Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Trojan.Zeroacces.C , Trojan.Gen.2 , Trojan.Zeroacces.B


  • This topic is locked This topic is locked
30 replies to this topic

#1 mxboy57

mxboy57

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:11:26 AM

Posted 13 August 2012 - 02:28 PM

I had a pop up with a seemingly normal Adobe Flash update. I tried to close it but when I closed it it popped right back up again (That's unusual). Then about ten seconds later my anti virus software popped up with a lot of notifications of Trojan.Gen.2 , Trojan.Zeroacces.B , Trojan.Zeroacces.C. The antivirus quarantines them but they keep on coming back and the anti virus has to quarantine them again. I am running Symantec endpoint protection.
Thanks for the help.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Christopher at 13:55:06 on 2012-08-13
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3933.1381 [GMT -5:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Symantec Endpoint Protection *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Symantec Endpoint Protection *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\PROGRA~1\Lenovo\HOTKEY\tpnumlk.exe
C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe
C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\DDNI\DIBS\DDNIService.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe
c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin64\Smc.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\DDNI\Lenovo Idea Notes\DDNIMSGService.exe
C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\Program Files (x86)\Lenovo\System Update\SUService.exe
C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe
C:\Windows\Explorer.EXE
C:\Windows\SysWOW64\jusched.exe
C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Program Files\Lenovo\HOTKEY\tpfnf6r.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\TpShocks.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
C:\Program Files (x86)\DDNI\Lenovo Idea Notes\DDNIMSGUser.exe
C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Belkin\Belkin USB Print and Storage Center\connect.exe
C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
C:\Program Files (x86)\Belkin\Router Setup and Monitor\dlnaPlugin.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\SavUI.exe
"C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://yahoo.com/
uDefault_Page_URL = hxxp://lenovo.msn.com
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\bin\IPS\IPSBHO.DLL
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
mRun: [Message Center Plus] C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe /start
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"
mRun: [IdeaNotesUser] C:\Program Files (x86)\DDNI\Lenovo Idea Notes\DDNIMSGUser.exe
mRun: [InstaLAN] "C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startup
mRun: [Cisco AnyConnect Secure Mobility Agent for Windows] "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{0A469752-39D3-4927-BD26-8E020EFBF0BA} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{4EC90D62-AD02-4CD9-A09E-2A44CED63EF8} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{4EC90D62-AD02-4CD9-A09E-2A44CED63EF8}\14C6C696761647F62713 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{4EC90D62-AD02-4CD9-A09E-2A44CED63EF8}\2656C6B696E6E2563646E2537484A7 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{4EC90D62-AD02-4CD9-A09E-2A44CED63EF8}\4597C65627 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{4EC90D62-AD02-4CD9-A09E-2A44CED63EF8}\557594E4 : DhcpNameServer = 130.70.128.2 130.70.132.233 130.70.128.3
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Notify: SEP - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\WinLogoutNotifier.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
LSA: Notification Packages = scecli ACGina
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\bin\IPS\IPSBHO.DLL
BHO-X64: Symantec Intrusion Prevention - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun-x64: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
mRun-x64: [Message Center Plus] C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe /start
mRun-x64: [(Default)]
mRun-x64: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"
mRun-x64: [IdeaNotesUser] C:\Program Files (x86)\DDNI\Lenovo Idea Notes\DDNIMSGUser.exe
mRun-x64: [InstaLAN] "C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startup
mRun-x64: [Cisco AnyConnect Secure Mobility Agent for Windows] "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Christopher\AppData\Roaming\Mozilla\Firefox\Profiles\s1tn3twm.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R0 SymDS;Symantec Data Store;C:\Windows\system32\Drivers\SEP\0C01029F\136B.105\x64\SYMDS64.SYS --> C:\Windows\system32\Drivers\SEP\0C01029F\136B.105\x64\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\Drivers\SEP\0C01029F\136B.105\x64\SYMEFA64.SYS --> C:\Windows\system32\Drivers\SEP\0C01029F\136B.105\x64\SYMEFA64.SYS [?]
R0 TPDIGIMN;TPDIGIMN;C:\Windows\system32\DRIVERS\ApsHM64.sys --> C:\Windows\system32\DRIVERS\ApsHM64.sys [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\BASHDefs\20120803.011\BHDrvx64.sys [2012-8-3 1161376]
R1 IDSVia64;IDSVia64;C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\IPSDefs\20120810.001\IDSviA64.sys [2012-8-11 509088]
R1 lenovo.smi;Lenovo System Interface Driver;C:\Windows\system32\DRIVERS\smiifx64.sys --> C:\Windows\system32\DRIVERS\smiifx64.sys [?]
R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\Drivers\SEP\0C01029F\136B.105\x64\Ironx64.SYS --> C:\Windows\system32\Drivers\SEP\0C01029F\136B.105\x64\Ironx64.SYS [?]
R1 SYMNETS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\SEP\0C01029F\136B.105\x64\SYMNETS.SYS --> C:\Windows\system32\Drivers\SEP\0C01029F\136B.105\x64\SYMNETS.SYS [?]
R2 Belkin Local Backup Service;Belkin Local Backup Service;C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe [2012-1-10 181760]
R2 Belkin Network USB Helper;Belkin Network USB Helper;C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe [2012-1-10 55296]
R2 DDNIMSGService;DDNIMSGService;C:\Program Files (x86)\DDNI\Lenovo Idea Notes\DDNIMSGService.exe [2009-6-23 172720]
R2 DDNIService;DDNIService;C:\Program Files (x86)\DDNI\DIBS\DDNIService.exe [2009-10-4 156336]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute;C:\Program Files\Lenovo\HOTKEY\micmute.exe [2009-9-7 45424]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-5-7 1153368]
R2 SepMasterService;Symantec Endpoint Protection;C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe [2011-6-14 137224]
R2 sxuptp;SXUPTP Driver;C:\Windows\system32\DRIVERS\sxuptp.sys --> C:\Windows\system32\DRIVERS\sxuptp.sys [?]
R2 TPHKSVC;On Screen Display;C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe [2009-9-7 62320]
R2 vpnagent;Cisco AnyConnect Secure Mobility Agent;C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [2012-1-13 476112]
R3 5U877;USB Video Device;C:\Windows\system32\DRIVERS\5U877.sys --> C:\Windows\system32\DRIVERS\5U877.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-5-30 138912]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?]
R3 JMCR;JMCR;C:\Windows\system32\DRIVERS\jmcr.sys --> C:\Windows\system32\DRIVERS\jmcr.sys [?]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 Roxio Upnp Server 10;Roxio Upnp Server 10;C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-8-4 362992]
S2 RoxLiveShare10;LiveShare P2P Server 10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [2009-8-4 309744]
S2 RoxWatch10;Roxio Hard Drive Watcher 10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [2009-8-4 166384]
S3 acsock;acsock;C:\Windows\system32\DRIVERS\acsock64.sys --> C:\Windows\system32\DRIVERS\acsock64.sys [?]
S3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [2011-1-8 87336]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-2-24 1431888]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-6 113120]
S3 Power Manager DBC Service;Power Manager DBC Service;C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe [2009-10-4 75040]
S3 Remote Solver for Flow Simulation 2011;Remote Solver for Flow Simulation 2011;C:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe [2010-12-1 110344]
S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-8-4 313840]
S3 RoxMediaDB10;RoxMediaDB10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-8-4 1124848]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 SyDvCtrl;SyDvCtrl;C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin64\SyDvCtrl64.sys [2011-6-17 29664]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-08-09 12:34:27 3147264 ----a-w- C:\Windows\System32\win32k.sys
2012-08-08 20:27:29 737072 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2012-08-08 20:27:09 4283672 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-08-08 20:26:50 42776 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-08-08 20:26:40 539984 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-07-29 03:21:18 -------- d-----w- C:\ProgramData\NortonInstaller
.
==================== Find3M ====================
.
2012-06-29 16:26:08 70344 ------w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-29 16:26:08 426184 ------w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-06-06 05:50:50 2003968 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-06 05:50:50 1880064 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 05:09:46 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:09:46 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-02 22:15:31 2622464 ------w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ------w- C:\Windows\System32\wudriver.dll
2012-06-02 20:19:42 186752 ------w- C:\Windows\System32\wuwebv.dll
2012-06-02 20:15:12 36864 ------w- C:\Windows\System32\wuapp.exe
2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-02 05:38:26 95088 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:38:24 152432 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:37:45 459216 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:27:02 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:27:00 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:48:39 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:48:35 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:47:31 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:42:51 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
.
============= FINISH: 13:56:56.07 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:26 PM

Posted 14 August 2012 - 01:20 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 mxboy57

mxboy57
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:11:26 AM

Posted 14 August 2012 - 11:46 AM

Results of screen317's Security Check version 0.99.43
Windows 7 x64 (UAC is enabled)
Out of date service pack!!
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Symantec Endpoint Protection
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
Java™ 6 Update 16
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox 13.0.1 Firefox out of Date!
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
Microsoft Small Business Business Contact Manager BcmSqlStartupSvc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:26 PM

Posted 14 August 2012 - 12:46 PM

ok let me have the combofix report next


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 mxboy57

mxboy57
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:11:26 AM

Posted 14 August 2012 - 06:28 PM

Sorry I misread that combofix was only for XP thats why I didn't do it before.

Combo fix is stuck after completing stage 4. I have let it run for over an hour and it says it shouldn't take longer than 20 min.

The computer is still working mostly normal but I know that it is infected. I have not restarted it since getting the infection.

Thank you for your Continuing help

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:26 PM

Posted 14 August 2012 - 07:33 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 mxboy57

mxboy57
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:11:26 AM

Posted 14 August 2012 - 08:42 PM

20:30:38.0000 7216 TDSS rootkit removing tool 2.8.6.0 Aug 13 2012 17:24:05
20:30:38.0710 7216 ============================================================
20:30:38.0710 7216 Current date / time: 2012/08/14 20:30:38.0710
20:30:38.0710 7216 SystemInfo:
20:30:38.0710 7216
20:30:38.0710 7216 OS Version: 6.1.7600 ServicePack: 0.0
20:30:38.0710 7216 Product type: Workstation
20:30:38.0710 7216 ComputerName: THINK
20:30:38.0710 7216 UserName: Christopher
20:30:38.0710 7216 Windows directory: C:\Windows
20:30:38.0710 7216 System windows directory: C:\Windows
20:30:38.0710 7216 Running under WOW64
20:30:38.0710 7216 Processor architecture: Intel x64
20:30:38.0710 7216 Number of processors: 2
20:30:38.0710 7216 Page size: 0x1000
20:30:38.0710 7216 Boot type: Normal boot
20:30:38.0710 7216 ============================================================
20:30:40.0004 7216 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:30:40.0068 7216 ============================================================
20:30:40.0068 7216 \Device\Harddisk0\DR0:
20:30:40.0069 7216 MBR partitions:
20:30:40.0069 7216 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x258000
20:30:40.0069 7216 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x258800, BlocksNum 0x23E4D800
20:30:40.0069 7216 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x240A6000, BlocksNum 0x1388000
20:30:40.0069 7216 ============================================================
20:30:40.0105 7216 C: <-> \Device\Harddisk0\DR0\Partition2
20:30:40.0163 7216 Q: <-> \Device\Harddisk0\DR0\Partition3
20:30:40.0163 7216 ============================================================
20:30:40.0163 7216 Initialize success
20:30:40.0163 7216 ============================================================
20:30:52.0032 5704 ============================================================
20:30:52.0032 5704 Scan started
20:30:52.0032 5704 Mode: Manual;
20:30:52.0032 5704 ============================================================
20:30:54.0672 5704 ================ Scan services =============================
20:30:54.0931 5704 [ 1b00662092f9f9568b995902f0cc40d5 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
20:30:54.0935 5704 1394ohci - ok
20:30:54.0974 5704 [ 7d497701bda1267ad5f86350925d2f10 ] 5U877 C:\Windows\system32\DRIVERS\5U877.sys
20:30:54.0977 5704 5U877 - ok
20:30:55.0014 5704 [ 6f11e88748cdefd2f76aa215f97ddfe5 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
20:30:55.0033 5704 ACPI - ok
20:30:55.0052 5704 [ 63b05a0420ce4bf0e4af6dcc7cada254 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
20:30:55.0053 5704 AcpiPmi - ok
20:30:55.0160 5704 [ d2821d87e5a61fd9ef697c795b531feb ] AcPrfMgrSvc C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
20:30:55.0162 5704 AcPrfMgrSvc - ok
20:30:55.0197 5704 [ e42f90b27bdddd611fa7040afd256fda ] acsock C:\Windows\system32\DRIVERS\acsock64.sys
20:30:55.0199 5704 acsock - ok
20:30:55.0223 5704 [ 4aa273e9400ccee2546ae00fd837dd17 ] AcSvc C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
20:30:55.0226 5704 AcSvc - ok
20:30:55.0258 5704 [ 2f6b34b83843f0c5118b63ac634f5bf4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
20:30:55.0264 5704 adp94xx - ok
20:30:55.0288 5704 [ 597f78224ee9224ea1a13d6350ced962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
20:30:55.0292 5704 adpahci - ok
20:30:55.0318 5704 [ e109549c90f62fb570b9540c4b148e54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
20:30:55.0320 5704 adpu320 - ok
20:30:55.0350 5704 [ 4b78b431f225fd8624c5655cb1de7b61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
20:30:55.0358 5704 AeLookupSvc - ok
20:30:55.0446 5704 [ db9d6c6b2cd95a9ca414d045b627422e ] AFD C:\Windows\system32\drivers\afd.sys
20:30:55.0455 5704 AFD - ok
20:30:55.0624 5704 [ 7f1130830b3ba85921519a5616e29803 ] AffinegyService C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
20:30:55.0631 5704 AffinegyService - ok
20:30:55.0683 5704 [ 608c14dba7299d8cb6ed035a68a15799 ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
20:30:55.0684 5704 agp440 - ok
20:30:55.0721 5704 [ 3290d6946b5e30e70414990574883ddb ] ALG C:\Windows\System32\alg.exe
20:30:55.0725 5704 ALG - ok
20:30:55.0745 5704 [ 5812713a477a3ad7363c7438ca2ee038 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
20:30:55.0746 5704 aliide - ok
20:30:55.0759 5704 [ 1ff8b4431c353ce385c875f194924c0c ] amdide C:\Windows\system32\DRIVERS\amdide.sys
20:30:55.0759 5704 amdide - ok
20:30:55.0769 5704 [ 7024f087cff1833a806193ef9d22cda9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
20:30:55.0771 5704 AmdK8 - ok
20:30:55.0782 5704 [ 1e56388b3fe0d031c44144eb8c4d6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
20:30:55.0783 5704 AmdPPM - ok
20:30:55.0837 5704 [ ec7ebab00a4d8448bab68d1e49b4beb9 ] amdsata C:\Windows\system32\drivers\amdsata.sys
20:30:55.0839 5704 amdsata - ok
20:30:55.0866 5704 [ f67f933e79241ed32ff46a4f29b5120b ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
20:30:55.0869 5704 amdsbs - ok
20:30:55.0887 5704 [ db27766102c7bf7e95140a2aa81d042e ] amdxata C:\Windows\system32\drivers\amdxata.sys
20:30:55.0888 5704 amdxata - ok
20:30:55.0912 5704 [ 42fd751b27fa0e9c69bb39f39e409594 ] AppID C:\Windows\system32\drivers\appid.sys
20:30:55.0915 5704 AppID - ok
20:30:55.0951 5704 [ 0bc381a15355a3982216f7172f545de1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
20:30:55.0955 5704 AppIDSvc - ok
20:30:55.0972 5704 [ d065be66822847b7f127d1f90158376e ] Appinfo C:\Windows\System32\appinfo.dll
20:30:55.0975 5704 Appinfo - ok
20:30:56.0135 5704 [ 7ef47644b74ebe721cc32211d3c35e76 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:30:56.0136 5704 Apple Mobile Device - ok
20:30:56.0160 5704 [ 4aba3e75a76195a3e38ed2766c962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
20:30:56.0165 5704 AppMgmt - ok
20:30:56.0201 5704 [ c484f8ceb1717c540242531db7845c4e ] arc C:\Windows\system32\DRIVERS\arc.sys
20:30:56.0202 5704 arc - ok
20:30:56.0211 5704 [ 019af6924aefe7839f61c830227fe79c ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
20:30:56.0212 5704 arcsas - ok
20:30:56.0230 5704 [ 769765ce2cc62867468cea93969b2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
20:30:56.0232 5704 AsyncMac - ok
20:30:56.0252 5704 [ 02062c0b390b7729edc9e69c680a6f3c ] atapi C:\Windows\system32\DRIVERS\atapi.sys
20:30:56.0254 5704 atapi - ok
20:30:56.0294 5704 [ 07721a77180edd4d39ccb865bf63c7fd ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:30:56.0315 5704 AudioEndpointBuilder - ok
20:30:56.0342 5704 [ 07721a77180edd4d39ccb865bf63c7fd ] AudioSrv C:\Windows\System32\Audiosrv.dll
20:30:56.0348 5704 AudioSrv - ok
20:30:56.0379 5704 [ b20b5fa5ca050e9926e4d1db81501b32 ] AxInstSV C:\Windows\System32\AxInstSV.dll
20:30:56.0383 5704 AxInstSV - ok
20:30:56.0409 5704 [ 3e5b191307609f7514148c6832bb0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
20:30:56.0416 5704 b06bdrv - ok
20:30:56.0433 5704 [ b5ace6968304a3900eeb1ebfd9622df2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
20:30:56.0436 5704 b57nd60a - ok
20:30:56.0488 5704 [ 6163664c7e9cd110af70180c126c3fdc ] BcmSqlStartupSvc C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
20:30:56.0489 5704 BcmSqlStartupSvc - ok
20:30:56.0523 5704 [ fde360167101b4e45a96f939f388aeb0 ] BDESVC C:\Windows\System32\bdesvc.dll
20:30:56.0526 5704 BDESVC - ok
20:30:56.0547 5704 [ 16a47ce2decc9b099349a5f840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
20:30:56.0549 5704 Beep - ok
20:30:56.0614 5704 [ 299e54db3638a18e47bd3a2d2ef499f7 ] Belkin Local Backup Service C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe
20:30:56.0615 5704 Belkin Local Backup Service - ok
20:30:56.0634 5704 [ e62a04d615a8cac83601e1f07c010d3c ] Belkin Network USB Helper C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe
20:30:56.0635 5704 Belkin Network USB Helper - ok
20:30:56.0672 5704 [ 4992c609a6315671463e30f6512bc022 ] BFE C:\Windows\System32\bfe.dll
20:30:56.0691 5704 BFE - ok
20:30:57.0032 5704 [ c8ab71a5102d0fc103f6dfc750005137 ] BHDrvx64 C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\BASHDefs\20120803.011\BHDrvx64.sys
20:30:57.0041 5704 BHDrvx64 - ok
20:30:57.0101 5704 [ 7f0c323fe3da28aa4aa1bda3f575707f ] BITS C:\Windows\System32\qmgr.dll
20:30:57.0134 5704 BITS - ok
20:30:57.0157 5704 [ 61583ee3c3a17003c4acd0475646b4d3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
20:30:57.0158 5704 blbdrive - ok
20:30:57.0207 5704 [ ebbcd5dfbb1de70e8f4af8fa59e401fd ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
20:30:57.0211 5704 Bonjour Service - ok
20:30:57.0243 5704 [ 19d20159708e152267e53b66677a4995 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
20:30:57.0246 5704 bowser - ok
20:30:57.0270 5704 [ f09eee9edc320b5e1501f749fde686c8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:30:57.0270 5704 BrFiltLo - ok
20:30:57.0284 5704 [ b114d3098e9bdb8bea8b053685831be6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:30:57.0285 5704 BrFiltUp - ok
20:30:57.0310 5704 [ 5c2f352a4e961d72518261257aae204b ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
20:30:57.0312 5704 BridgeMP - ok
20:30:57.0345 5704 [ 94fbc06f294d58d02361918418f996e3 ] Browser C:\Windows\System32\browser.dll
20:30:57.0348 5704 Browser - ok
20:30:57.0371 5704 [ 43bea8d483bf1870f018e2d02e06a5bd ] Brserid C:\Windows\System32\Drivers\Brserid.sys
20:30:57.0375 5704 Brserid - ok
20:30:57.0394 5704 [ a6eca2151b08a09caceca35c07f05b42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
20:30:57.0395 5704 BrSerWdm - ok
20:30:57.0423 5704 [ b79968002c277e869cf38bd22cd61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
20:30:57.0424 5704 BrUsbMdm - ok
20:30:57.0432 5704 [ a87528880231c54e75ea7a44943b38bf ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
20:30:57.0433 5704 BrUsbSer - ok
20:30:57.0473 5704 [ cf98190a94f62e405c8cb255018b2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
20:30:57.0475 5704 BthEnum - ok
20:30:57.0481 5704 [ 9da669f11d1f894ab4eb69bf546a42e8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
20:30:57.0483 5704 BTHMODEM - ok
20:30:57.0505 5704 [ 02dd601b708dd0667e1331fa8518e9ff ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
20:30:57.0506 5704 BthPan - ok
20:30:57.0535 5704 [ 21084ceb85280468c9aca3c805c0f8cf ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
20:30:57.0545 5704 BTHPORT - ok
20:30:57.0577 5704 [ 95f9c2976059462cbbf227f7aab10de9 ] bthserv C:\Windows\system32\bthserv.dll
20:30:57.0579 5704 bthserv - ok
20:30:57.0600 5704 [ 8504842634dd144c075b6b0c982ccec4 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
20:30:57.0603 5704 BTHUSB - ok
20:30:57.0628 5704 [ b8bd2bb284668c84865658c77574381a ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
20:30:57.0630 5704 cdfs - ok
20:30:57.0657 5704 [ 83d2d75e1efb81b3450c18131443f7db ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
20:30:57.0663 5704 cdrom - ok
20:30:57.0682 5704 [ 312e2f82af11e79906898ac3e3d58a1f ] CertPropSvc C:\Windows\System32\certprop.dll
20:30:57.0685 5704 CertPropSvc - ok
20:30:57.0699 5704 [ d7cd5c4e1b71fa62050515314cfb52cf ] circlass C:\Windows\system32\DRIVERS\circlass.sys
20:30:57.0700 5704 circlass - ok
20:30:57.0727 5704 [ fe1ec06f2253f691fe36217c592a0206 ] CLFS C:\Windows\system32\CLFS.sys
20:30:57.0734 5704 CLFS - ok
20:30:57.0829 5704 [ d88040f816fda31c3b466f0fa0918f29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:30:57.0832 5704 clr_optimization_v2.0.50727_32 - ok
20:30:57.0870 5704 [ d1ceea2b47cb998321c579651ce3e4f8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:30:57.0873 5704 clr_optimization_v2.0.50727_64 - ok
20:30:57.0927 5704 [ c5a75eb48e2344abdc162bda79e16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:30:57.0929 5704 clr_optimization_v4.0.30319_32 - ok
20:30:57.0959 5704 [ c6f9af94dcd58122a4d7e89db6bed29d ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:30:57.0960 5704 clr_optimization_v4.0.30319_64 - ok
20:30:57.0990 5704 [ 0840155d0bddf1190f84a663c284bd33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
20:30:57.0992 5704 CmBatt - ok
20:30:58.0009 5704 [ e19d3f095812725d88f9001985b94edd ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
20:30:58.0009 5704 cmdide - ok
20:30:58.0053 5704 [ ca7720b73446fddec5c69519c1174c98 ] CNG C:\Windows\system32\Drivers\cng.sys
20:30:58.0060 5704 CNG - ok
20:30:58.0089 5704 [ 102de219c3f61415f964c88e9085ad14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
20:30:58.0091 5704 Compbatt - ok
20:30:58.0107 5704 [ f26b3a86f6fa87ca360b879581ab4123 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
20:30:58.0110 5704 CompositeBus - ok
20:30:58.0115 5704 COMSysApp - ok
20:30:58.0231 5704 [ 20c701dcba0704e9d38829bd510cd186 ] CoordinatorServiceHost C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe
20:30:58.0232 5704 CoordinatorServiceHost - ok
20:30:58.0253 5704 [ 1c827878a998c18847245fe1f34ee597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
20:30:58.0254 5704 crcdisk - ok
20:30:58.0303 5704 [ f02786b66375292e58c8777082d4396d ] CryptSvc C:\Windows\system32\cryptsvc.dll
20:30:58.0309 5704 CryptSvc - ok
20:30:58.0349 5704 [ 4a6173c2279b498cd8f57cae504564cb ] CSC C:\Windows\system32\drivers\csc.sys
20:30:58.0358 5704 CSC - ok
20:30:58.0404 5704 [ 873fbf927c06e5cee04dec617502f8fd ] CscService C:\Windows\System32\cscsvc.dll
20:30:58.0414 5704 CscService - ok
20:30:58.0441 5704 [ 1ca90212a99db6975c344826d11055c9 ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys
20:30:58.0442 5704 dc3d - ok
20:30:58.0481 5704 [ 7266972e86890e2b30c0c322e906b027 ] DcomLaunch C:\Windows\system32\rpcss.dll
20:30:58.0490 5704 DcomLaunch - ok
20:30:58.0551 5704 [ cff03ef53209704872c736eb4af3eb26 ] DDNIMSGService C:\Program Files (x86)\DDNI\Lenovo Idea Notes\DDNIMSGService.exe
20:30:58.0553 5704 DDNIMSGService - ok
20:30:58.0575 5704 [ 3ddffc847e39778281a3b081480c7717 ] DDNIService C:\Program Files (x86)\DDNI\DIBS\DDNIService.exe
20:30:58.0577 5704 DDNIService - ok
20:30:58.0604 5704 [ 3cec7631a84943677aa8fa8ee5b6b43d ] defragsvc C:\Windows\System32\defragsvc.dll
20:30:58.0610 5704 defragsvc - ok
20:30:58.0635 5704 [ 9c253ce7311ca60fc11c774692a13208 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
20:30:58.0637 5704 DfsC - ok
20:30:58.0659 5704 [ ce3b9562d997f69b330d181a8875960f ] Dhcp C:\Windows\system32\dhcpcore.dll
20:30:58.0666 5704 Dhcp - ok
20:30:58.0695 5704 [ 13096b05847ec78f0977f2c0f79e9ab3 ] discache C:\Windows\system32\drivers\discache.sys
20:30:58.0696 5704 discache - ok
20:30:58.0737 5704 [ 9819eee8b5ea3784ec4af3b137a5244c ] Disk C:\Windows\system32\DRIVERS\disk.sys
20:30:58.0739 5704 Disk - ok
20:30:58.0778 5704 [ 85cf424c74a1d5ec33533e1dbff9920a ] Dnscache C:\Windows\System32\dnsrslvr.dll
20:30:58.0782 5704 Dnscache - ok
20:30:58.0805 5704 [ 14452acdb09b70964c8c21bf80a13acb ] dot3svc C:\Windows\System32\dot3svc.dll
20:30:58.0811 5704 dot3svc - ok
20:30:58.0826 5704 [ 8c2ba6bea949ee6e68385f5692bafb94 ] DPS C:\Windows\system32\dps.dll
20:30:58.0829 5704 DPS - ok
20:30:58.0847 5704 [ 9b19f34400d24df84c858a421c205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
20:30:58.0849 5704 drmkaud - ok
20:30:58.0897 5704 [ 1633b9abf52784a1331476397a48cbef ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
20:30:58.0935 5704 DXGKrnl - ok
20:30:58.0954 5704 [ e2dda8726da9cb5b2c4000c9018a9633 ] EapHost C:\Windows\System32\eapsvc.dll
20:30:58.0957 5704 EapHost - ok
20:30:59.0046 5704 [ dc5d737f51be844d8c82c695eb17372f ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
20:30:59.0068 5704 ebdrv - ok
20:30:59.0128 5704 [ 4353ff94d47a0a9d52b89eccf0cdb013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
20:30:59.0132 5704 eeCtrl - ok
20:30:59.0167 5704 [ 156f6159457d0aa7e59b62681b56eb90 ] EFS C:\Windows\System32\lsass.exe
20:30:59.0172 5704 EFS - ok
20:30:59.0254 5704 [ 47c071994c3f649f23d9cd075ac9304a ] ehRecvr C:\Windows\ehome\ehRecvr.exe
20:30:59.0298 5704 ehRecvr - ok
20:30:59.0333 5704 [ 4705e8ef9934482c5bb488ce28afc681 ] ehSched C:\Windows\ehome\ehsched.exe
20:30:59.0338 5704 ehSched - ok
20:30:59.0392 5704 [ 0e5da5369a0fcaea12456dd852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
20:30:59.0401 5704 elxstor - ok
20:30:59.0440 5704 [ c5bccb378d0a896304a3e71be7215983 ] EraserUtilDrv11220 C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11220.sys
20:30:59.0443 5704 EraserUtilDrv11220 - ok
20:30:59.0479 5704 [ 1343df3451bc0c442dc69837c6fba21b ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
20:30:59.0481 5704 EraserUtilRebootDrv - ok
20:30:59.0504 5704 [ 34a3c54752046e79a126e15c51db409b ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
20:30:59.0505 5704 ErrDev - ok
20:30:59.0574 5704 [ 4166f82be4d24938977dd1746be9b8a0 ] EventSystem C:\Windows\system32\es.dll
20:30:59.0590 5704 EventSystem - ok
20:30:59.0615 5704 [ a510c654ec00c1e9bdd91eeb3a59823b ] exfat C:\Windows\system32\drivers\exfat.sys
20:30:59.0622 5704 exfat - ok
20:30:59.0672 5704 [ 0adc83218b66a6db380c330836f3e36d ] fastfat C:\Windows\system32\drivers\fastfat.sys
20:30:59.0679 5704 fastfat - ok
20:30:59.0725 5704 [ d607b2f1bee3992aa6c2c92c0a2f0855 ] Fax C:\Windows\system32\fxssvc.exe
20:30:59.0755 5704 Fax - ok
20:30:59.0776 5704 [ d765d19cd8ef61f650c384f62fac00ab ] fdc C:\Windows\system32\DRIVERS\fdc.sys
20:30:59.0777 5704 fdc - ok
20:30:59.0790 5704 [ 0438cab2e03f4fb61455a7956026fe86 ] fdPHost C:\Windows\system32\fdPHost.dll
20:30:59.0793 5704 fdPHost - ok
20:30:59.0812 5704 [ 802496cb59a30349f9a6dd22d6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
20:30:59.0816 5704 FDResPub - ok
20:30:59.0829 5704 [ 655661be46b5f5f3fd454e2c3095b930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
20:30:59.0833 5704 FileInfo - ok
20:30:59.0847 5704 [ 5f671ab5bc87eea04ec38a6cd5962a47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
20:30:59.0850 5704 Filetrace - ok
20:30:59.0945 5704 [ 5cee6cd43ae5844c49300ea0b1e557ee ] FLEXnet Licensing Service 64 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
20:30:59.0962 5704 FLEXnet Licensing Service 64 - ok
20:30:59.0980 5704 [ c172a0f53008eaeb8ea33fe10e177af5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
20:30:59.0982 5704 flpydisk - ok
20:31:00.0015 5704 [ f7866af72abbaf84b1fa5aa195378c59 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
20:31:00.0022 5704 FltMgr - ok
20:31:00.0073 5704 [ cb5e4b9c319e3c6bb363eb7e58a4a051 ] FontCache C:\Windows\system32\FntCache.dll
20:31:00.0105 5704 FontCache - ok
20:31:00.0159 5704 [ 8d89e3131c27fdd6932189cb785e1b7a ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:31:00.0160 5704 FontCache3.0.0.0 - ok
20:31:00.0177 5704 [ d43703496149971890703b4b1b723eac ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
20:31:00.0180 5704 FsDepends - ok
20:31:00.0226 5704 [ d3e3f93d67821a2db2b3d9fac2dc2064 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
20:31:00.0228 5704 Fs_Rec - ok
20:31:00.0260 5704 [ ae87ba80d0ec3b57126ed2cdc15b24ed ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
20:31:00.0265 5704 fvevol - ok
20:31:00.0291 5704 [ 8c778d335c9d272cfd3298ab02abe3b6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
20:31:00.0292 5704 gagp30kx - ok
20:31:00.0333 5704 [ e403aacf8c7bb11375122d2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:31:00.0333 5704 GEARAspiWDM - ok
20:31:00.0396 5704 [ fe5ab4525bc2ec68b9119a6e5d40128b ] gpsvc C:\Windows\System32\gpsvc.dll
20:31:00.0422 5704 gpsvc - ok
20:31:00.0449 5704 [ f2523ef6460fc42405b12248338ab2f0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
20:31:00.0450 5704 hcw85cir - ok
20:31:00.0478 5704 [ 6410f6f415b2a5a9037224c41da8bf12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:31:00.0486 5704 HdAudAddService - ok
20:31:00.0509 5704 [ 0a49913402747a0b67de940fb42cbdbb ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
20:31:00.0513 5704 HDAudBus - ok
20:31:00.0521 5704 [ 78e86380454a7b10a5eb255dc44a355f ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
20:31:00.0522 5704 HidBatt - ok
20:31:00.0544 5704 [ 7fd2a313f7afe5c4dab14798c48dd104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
20:31:00.0545 5704 HidBth - ok
20:31:00.0565 5704 [ 0a77d29f311b88cfae3b13f9c1a73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
20:31:00.0566 5704 HidIr - ok
20:31:00.0596 5704 [ bd9eb3958f213f96b97b1d897dee006d ] hidserv C:\Windows\System32\hidserv.dll
20:31:00.0599 5704 hidserv - ok
20:31:00.0615 5704 [ b3bf6b5b50006def50b66306d99fcf6f ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
20:31:00.0616 5704 HidUsb - ok
20:31:00.0646 5704 [ efa58ede58dd74388ffd04cb32681518 ] hkmsvc C:\Windows\system32\kmsvc.dll
20:31:00.0649 5704 hkmsvc - ok
20:31:00.0666 5704 [ 046b2673767ca626e2cfb7fdf735e9e8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
20:31:00.0673 5704 HomeGroupListener - ok
20:31:00.0696 5704 [ 06a7422224d9865a5613710a089987df ] HomeGroupProvider C:\Windows\system32\provsvc.dll
20:31:00.0701 5704 HomeGroupProvider - ok
20:31:00.0716 5704 [ 0886d440058f203eba0e1825e4355914 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
20:31:00.0718 5704 HpSAMD - ok
20:31:00.0753 5704 [ cee049cac4efa7f4e1e4ad014414a5d4 ] HTTP C:\Windows\system32\drivers\HTTP.sys
20:31:00.0776 5704 HTTP - ok
20:31:00.0808 5704 [ f17766a19145f111856378df337a5d79 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
20:31:00.0809 5704 hwpolicy - ok
20:31:00.0838 5704 [ fa55c73d4affa7ee23ac4be53b4592d3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
20:31:00.0840 5704 i8042prt - ok
20:31:00.0902 5704 [ 0e899d0db39617aa0b2f992e7e95b5eb ] IAANTMON C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
20:31:00.0906 5704 IAANTMON - ok
20:31:00.0958 5704 [ bbb3b6df1abb0fe35802ede85cc1c011 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
20:31:00.0961 5704 iaStor - ok
20:31:01.0003 5704 [ b75e45c564e944a2657167d197ab29da ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
20:31:01.0007 5704 iaStorV - ok
20:31:01.0040 5704 [ b8e7ca64fff8b71636dea3a845cc23e5 ] IBMPMDRV C:\Windows\system32\DRIVERS\ibmpmdrv.sys
20:31:01.0041 5704 IBMPMDRV - ok
20:31:01.0053 5704 [ 6daedf692b52b7c238c7199419318d16 ] IBMPMSVC C:\Windows\system32\ibmpmsvc.exe
20:31:01.0055 5704 IBMPMSVC - ok
20:31:01.0105 5704 [ 2f2be70d3e02b6fa877921ab9516d43c ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:31:01.0131 5704 idsvc - ok
20:31:01.0277 5704 [ ce0bf35c79e03bb89da6b14fac838605 ] IDSVia64 C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\IPSDefs\20120814.003\IDSvia64.sys
20:31:01.0281 5704 IDSVia64 - ok
20:31:01.0481 5704 [ dfeaf0a1d98d397035012c8e28d1520f ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
20:31:01.0540 5704 igfx - ok
20:31:01.0574 5704 [ 5c18831c61933628f5bb0ea2675b9d21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
20:31:01.0575 5704 iirsp - ok
20:31:01.0622 5704 [ c5b4683680df085b57bc53e5ef34861f ] IKEEXT C:\Windows\System32\ikeext.dll
20:31:01.0647 5704 IKEEXT - ok
20:31:01.0722 5704 [ 3111a658416dc464ba1e48e3b2169952 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
20:31:01.0737 5704 IntcAzAudAddService - ok
20:31:01.0782 5704 [ d485d3bd3e2179aa86853a182f70699f ] IntcHdmiAddService C:\Windows\system32\drivers\IntcHdmi.sys
20:31:01.0783 5704 IntcHdmiAddService - ok
20:31:01.0819 5704 [ f00f20e70c6ec3aa366910083a0518aa ] intelide C:\Windows\system32\DRIVERS\intelide.sys
20:31:01.0819 5704 intelide - ok
20:31:01.0829 5704 [ ada036632c664caa754079041cf1f8c1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
20:31:01.0831 5704 intelppm - ok
20:31:01.0863 5704 [ 098a91c54546a3b878dad6a7e90a455b ] IPBusEnum C:\Windows\system32\ipbusenum.dll
20:31:01.0866 5704 IPBusEnum - ok
20:31:01.0880 5704 [ 722dd294df62483cecaae6e094b4d695 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:31:01.0882 5704 IpFilterDriver - ok
20:31:01.0921 5704 [ f8e058d17363ec580e4b7232778b6cb5 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
20:31:01.0935 5704 iphlpsvc - ok
20:31:01.0949 5704 [ e2b4a4494db7cb9b89b55ca268c337c5 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
20:31:01.0950 5704 IPMIDRV - ok
20:31:01.0974 5704 [ af9b39a7e7b6caa203b3862582e9f2d0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
20:31:01.0976 5704 IPNAT - ok
20:31:02.0034 5704 [ 50d6ccc6ff5561f9f56946b3e6164fb8 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
20:31:02.0040 5704 iPod Service - ok
20:31:02.0057 5704 [ 3abf5e7213eb28966d55d58b515d5ce9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
20:31:02.0058 5704 IRENUM - ok
20:31:02.0078 5704 [ 2f7b28dc3e1183e5eb418df55c204f38 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
20:31:02.0079 5704 isapnp - ok
20:31:02.0101 5704 [ fa4d2557de56d45b0a346f93564be6e1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
20:31:02.0103 5704 iScsiPrt - ok
20:31:02.0142 5704 [ 213822072085b5bbad9af30ab577d817 ] IviRegMgr C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
20:31:02.0144 5704 IviRegMgr - ok
20:31:02.0181 5704 [ 80a1de467adf200390134d63e359937a ] JMCR C:\Windows\system32\DRIVERS\jmcr.sys
20:31:02.0182 5704 JMCR - ok
20:31:02.0205 5704 [ bc02336f1cba7dcc7d1213bb588a68a5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
20:31:02.0206 5704 kbdclass - ok
20:31:02.0225 5704 [ 6def98f8541e1b5dceb2c822a11f7323 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
20:31:02.0226 5704 kbdhid - ok
20:31:02.0248 5704 [ 156f6159457d0aa7e59b62681b56eb90 ] KeyIso C:\Windows\system32\lsass.exe
20:31:02.0250 5704 KeyIso - ok
20:31:02.0285 5704 [ 4f4b5fde429416877de7143044582eb5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
20:31:02.0288 5704 KSecDD - ok
20:31:02.0311 5704 [ 6f40465a44ecdc1731befafec5bdd03c ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
20:31:02.0315 5704 KSecPkg - ok
20:31:02.0344 5704 [ 6869281e78cb31a43e969f06b57347c4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
20:31:02.0346 5704 ksthunk - ok
20:31:02.0381 5704 [ 6ab66e16aa859232f64deb66887a8c9c ] KtmRm C:\Windows\system32\msdtckrm.dll
20:31:02.0389 5704 KtmRm - ok
20:31:02.0427 5704 [ 81f1d04d4d0e433099365127375fd501 ] LanmanServer C:\Windows\System32\srvsvc.dll
20:31:02.0434 5704 LanmanServer - ok
20:31:02.0456 5704 [ 27026eac8818e8a6c00a1cad2f11d29a ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:31:02.0462 5704 LanmanWorkstation - ok
20:31:02.0533 5704 [ d584216c7767dcfb4b812b9b60a4a4e7 ] LENOVO.MICMUTE C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
20:31:02.0533 5704 LENOVO.MICMUTE - ok
20:31:02.0558 5704 [ 5acff5823634bc2c4ebf559c3b33e18e ] lenovo.smi C:\Windows\system32\DRIVERS\smiifx64.sys
20:31:02.0559 5704 lenovo.smi - ok
20:31:02.0591 5704 [ 1538831cf8ad2979a04c423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
20:31:02.0593 5704 lltdio - ok
20:31:02.0616 5704 [ c1185803384ab3feed115f79f109427f ] lltdsvc C:\Windows\System32\lltdsvc.dll
20:31:02.0623 5704 lltdsvc - ok
20:31:02.0642 5704 [ f993a32249b66c9d622ea5592a8b76b8 ] lmhosts C:\Windows\System32\lmhsvc.dll
20:31:02.0644 5704 lmhosts - ok
20:31:02.0672 5704 [ 1a93e54eb0ece102495a51266dcdb6a6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
20:31:02.0673 5704 LSI_FC - ok
20:31:02.0687 5704 [ 1047184a9fdc8bdbff857175875ee810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
20:31:02.0688 5704 LSI_SAS - ok
20:31:02.0695 5704 [ 30f5c0de1ee8b5bc9306c1f0e4a75f93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:31:02.0696 5704 LSI_SAS2 - ok
20:31:02.0707 5704 [ 0504eacaff0d3c8aed161c4b0d369d4a ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:31:02.0709 5704 LSI_SCSI - ok
20:31:02.0723 5704 [ 43d0f98e1d56ccddb0d5254cff7b356e ] luafv C:\Windows\system32\drivers\luafv.sys
20:31:02.0726 5704 luafv - ok
20:31:02.0747 5704 [ f84c8f1000bc11e3b7b23cbd3baff111 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
20:31:02.0751 5704 Mcx2Svc - ok
20:31:02.0776 5704 [ a55805f747c6edb6a9080d7c633bd0f4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
20:31:02.0776 5704 megasas - ok
20:31:02.0802 5704 [ baf74ce0072480c3b6b7c13b2a94d6b3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
20:31:02.0804 5704 MegaSR - ok
20:31:02.0854 5704 Microsoft SharePoint Workspace Audit Service - ok
20:31:02.0877 5704 [ e40e80d0304a73e8d269f7141d77250b ] MMCSS C:\Windows\system32\mmcss.dll
20:31:02.0880 5704 MMCSS - ok
20:31:02.0887 5704 [ 800ba92f7010378b09f9ed9270f07137 ] Modem C:\Windows\system32\drivers\modem.sys
20:31:02.0889 5704 Modem - ok
20:31:02.0929 5704 [ b03d591dc7da45ece20b3b467e6aadaa ] monitor C:\Windows\system32\DRIVERS\monitor.sys
20:31:02.0930 5704 monitor - ok
20:31:02.0960 5704 [ 7d27ea49f3c1f687d357e77a470aea99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
20:31:02.0961 5704 mouclass - ok
20:31:02.0981 5704 [ d3bf052c40b0c4166d9fd86a4288c1e6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
20:31:02.0982 5704 mouhid - ok
20:31:03.0002 5704 [ 791af66c4d0e7c90a3646066386fb571 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
20:31:03.0004 5704 mountmgr - ok
20:31:03.0078 5704 [ 15d5398eed42c2504bb3d4fc875c15d1 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
20:31:03.0079 5704 MozillaMaintenance - ok
20:31:03.0112 5704 [ 609d1d87649ecc19796f4d76d4c15cea ] mpio C:\Windows\system32\DRIVERS\mpio.sys
20:31:03.0113 5704 mpio - ok
20:31:03.0128 5704 [ 6c38c9e45ae0ea2fa5e551f2ed5e978f ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
20:31:03.0131 5704 mpsdrv - ok
20:31:03.0179 5704 [ aecab449567d1846dad63ece49e893e3 ] MpsSvc C:\Windows\system32\mpssvc.dll
20:31:03.0199 5704 MpsSvc - ok
20:31:03.0230 5704 [ 30524261bb51d96d6fcbac20c810183c ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
20:31:03.0234 5704 MRxDAV - ok
20:31:03.0263 5704 [ 040d62a9d8ad28922632137acdd984f2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
20:31:03.0267 5704 mrxsmb - ok
20:31:03.0293 5704 [ f0067552f8f9b33d7c59403ab808a3cb ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:31:03.0298 5704 mrxsmb10 - ok
20:31:03.0324 5704 [ 3c142d31de9f2f193218a53fe2632051 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:31:03.0327 5704 mrxsmb20 - ok
20:31:03.0360 5704 [ 5c37497276e3b3a5488b23a326a754b7 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
20:31:03.0361 5704 msahci - ok
20:31:03.0370 5704 [ 8d27b597229aed79430fb9db3bcbfbd0 ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
20:31:03.0372 5704 msdsm - ok
20:31:03.0403 5704 [ de0ece52236cfa3ed2dbfc03f28253a8 ] MSDTC C:\Windows\System32\msdtc.exe
20:31:03.0408 5704 MSDTC - ok
20:31:03.0431 5704 [ aa3fb40e17ce1388fa1bedab50ea8f96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
20:31:03.0435 5704 Msfs - ok
20:31:03.0447 5704 [ f9d215a46a8b9753f61767fa72a20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
20:31:03.0449 5704 mshidkmdf - ok
20:31:03.0462 5704 [ d916874bbd4f8b07bfb7fa9b3ccae29d ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
20:31:03.0464 5704 msisadrv - ok
20:31:03.0490 5704 [ 808e98ff49b155c522e6400953177b08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
20:31:03.0497 5704 MSiSCSI - ok
20:31:03.0502 5704 msiserver - ok
20:31:03.0526 5704 [ 49ccf2c4fea34ffad8b1b59d49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
20:31:03.0528 5704 MSKSSRV - ok
20:31:03.0542 5704 [ bdd71ace35a232104ddd349ee70e1ab3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
20:31:03.0543 5704 MSPCLOCK - ok
20:31:03.0558 5704 [ 4ed981241db27c3383d72092b618a1d0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
20:31:03.0560 5704 MSPQM - ok
20:31:03.0583 5704 [ 89cb141aa8616d8c6a4610fa26c60964 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
20:31:03.0589 5704 MsRPC - ok
20:31:03.0609 5704 [ 0eed230e37515a0eaee3c2e1bc97b288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
20:31:03.0611 5704 mssmbios - ok
20:31:03.0658 5704 MSSQL$MSSMLBIZ - ok
20:31:03.0709 5704 [ 1d89eb4e2a99cabd4e81225f4f4c4b25 ] MSSQLServerADHelper c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe
20:31:03.0710 5704 MSSQLServerADHelper - ok
20:31:03.0729 5704 [ 2e66f9ecb30b4221a318c92ac2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
20:31:03.0731 5704 MSTEE - ok
20:31:03.0739 5704 [ 7ea404308934e675bffde8edf0757bcd ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
20:31:03.0739 5704 MTConfig - ok
20:31:03.0759 5704 [ f9a18612fd3526fe473c1bda678d61c8 ] Mup C:\Windows\system32\Drivers\mup.sys
20:31:03.0762 5704 Mup - ok
20:31:03.0799 5704 [ 4987e079a4530fa737a128be54b63b12 ] napagent C:\Windows\system32\qagentRT.dll
20:31:03.0809 5704 napagent - ok
20:31:03.0830 5704 [ 1ea3749c4114db3e3161156ffffa6b33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
20:31:03.0837 5704 NativeWifiP - ok
20:31:03.0924 5704 [ 8043d41f881d6ace40b854ad6e32217f ] NAVENG C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\VirusDefs\20120814.017\ENG64.SYS
20:31:03.0925 5704 NAVENG - ok
20:31:04.0006 5704 [ 9a9ab2fc45d701daed465d14980f1305 ] NAVEX15 C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\VirusDefs\20120814.017\EX64.SYS
20:31:04.0020 5704 NAVEX15 - ok
20:31:04.0087 5704 [ cad515dbd07d082bb317d9928ce8962c ] NDIS C:\Windows\system32\drivers\ndis.sys
20:31:04.0112 5704 NDIS - ok
20:31:04.0129 5704 [ 9f9a1f53aad7da4d6fef5bb73ab811ac ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
20:31:04.0131 5704 NdisCap - ok
20:31:04.0151 5704 [ 30639c932d9fef22b31268fe25a1b6e5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
20:31:04.0152 5704 NdisTapi - ok
20:31:04.0169 5704 [ f105ba1e22bf1f2ee8f005d4305e4bec ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
20:31:04.0171 5704 Ndisuio - ok
20:31:04.0196 5704 [ 557dfab9ca1fcb036ac77564c010dad3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
20:31:04.0200 5704 NdisWan - ok
20:31:04.0219 5704 [ 659b74fb74b86228d6338d643cd3e3cf ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
20:31:04.0222 5704 NDProxy - ok
20:31:04.0244 5704 [ 86743d9f5d2b1048062b14b1d84501c4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
20:31:04.0246 5704 NetBIOS - ok
20:31:04.0266 5704 [ 9162b273a44ab9dce5b44362731d062a ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
20:31:04.0270 5704 NetBT - ok
20:31:04.0295 5704 [ 156f6159457d0aa7e59b62681b56eb90 ] Netlogon C:\Windows\system32\lsass.exe
20:31:04.0296 5704 Netlogon - ok
20:31:04.0335 5704 [ 847d3ae376c0817161a14a82c8922a9e ] Netman C:\Windows\System32\netman.dll
20:31:04.0345 5704 Netman - ok
20:31:04.0372 5704 [ 5f28111c648f1e24f7dbc87cdeb091b8 ] netprofm C:\Windows\System32\netprofm.dll
20:31:04.0380 5704 netprofm - ok
20:31:04.0407 5704 [ 3e5a36127e201ddf663176b66828fafe ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:31:04.0410 5704 NetTcpPortSharing - ok
20:31:04.0541 5704 [ 705283c02177809ca9fa7cc58a4f1e77 ] netw5v64 C:\Windows\system32\DRIVERS\netw5v64.sys
20:31:04.0576 5704 netw5v64 - ok
20:31:04.0615 5704 [ 77889813be4d166cdab78ddba990da92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
20:31:04.0616 5704 nfrd960 - ok
20:31:04.0654 5704 [ d9a0ce66046d6efa0c61baa885cba0a8 ] NlaSvc C:\Windows\System32\nlasvc.dll
20:31:04.0660 5704 NlaSvc - ok
20:31:04.0681 5704 [ 1e4c4ab5c9b8dd13179bbdc75a2a01f7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
20:31:04.0683 5704 Npfs - ok
20:31:04.0696 5704 [ d54bfdf3e0c953f823b3d0bfe4732528 ] nsi C:\Windows\system32\nsisvc.dll
20:31:04.0698 5704 nsi - ok
20:31:04.0709 5704 [ e7f5ae18af4168178a642a9247c63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
20:31:04.0710 5704 nsiproxy - ok
20:31:04.0779 5704 [ 378e0e0dfea67d98ae6ea53adbbd76bc ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
20:31:04.0825 5704 Ntfs - ok
20:31:04.0840 5704 [ 9899284589f75fa8724ff3d16aed75c1 ] Null C:\Windows\system32\drivers\Null.sys
20:31:04.0842 5704 Null - ok
20:31:04.0884 5704 [ a4d9c9a608a97f59307c2f2600edc6a4 ] nvraid C:\Windows\system32\drivers\nvraid.sys
20:31:04.0885 5704 nvraid - ok
20:31:04.0910 5704 [ 6c1d5f70e7a6a3fd1c90d840edc048b9 ] nvstor C:\Windows\system32\drivers\nvstor.sys
20:31:04.0912 5704 nvstor - ok
20:31:04.0930 5704 [ 270d7cd42d6e3979f6dd0146650f0e05 ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
20:31:04.0931 5704 nv_agp - ok
20:31:04.0945 5704 [ 3589478e4b22ce21b41fa1bfc0b8b8a0 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
20:31:04.0946 5704 ohci1394 - ok
20:31:05.0000 5704 [ 9d10f99a6712e28f8acd5641e3a7ea6b ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:31:05.0001 5704 ose - ok
20:31:05.0142 5704 [ 61bffb5f57ad12f83ab64b7181829b34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
20:31:05.0174 5704 osppsvc - ok
20:31:05.0229 5704 [ 3eac4455472cc2c97107b5291e0dcafe ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
20:31:05.0237 5704 p2pimsvc - ok
20:31:05.0265 5704 [ 927463ecb02179f88e4b9a17568c63c3 ] p2psvc C:\Windows\system32\p2psvc.dll
20:31:05.0273 5704 p2psvc - ok
20:31:05.0305 5704 [ 0086431c29c35be1dbc43f52cc273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
20:31:05.0306 5704 Parport - ok
20:31:05.0350 5704 [ 90061b1acfe8ccaa5345750ffe08d8b8 ] partmgr C:\Windows\system32\drivers\partmgr.sys
20:31:05.0353 5704 partmgr - ok
20:31:05.0374 5704 [ 3aeaa8b561e63452c655dc0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
20:31:05.0379 5704 PcaSvc - ok
20:31:05.0395 5704 [ f36f6504009f2fb0dfd1b17a116ad74b ] pci C:\Windows\system32\DRIVERS\pci.sys
20:31:05.0399 5704 pci - ok
20:31:05.0409 5704 [ b5b8b5ef2e5cb34df8dcf8831e3534fa ] pciide C:\Windows\system32\DRIVERS\pciide.sys
20:31:05.0409 5704 pciide - ok
20:31:05.0420 5704 [ b2e81d4e87ce48589f98cb8c05b01f2f ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
20:31:05.0422 5704 pcmcia - ok
20:31:05.0442 5704 [ d6b9c2e1a11a3a4b26a182ffef18f603 ] pcw C:\Windows\system32\drivers\pcw.sys
20:31:05.0444 5704 pcw - ok
20:31:05.0476 5704 [ 68769c3356b3be5d1c732c97b9a80d6e ] PEAUTH C:\Windows\system32\drivers\peauth.sys
20:31:05.0486 5704 PEAUTH - ok
20:31:05.0548 5704 [ b9b0a4299dd2d76a4243f75fd54dc680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
20:31:05.0579 5704 PeerDistSvc - ok
20:31:05.0661 5704 [ e495e408c93141e8fc72dc0c6046ddfa ] PerfHost C:\Windows\SysWow64\perfhost.exe
20:31:05.0664 5704 PerfHost - ok
20:31:05.0715 5704 [ 557e9a86f65f0de18c9b6751dfe9d3f1 ] pla C:\Windows\system32\pla.dll
20:31:05.0764 5704 pla - ok
20:31:05.0805 5704 [ 98b1721b8718164293b9701b98c52d77 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
20:31:05.0812 5704 PlugPlay - ok
20:31:05.0828 5704 [ 7195581cec9bb7d12abe54036acc2e38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
20:31:05.0831 5704 PNRPAutoReg - ok
20:31:05.0857 5704 [ 3eac4455472cc2c97107b5291e0dcafe ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
20:31:05.0861 5704 PNRPsvc - ok
20:31:05.0909 5704 [ 4f0878fd62d5f7444c5f1c4c66d9d293 ] Point64 C:\Windows\system32\DRIVERS\point64.sys
20:31:05.0910 5704 Point64 - ok
20:31:05.0949 5704 [ 166eb40d1f5b47e615de3d0fffe5f243 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
20:31:05.0959 5704 PolicyAgent - ok
20:31:05.0986 5704 [ 6ba9d927dded70bd1a9caded45f8b184 ] Power C:\Windows\system32\umpo.dll
20:31:05.0991 5704 Power - ok
20:31:06.0052 5704 [ bf179cfcfdb28b9e28397835beafe332 ] Power Manager DBC Service C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
20:31:06.0053 5704 Power Manager DBC Service - ok
20:31:06.0081 5704 [ 27cc19e81ba5e3403c48302127bda717 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
20:31:06.0084 5704 PptpMiniport - ok
20:31:06.0100 5704 [ 0d922e23c041efb1c3fac2a6f943c9bf ] Processor C:\Windows\system32\DRIVERS\processr.sys
20:31:06.0101 5704 Processor - ok
20:31:06.0130 5704 [ 97293447431311c06703368ad0f6c4be ] ProfSvc C:\Windows\system32\profsvc.dll
20:31:06.0136 5704 ProfSvc - ok
20:31:06.0155 5704 [ 156f6159457d0aa7e59b62681b56eb90 ] ProtectedStorage C:\Windows\system32\lsass.exe
20:31:06.0156 5704 ProtectedStorage - ok
20:31:06.0187 5704 [ 515a7c5a0886fcc60901916785efd549 ] psadd C:\Windows\system32\DRIVERS\psadd.sys
20:31:06.0188 5704 psadd - ok
20:31:06.0208 5704 [ ee992183bd8eaefd9973f352e587a299 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
20:31:06.0211 5704 Psched - ok
20:31:06.0239 5704 [ 4712cc14e720ecccc0aa16949d18aaf1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
20:31:06.0240 5704 PxHlpa64 - ok
20:31:06.0302 5704 [ a53a15a11ebfd21077463ee2c7afeef0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
20:31:06.0312 5704 ql2300 - ok
20:31:06.0345 5704 [ 4f6d12b51de1aaeff7dc58c4d75423c8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
20:31:06.0347 5704 ql40xx - ok
20:31:06.0376 5704 [ 906191634e99aea92c4816150bda3732 ] QWAVE C:\Windows\system32\qwave.dll
20:31:06.0382 5704 QWAVE - ok
20:31:06.0401 5704 [ 76707bb36430888d9ce9d705398adb6c ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
20:31:06.0403 5704 QWAVEdrv - ok
20:31:06.0413 5704 [ 5a0da8ad5762fa2d91678a8a01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
20:31:06.0415 5704 RasAcd - ok
20:31:06.0443 5704 [ 7ecff9b22276b73f43a99a15a6094e90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
20:31:06.0445 5704 RasAgileVpn - ok
20:31:06.0456 5704 [ 8f26510c5383b8dbe976de1cd00fc8c7 ] RasAuto C:\Windows\System32\rasauto.dll
20:31:06.0460 5704 RasAuto - ok
20:31:06.0475 5704 [ 87a6e852a22991580d6d39adc4790463 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
20:31:06.0478 5704 Rasl2tp - ok
20:31:06.0497 5704 [ 47394ed3d16d053f5906efe5ab51cc83 ] RasMan C:\Windows\System32\rasmans.dll
20:31:06.0504 5704 RasMan - ok
20:31:06.0520 5704 [ 855c9b1cd4756c5e9a2aa58a15f58c25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
20:31:06.0522 5704 RasPppoe - ok
20:31:06.0543 5704 [ e8b1e447b008d07ff47d016c2b0eeecb ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
20:31:06.0546 5704 RasSstp - ok
20:31:06.0566 5704 [ 3bac8142102c15d59a87757c1d41dce5 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
20:31:06.0573 5704 rdbss - ok
20:31:06.0593 5704 [ 302da2a0539f2cf54d7c6cc30c1f2d8d ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
20:31:06.0595 5704 rdpbus - ok
20:31:06.0608 5704 [ cea6cc257fc9b7715f1c2b4849286d24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
20:31:06.0608 5704 RDPCDD - ok
20:31:06.0634 5704 [ 9706b84dbabfc4b4ca46c5a82b14dfa3 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
20:31:06.0637 5704 RDPDR - ok
20:31:06.0649 5704 [ bb5971a4f00659529a5c44831af22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
20:31:06.0650 5704 RDPENCDD - ok
20:31:06.0668 5704 [ 216f3fa57533d98e1f74ded70113177a ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
20:31:06.0668 5704 RDPREFMP - ok
20:31:06.0696 5704 [ 447de7e3dea39d422c1504f245b668b1 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
20:31:06.0700 5704 RDPWD - ok
20:31:06.0715 5704 [ 634b9a2181d98f15941236886164ec8b ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
20:31:06.0720 5704 rdyboost - ok
20:31:06.0813 5704 [ bc0db8ae78ada06e54eb442932af6cfd ] Remote Solver for Flow Simulation 2011 C:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe
20:31:06.0814 5704 Remote Solver for Flow Simulation 2011 - ok
20:31:06.0838 5704 [ 254fb7a22d74e5511c73a3f6d802f192 ] RemoteAccess C:\Windows\System32\mprdim.dll
20:31:06.0844 5704 RemoteAccess - ok
20:31:06.0875 5704 [ e4d94f24081440b5fc5aa556c7c62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
20:31:06.0881 5704 RemoteRegistry - ok
20:31:06.0912 5704 [ 3dd798846e2c28102b922c56e71b7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
20:31:06.0913 5704 RFCOMM - ok
20:31:06.0977 5704 [ 14a99fd851272c73b758546ef8f0e641 ] Roxio UPnP Renderer 10 C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
20:31:06.0979 5704 Roxio UPnP Renderer 10 - ok
20:31:07.0004 5704 [ ba917f2f2bd5033e70823797c73cdfcb ] Roxio Upnp Server 10 C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe
20:31:07.0007 5704 Roxio Upnp Server 10 - ok
20:31:07.0069 5704 [ 8986d20cf294d794a79fb18ff697b68b ] RoxLiveShare10 C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
20:31:07.0072 5704 RoxLiveShare10 - ok
20:31:07.0118 5704 [ d8c44229eb2495e774350529ed9be08d ] RoxMediaDB10 C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
20:31:07.0126 5704 RoxMediaDB10 - ok
20:31:07.0157 5704 [ 53716357f4b3c99112cf0a21932c5688 ] RoxWatch10 C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
20:31:07.0159 5704 RoxWatch10 - ok
20:31:07.0198 5704 [ e4dc58cf7b3ea515ae917ff0d402a7bb ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
20:31:07.0201 5704 RpcEptMapper - ok
20:31:07.0229 5704 [ d5ba242d4cf8e384db90e6a8ed850b8c ] RpcLocator C:\Windows\system32\locator.exe
20:31:07.0232 5704 RpcLocator - ok
20:31:07.0266 5704 [ 7266972e86890e2b30c0c322e906b027 ] RpcSs C:\Windows\system32\rpcss.dll
20:31:07.0271 5704 RpcSs - ok
20:31:07.0290 5704 [ ddc86e4f8e7456261e637e3552e804ff ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
20:31:07.0293 5704 rspndr - ok
20:31:07.0319 5704 [ b49dc435ae3695bac5623dd94b05732d ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
20:31:07.0321 5704 RTL8167 - ok
20:31:07.0337 5704 [ 88af6e02ab19df7fd07ecdf9c91e9af6 ] s3cap C:\Windows\system32\DRIVERS\vms3cap.sys
20:31:07.0338 5704 s3cap - ok
20:31:07.0355 5704 [ 156f6159457d0aa7e59b62681b56eb90 ] SamSs C:\Windows\system32\lsass.exe
20:31:07.0357 5704 SamSs - ok
20:31:07.0376 5704 [ e3bbb89983daf5622c1d50cf49f28227 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
20:31:07.0377 5704 sbp2port - ok
20:31:07.0477 5704 [ 794d4b48dfb6e999537c7c3947863463 ] SBSDWSCService C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
20:31:07.0485 5704 SBSDWSCService - ok
20:31:07.0549 5704 [ 9b7395789e3791a3b6d000fe6f8b131e ] SCardSvr C:\Windows\System32\SCardSvr.dll
20:31:07.0555 5704 SCardSvr - ok
20:31:07.0574 5704 [ c94da20c7e3ba1dca269bc8460d98387 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
20:31:07.0576 5704 scfilter - ok
20:31:07.0621 5704 [ 624d0f5ff99428bb90a5b8a4123e918e ] Schedule C:\Windows\system32\schedsvc.dll
20:31:07.0648 5704 Schedule - ok
20:31:07.0686 5704 [ 312e2f82af11e79906898ac3e3d58a1f ] SCPolicySvc C:\Windows\System32\certprop.dll
20:31:07.0689 5704 SCPolicySvc - ok
20:31:07.0708 5704 [ 54e47ad086782d3ae9417c155cdceb9b ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
20:31:07.0711 5704 sdbus - ok
20:31:07.0732 5704 [ 765a27c3279ce11d14cb9e4f5869fca5 ] SDRSVC C:\Windows\System32\SDRSVC.dll
20:31:07.0737 5704 SDRSVC - ok
20:31:07.0754 5704 [ 3ea8a16169c26afbeb544e0e48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
20:31:07.0755 5704 secdrv - ok
20:31:07.0767 5704 [ 463b386ebc70f98da5dff85f7e654346 ] seclogon C:\Windows\system32\seclogon.dll
20:31:07.0771 5704 seclogon - ok
20:31:07.0794 5704 [ c32ab8fa018ef34c0f113bd501436d21 ] SENS C:\Windows\System32\sens.dll
20:31:07.0798 5704 SENS - ok
20:31:07.0818 5704 [ 0336cffafaab87a11541f1cf1594b2b2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
20:31:07.0823 5704 SensrSvc - ok
20:31:07.0880 5704 [ 7e2c360b6cc0d87b8ef38439b53dfc71 ] SepMasterService C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe
20:31:07.0882 5704 SepMasterService - ok
20:31:07.0895 5704 [ cb624c0035412af0debec78c41f5ca1b ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
20:31:07.0896 5704 Serenum - ok
20:31:07.0939 5704 [ c1d8e28b2c2adfaec4ba89e9fda69bd6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
20:31:07.0940 5704 Serial - ok
20:31:07.0958 5704 [ 1c545a7d0691cc4a027396535691c3e3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
20:31:07.0960 5704 sermouse - ok
20:31:08.0002 5704 [ c3bc61ce47ff6f4e88ab8a3b429a36af ] SessionEnv C:\Windows\system32\sessenv.dll
20:31:08.0006 5704 SessionEnv - ok
20:31:08.0019 5704 [ a554811bcd09279536440c964ae35bbf ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
20:31:08.0019 5704 sffdisk - ok
20:31:08.0031 5704 [ ff414f0baefeba59bc6c04b3db0b87bf ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
20:31:08.0032 5704 sffp_mmc - ok
20:31:08.0050 5704 [ 5588b8c6193eb1522490c122eb94dffa ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
20:31:08.0051 5704 sffp_sd - ok
20:31:08.0073 5704 [ a9d601643a1647211a1ee2ec4e433ff4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
20:31:08.0074 5704 sfloppy - ok
20:31:08.0110 5704 [ b95f6501a2f8b2e78c697fec401970ce ] SharedAccess C:\Windows\System32\ipnathlp.dll
20:31:08.0117 5704 SharedAccess - ok
20:31:08.0152 5704 [ 0298ac45d0efffb2db4baa7dd186e7bf ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:31:08.0158 5704 ShellHWDetection - ok
20:31:08.0184 5704 [ 5a5346931ce61ea85f8338f7a03131f7 ] Shockprf C:\Windows\system32\DRIVERS\Apsx64.sys
20:31:08.0185 5704 Shockprf - ok
20:31:08.0207 5704 [ 843caf1e5fde1ffd5ff768f23a51e2e1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:31:08.0208 5704 SiSRaid2 - ok
20:31:08.0225 5704 [ 6a6c106d42e9ffff8b9fcb4f754f6da4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
20:31:08.0228 5704 SiSRaid4 - ok
20:31:08.0235 5704 [ 548260a7b8654e024dc30bf8a7c5baa4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
20:31:08.0238 5704 Smb - ok
20:31:08.0334 5704 [ c9ee967406d9d5429c53718918164e8a ] SmcService C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin64\Smc.exe
20:31:08.0351 5704 SmcService - ok
20:31:08.0382 5704 [ 7d93da29d4eba331187bf5843c9b6497 ] SNAC C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin64\snac64.exe
20:31:08.0385 5704 SNAC - ok
20:31:08.0464 5704 [ 6313f223e817cc09aa41811daa7f541d ] SNMPTRAP C:\Windows\System32\snmptrap.exe
20:31:08.0468 5704 SNMPTRAP - ok
20:31:08.0524 5704 [ 4945020bc094c322571184a6e8056b3a ] SolidWorks Licensing Service C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
20:31:08.0525 5704 SolidWorks Licensing Service - ok
20:31:08.0543 5704 [ b9e31e5cacdfe584f34f730a677803f9 ] spldr C:\Windows\system32\drivers\spldr.sys
20:31:08.0545 5704 spldr - ok
20:31:08.0585 5704 [ f8e1fa03cb70d54a9892ac88b91d1e7b ] Spooler C:\Windows\System32\spoolsv.exe
20:31:08.0594 5704 Spooler - ok
20:31:08.0682 5704 [ 913d843498553a1bc8f8dbad6358e49f ] sppsvc C:\Windows\system32\sppsvc.exe
20:31:08.0784 5704 sppsvc - ok
20:31:08.0796 5704 [ 93d7d61317f3d4bc4f4e9f8a96a7de45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
20:31:08.0800 5704 sppuinotify - ok
20:31:08.0863 5704 [ 86ebd8b1f23e743aad21f4d5b4d40985 ] SQLBrowser c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
20:31:08.0864 5704 SQLBrowser - ok
20:31:08.0917 5704 [ 3c432a96363097870995e2a3c8b66abd ] SQLWriter c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
20:31:08.0919 5704 SQLWriter - ok
20:31:08.0986 5704 [ 02b1685a670e4d48c2d1ee3913c122a4 ] SRTSP C:\Windows\system32\Drivers\SEP\0C01029F\136B.105\x64\SRTSP64.SYS
20:31:08.0991 5704 SRTSP - ok
20:31:09.0011 5704 [ c27436186a99b647c38b9ea6ef36e2db ] SRTSPX C:\Windows\system32\Drivers\SEP\0C01029F\136B.105\x64\SRTSPX64.SYS
20:31:09.0012 5704 SRTSPX - ok
20:31:09.0051 5704 [ 2408c0366d96bcdf63e8f1c78e4a29c5 ] srv C:\Windows\system32\DRIVERS\srv.sys
20:31:09.0060 5704 srv - ok
20:31:09.0093 5704 [ 76548f7b818881b47d8d1ae1be9c11f8 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
20:31:09.0100 5704 srv2 - ok
20:31:09.0126 5704 [ 0c4540311e11664b245a263e1154cef8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS
20:31:09.0128 5704 SrvHsfHDA - ok
20:31:09.0181 5704 [ 02071d207a9858fbe3a48cbfd59c4a04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS
20:31:09.0191 5704 SrvHsfV92 - ok
20:31:09.0237 5704 [ 18e40c245dbfaf36fd0134a7ef2df396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
20:31:09.0243 5704 SrvHsfWinac - ok
20:31:09.0265 5704 [ 0af6e19d39c70844c5caa8fb0183c36e ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
20:31:09.0269 5704 srvnet - ok
20:31:09.0301 5704 [ 51b52fbd583cde8aa9ba62b8b4298f33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
20:31:09.0307 5704 SSDPSRV - ok
20:31:09.0326 5704 [ ab7aebf58dad8daab7a6c45e6a8885cb ] SstpSvc C:\Windows\system32\sstpsvc.dll
20:31:09.0330 5704 SstpSvc - ok
20:31:09.0356 5704 [ f3817967ed533d08327dc73bc4d5542a ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
20:31:09.0356 5704 stexstor - ok
20:31:09.0389 5704 [ 52d0e33b681bd0f33fdc08812fee4f7d ] stisvc C:\Windows\System32\wiaservc.dll
20:31:09.0400 5704 stisvc - ok
20:31:09.0444 5704 [ ff5eb78af7dfb68c2fb363537aaf753e ] stllssvr C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
20:31:09.0445 5704 stllssvr - ok
20:31:09.0458 5704 [ ffd7a6f15b14234b5b0e5d49e7961895 ] storflt C:\Windows\system32\DRIVERS\vmstorfl.sys
20:31:09.0459 5704 storflt - ok
20:31:09.0487 5704 [ c40841817ef57d491f22eb103da587cc ] StorSvc C:\Windows\system32\storsvc.dll
20:31:09.0494 5704 StorSvc - ok
20:31:09.0516 5704 [ 8fccbefc5c440b3c23454656e551b09a ] storvsc C:\Windows\system32\DRIVERS\storvsc.sys
20:31:09.0517 5704 storvsc - ok
20:31:09.0567 5704 [ 91403353d039dc6d3d81644a68422649 ] SUService c:\Program Files (x86)\Lenovo\System Update\SUService.exe
20:31:09.0568 5704 SUService - ok
20:31:09.0580 5704 [ d01ec09b6711a5f8e7e6564a4d0fbc90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
20:31:09.0580 5704 swenum - ok
20:31:09.0602 5704 [ e08e46fdd841b7184194011ca1955a0b ] swprv C:\Windows\System32\swprv.dll
20:31:09.0612 5704 swprv - ok
20:31:09.0650 5704 [ 52eb25bd8ab4e331028c48b178441b36 ] sxuptp C:\Windows\system32\DRIVERS\sxuptp.sys
20:31:09.0653 5704 sxuptp - ok
20:31:09.0682 5704 [ e2864e707bc59b2eab09c6b2db26a1aa ] SyDvCtrl C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin64\SyDvCtrl64.sys
20:31:09.0682 5704 SyDvCtrl - ok
20:31:09.0712 5704 [ f017987b177f7bbc989318d59309d091 ] SymDS C:\Windows\system32\Drivers\SEP\0C01029F\136B.105\x64\SYMDS64.SYS
20:31:09.0715 5704 SymDS - ok
20:31:09.0744 5704 [ ba589e090506aae847f128aa6bbb376a ] SymEFA C:\Windows\system32\Drivers\SEP\0C01029F\136B.105\x64\SYMEFA64.SYS
20:31:09.0751 5704 SymEFA - ok
20:31:09.0778 5704 [ 36b77f5c9e21f88a8c8ec67ad5415819 ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
20:31:09.0779 5704 SymEvent - ok
20:31:09.0805 5704 [ 66b80d43191ba671a9bb8254e8236eb7 ] SymIRON C:\Windows\system32\Drivers\SEP\0C01029F\136B.105\x64\Ironx64.SYS
20:31:09.0807 5704 SymIRON - ok
20:31:09.0834 5704 [ a6adb3d83023f8daa0f7b6fda785d83b ] SYMNETS C:\Windows\system32\Drivers\SEP\0C01029F\136B.105\x64\SYMNETS.SYS
20:31:09.0837 5704 SYMNETS - ok
20:31:09.0870 5704 [ 929c9fa0b18ad2ebc8340591c4bf00ff ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
20:31:09.0872 5704 SynTP - ok
20:31:09.0926 5704 [ 3c1284516a62078fb68f768de4f1a7be ] SysMain C:\Windows\system32\sysmain.dll
20:31:09.0995 5704 SysMain - ok
20:31:10.0027 5704 [ 29c2a08f4b6566dd8735cdb737bbaf03 ] SysPlant C:\Windows\system32\Drivers\SysPlant.sys
20:31:10.0029 5704 SysPlant - ok
20:31:10.0056 5704 [ 238935c3cf2854886dc7cbb2a0e2cc66 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:31:10.0061 5704 TabletInputService - ok
20:31:10.0102 5704 [ 884264ac597b690c5707c89723bb8e7b ] TapiSrv C:\Windows\System32\tapisrv.dll
20:31:10.0110 5704 TapiSrv - ok
20:31:10.0138 5704 [ 1be03ac720f4d302ea01d40f588162f6 ] TBS C:\Windows\System32\tbssvc.dll
20:31:10.0143 5704 TBS - ok
20:31:10.0293 5704 [ 624c5b3aa4c99b3184bb922d9ece3ff0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
20:31:10.0376 5704 Tcpip - ok
20:31:10.0493 5704 [ 624c5b3aa4c99b3184bb922d9ece3ff0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
20:31:10.0522 5704 TCPIP6 - ok
20:31:10.0584 5704 [ 76d078af6f587b162d50210f761eb9ed ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
20:31:10.0588 5704 tcpipreg - ok
20:31:10.0617 5704 [ 3371d21011695b16333a3934340c4e7c ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
20:31:10.0620 5704 TDPIPE - ok
20:31:10.0667 5704 [ 7518f7bcfd4b308abc9192bacaf6c970 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
20:31:10.0670 5704 TDTCP - ok
20:31:10.0693 5704 [ 079125c4b17b01fcaeebce0bcb290c0f ] tdx C:\Windows\system32\DRIVERS\tdx.sys
20:31:10.0697 5704 tdx - ok
20:31:10.0750 5704 [ cb21ea9de4b89a3b281325dfe11a98aa ] Teefer2 C:\Windows\system32\DRIVERS\Teefer.sys
20:31:10.0752 5704 Teefer2 - ok
20:31:10.0773 5704 [ c448651339196c0e869a355171875522 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
20:31:10.0781 5704 TermDD - ok
20:31:10.0842 5704 [ 0f05ec2887bfe197ad82a13287d2f404 ] TermService C:\Windows\System32\termsrv.dll
20:31:10.0891 5704 TermService - ok
20:31:10.0955 5704 [ f0344071948d1a1fa732231785a0664c ] Themes C:\Windows\system32\themeservice.dll
20:31:10.0964 5704 Themes - ok
20:31:11.0038 5704 [ 39ac444e07fdbd8c2e8e291a65d515d3 ] ThinkVantage Registry Monitor Service C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
20:31:11.0053 5704 ThinkVantage Registry Monitor Service - ok
20:31:11.0089 5704 [ e40e80d0304a73e8d269f7141d77250b ] THREADORDER C:\Windows\system32\mmcss.dll
20:31:11.0100 5704 THREADORDER - ok
20:31:11.0121 5704 [ 7e25f9ae51daac0791df1eb949a58dbe ] TPDIGIMN C:\Windows\system32\DRIVERS\ApsHM64.sys
20:31:11.0122 5704 TPDIGIMN - ok
20:31:11.0160 5704 [ dd96de244cb186207149bc897e67217a ] TPHDEXLGSVC C:\Windows\system32\TPHDEXLG64.exe
20:31:11.0164 5704 TPHDEXLGSVC - ok
20:31:11.0213 5704 [ a2080872efb7582b43762141ae8d61b9 ] TPHKSVC C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
20:31:11.0214 5704 TPHKSVC - ok
20:31:11.0235 5704 [ dbcc20c02e8a3e43b03c304a4e40a84f ] TPM C:\Windows\system32\drivers\tpm.sys
20:31:11.0236 5704 TPM - ok
20:31:11.0262 5704 [ 2c067e01d6bbccc88b233b868e210907 ] TPPWRIF C:\Windows\system32\drivers\Tppwr64v.sys
20:31:11.0263 5704 TPPWRIF - ok
20:31:11.0295 5704 [ 7e7afd841694f6ac397e99d75cead49d ] TrkWks C:\Windows\System32\trkwks.dll
20:31:11.0301 5704 TrkWks - ok
20:31:11.0355 5704 [ 840f7fb849f5887a49ba18c13b2da920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:31:11.0360 5704 TrustedInstaller - ok
20:31:11.0400 5704 [ 61b96c26131e37b24e93327a0bd1fb95 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
20:31:11.0403 5704 tssecsrv - ok
20:31:11.0421 5704 [ 3836171a2cdf3af8ef10856db9835a70 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
20:31:11.0425 5704 tunnel - ok
20:31:11.0534 5704 [ b56da1aa776c15043d10f82b32aa000d ] TVT Backup Service C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe
20:31:11.0552 5704 TVT Backup Service - ok
20:31:11.0583 5704 [ b4dd609bd7e282bfc683cec7eaaaad67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
20:31:11.0585 5704 uagp35 - ok
20:31:11.0604 5704 [ d47baead86c65d4f4069d7ce0a4edceb ] udfs C:\Windows\system32\DRIVERS\udfs.sys
20:31:11.0615 5704 udfs - ok
20:31:11.0657 5704 [ 3cbdec8d06b9968aba702eba076364a1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
20:31:11.0662 5704 UI0Detect - ok
20:31:11.0673 5704 [ 4bfe1bc28391222894cbf1e7d0e42320 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
20:31:11.0675 5704 uliagpkx - ok
20:31:11.0695 5704 [ eab6c35e62b1b0db0d1b48b671d3a117 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
20:31:11.0698 5704 umbus - ok
20:31:11.0716 5704 [ b2e8e8cb557b156da5493bbddcc1474d ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
20:31:11.0717 5704 UmPass - ok
20:31:11.0743 5704 [ af0ac98ee5077eb844413eb54287fde3 ] UmRdpService C:\Windows\System32\umrdp.dll
20:31:11.0750 5704 UmRdpService - ok
20:31:11.0776 5704 [ d47ec6a8e81633dd18d2436b19baf6de ] upnphost C:\Windows\System32\upnphost.dll
20:31:11.0785 5704 upnphost - ok
20:31:11.0831 5704 [ fb251567f41bc61988b26731dec19e4b ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
20:31:11.0832 5704 USBAAPL64 - ok
20:31:11.0878 5704 [ 7b6a127c93ee590e4d79a5f2a76fe46f ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
20:31:11.0879 5704 usbccgp - ok
20:31:11.0906 5704 [ af0892a803fdda7492f595368e3b68e7 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
20:31:11.0908 5704 usbcir - ok
20:31:11.0943 5704 [ 92969ba5ac44e229c55a332864f79677 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
20:31:11.0946 5704 usbehci - ok
20:31:11.0964 5704 [ e7df1cfd28ca86b35ef5add0735ceef3 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
20:31:11.0970 5704 usbhub - ok
20:31:11.0988 5704 [ f1bb1e55f1e7a65c5839ccc7b36d773e ] usbohci C:\Windows\system32\drivers\usbohci.sys
20:31:11.0990 5704 usbohci - ok
20:31:12.0013 5704 [ 73188f58fb384e75c4063d29413cee3d ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
20:31:12.0016 5704 usbprint - ok
20:31:12.0079 5704 [ f39983647bc1f3e6100778ddfe9dce29 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:31:12.0083 5704 USBSTOR - ok
20:31:12.0116 5704 [ bc3070350a491d84b518d7cca9abd36f ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
20:31:12.0118 5704 usbuhci - ok
20:31:12.0159 5704 [ 7cb8c573c6e4a2714402cc0a36eab4fe ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
20:31:12.0163 5704 usbvideo - ok
20:31:12.0199 5704 [ edbb23cbcf2cdf727d64ff9b51a6070e ] UxSms C:\Windows\System32\uxsms.dll
20:31:12.0203 5704 UxSms - ok
20:31:12.0219 5704 [ 156f6159457d0aa7e59b62681b56eb90 ] VaultSvc C:\Windows\system32\lsass.exe
20:31:12.0221 5704 VaultSvc - ok
20:31:12.0253 5704 [ c5c876ccfc083ff3b128f933823e87bd ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
20:31:12.0255 5704 vdrvroot - ok
20:31:12.0283 5704 [ 44d73e0bbc1d3c8981304ba15135c2f2 ] vds C:\Windows\System32\vds.exe
20:31:12.0295 5704 vds - ok
20:31:12.0323 5704 [ da4da3f5e02943c2dc8c6ed875de68dd ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
20:31:12.0326 5704 vga - ok
20:31:12.0337 5704 [ 53e92a310193cb3c03bea963de7d9cfc ] VgaSave C:\Windows\System32\drivers\vga.sys
20:31:12.0339 5704 VgaSave - ok
20:31:12.0365 5704 [ c82e748660f62a242b2dfac1442f22a4 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
20:31:12.0367 5704 vhdmp - ok
20:31:12.0388 5704 [ e5689d93ffe4e5d66c0178761240dd54 ] viaide C:\Windows\system32\DRIVERS\viaide.sys
20:31:12.0388 5704 viaide - ok
20:31:12.0409 5704 [ 1501699d7eda984abc4155a7da5738d1 ] vmbus C:\Windows\system32\DRIVERS\vmbus.sys
20:31:12.0411 5704 vmbus - ok
20:31:12.0430 5704 [ ae10c35761889e65a6f7176937c5592c ] VMBusHID C:\Windows\system32\DRIVERS\VMBusHID.sys
20:31:12.0431 5704 VMBusHID - ok
20:31:12.0450 5704 [ 2b1a3dae2b4e70dbba822b7a03fbd4a3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
20:31:12.0452 5704 volmgr - ok
20:31:12.0479 5704 [ 99b0cbb569ca79acaed8c91461d765fb ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
20:31:12.0486 5704 volmgrx - ok
20:31:12.0521 5704 [ 58f82eed8ca24b461441f9c3e4f0bf5c ] volsnap C:\Windows\system32\DRIVERS\volsnap.sys
20:31:12.0527 5704 volsnap - ok
20:31:12.0573 5704 [ d9cc6202d8a3ec84f1516f6cc3e2e6ed ] vpnagent C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
20:31:12.0577 5704 vpnagent - ok
20:31:12.0616 5704 [ 845dae50510383b7f6aca73ce2099048 ] vpnva C:\Windows\system32\DRIVERS\vpnva64.sys
20:31:12.0617 5704 vpnva - ok
20:31:12.0635 5704 [ 5e2016ea6ebaca03c04feac5f330d997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
20:31:12.0637 5704 vsmraid - ok
20:31:12.0689 5704 [ 787898bf9fb6d7bd87a36e2d95c899ba ] VSS C:\Windows\system32\vssvc.exe
20:31:12.0734 5704 VSS - ok
20:31:12.0760 5704 [ 36d4720b72b5c5d9cb2b9c29e9df67a1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
20:31:12.0762 5704 vwifibus - ok
20:31:12.0790 5704 [ 1c9d80cc3849b3788048078c26486e1a ] W32Time C:\Windows\system32\w32time.dll
20:31:12.0799 5704 W32Time - ok
20:31:12.0828 5704 [ 4e9440f4f152a7b944cb1663d3935a3e ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
20:31:12.0829 5704 WacomPen - ok
20:31:12.0867 5704 [ 47ca49400643effd3f1c9a27e1d69324 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
20:31:12.0870 5704 WANARP - ok
20:31:12.0885 5704 [ 47ca49400643effd3f1c9a27e1d69324 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
20:31:12.0887 5704 Wanarpv6 - ok
20:31:12.0976 5704 [ 3cec96de223e49eaae3651fcf8faea6c ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
20:31:12.0986 5704 WatAdminSvc - ok
20:31:13.0087 5704 [ 5ab1bb85bd8b5089cc5d64200dedae68 ] wbengine C:\Windows\system32\wbengine.exe
20:31:13.0133 5704 wbengine - ok
20:31:13.0164 5704 [ 3aa101e8edab2db4131333f4325c76a3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
20:31:13.0170 5704 WbioSrvc - ok
20:31:13.0217 5704 [ dd1bae8ebfc653824d29ccf8c9054d68 ] wcncsvc C:\Windows\System32\wcncsvc.dll
20:31:13.0225 5704 wcncsvc - ok
20:31:13.0254 5704 [ 20f7441334b18cee52027661df4a6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:31:13.0258 5704 WcsPlugInService - ok
20:31:13.0312 5704 [ 72889e16ff12ba0f235467d6091b17dc ] Wd C:\Windows\system32\DRIVERS\wd.sys
20:31:13.0313 5704 Wd - ok
20:31:13.0436 5704 [ 441bd2d7b4f98134c3a4f9fa570fd250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
20:31:13.0634 5704 Wdf01000 - ok
20:31:13.0704 5704 [ bf1fc3f79b863c914687a737c2f3d681 ] WdiServiceHost C:\Windows\system32\wdi.dll
20:31:13.0711 5704 WdiServiceHost - ok
20:31:13.0716 5704 [ bf1fc3f79b863c914687a737c2f3d681 ] WdiSystemHost C:\Windows\system32\wdi.dll
20:31:13.0719 5704 WdiSystemHost - ok
20:31:13.0796 5704 [ 733006127f235be7c35354ebee7b9a7b ] WebClient C:\Windows\System32\webclnt.dll
20:31:13.0802 5704 WebClient - ok
20:31:13.0918 5704 [ c749025a679c5103e575e3b48e092c43 ] Wecsvc C:\Windows\system32\wecsvc.dll
20:31:13.0931 5704 Wecsvc - ok
20:31:13.0995 5704 [ 7e591867422dc788b9e5bd337a669a08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
20:31:13.0999 5704 wercplsupport - ok
20:31:14.0030 5704 [ 6d137963730144698cbd10f202e9f251 ] WerSvc C:\Windows\System32\WerSvc.dll
20:31:14.0038 5704 WerSvc - ok
20:31:14.0141 5704 [ 611b23304bf067451a9fdee01fbdd725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
20:31:14.0148 5704 WfpLwf - ok
20:31:14.0208 5704 [ 05ecaec3e4529a7153b3136ceb49f0ec ] WIMMount C:\Windows\system32\drivers\wimmount.sys
20:31:14.0209 5704 WIMMount - ok
20:31:14.0304 5704 WinDefend - ok
20:31:14.0310 5704 WinHttpAutoProxySvc - ok
20:31:15.0023 5704 [ 19b07e7e8915d701225da41cb3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
20:31:15.0031 5704 Winmgmt - ok
20:31:15.0550 5704 [ 41fbb751936b387f9179e7f03a74fe29 ] WinRM C:\Windows\system32\WsmSvc.dll
20:31:15.0660 5704 WinRM - ok
20:31:15.0800 5704 [ 817eaff5d38674edd7713b9dfb8e9791 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
20:31:15.0806 5704 WinUsb - ok
20:31:16.0018 5704 [ 4fada86e62f18a1b2f42ba18ae24e6aa ] Wlansvc C:\Windows\System32\wlansvc.dll
20:31:16.0047 5704 Wlansvc - ok
20:31:16.0137 5704 [ f6ff8944478594d0e414d3f048f0d778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
20:31:16.0141 5704 WmiAcpi - ok
20:31:16.0238 5704 [ 38b84c94c5a8af291adfea478ae54f93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
20:31:16.0260 5704 wmiApSrv - ok
20:31:16.0356 5704 WMPNetworkSvc - ok
20:31:16.0424 5704 [ 96c6e7100d724c69fcf9e7bf590d1dca ] WPCSvc C:\Windows\System32\wpcsvc.dll
20:31:16.0429 5704 WPCSvc - ok
20:31:16.0454 5704 [ 2e57ddf2880a7e52e76f41c7e96d327b ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
20:31:16.0465 5704 WPDBusEnum - ok
20:31:16.0769 5704 [ 6bcc1d7d2fd2453957c5479a32364e52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
20:31:16.0780 5704 ws2ifsl - ok
20:31:16.0915 5704 [ 8f9f3969933c02da96eb0f84576db43e ] wscsvc C:\Windows\system32\wscsvc.dll
20:31:16.0920 5704 wscsvc - ok
20:31:16.0927 5704 WSearch - ok
20:31:17.0317 5704 [ d9ef901dca379cfe914e9fa13b73b4c4 ] wuauserv C:\Windows\system32\wuaueng.dll
20:31:17.0401 5704 wuauserv - ok
20:31:17.0438 5704 [ 7cadc74271dd6461c452c271b30bd378 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
20:31:17.0447 5704 WudfPf - ok
20:31:17.0468 5704 [ 3b197af0fff08aa66b6b2241ca538d64 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
20:31:17.0475 5704 WUDFRd - ok
20:31:17.0524 5704 [ b551d6637aa0e132c18ac6e504f7b79b ] wudfsvc C:\Windows\System32\WUDFSvc.dll
20:31:17.0533 5704 wudfsvc - ok
20:31:17.0553 5704 [ 9a3452b3c2a46c073166c5cf49fad1ae ] WwanSvc C:\Windows\System32\wwansvc.dll
20:31:17.0563 5704 WwanSvc - ok
20:31:17.0582 5704 ================ Scan global ===============================
20:31:17.0606 5704 (ba0cd8c393e8c9f83354106093832c7b) C:\Windows\system32\basesrv.dll
20:31:17.0640 5704 (0cb6ebf4b461a6043353c570bd72a1e1) C:\Windows\system32\winsrv.dll
20:31:17.0656 5704 (0cb6ebf4b461a6043353c570bd72a1e1) C:\Windows\system32\winsrv.dll
20:31:17.0684 5704 (d6160f9d869ba3af0b787f971db56368) C:\Windows\system32\sxssrv.dll
20:31:17.0729 5704 (24acb7e5be595468e3b9aa488b9b4fcb) C:\Windows\system32\services.exe
20:31:17.0740 5704 [Global] - ok
20:31:17.0740 5704 ================ Scan MBR ==================================
20:31:17.0753 5704 MBR (0x1B8) (5ff46f8fb9e437ebd6f06557f60b6e4f) \Device\Harddisk0\DR0
20:31:18.0070 5704 \Device\Harddisk0\DR0 - ok
20:31:18.0070 5704 ================ Scan VBR ==================================
20:31:18.0076 5704 Boot (0x1200) (989413428ce58a8ac33033ad79ebd767) \Device\Harddisk0\DR0\Partition1
20:31:18.0080 5704 \Device\Harddisk0\DR0\Partition1 - ok
20:31:18.0109 5704 Boot (0x1200) (00a7466b293f491d3fc678e7eb7261d1) \Device\Harddisk0\DR0\Partition2
20:31:18.0113 5704 \Device\Harddisk0\DR0\Partition2 - ok
20:31:18.0150 5704 Boot (0x1200) (05ae93c7bab6e50c4739435571f041c3) \Device\Harddisk0\DR0\Partition3
20:31:18.0154 5704 \Device\Harddisk0\DR0\Partition3 - ok
20:31:18.0155 5704 ============================================================
20:31:18.0155 5704 Scan finished
20:31:18.0155 5704 ============================================================
20:31:18.0180 1956 Detected object count: 0
20:31:18.0180 1956 Actual detected object count: 0


While trying to run aswMBR I got the dreaded blue screen. I'll give it another go and try to post the log

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:26 PM

Posted 14 August 2012 - 08:45 PM

try only once more if it still blue screens just let me know



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 mxboy57

mxboy57
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:11:26 AM

Posted 14 August 2012 - 08:56 PM

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-14 20:43:14
-----------------------------
20:43:14.228 OS Version: Windows x64 6.1.7600
20:43:14.228 Number of processors: 2 586 0xF0D
20:43:14.243 ComputerName: THINK UserName:
20:43:16.755 Initialize success
20:43:27.940 AVAST engine defs: 12081401
20:43:34.211 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
20:43:34.211 Disk 0 Vendor: ST932032 0020 Size: 305245MB BusType: 3
20:43:34.227 Disk 0 MBR read successfully
20:43:34.227 Disk 0 MBR scan
20:43:34.242 Disk 0 unknown MBR code
20:43:34.258 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 1200 MB offset 2048
20:43:34.289 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 294043 MB offset 2459648
20:43:34.320 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 10000 MB offset 604659712
20:43:34.383 Disk 0 scanning C:\Windows\system32\drivers
20:43:54.572 Service scanning
20:44:49.266 Modules scanning
20:44:49.282 Disk 0 trace - called modules:
20:44:49.313 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys
20:44:49.328 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80057a3410]
20:44:49.344 3 CLASSPNP.SYS[fffff8800160143f] -> nt!IofCallDriver -> [0xfffffa80046a5510]
20:44:49.344 5 ACPI.sys[fffff88000f49781] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80046a8050]
20:44:50.640 AVAST engine scan C:\Windows
20:44:54.541 AVAST engine scan C:\Windows\system32
20:52:10.920 AVAST engine scan C:\Windows\system32\drivers
20:52:38.019 AVAST engine scan C:\Users\Christopher
20:55:04.312 File: C:\Users\Christopher\AppData\Local\{cc64a208-13f0-b11f-97a5-0636f70cde92}\U\00000004.@ **INFECTED** Win32:Malware-gen
20:55:04.702 File: C:\Users\Christopher\AppData\Local\{cc64a208-13f0-b11f-97a5-0636f70cde92}\U\000000cb.@ **INFECTED** Win32:Malware-gen
20:55:04.795 File: C:\Users\Christopher\AppData\Local\{cc64a208-13f0-b11f-97a5-0636f70cde92}\U\80000032.@ **INFECTED** Win32:Sirefef-AHF [Trj]
20:56:15.046 Disk 0 MBR has been saved successfully to "C:\Users\Christopher\Desktop\MBR.dat"
20:56:15.077 The log file has been saved successfully to "C:\Users\Christopher\Desktop\aswMBR2.txt"

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:26 PM

Posted 14 August 2012 - 09:17 PM

Hello

download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst64.exe and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.

[*]First Press the Scan button.
[*]It will make a log (FRST.txt)

[*]Second Type the following in the edit box after "Search:". services.exe
[*]Click the Search button
[*]It will make a log (Search.txt)
[/list]
I want you to poste Both the FRST.txt report and the Search.txt into your reply to me

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 mxboy57

mxboy57
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:11:26 AM

Posted 14 August 2012 - 09:38 PM

Scan result of Farbar Recovery Scan Tool Version: 14-08-2012
Ran by SYSTEM at 14-08-2012 21:26:19
Running from G:\
Windows 7 Professional (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7968800 2009-07-10] (Realtek Semiconductor)
HKLM\...\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe [68976 2009-03-13] (Lenovo Group Limited)
HKLM\...\Run: [LENOVO.TPFNF6R] C:\Program Files\Lenovo\HOTKEY\TPFNF6R.exe [62752 2009-08-19] (Lenovo Group Limited)
HKLM\...\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-08-07] (Intel Corporation)
HKLM\...\Run: [TpShocks] TpShocks.exe [x]
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [387608 2009-08-18] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [365592 2009-08-18] (Intel Corporation)
HKLM\...\Run: [AcWin7Hlpr] C:\Program Files (x86)\Lenovo\Access Connections\AcWin7Hlpr.exe showdeskband [274432 2009-09-08] ()
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1815848 2009-07-13] (Synaptics Incorporated)
HKLM\...\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2417032 2011-08-01] (Microsoft Corporation)
HKLM-x32\...\Run: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor [876832 2009-08-23] (Lenovo Group Limited)
HKLM-x32\...\Run: [Message Center Plus] C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe /start [49976 2009-05-27] ()
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" [244208 2009-08-04] (Sonic Solutions)
HKLM-x32\...\Run: [IdeaNotesUser] C:\Program Files (x86)\DDNI\Lenovo Idea Notes\DDNIMSGUser.exe [221872 2009-06-10] (Digital Delivery Networks, Inc.)
HKLM-x32\...\Run: [InstaLAN] "C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startup [1770400 2011-02-24] (Affinegy, Inc.)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized [527312 2012-01-13] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-03-27] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35696 2009-10-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [935288 2009-09-04] (Adobe Systems Incorporated)
HKU\Christopher\...\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2144088 2009-01-26] (Safer Networking Limited)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Lsa: [Notification Packages] scecli
ACGina

==================== Services (Whitelisted) ======

2 AffinegyService; "C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe" [566688 2011-02-24] (Affinegy, Inc.)
2 BcmSqlStartupSvc; "C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe" [30312 2008-01-11] (Microsoft Corporation)
2 Belkin Local Backup Service; "C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe" /service [181760 2010-02-17] ()
2 Belkin Network USB Helper; "C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe" /service [55296 2010-02-09] ()
2 DDNIService; C:\Program Files (x86)\DDNI\DIBS\DDNIService.exe [156336 2009-08-14] (Digital Delivery Networks, Inc.)
2 IviRegMgr; "C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe" [112152 2007-01-04] (InterVideo)
3 MSSQL$MSSMLBIZ; "C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ [29293408 2010-12-10] (Microsoft Corporation)
3 Remote Solver for Flow Simulation 2011; C:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe [110344 2010-12-01] (Mentor Graphics Corporation)
3 Roxio UPnP Renderer 10; "C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe" [313840 2009-08-04] (Sonic Solutions)
2 Roxio Upnp Server 10; "C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe" [362992 2009-08-04] (Sonic Solutions)
2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
2 SepMasterService; "C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe" /s "Symantec Endpoint Protection" /m "C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\sms.dll" /prefetch:1 [167344 2011-06-17] (Symantec Corporation)
3 SmcService; "C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin64\Smc.exe" /prefetch:1 [2591232 2011-06-17] (Symantec Corporation)
3 SNAC; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin64\snac64.exe [324528 2011-06-17] (Symantec Corporation)
3 stllssvr; "C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe" [74392 2009-04-30] (MicroVision Development, Inc.)
2 ThinkVantage Registry Monitor Service; "C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe" [1019904 2009-08-28] (Lenovo Group Limited)
3 TVT Backup Service; "C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe" [1474560 2009-09-03] (Lenovo Group Limited)
2 vpnagent; "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe" [476112 2012-01-13] (Cisco Systems, Inc.)

========================== Drivers (Whitelisted) =============

3 acsock; C:\Windows\System32\DRIVERS\acsock64.sys [106408 2012-01-13] (Cisco Systems, Inc.)
1 BHDrvx64; \??\C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\BASHDefs\20120803.011\BHDrvx64.sys [1161376 2012-08-02] (Symantec Corporation)
1 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-08-09] (Symantec Corporation)
3 EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-08-09] (Symantec Corporation)
1 IDSVia64; \??\C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\IPSDefs\20120814.003\IDSvia64.sys [509088 2012-06-26] (Symantec Corporation)
3 NAVENG; \??\C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\VirusDefs\20120814.017\ENG64.SYS [120440 2012-08-08] (Symantec Corporation)
3 NAVEX15; \??\C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\VirusDefs\20120814.017\EX64.SYS [2068600 2012-08-08] (Symantec Corporation)
1 SRTSP; C:\Windows\System32\Drivers\SEP\0C01029F\136B.105\x64\SRTSP64.SYS [745592 2011-05-27] (Symantec Corporation)
1 SRTSPX; C:\Windows\System32\Drivers\SEP\0C01029F\136B.105\x64\SRTSPX64.SYS [40568 2011-05-27] (Symantec Corporation)
2 sxuptp; C:\Windows\System32\Drivers\sxuptp.sys [291352 2009-06-22] (silex technology, Inc.)
3 SyDvCtrl; \??\C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin64\SyDvCtrl64.sys [29664 2011-06-17] (Symantec Corporation)
0 SymDS; C:\Windows\System32\Drivers\SEP\0C01029F\136B.105\x64\SYMDS64.SYS [451192 2011-05-02] (Symantec Corporation)
0 SymEFA; C:\Windows\System32\Drivers\SEP\0C01029F\136B.105\x64\SYMEFA64.SYS [928888 2011-05-17] (Symantec Corporation)
3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2012-01-03] (Symantec Corporation)
1 SymIRON; C:\Windows\System32\Drivers\SEP\0C01029F\136B.105\x64\Ironx64.SYS [170104 2011-05-10] (Symantec Corporation)
1 SYMNETS; C:\Windows\System32\Drivers\SEP\0C01029F\136B.105\x64\SYMNETS.SYS [386168 2011-04-21] (Symantec Corporation)
1 SysPlant; C:\Windows\System32\Drivers\SysPlant.sys [147632 2012-01-03] (Symantec Corporation)
1 Teefer2; C:\Windows\System32\DRIVERS\Teefer.sys [62136 2011-05-20] (Symantec Corporation)
1 TPPWRIF; C:\Windows\System32\drivers\Tppwr64v.sys [13104 2009-08-23] ()

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-08-14 21:25 - 2012-08-14 21:26 - 00000000 ____D C:\FRST
2012-08-14 18:20 - 2012-08-14 18:20 - 01442429 ____A (Farbar) C:\Users\Christopher\Downloads\FRST64.exe
2012-08-14 17:56 - 2012-08-14 17:56 - 00002319 ____A C:\Users\Christopher\Desktop\aswMBR2.txt
2012-08-14 17:56 - 2012-08-14 17:56 - 00000512 ____A C:\Users\Christopher\Desktop\MBR.dat
2012-08-14 17:39 - 2012-08-14 17:39 - 00276808 ____A C:\Windows\Minidump\081412-52494-01.dmp
2012-08-14 17:36 - 2012-08-14 17:36 - 00000460 ____A C:\Users\Christopher\Desktop\aswMBR.txt
2012-08-14 17:33 - 2012-08-14 17:34 - 04731392 ____A (AVAST Software) C:\Users\Christopher\Downloads\aswMBR.exe
2012-08-14 17:30 - 2012-08-14 17:30 - 02208856 ____A (Kaspersky Lab ZAO) C:\Users\Christopher\Downloads\tdsskiller.exe
2012-08-14 15:03 - 2012-08-14 15:41 - 00000000 ___SD C:\ComboFix
2012-08-14 13:28 - 2012-08-14 13:28 - 00000000 ____D C:\Qoobox
2012-08-14 13:28 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
2012-08-14 13:28 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
2012-08-14 13:28 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-08-14 13:28 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-08-14 13:28 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-08-14 13:28 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
2012-08-14 13:28 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
2012-08-14 13:28 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
2012-08-14 13:27 - 2012-08-14 15:03 - 00000000 ___SD C:\32788R22FWJFW
2012-08-14 13:27 - 2012-08-14 13:27 - 00000000 ____D C:\Windows\erdnt
2012-08-14 13:22 - 2012-08-14 13:22 - 04731615 ____R (Swearware) C:\Users\Christopher\Downloads\ComboFix.exe
2012-08-14 08:37 - 2012-08-14 08:37 - 00881494 ____A C:\Users\Christopher\Downloads\SecurityCheck.exe
2012-08-13 11:12 - 2012-08-13 11:12 - 00008421 ____A C:\Users\Christopher\Desktop\Attach.txt
2012-08-13 11:11 - 2012-08-13 11:11 - 00023109 ____A C:\Users\Christopher\Desktop\DDS.txt
2012-08-13 10:54 - 2012-08-13 10:54 - 00607260 ____R (Swearware) C:\Users\Christopher\Downloads\dds.com
2012-08-13 10:45 - 2012-08-13 10:45 - 00014543 ____A C:\Users\Christopher\Downloads\hijackthis.log
2012-08-13 10:43 - 2012-08-13 10:43 - 00388608 ____A (Trend Micro Inc.) C:\Users\Christopher\Downloads\HijackThis.exe
2012-08-09 04:34 - 2012-06-11 19:02 - 03147264 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-08-09 04:28 - 2012-06-02 04:49 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-08-09 04:28 - 2012-06-02 04:17 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-08-09 04:28 - 2012-06-02 04:12 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-08-09 04:28 - 2012-06-02 04:05 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-08-09 04:28 - 2012-06-02 04:05 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-08-09 04:28 - 2012-06-02 04:04 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-08-09 04:28 - 2012-06-02 04:04 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-08-09 04:28 - 2012-06-02 04:03 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-08-09 04:28 - 2012-06-02 04:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-08-09 04:28 - 2012-06-02 04:00 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-08-09 04:28 - 2012-06-02 03:59 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-08-09 04:28 - 2012-06-02 03:57 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-08-09 04:28 - 2012-06-02 03:57 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-08-09 04:28 - 2012-06-02 03:54 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-08-09 04:28 - 2012-06-02 01:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-08-09 04:28 - 2012-06-02 00:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-08-09 04:28 - 2012-06-02 00:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-08-09 04:28 - 2012-06-02 00:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-08-09 04:28 - 2012-06-02 00:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-08-09 04:28 - 2012-06-02 00:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-08-09 04:28 - 2012-06-02 00:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-08-09 04:28 - 2012-06-02 00:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-08-09 04:28 - 2012-06-02 00:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-08-09 04:28 - 2012-06-02 00:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-08-09 04:28 - 2012-06-02 00:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-08-09 04:28 - 2012-06-02 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-08-09 04:28 - 2012-06-02 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-08-09 04:28 - 2012-06-02 00:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-08-08 06:12 - 2012-06-08 21:30 - 14165504 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-08-08 06:12 - 2012-06-08 20:46 - 12868608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-08-08 06:12 - 2012-06-05 21:50 - 02003968 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-08-08 06:12 - 2012-06-05 21:50 - 01880064 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-08-08 06:12 - 2012-06-05 21:09 - 01389568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-08-08 06:12 - 2012-06-05 21:09 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-08-08 06:12 - 2012-06-01 21:38 - 00152432 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-08-08 06:12 - 2012-06-01 21:38 - 00095088 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-08-08 06:12 - 2012-06-01 21:37 - 00459216 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-08-08 06:12 - 2012-06-01 21:27 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-08-08 06:12 - 2012-06-01 21:27 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-08-08 06:12 - 2012-06-01 20:48 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-08-08 06:12 - 2012-06-01 20:48 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-08-08 06:12 - 2012-06-01 20:47 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-08-08 06:12 - 2012-06-01 20:42 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-08-08 05:33 - 2012-08-08 05:34 - 00276752 ____N C:\Windows\Minidump\080812-36426-01.dmp
2012-07-30 13:04 - 2012-07-30 13:05 - 00040930 ____N C:\Users\Christopher\Downloads\TPU_trnsfer_4856_marcotte.xfdl
2012-07-28 19:24 - 2012-07-28 19:24 - 00000000 ____D C:\Users\Christopher\AppData\Roaming\Roxio

============ 3 Months Modified Files ========================

2012-08-14 18:21 - 2009-10-04 04:05 - 01905279 ____A C:\Windows\WindowsUpdate.log
2012-08-14 18:20 - 2012-08-14 18:20 - 01442429 ____A (Farbar) C:\Users\Christopher\Downloads\FRST64.exe
2012-08-14 17:56 - 2012-08-14 17:56 - 00002319 ____A C:\Users\Christopher\Desktop\aswMBR2.txt
2012-08-14 17:56 - 2012-08-14 17:56 - 00000512 ____A C:\Users\Christopher\Desktop\MBR.dat
2012-08-14 17:47 - 2009-07-13 20:45 - 00020704 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-08-14 17:47 - 2009-07-13 20:45 - 00020704 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-08-14 17:39 - 2012-08-14 17:39 - 00276808 ____A C:\Windows\Minidump\081412-52494-01.dmp
2012-08-14 17:39 - 2012-01-13 11:11 - 651575927 ____A C:\Windows\MEMORY.DMP
2012-08-14 17:39 - 2009-10-04 03:57 - 00027098 ____A C:\Windows\PFRO.log
2012-08-14 17:39 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-08-14 17:39 - 2009-07-13 20:51 - 00057366 ____A C:\Windows\setupact.log
2012-08-14 17:36 - 2012-08-14 17:36 - 00000460 ____A C:\Users\Christopher\Desktop\aswMBR.txt
2012-08-14 17:34 - 2012-08-14 17:33 - 04731392 ____A (AVAST Software) C:\Users\Christopher\Downloads\aswMBR.exe
2012-08-14 17:30 - 2012-08-14 17:30 - 02208856 ____A (Kaspersky Lab ZAO) C:\Users\Christopher\Downloads\tdsskiller.exe
2012-08-14 13:32 - 2009-07-13 21:13 - 00792128 ____A C:\Windows\System32\PerfStringBackup.INI
2012-08-14 13:22 - 2012-08-14 13:22 - 04731615 ____R (Swearware) C:\Users\Christopher\Downloads\ComboFix.exe
2012-08-14 08:37 - 2012-08-14 08:37 - 00881494 ____A C:\Users\Christopher\Downloads\SecurityCheck.exe
2012-08-13 11:12 - 2012-08-13 11:12 - 00008421 ____A C:\Users\Christopher\Desktop\Attach.txt
2012-08-13 11:11 - 2012-08-13 11:11 - 00023109 ____A C:\Users\Christopher\Desktop\DDS.txt
2012-08-13 10:54 - 2012-08-13 10:54 - 00607260 ____R (Swearware) C:\Users\Christopher\Downloads\dds.com
2012-08-13 10:45 - 2012-08-13 10:45 - 00014543 ____A C:\Users\Christopher\Downloads\hijackthis.log
2012-08-13 10:43 - 2012-08-13 10:43 - 00388608 ____A (Trend Micro Inc.) C:\Users\Christopher\Downloads\HijackThis.exe
2012-08-09 04:54 - 2009-07-13 20:45 - 00481744 ____A C:\Windows\System32\FNTCACHE.DAT
2012-08-08 05:34 - 2012-08-08 05:33 - 00276752 ____N C:\Windows\Minidump\080812-36426-01.dmp
2012-07-30 13:05 - 2012-07-30 13:04 - 00040930 ____N C:\Users\Christopher\Downloads\TPU_trnsfer_4856_marcotte.xfdl
2012-07-05 05:03 - 2012-07-05 05:03 - 01166120 ____N C:\Windows\Minidump\070512-34117-01.dmp
2012-06-30 11:02 - 2012-06-30 11:02 - 00000000 ____H C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2012-06-29 08:26 - 2012-06-29 08:26 - 00426184 ____N (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-06-29 08:26 - 2012-01-12 05:13 - 00070344 ____N (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-06-11 19:02 - 2012-08-09 04:34 - 03147264 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-08 21:30 - 2012-08-08 06:12 - 14165504 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-08 20:46 - 2012-08-08 06:12 - 12868608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-06-05 21:50 - 2012-08-08 06:12 - 02003968 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-05 21:50 - 2012-08-08 06:12 - 01880064 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-05 21:09 - 2012-08-08 06:12 - 01389568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-06-05 21:09 - 2012-08-08 06:12 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-06-02 14:19 - 2012-06-28 15:15 - 02428952 ____N (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-28 15:15 - 00701976 ____N (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-28 15:15 - 00057880 ____N (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-28 15:15 - 00044056 ____N (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-28 15:15 - 00038424 ____N (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:15 - 2012-06-28 15:15 - 02622464 ____N (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-28 15:15 - 00099840 ____N (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 12:19 - 2012-06-28 15:14 - 00186752 ____N (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 12:15 - 2012-06-28 15:14 - 00036864 ____N (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-02 04:49 - 2012-08-09 04:28 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-02 04:17 - 2012-08-09 04:28 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-02 04:12 - 2012-08-09 04:28 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-02 04:05 - 2012-08-09 04:28 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-02 04:05 - 2012-08-09 04:28 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-02 04:04 - 2012-08-09 04:28 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-02 04:04 - 2012-08-09 04:28 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-02 04:03 - 2012-08-09 04:28 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-02 04:01 - 2012-08-09 04:28 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-02 04:00 - 2012-08-09 04:28 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-02 03:59 - 2012-08-09 04:28 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-02 03:57 - 2012-08-09 04:28 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-02 03:57 - 2012-08-09 04:28 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-02 03:54 - 2012-08-09 04:28 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-02 01:07 - 2012-08-09 04:28 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-02 00:43 - 2012-08-09 04:28 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-02 00:33 - 2012-08-09 04:28 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-02 00:26 - 2012-08-09 04:28 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-02 00:25 - 2012-08-09 04:28 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-02 00:25 - 2012-08-09 04:28 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-02 00:23 - 2012-08-09 04:28 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-02 00:21 - 2012-08-09 04:28 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-02 00:20 - 2012-08-09 04:28 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-02 00:19 - 2012-08-09 04:28 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-02 00:19 - 2012-08-09 04:28 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-02 00:17 - 2012-08-09 04:28 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-02 00:16 - 2012-08-09 04:28 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-02 00:14 - 2012-08-09 04:28 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-01 21:38 - 2012-08-08 06:12 - 00152432 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-06-01 21:38 - 2012-08-08 06:12 - 00095088 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-01 21:37 - 2012-08-08 06:12 - 00459216 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-06-01 21:27 - 2012-08-08 06:12 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-01 21:27 - 2012-08-08 06:12 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-06-01 20:48 - 2012-08-08 06:12 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-06-01 20:48 - 2012-08-08 06:12 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-06-01 20:47 - 2012-08-08 06:12 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-06-01 20:42 - 2012-08-08 06:12 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-05-27 08:26 - 2012-05-27 08:26 - 01343896 ____N C:\Windows\Minidump\052712-44210-01.dmp


ZeroAccess:
C:\Windows\Installer\{cc64a208-13f0-b11f-97a5-0636f70cde92}
C:\Windows\Installer\{cc64a208-13f0-b11f-97a5-0636f70cde92}\L

ZeroAccess:
C:\Users\Christopher\AppData\Local\{cc64a208-13f0-b11f-97a5-0636f70cde92}
C:\Users\Christopher\AppData\Local\{cc64a208-13f0-b11f-97a5-0636f70cde92}\@
C:\Users\Christopher\AppData\Local\{cc64a208-13f0-b11f-97a5-0636f70cde92}\L
C:\Users\Christopher\AppData\Local\{cc64a208-13f0-b11f-97a5-0636f70cde92}\U
C:\Users\Christopher\AppData\Local\{cc64a208-13f0-b11f-97a5-0636f70cde92}\L\00000004.@
C:\Users\Christopher\AppData\Local\{cc64a208-13f0-b11f-97a5-0636f70cde92}\U\00000004.@
C:\Users\Christopher\AppData\Local\{cc64a208-13f0-b11f-97a5-0636f70cde92}\U\00000008.@
C:\Users\Christopher\AppData\Local\{cc64a208-13f0-b11f-97a5-0636f70cde92}\U\000000cb.@
C:\Users\Christopher\AppData\Local\{cc64a208-13f0-b11f-97a5-0636f70cde92}\U\80000032.@
C:\Users\Christopher\AppData\Local\{cc64a208-13f0-b11f-97a5-0636f70cde92}\U\80000064.@

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 17%
Total physical RAM: 3932.86 MB
Available physical RAM: 3237.7 MB
Total Pagefile: 3931.01 MB
Available Pagefile: 3228.79 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (Windows7_OS) (Fixed) (Total:287.15 GB) (Free:65.25 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive e: (Lenovo_Recovery) (Fixed) (Total:9.77 GB) (Free:2.56 GB) NTFS
4 Drive g: (KINGSTON) (Removable) (Total:7.45 GB) (Free:3.25 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
6 Drive y: (SYSTEM_DRV) (Fixed) (Total:1.17 GB) (Free:0.5 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B
Disk 1 Online 7639 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1200 MB 1024 KB
Partition 2 Primary 287 GB 1201 MB
Partition 3 Primary 9 GB 288 GB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y SYSTEM_DRV NTFS Partition 1200 MB Healthy

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C Windows7_OS NTFS Partition 287 GB Healthy

==================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E Lenovo_Reco NTFS Partition 9 GB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7638 MB 31 KB

==================================================================================

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G KINGSTON FAT32 Removable 7638 MB Healthy

==================================================================================

Last Boot: 2012-03-20 18:23

======================= End Of Log ==========================






Farbar Recovery Scan Tool Version: 14-08-2012
Ran by SYSTEM at 2012-08-14 21:28:54
Running from G:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____N (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____N (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

====== End Of Search ======

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:26 PM

Posted 14 August 2012 - 10:17 PM

Hello

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flash drive as fixlist.txt

C:\Windows\Installer\{cc64a208-13f0-b11f-97a5-0636f70cde92}\L
C:\Windows\Installer\{cc64a208-13f0-b11f-97a5-0636f70cde92}
C:\Users\Christopher\AppData\Local\{cc64a208-13f0-b11f-97a5-0636f70cde92}\@
C:\Users\Christopher\AppData\Local\{cc64a208-13f0-b11f-97a5-0636f70cde92}


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flash drive (Fixlog.txt) please post it to your reply.

Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 mxboy57

mxboy57
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:11:26 AM

Posted 14 August 2012 - 10:29 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 14-08-2012
Ran by SYSTEM at 2012-08-14 22:25:17 Run:1
Running from G:\

==============================================

C:\Windows\Installer\{cc64a208-13f0-b11f-97a5-0636f70cde92}\L moved successfully.
C:\Windows\Installer\{cc64a208-13f0-b11f-97a5-0636f70cde92} moved successfully.
C:\Users\Christopher\AppData\Local\{cc64a208-13f0-b11f-97a5-0636f70cde92}\@ moved successfully.
C:\Users\Christopher\AppData\Local\{cc64a208-13f0-b11f-97a5-0636f70cde92} moved successfully.

==== End of Fixlog ====

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:26 PM

Posted 15 August 2012 - 08:14 AM

Very good - now lets try and run combofix now


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 mxboy57

mxboy57
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:11:26 AM

Posted 16 August 2012 - 11:52 AM

Sorry it took so long to get back to you. I was on a busness trip and didn't have the infected computer with me. Here are the results from combofix:



ComboFix 12-08-16.01 - Christopher 08/16/2012 10:50:17.3.2 - x64
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3933.2451 [GMT -5:00]
Running from: c:\users\Christopher\Downloads\ComboFix.exe
AV: Symantec Endpoint Protection *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Symantec Endpoint Protection *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Symantec Endpoint Protection *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\CHRIST~1\AppData\Local\Temp\1.tmp\F_IN_BOX.dll
c:\users\Christopher\AppData\Local\Microsoft\Windows\Temporary Internet Files\{6F6DBB18-4FBE-416F-B617-9465BFB29485}.xps
c:\users\Christopher\AppData\Local\Microsoft\Windows\Temporary Internet Files\{BBD3D959-1C4A-481C-A4D6-6AB6C13FA477}.xps
c:\users\Christopher\AppData\Local\Temp\1.tmp\F_IN_BOX.dll
c:\windows\SysWow64\jucheck.exe
c:\windows\SysWow64\jusched.exe
Q:\AUTORUN.INF
.
.
((((((((((((((((((((((((( Files Created from 2012-07-16 to 2012-08-16 )))))))))))))))))))))))))))))))
.
.
2012-08-16 16:09 . 2012-08-16 16:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-15 05:25 . 2012-08-15 05:26 -------- d-----w- C:\FRST
2012-08-09 12:34 . 2012-06-12 03:02 3147264 ----a-w- c:\windows\system32\win32k.sys
2012-08-08 20:27 . 2012-08-08 20:27 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2012-08-08 20:27 . 2012-08-08 20:27 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-08-08 20:26 . 2012-08-08 20:26 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-08-08 20:26 . 2012-08-08 20:26 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-07-29 03:24 . 2012-07-29 03:24 -------- d-----w- c:\users\Christopher\AppData\Roaming\Roxio
2012-07-29 03:21 . 2012-07-29 03:21 -------- d-----w- c:\programdata\NortonInstaller
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-29 16:26 . 2012-06-29 16:26 426184 ------w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-29 16:26 . 2012-01-12 13:13 70344 ------w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-02 22:19 . 2012-06-28 23:15 38424 ------w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-28 23:15 2428952 ------w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-28 23:15 57880 ------w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-28 23:15 44056 ------w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-28 23:15 701976 ------w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-28 23:15 2622464 ------w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-28 23:15 99840 ------w- c:\windows\system32\wudriver.dll
2012-06-02 20:19 . 2012-06-28 23:14 186752 ------w- c:\windows\system32\wuwebv.dll
2012-06-02 20:15 . 2012-06-28 23:14 36864 ------w- c:\windows\system32\wuapp.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2009-08-23 876832]
"Message Center Plus"="c:\program files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe" [2009-05-28 49976]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" [2009-08-05 244208]
"IdeaNotesUser"="c:\program files (x86)\DDNI\Lenovo Idea Notes\DDNIMSGUser.exe" [2009-06-10 221872]
"InstaLAN"="c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2011-02-25 1770400]
"Cisco AnyConnect Secure Mobility Agent for Windows"="c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" [2012-01-13 527312]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-08-05 362992]
R2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [2009-08-05 309744]
R2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [2009-08-05 166384]
R3 acsock;acsock;c:\windows\system32\DRIVERS\acsock64.sys [2012-01-13 106408]
R3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;c:\program files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [2011-01-08 87336]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-02-25 1431888]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-04 113120]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2009-08-23 75040]
R3 Remote Solver for Flow Simulation 2011;Remote Solver for Flow Simulation 2011;c:\program files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe [2010-12-01 110344]
R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-08-05 313840]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-08-05 1124848]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 SyDvCtrl;SyDvCtrl;c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin64\SyDvCtrl64.sys [2011-06-18 29664]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-05 1255736]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
S0 SymDS;Symantec Data Store;c:\windows\system32\Drivers\SEP\0C01029F\136B.105\x64\SYMDS64.SYS [2011-05-03 451192]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\Drivers\SEP\0C01029F\136B.105\x64\SYMEFA64.SYS [2011-05-18 928888]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys [2009-06-29 23592]
S1 BHDrvx64;BHDrvx64;c:\programdata\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\BASHDefs\20120803.011\BHDrvx64.sys [2012-08-03 1161376]
S1 IDSVia64;IDSVia64;c:\programdata\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\IPSDefs\20120814.003\IDSvia64.sys [2012-06-26 509088]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys [2008-05-12 15400]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\Drivers\SEP\0C01029F\136B.105\x64\Ironx64.SYS [2011-05-11 170104]
S1 SYMNETS;Symantec Network Security WFP Driver;c:\windows\system32\Drivers\SEP\0C01029F\136B.105\x64\SYMNETS.SYS [2011-04-21 386168]
S2 Belkin Local Backup Service;Belkin Local Backup Service;c:\program files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe [2010-02-18 181760]
S2 Belkin Network USB Helper;Belkin Network USB Helper;c:\program files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe [2010-02-09 55296]
S2 DDNIMSGService;DDNIMSGService;c:\program files (x86)\DDNI\Lenovo Idea Notes\DDNIMSGService.exe [2009-06-23 172720]
S2 DDNIService;DDNIService;c:\program files (x86)\DDNI\DIBS\DDNIService.exe [2009-08-14 156336]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2009-07-03 45424]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 SepMasterService;Symantec Endpoint Protection;c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe [2011-06-15 137224]
S2 sxuptp;SXUPTP Driver;c:\windows\system32\DRIVERS\sxuptp.sys [2009-06-22 291352]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2009-05-21 62320]
S2 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [2012-01-13 476112]
S3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys [2009-06-18 161024]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-07-29 52584]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-09 138912]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-05-25 138752]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2009-05-18 143320]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-05-13 5435904]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-05-22 215040]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-26 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\pcdr5cuiw32.exe [2009-08-25 23:12]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-10 7968800]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2009-03-13 68976]
"LENOVO.TPFNF6R"="c:\program files\Lenovo\HOTKEY\TPFNF6R.exe" [2009-08-20 62752]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-08-07 186904]
"TpShocks"="TpShocks.exe" [2009-07-09 380704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-08-19 387608]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-08-19 365592]
"AcWin7Hlpr"="c:\program files (x86)\Lenovo\Access Connections\AcWin7Hlpr.exe" [2009-09-09 274432]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"combofix"="c:\combofix\CF19192.3XE" [2009-07-14 344576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://yahoo.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Christopher\AppData\Roaming\Mozilla\Firefox\Profiles\s1tn3twm.default\
FF - prefs.js: browser.startup.homepage - www.google.com
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Notify-SEP - c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\WinLogoutNotifier.dll
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SepMasterService]
"ImagePath"="\"c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe\" /s \"Symantec Endpoint Protection\" /m \"c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\sms.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SmcService]
"ImagePath"="\"c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin64\Smc.exe\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Symantec\Symantec Endpoint Protection\CurrentVersion]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Symantec\Symantec Endpoint Protection\CurrentVersion]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\Lenovo\HOTKEY\tpnumlk.exe
c:\program files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files (x86)\Lenovo\Access Connections\AcSvc.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\progra~1\Lenovo\HOTKEY\tpnumlkd.exe
c:\program files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
c:\program files\Lenovo\HOTKEY\TPONSCR.exe
c:\program files\Lenovo\Zoom\TpScrex.exe
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
c:\program files (x86)\Belkin\Router Setup and Monitor\dlnaPlugin.exe
c:\program files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files (x86)\Lenovo\System Update\SUService.exe
c:\program files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\program files (x86)\Internet Explorer\IELowutil.exe
.
**************************************************************************
.
Completion time: 2012-08-16 11:49:30 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-16 16:49
.
Pre-Run: 69,351,284,736 bytes free
Post-Run: 68,886,196,224 bytes free
.
- - End Of File - - CFB0DEA07D4132524BB6CB4876A3A2EB




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users