sys [45568 2009-07-13] (Microsoft Corporation)
3 NdisWan; C:\Windows\System32\DRIVERS\ndiswan.sys [118784 2009-07-13] (Microsoft Corporation)
3 NDProxy; C:\Windows\System32\Drivers\NDProxy.sys [48128 2009-07-13] (Microsoft Corporation)
1 NetBIOS; C:\Windows\System32\DRIVERS\netbios.sys [36352 2009-07-13] (Microsoft Corporation)
1 NetBT; C:\Windows\System32\DRIVERS\netbt.sys [187904 2009-07-13] (Microsoft Corporation)
3 NETw5v32; C:\Windows\System32\DRIVERS\NETw5v32.sys [4231168 2009-07-13] (Intel Corporation)
3 nfrd960; C:\Windows\system32\DRIVERS\nfrd960.sys [44624 2009-07-13] (IBM Corporation)
1 Npfs; C:\Windows\System32\Drivers\Npfs.sys [35328 2009-07-13] (Microsoft Corporation)
3 NSCIRDA; C:\Windows\System32\DRIVERS\nscirda.sys [30720 2008-01-19] (National Semiconductor Corporation)
1 nsiproxy; C:\Windows\System32\drivers\nsiproxy.sys [16896 2009-07-13] (Microsoft Corporation)
3 Ntfs; C:\Windows\System32\Drivers\Ntfs.sys [1210240 2011-03-10] (Microsoft Corporation)
1 Null; C:\Windows\System32\Drivers\Null.sys [4608 2009-07-13] (Microsoft Corporation)
3 nvraid; C:\Windows\system32\DRIVERS\nvraid.sys [117120 2011-03-10] (NVIDIA Corporation)
3 nvstor; C:\Windows\system32\DRIVERS\nvstor.sys [143744 2011-03-10] (NVIDIA Corporation)
3 nv_agp; C:\Windows\system32\DRIVERS\nv_agp.sys [105024 2009-07-13] (Microsoft Corporation)
3 ohci1394; C:\Windows\system32\DRIVERS\ohci1394.sys [62464 2009-07-13] (Microsoft Corporation)
3 Parport; C:\Windows\system32\DRIVERS\parport.sys [79360 2009-07-13] (Microsoft Corporation)
0 partmgr; C:\Windows\System32\drivers\partmgr.sys [56688 2012-03-16] (Microsoft Corporation)
2 Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [8704 2009-07-13] (Microsoft Corporation)
0 pci; C:\Windows\System32\DRIVERS\pci.sys [153680 2009-07-13] (Microsoft Corporation)
3 pciide; C:\Windows\system32\drivers\pciide.sys [12368 2009-07-13] (Microsoft Corporation)
0 pcmcia; C:\Windows\System32\DRIVERS\pcmcia.sys [180288 2009-07-13] (Microsoft Corporation)
0 pcw; C:\Windows\System32\drivers\pcw.sys [43088 2009-07-13] (Microsoft Corporation)
2 PEAUTH; C:\Windows\System32\drivers\peauth.sys [586752 2009-07-13] (Microsoft Corporation)
3 PptpMiniport; C:\Windows\System32\DRIVERS\raspptp.sys [73728 2009-07-13] (Microsoft Corporation)
3 prepdrvr; \??\C:\Windows\CCM\prepdrv.sys [20848 2012-02-20] (Microsoft Corporation)
3 Processor; C:\Windows\system32\DRIVERS\processr.sys [52224 2009-07-13] (Microsoft Corporation)
3 psadd; C:\Windows\System32\DRIVERS\psadd.sys [33080 2011-12-26] (Lenovo Information Product(ShenZhen China) Inc.)
1 Psched; C:\Windows\System32\DRIVERS\pacer.sys [104448 2009-07-13] (Microsoft Corporation)
0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [45200 2009-07-08] (Sonic Solutions)
3 ql2300; C:\Windows\system32\DRIVERS\ql2300.sys [1383488 2009-07-13] (QLogic Corporation)
3 ql40xx; C:\Windows\system32\DRIVERS\ql40xx.sys [106064 2009-07-13] (QLogic Corporation)
3 QWAVEdrv; C:\Windows\system32\drivers\qwavedrv.sys [31744 2009-07-13] (Microsoft Corporation)
3 RasAcd; C:\Windows\System32\DRIVERS\rasacd.sys [11776 2009-07-13] (Microsoft Corporation)
3 RasAgileVpn; C:\Windows\System32\DRIVERS\AgileVpn.sys [49152 2009-07-13] (Microsoft Corporation)
3 Rasl2tp; C:\Windows\System32\DRIVERS\rasl2tp.sys [78848 2009-07-13] (Microsoft Corporation)
3 RasPppoe; C:\Windows\System32\DRIVERS\raspppoe.sys [77824 2009-07-13] (Microsoft Corporation)
3 RasSstp; C:\Windows\System32\DRIVERS\rassstp.sys [75264 2009-07-13] (Microsoft Corporation)
1 rdbss; C:\Windows\System32\DRIVERS\rdbss.sys [241664 2009-07-13] (Microsoft Corporation)
3 rdpbus; C:\Windows\System32\DRIVERS\rdpbus.sys [18944 2009-07-13] (Microsoft Corporation)
1 RDPCDD; C:\Windows\System32\DRIVERS\RDPCDD.sys [6656 2009-07-13] (Microsoft Corporation)
3 RDPDR; C:\Windows\System32\drivers\rdpdr.sys [133120 2009-07-13] (Microsoft Corporation)
1 RDPENCDD; C:\Windows\System32\drivers\rdpencdd.sys [6656 2009-07-13] (Microsoft Corporation)
1 RDPREFMP; C:\Windows\System32\drivers\rdprefmp.sys [7168 2009-07-13] (Microsoft Corporation)
3 RDPWD; C:\Windows\System32\Drivers\RDPWD.sys [177152 2012-04-27] (Microsoft Corporation)
0 rdyboost; C:\Windows\System32\drivers\rdyboost.sys [173648 2009-07-13] (Microsoft Corporation)
2 regi; C:\Windows\System32\drivers\regi.sys [11032 2007-04-17] (InterVideo)
3 RFCOMM; C:\Windows\System32\DRIVERS\rfcomm.sys [129536 2009-07-13] (Microsoft Corporation)
2 rimmptsk; C:\Windows\System32\DRIVERS\rimmptsk.sys [48128 2009-09-07] (REDC)
2 rimsptsk; C:\Windows\System32\DRIVERS\rimsptsk.sys [44544 2009-09-15] (REDC)
2 rismxdp; C:\Windows\System32\DRIVERS\rixdptsk.sys [38400 2009-09-15] (REDC)
2 rspndr; C:\Windows\System32\DRIVERS\rspndr.sys [60928 2009-07-13] (Microsoft Corporation)
3 s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [5632 2009-07-13] (Microsoft Corporation)
1 SAVOnAccess; C:\Windows\System32\DRIVERS\savonaccess.sys [123680 2012-05-11] (Sophos Limited)
3 sbp2port; C:\Windows\system32\DRIVERS\sbp2port.sys [85568 2009-07-13] (Microsoft Corporation)
3 scfilter; C:\Windows\System32\DRIVERS\scfilter.sys [26624 2009-07-13] (Microsoft Corporation)
3 sdbus; C:\Windows\system32\drivers\sdbus.sys [84992 2009-10-09] (Microsoft Corporation)
3 sdcfilter; C:\Windows\System32\DRIVERS\sdcfilter.sys [33696 2011-10-23] (Sophos Limited)
2 secdrv; C:\Windows\System32\Drivers\secdrv.sys [20480 2009-07-13] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
3 Serenum; C:\Windows\system32\DRIVERS\serenum.sys [17920 2009-07-13] (Microsoft Corporation)
3 Serial; C:\Windows\system32\DRIVERS\serial.sys [83456 2009-07-13] (Microsoft Corporation)
3 sermouse; C:\Windows\system32\DRIVERS\sermouse.sys [19968 2009-07-13] (Microsoft Corporation)
3 sffdisk; C:\Windows\system32\drivers\sffdisk.sys [11264 2009-07-13] (Microsoft Corporation)
3 sffp_mmc; C:\Windows\system32\drivers\sffp_mmc.sys [12288 2009-07-13] (Microsoft Corporation)
3 sffp_sd; C:\Windows\system32\drivers\sffp_sd.sys [12800 2009-10-09] (Microsoft Corporation)
3 sfloppy; C:\Windows\system32\DRIVERS\sfloppy.sys [13824 2009-07-13] (Microsoft Corporation)
0 Shockprf; C:\Windows\System32\DRIVERS\Apsx86.sys [122992 2011-03-29] (Lenovo.)
3 sisagp; C:\Windows\system32\DRIVERS\sisagp.sys [52304 2009-07-13] (Microsoft Corporation)
3 SiSRaid2; C:\Windows\system32\DRIVERS\SiSRaid2.sys [40016 2009-07-13] (Silicon Integrated Systems Corp.)
3 SiSRaid4; C:\Windows\system32\DRIVERS\sisraid4.sys [77888 2009-07-13] (Silicon Integrated Systems)
1 SKMScan; C:\Windows\System32\DRIVERS\skmscan.sys [31736 2011-10-13] (Sophos Plc)
3 Smb; C:\Windows\System32\DRIVERS\smb.sys [71168 2009-07-13] (Microsoft Corporation)
2 smihlp; \??\C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [12560 2009-03-13] (UPEK Inc.)
4 SophosBootDriver; C:\Windows\System32\DRIVERS\SophosBootDriver.sys [22536 2011-10-23] (Sophos Plc)
0 spldr; C:\Windows\System32\Drivers\spldr.sys [17472 2009-07-13] (Microsoft Corporation)
3 srv; C:\Windows\System32\DRIVERS\srv.sys [311296 2011-04-28] (Microsoft Corporation)
3 srv2; C:\Windows\System32\DRIVERS\srv2.sys [309760 2011-04-28] (Microsoft Corporation)
3 SrvHsfHDA; C:\Windows\System32\DRIVERS\VSTAZL3.SYS [207360 2009-07-13] (Conexant Systems, Inc.)
3 SrvHsfV92; C:\Windows\System32\DRIVERS\VSTDPV3.SYS [980992 2009-07-13] (Conexant Systems, Inc.)
3 SrvHsfWinac; C:\Windows\System32\DRIVERS\VSTCNXT3.SYS [661504 2009-07-13] (Conexant Systems, Inc.)
3 srvnet; C:\Windows\System32\DRIVERS\srvnet.sys [114176 2011-04-28] (Microsoft Corporation)
3 stexstor; C:\Windows\system32\DRIVERS\stexstor.sys [21072 2009-07-13] (Promise Technology)
0 storflt; C:\Windows\System32\DRIVERS\vmstorfl.sys [40896 2009-07-13] (Microsoft Corporation)
3 storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [28224 2009-07-13] (Microsoft Corporation)
3 swenum; C:\Windows\System32\DRIVERS\swenum.sys [12240 2009-07-13] (Microsoft Corporation)
3 SynTP; C:\Windows\System32\DRIVERS\SynTP.sys [309264 2011-12-23] (Synaptics Incorporated)
0 Tcpip; C:\Windows\System32\drivers\tcpip.sys [1287024 2012-03-30] (Microsoft Corporation)
3 TCPIP6; C:\Windows\System32\DRIVERS\tcpip.sys [1287024 2012-03-30] (Microsoft Corporation)
2 tcpipreg; C:\Windows\System32\drivers\tcpipreg.sys [34816 2009-07-13] (Microsoft Corporation)
3 TDPIPE; C:\Windows\System32\drivers\tdpipe.sys [17920 2009-07-13] (Microsoft Corporation)
3 TDTCP; C:\Windows\System32\drivers\tdtcp.sys [24064 2012-02-14] (Microsoft Corporation)
1 tdx; C:\Windows\System32\DRIVERS\tdx.sys [74240 2009-07-13] (Microsoft Corporation)
1 TermDD; C:\Windows\System32\DRIVERS\termdd.sys [51776 2009-07-13] (Microsoft Corporation)
0 TPDIGIMN; C:\Windows\System32\DRIVERS\ApsHM86.sys [20592 2011-03-29] (Lenovo.)
3 TPM; C:\Windows\System32\drivers\tpm.sys [30720 2009-07-13] (Microsoft Corporation)
1 TPPWRIF; C:\Windows\System32\drivers\Tppwr32v.sys [17736 2012-03-15] (Lenovo Group Limited)
3 tssecsrv; C:\Windows\System32\DRIVERS\tssecsrv.sys [30208 2009-07-13] (Microsoft Corporation)
3 tunnel; C:\Windows\System32\DRIVERS\tunnel.sys [108544 2009-07-13] (Microsoft Corporation)
3 uagp35; C:\Windows\system32\DRIVERS\uagp35.sys [55888 2009-07-13] (Microsoft Corporation)
4 udfs; C:\Windows\System32\DRIVERS\udfs.sys [246784 2009-07-13] (Microsoft Corporation)
3 uliagpkx; C:\Windows\system32\DRIVERS\uliagpkx.sys [57424 2009-07-13] (Microsoft Corporation)
3 umbus; C:\Windows\System32\DRIVERS\umbus.sys [39936 2009-07-13] (Microsoft Corporation)
3 UmPass; C:\Windows\system32\DRIVERS\umpass.sys [8192 2009-07-13] (Microsoft Corporation)
3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [43520 2012-02-15] (Apple, Inc.)
3 usbccgp; C:\Windows\system32\drivers\usbccgp.sys [75776 2011-03-24] (Microsoft Corporation)
3 usbcir; C:\Windows\system32\DRIVERS\usbcir.sys [86016 2009-07-13] (Microsoft Corporation)
3 usbehci; C:\Windows\System32\DRIVERS\usbehci.sys [43008 2011-03-24] (Microsoft Corporation)
3 usbhub; C:\Windows\System32\DRIVERS\usbhub.sys [258560 2011-03-24] (Microsoft Corporation)
3 usbohci; C:\Windows\system32\drivers\usbohci.sys [20480 2011-03-24] (Microsoft Corporation)
3 usbprint; C:\Windows\system32\DRIVERS\usbprint.sys [19968 2009-07-13] (Microsoft Corporation)
3 USBSTOR; C:\Windows\System32\DRIVERS\USBSTOR.SYS [75776 2011-03-10] (Microsoft Corporation)
3 usbuhci; C:\Windows\System32\DRIVERS\usbuhci.sys [24064 2011-03-24] (Microsoft Corporation)
0 vdrvroot; C:\Windows\System32\DRIVERS\vdrvroot.sys [32832 2009-07-13] (Microsoft Corporation)
3 vga; C:\Windows\System32\DRIVERS\vgapnp.sys [26112 2009-07-13] (Microsoft Corporation)
1 VgaSave; C:\Windows\System32\drivers\vga.sys [25088 2009-07-13] (Microsoft Corporation)
3 vhdmp; C:\Windows\system32\DRIVERS\vhdmp.sys [159824 2009-07-13] (Microsoft Corporation)
3 viaagp; C:\Windows\system32\DRIVERS\viaagp.sys [53328 2009-07-13] (Microsoft Corporation)
3 ViaC7; C:\Windows\system32\DRIVERS\viac7.sys [52736 2009-07-13] (Microsoft Corporation)
3 viaide; C:\Windows\system32\drivers\viaide.sys [16976 2009-07-13] (VIA Technologies, Inc.)
3 vmbus; C:\Windows\system32\DRIVERS\vmbus.sys [175824 2009-07-13] (Microsoft Corporation)
3 VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [17920 2009-07-13] (Microsoft Corporation)
0 volmgr; C:\Windows\System32\DRIVERS\volmgr.sys [53312 2009-07-13] (Microsoft Corporation)
0 volmgrx; C:\Windows\System32\drivers\volmgrx.sys [297040 2009-07-13] (Microsoft Corporation)
0 volsnap; C:\Windows\System32\DRIVERS\volsnap.sys [245328 2009-07-13] (Microsoft Corporation)
3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [165376 2009-09-22] (Microsoft Corporation)
1 vpcnfltr; C:\Windows\System32\DRIVERS\vpcnfltr.sys [55040 2009-09-22] (Microsoft Corporation)
3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [78336 2009-09-22] (Microsoft Corporation)
1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [294912 2009-09-22] (Microsoft Corporation)
3 vsmraid; C:\Windows\system32\DRIVERS\vsmraid.sys [141904 2009-07-13] (VIA Technologies Inc.,Ltd)
3 vwifibus; C:\Windows\System32\DRIVERS\vwifibus.sys [19968 2009-07-13] (Microsoft Corporation)
1 vwififlt; C:\Windows\System32\DRIVERS\vwififlt.sys [48128 2009-07-13] (Microsoft Corporation)
3 WacomPen; C:\Windows\system32\DRIVERS\wacompen.sys [21632 2009-07-13] (Microsoft Corporation)
3 WANARP; C:\Windows\System32\DRIVERS\wanarp.sys [63488 2009-07-13] (Microsoft Corporation)
1 Wanarpv6; C:\Windows\System32\DRIVERS\wanarp.sys [63488 2009-07-13] (Microsoft Corporation)
3 Wd; C:\Windows\system32\DRIVERS\wd.sys [19024 2009-07-13] (Microsoft Corporation)
0 Wdf01000; C:\Windows\System32\drivers\Wdf01000.sys [445008 2009-07-13] (Microsoft Corporation)
1 WfpLwf; C:\Windows\System32\DRIVERS\wfplwf.sys [9728 2009-07-13] (Microsoft Corporation)
3 WIMMount; C:\Windows\System32\drivers\wimmount.sys [19008 2009-07-13] (Microsoft Corporation)
3 WinUsb; C:\Windows\System32\DRIVERS\WinUSB.sys [35840 2009-09-10] (Microsoft Corporation)
3 WmiAcpi; C:\Windows\System32\DRIVERS\wmiacpi.sys [11264 2009-07-13] (Microsoft Corporation)
1 ws2ifsl; C:\Windows\system32\drivers\ws2ifsl.sys [16384 2009-07-13] (Microsoft Corporation)
3 WudfPf; C:\Windows\System32\drivers\WudfPf.sys [92672 2009-07-13] (Microsoft Corporation)
3 WUDFRd; C:\Windows\System32\DRIVERS\WUDFRd.sys [132224 2009-07-13] (Microsoft Corporation)
3 catchme; \??\C:\Users\ADMINI~1\AppData\Local\Temp\catchme.sys [x]
3 NETw5s32; C:\Windows\System32\DRIVERS\NETw5s32.sys [x]
1 SASDIFSV; \??\C:\Users\ADMINI~1\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV.SYS [x]
1 SASKUTIL; \??\C:\Users\ADMINI~1\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL.SYS [x]

========================== Drivers MD5 =======================

C:\Windows\System32\DRIVERS\1394ohci.sys 6D2ACA41739BFE8CB86EE8E85F29697D
C:\Windows\System32\DRIVERS\5U875.sys AB3006F949FD4DED75F8665D9EB24181
C:\Windows\System32\DRIVERS\ACPI.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\agp440.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\djsvs.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdagp.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdsata.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\amdxata.sys ==> MD5 is legit
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\athr.sys 76BAB0C824E2D05B940C4DD40A9B08BF
C:\Windows\System32\DRIVERS\atikmdag.sys 107D6792A9473B9BFB553B0465460564
C:\Windows\System32\Drivers\ATSwpWDF.sys BEFE54E9BC648A3C79C917A63B6EE7DA
C:\Windows\system32\DRIVERS\bxvbdx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60x.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bridge.sys 77361D72A04F18809D0EFB6CCEB74D4B
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\drivers\BthEnum.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bthpan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BTHport.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BTHUSB.sys ==> MD5 is legit
C:\Windows\System32\drivers\btusbflt.sys F549C3FB145A4928E40BB1518B2034DC
C:\Windows\System32\drivers\btwaudio.sys F8B4F60768328FAA2FFE2727F66809F8
C:\Windows\System32\drivers\btwavdt.sys FA7446DD38DE84D4988D1F2EBB854589
C:\Windows\System32\DRIVERS\btwl2cap.sys AAFD7CB76BA61FBB08E302DA208C974A
C:\Windows\System32\DRIVERS\btwrchid.sys D5862FBC1CBC0404614FD9D85C8D880E
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\system32\Drivers\cdprku.sys 8E543D11392CB8C086B7FF81166E565E
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys 36C252E474B2FFA0F0FBBFF20D92A640
C:\Windows\System32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\csc.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CVirtA.sys B5ECADF7708960F1818C7FA015F4C239
C:\Windows\system32\Drivers\CVPNDRVA.sys 34C345AAF390C12AE6E51B75198E8564
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\dne2000.sys B5AA5AA5AC327BD7C1AEC0C58F0C1144
C:\Windows\System32\DRIVERS\DozeHDD.sys 3C2FEC38D9D825C69C29FE5EB7339CB5
C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\e1e6232.sys 0535BFBEDB9378DDD15BDF9957D57D71
C:\Windows\System32\DRIVERS\e1y6032.sys C90CE29DF8B9836CC6514CE9F53D0EB5
C:\Windows\system32\DRIVERS\evbdx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legitB
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 500A9814FD9446A8126858A5A7F7D273
C:\Windows\System32\DRIVERS\fvevol.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\GEARAspiWDM.sys ==> MD5 is legit
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\HECI.sys 30D57EE84E1E169D41A6E873B549A096
C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\iaStor.sys 01446278D4563B3013C92830AE6CBB26
C:\Windows\system32\DRIVERS\iaStorV.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ibmpmdrv.sys 4817B7C1B4530AE23EABF6B759D766A5
C:\Windows\System32\DRIVERS\igdkmd32.sys AD626F6964F4D364D226C39E06872DD3
C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit
C:\Windows\System32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\irda.sys 9F7E491FB0BA0F9E370163834FC1FE31
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\isapnp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\msiscsi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys 0263364ACB9C834ACE52FB85C2C064EC
C:\Windows\System32\Drivers\ksecpkg.sys 27391DB553BE2A4E2B0ADEEA2873B2AF
C:\Windows\System32\DRIVERS\smiif32.sys 9AAC267A225F3CAEBB9E633F7EB16E4B
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mdmxsdk.sys 0CEA2D0D3FA284B85ED5B68365114F76
C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mrxsmb.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mrxsmb10.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mrxsmb20.sys ==> MD5 is legit
C:\Windows\system32\drivers\msahci.sys 4E00965BB3C471D52B07C9C3C59A82CF
C:\Windows\system32\DRIVERS\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\NETw5v32.sys 58218EC6B61B1169CF54AAB0D00F5FE2
C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nscirda.sys 6D8D2E5652FC2442C810C5D8BE784148
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\nvraid.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\nvstor.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys 66D3415C159741ADE7038A277EFFF99F
C:\Windows\system32\DRIVERS\parvdm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pci.sys C858CB77C577780ECC456A892E7E7D0F
C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\CCM\prepdrv.sys 1CEF19A38EC0349B91823989087D2DF6
C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\psadd.sys 80DDC44934305224AEBFC37A264803C2
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\System32\Drivers\PxHelp20.sys 40FEDD328F98245AD201CF5F9F311724
C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys 835D7E81BF517A3B72384BDCC85E1CE6
C:\Windows\System32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys 1E016846895B15A99F9A176A05029075
C:\Windows\System32\drivers\rdpdr.sys C5FF95883FFEF704D50C40D21CFB3AB5
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RDPWD.sys C5B8D47A4688DE9D335204EA757C2240
C:\Windows\System32\drivers\rdyboost.sys 4EA225BF1CF05E158853F30A99CA29A7
C:\Windows\System32\drivers\regi.sys 001B4278407F4303EFC902A2B16F2453
C:\Windows\System32\DRIVERS\rfcomm.sys CB928D9E6DAF51879DD6BA8D02F01321
C:\Windows\System32\DRIVERS\rimmptsk.sys D65AC8797F0286ED269500747D6290A4
C:\Windows\System32\DRIVERS\rimsptsk.sys 49EC82B44EB93374ED9988DA7E0E0151
C:\Windows\System32\DRIVERS\rixdptsk.sys 3F400C3CCD0818858602DDB37B5DE719
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\vms3cap.sys 5423D8437051E89DD34749F242C98648
C:\Windows\System32\DRIVERS\savonaccess.sys E2C05310219E327E232291543C348B73
C:\Windows\system32\DRIVERS\sbp2port.sys 34EE0C44B724E3E4CE2EFF29126DE5B5
C:\Windows\System32\DRIVERS\scfilter.sys A95C54B2AC3CC9C73FCDF9E51A1D6B51
C:\Windows\system32\drivers\sdbus.sys AA826E35F6D28A8E5D1EFEB337F24BA2
C:\Windows\System32\DRIVERS\sdcfilter.sys 4F21774E1259A546B992D9EAACDFD778
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys A0708BBD07D245C06FF9DE549CA47185
C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Apsx86.sys 1624530D05155F4E5A4736531523BFF5
C:\Windows\system32\DRIVERS\sisagp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\skmscan.sys E407A8EEA2FD4BF560C05C0EBF1793B3
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys 0B9C01236D25BDCB37AA79DC59DFB7D3
C:\Windows\System32\DRIVERS\SophosBootDriver.sys F2B7BD04146B3E6A895A1919E1F5DA89
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys C4A027B8C0BD3FC0699F41FA5E9E0C87
C:\Windows\System32\DRIVERS\srv2.sys 414BB592CAD8A79649D01F9D94318FB3
C:\Windows\System32\DRIVERS\VSTAZL3.SYS E00FDFAFF025E94F9821153750C35A6D
C:\Windows\System32\DRIVERS\VSTDPV3.SYS CEB4E3B6890E1E42DCA6694D9E59E1A0
C:\Windows\System32\DRIVERS\VSTCNXT3.SYS BC0C7EA89194C299F051C24119000E17
C:\Windows\System32\DRIVERS\srvnet.sys FF207D67700AA18242AAF985D3E7D8F4
C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vmstorfl.sys 957E346CA948668F2496A6CCF6FF82CC
C:\Windows\system32\DRIVERS\storvsc.sys D5751969DC3E4B88BF482AC8EC9FE019
C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\SynTP.sys B53AA89920BBA67857C899389186FB56
C:\Windows\System32\drivers\tcpip.sys 55E9965552741F3850CB22CBBA9671ED
C:\Windows\System32\DRIVERS\tcpip.sys 55E9965552741F3850CB22CBBA9671ED
C:\Windows\System32\drivers\tcpipreg.sys E64444523ADD154F86567C469BC0B17F
C:\Windows\System32\drivers\tdpipe.sys 1875C1490D99E70E449E3AFAE9FCBADF
C:\Windows\System32\drivers\tdtcp.sys 7156308896D34EA75A582F9A09E50C17
C:\Windows\System32\DRIVERS\tdx.sys CB39E896A2A83702D1737BFD402B3542
C:\Windows\System32\DRIVERS\termdd.sys C36F41EE20E6999DBF4B0425963268A5
C:\Windows\System32\DRIVERS\ApsHM86.sys D2378FBBD668D9FE9B6B5E3139D506D3
C:\Windows\System32\drivers\tpm.sys 5AD05191DC8B444A7BA4D79B76C42A30
C:\Windows\System32\drivers\Tppwr32v.sys C9DA1FEF94EF44D7BD0CA0CBDAD5C44C
C:\Windows\System32\DRIVERS\tssecsrv.sys 98AE6FA07D12CB4EC5CF4A9BFA5F4242
C:\Windows\System32\DRIVERS\tunnel.sys 3E461D890A97F9D4C168F5FDA36E1D00
C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys 09CC3E16F8E5EE7168E01CF8FCBE061A
C:\Windows\system32\DRIVERS\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys 049B3A50B3D646BAEEEE9EEC9B0668DC
C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit
C:\Windows\System32\Drivers\usbaapl.sys EAFE1E00739AFE6C51487A050E772E17
C:\Windows\system32\drivers\usbccgp.sys C31AE588E403042632DC796CF09E30B0
C:\Windows\system32\DRIVERS\usbcir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbehci.sys E4C436D914768CE965D5E659BA7EEBD8
C:\Windows\System32\DRIVERS\usbhub.sys BDCD7156EC37448F08633FD899823620
C:\Windows\system32\drivers\usbohci.sys EB2D819A639015253C871CDA09D91D58
C:\Windows\system32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\USBSTOR.SYS 1C4287739A93594E57E2A9E6A3ED7353
C:\Windows\System32\DRIVERS\usbuhci.sys 22480BF4E5A09192E5E30BA4DDE79FA4
C:\Windows\System32\DRIVERS\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\vhdmp.sys 3BE6E1F3A4F1AFEC8CEE0D7883F93583
C:\Windows\system32\DRIVERS\viaagp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\viac7.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\vmbus.sys 379B349F65F453D2A6E75EA6B7448E49
C:\Windows\system32\DRIVERS\VMBusHID.sys EC2BBAB4B84D0738C6C83D2234DC36FE
C:\Windows\System32\DRIVERS\volmgr.sys 384E5A2AA49934295171E499F86BA6F3
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\volsnap.sys 58DF9D2481A56EDDE167E51B334D44FD
C:\Windows\System32\DRIVERS\vpchbus.sys 33E74DF34753FCAAB06F6F2BDC8CABF5
C:\Windows\System32\DRIVERS\vpcnfltr.sys 5F04362CEB5FB5901037E9D9EADD3760
C:\Windows\System32\DRIVERS\vpcusb.sys 625088D6EE9EDE977FD03CF18D1CD5C5
C:\Windows\System32\drivers\vpcvmm.sys 5ED378D91E32134F3C0B3810860FFD71
C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys 7090D3436EEB4E7DA3373090A23448F7
C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys 692A712062146E96D28BA0B7D75DE31B
C:\Windows\System32\DRIVERS\wanarp.sys 692A712062146E96D28BA0B7D75DE31B
C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUSB.sys B5BA3CC19D00F2EBA92F1CFBEBB5D650
C:\Windows\System32\DRIVERS\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys 6F9B6C0C93232CFF47D0F72D6DB1D21E
C:\Windows\System32\DRIVERS\WUDFRd.sys F91FF1E51FCA30B3C3981DB7D5924252

========================== NetSvcs (Whitelisted) ===========


========================= Known DLLs =========================

[2009-07-13 15:44] - [2009-07-13 17:15] - 0522240 ____A (Microsoft Corporation) C:\Windows\System32\clbcatq.dll
[2011-05-05 11:22] - [2010-06-28 21:02] - 1413632 ____A (Microsoft Corporation) C:\Windows\System32\ole32.dll
[2009-07-13 16:20] - [2009-07-13 17:14] - 0640000 ____A (Microsoft Corporation) C:\Windows\System32\advapi32.dll
[2009-07-13 15:39] - [2009-07-13 17:15] - 0486912 ____A (Microsoft Corporation) C:\Windows\System32\COMDLG32.dll
[2009-07-13 15:26] - [2009-07-13 17:15] - 0304640 ____A (Microsoft Corporation) C:\Windows\System32\gdi32.dll
[2012-06-25 04:49] - [2012-04-19 21:05] - 2072576 ____A (Microsoft Corporation) C:\Windows\System32\IERTUTIL.dll
[2012-05-12 16:36] - [2012-02-29 21:45] - 0158720 ____A (Microsoft Corporation) C:\Windows\System32\IMAGEHLP.dll
[2009-07-13 15:25] - [2009-07-13 17:15] - 0118272 ____A (Microsoft Corporation) C:\Windows\System32\IMM32.dll
[2011-08-24 11:05] - [2011-07-15 20:34] - 0868352 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
[2009-07-13 15:25] - [2009-07-13 17:15] - 0026624 ____A (Microsoft Corporation) C:\Windows\System32\LPK.dll
[2009-07-13 15:28] - [2009-07-13 17:15] - 0828928 ____A (Microsoft Corporation) C:\Windows\System32\MSCTF.dll
[2012-05-15 09:31] - [2011-12-15 23:59] - 0690688 ____A (Microsoft Corporation) C:\Windows\System32\MSVCRT.dll
[2009-07-13 15:15] - [2009-07-13 17:09] - 0002048 ____A (Microsoft Corporation) C:\Windows\System32\NORMALIZ.dll
[2009-07-13 15:12] - [2009-07-13 17:16] - 0008704 ____A (Microsoft Corporation) C:\Windows\System32\NSI.dll
[2012-05-15 09:20] - [2011-08-26 20:43] - 0571904 ____A (Microsoft Corporation) C:\Windows\System32\OLEAUT32.dll
[2009-07-13 15:15] - [2009-07-13 17:16] - 0006144 ____A (Microsoft Corporation) C:\Windows\System32\PSAPI.dll
[2009-07-13 15:13] - [2009-07-13 17:16] - 0652288 ____A (Microsoft Corporation) C:\Windows\System32\rpcrt4.dll
[2009-07-13 15:11] - [2009-07-13 17:16] - 0092160 ____A (Microsoft Corporation) C:\Windows\System32\sechost.dll
[2009-07-13 15:16] - [2009-07-13 17:16] - 1668608 ____A (Microsoft Corporation) C:\Windows\System32\Setupapi.dll
[2012-05-11 05:37] - [2012-01-04 01:03] - 12868096 ____A (Microsoft Corporation) C:\Windows\System32\SHELL32.dll
[2009-07-13 15:39] - [2009-07-13 17:16] - 0350208 ____A (Microsoft Corporation) C:\Windows\System32\SHLWAPI.dll
[2012-06-25 04:49] - [2012-04-19 21:07] - 1230336 ____A (Microsoft Corporation) C:\Windows\System32\URLMON.dll
[2009-07-13 15:24] - [2009-07-13 17:16] - 0811520 ____A (Microsoft Corporation) C:\Windows\System32\user32.dll
[2009-07-13 15:25] - [2009-07-13 17:16] - 0627200 ____A (Microsoft Corporation) C:\Windows\System32\USP10.dll
[2012-06-25 04:49] - [2012-05-14 19:08] - 0981504 ____A (Microsoft Corporation) C:\Windows\System32\WININET.dll
[2009-07-13 15:38] - [2009-07-13 17:16] - 0268800 ____A (Microsoft Corporation) C:\Windows\System32\WLDAP32.dll
[2009-07-13 15:12] - [2009-07-13 17:16] - 0206336 ____A (Microsoft Corporation) C:\Windows\System32\WS2_32.dll
[2009-07-13 15:16] - [2009-07-13 17:15] - 0315904 ____A (Microsoft Corporation) C:\Windows\System32\DifxApi.dll

========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 20%
Total physical RAM: 2046.43 MB
Available physical RAM: 1619.13 MB
Total Pagefile: 2046.43 MB
Available Pagefile: 1617.2 MB
Total Virtual: 2047.88 MB
Available Virtual: 1977.44 MB

======================= Partitions =========================

1 Drive c: (OSDisk) (Fixed) (Total:92.61 GB) (Free:56.01 GB) NTFS ==>[System with boot components (obtained from reading drive)]
3 Drive f: (BIGKINGSTON) (Removable) (Total:3.65 GB) (Free:3.11 GB) FAT32
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
5 Drive y: (BDEDrive) (Fixed) (Total:0.55 GB) (Free:0.51 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 93 GB 0 B
Disk 1 Online 3745 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 92 GB 1024 KB
Partition 2 Primary 560 MB 92 GB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C OSDisk NTFS Partition 92 GB Healthy

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 Y BDEDrive NTFS Partition 560 MB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3741 MB 4032 KB

==================================================================================

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F BIGKINGSTON FAT32 Removable 3741 MB Healthy

==================================================================================

==========================================================

Last Boot: 2012-07-19 08:48

======================= End Of Log ==========================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users