Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Remnants of Live Security Platinum Virus


  • This topic is locked This topic is locked
16 replies to this topic

#1 Silly Decision

Silly Decision

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:10 AM

Posted 14 August 2012 - 08:09 PM

Greetings.... I was infected w/ Live Security Platinum. I ran Malwarebytes, SuperAntiSpyware, Trend Micro House Call, TDSSKiller & others. Most of them found Trojans, etc. & supposedly cleaned them. The Live Security Platinum Virus, of course, messed with my security programs & when i tried to re-install & update Microsoft Security Essentials, I got the following message:
"Windows has encountered a critical problem and will restart automatically in one minute." So i couldn't do anything because the computer kept restarting.

The only thing i could do was restore my computer to an earlier backup in Safe Mode. This stopped the auto-restart problem, but anytime i tried to use MSE, the problem would come back. So, i installed Ad-Aware in the meantime.
I found other discussions on the web that had the same problem. Here's an article i found that pretty much describes it:

http://answers.microsoft.com/en-us/protect/forum/mse-protect_scanning/infected-with-trojanwin64sirefefy-and-cannot/1ae29950-5788-45f9-a4fb-0e456821bd7e

As in the article, one of the scans i did found the 'Trojan:Win64/Sirefef.Y' & cleaned it.

So now the computer seems to be working ok, but still having problems with security software. I would like to use MSE, but i can't. I also tried to use the Secunia Online Software Inspector (OSI), but IE just crashes when i try to go to the site.
Also, when i hibernate the computer, it becomes almost useless when i wake it up, runbning so slow like all of the resources were being used.

Below, I will post the DDS.txt scan, as well as A HijackThis log. Also attached it the DDS attachment.
Any help will surely be most appreciated.
Thanks for your time,
Larry

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Lawrence Hacken at 15:50:05 on 2012-08-14
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8075.5475 [GMT -7:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
C:\Windows\system32\CxAudMsg64.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
C:\Program Files\Lenovo\ThinkPad USB Keyboard with TrackPoint\ltpSvc.exe
C:\Program Files\Lenovo\ThinkPad USB Keyboard with TrackPoint\ltpScroll.exe
C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Windows\SysWOW64\SAsrv.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Xerox Office Printing\PrintingScout\XCSDBN.EXE
C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
C:\Program Files\Xerox Office Printing\PrintingScout\XCPWDN.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\PROGRA~1\Lenovo\HOTKEY\tpnumlk.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
C:\Windows\system32\rundll32.exe
C:\PROGRA~1\Lenovo\Zoom\TPSCREX.EXE
C:\Windows\system32\Dwm.exe
C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE
C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\TpShocks.exe
C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Lenovo\ThinkPad USB Keyboard with TrackPoint\Skd8855.exe
C:\Program Files\Lenovo\ThinkPad USB Keyboard with TrackPoint\ltpPoint.exe
C:\Program Files\Xerox Office Printing\PrintingScout\XCPSPZ.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files\MozyHome\mozystat.exe
C:\Program Files (x86)\AutoHotkey\AutoHotkey.exe
C:\Program Files (x86)\AutoHotkey\AutoHotkey.exe
C:\Program Files (x86)\AutoHotkey\AutoHotkey.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\AutoHotkey\AutoHotkey.exe
C:\Program Files (x86)\AutoHotkey\AutoHotkey.exe
C:\Program Files (x86)\Lenovo\Access Connections\ACTray.exe
C:\Program Files (x86)\Felitec\Mindful\Mindful.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Technology Lighthouse\PTFB Pro\PTFBPro.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\igfxext.exe
C:\PROGRA~2\AD-AWA~1\AdAware.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe
C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SRORest.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\MozyHome\mozybackup.exe
C:\Program Files\MozyHome\mozybackup.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Lenovo\System Update\SUService.exe
C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\FSL\IconRestorer\IconRestorer.exe
C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\cvh.exe
R:\140066.enu\Office14\EXCELC.EXE
C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
R:\140066.enu\Office14\OffSpon.EXE
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Users\Lawrence Hacken\Desktop\HijackThis.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uDefault_Page_URL = hxxp://lenovo.msn.com
mWinlogon: Userinit=userinit.exe,
BHO: Unsub2Managed: {5a197cf0-63cf-4ce7-a773-5299b1e98d13} - C:\Program Files (x86)\Unsubscribe Inc\Unsubscribe.com\adxloader.dll
BHO: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
uRun: [TLH_PTFBPro] "C:\Program Files (x86)\Technology Lighthouse\PTFB Pro\PTFBStart.exe"
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [AdobeBridge]
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
mRun: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [ACTray] C:\Program Files (x86)\Lenovo\Access Connections\ACTray.exe
mRun: [Mindful] C:\Program Files (x86)\Felitec\Mindful\Mindful.exe
mRun: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
mRun: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
StartupFolder: C:\Users\LAWREN~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ABBREV~1.LNK - C:\Users\Lawrence Hacken\Documents\AutoHotKey SCRIPTS\Abbreviations.ahk
StartupFolder: C:\Users\LAWREN~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\AUTOHO~1.LNK - C:\Users\Lawrence Hacken\Documents\AutoHotKey SCRIPTS\AutoHotkey.ahk
StartupFolder: C:\Users\LAWREN~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\KEYHOO~1.LNK - C:\Users\Lawrence Hacken\Documents\AutoHotKey SCRIPTS\KeyHook.ahk
StartupFolder: C:\Users\LAWREN~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\RUNAHK~1.LNK - C:\Users\Lawrence Hacken\Documents\AutoHotKey SCRIPTS\Run.ahk
StartupFolder: C:\Users\LAWREN~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SIGMEA~1.LNK - C:\Users\Lawrence Hacken\Documents\AutoHotKey SCRIPTS\SigME.ahk
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MOZYHO~1.LNK - C:\Program Files (x86)\MozyHome\mozystat.exe
uPolicies-explorer: QuickLaunchEnabled = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: DisableCAD = 1 (0x1)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Fill Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Identities Editor - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComEditIdent.html
IE: Passcards Editor - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComEditPass.html
IE: Save Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: {45DB34C3-955C-11D3-ABEF-444553540000} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComEditIdent.html
IE: {45DB34C3-955C-11D3-ABEF-444553540001} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComEditPass.html
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~4\OFFICE11\REFIEBAR.DLL
Trusted Zone: all2ools.com\www
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77} - hxxp://support.lenovo.com/Resources/Lenovo/AutoDetect/acpirexe.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {A6616B31-4860-41E2-98E3-CA7649AF172F} - file:///E:/launch.ocx
DPF: {C4B977A3-E8A2-37E9-ADCD-2597FAAC61F5} - hxxp://shop.lenovo.com/SEUILibrary/lenovo-portal/cab/autodetect/MachineInfo.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{C53E0256-3F2D-475A-A887-5E0600DCF393} : DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{F1BC2164-465B-4F81-B158-081383A481D5} : DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{F1BC2164-465B-4F81-B158-081383A481D5}\0556163656D616B65627 : DhcpNameServer = 172.16.42.1
TCP: Interfaces\{F1BC2164-465B-4F81-B158-081383A481D5}\3596D6F6E6 : DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
LSA: Notification Packages = scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll ACGina
BHO-X64: Unsub2Managed: {5a197cf0-63cf-4ce7-a773-5299b1e98d13} - C:\Program Files (x86)\Unsubscribe Inc\Unsubscribe.com\adxloader.dll
BHO-X64: 0x1 - No File
BHO-X64: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
BHO-X64: Ad-Aware Security Toolbar - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
BHO-X64: RoboForm - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
TB-X64: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
mRun-x64: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun-x64: [ACTray] C:\Program Files (x86)\Lenovo\Access Connections\ACTray.exe
mRun-x64: [Mindful] C:\Program Files (x86)\Felitec\Mindful\Mindful.exe
mRun-x64: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
mRun-x64: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
IE-X64: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE-X64: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE-X64: {45DB34C3-955C-11D3-ABEF-444553540000} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComEditIdent.html
IE-X64: {45DB34C3-955C-11D3-ABEF-444553540001} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComEditPass.html
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
AppInit_DLLs-X64: C:\Windows\SysWOW64\nvinit.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Lawrence Hacken\AppData\Roaming\Mozilla\Firefox\Profiles\xvi7yg0g.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\nppl3260.dll
FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\nprpjplug.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll
.
============= SERVICES / DRIVERS ===============
.
R0 DzHDD64;DzHDD64;C:\Windows\system32\DRIVERS\DzHDD64.sys --> C:\Windows\system32\DRIVERS\DzHDD64.sys [?]
R0 nvpciflt;nvpciflt;C:\Windows\system32\DRIVERS\nvpciflt.sys --> C:\Windows\system32\DRIVERS\nvpciflt.sys [?]
R0 TPDIGIMN;TPDIGIMN;C:\Windows\system32\DRIVERS\ApsHM64.sys --> C:\Windows\system32\DRIVERS\ApsHM64.sys [?]
R1 lenovo.smi;Lenovo System Interface Driver;C:\Windows\system32\DRIVERS\smiifx64.sys --> C:\Windows\system32\DRIVERS\smiifx64.sys [?]
R1 PHCORE;PHCORE;C:\Program Files\Lenovo\RapidBoot\PHCORE64.sys [2011-7-8 32104]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 SBRE;SBRE;C:\Windows\System32\drivers\SBREDrv.sys [2011-10-26 101112]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 Ad-Aware Service;Ad-Aware Service;C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2012-7-12 1239952]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 CxAudMsg;Conexant Audio Message Service;C:\Windows\system32\CxAudMsg64.exe --> C:\Windows\system32\CxAudMsg64.exe [?]
R2 jhi_service;Intel® Identity Protection Technology Host Interface Service;C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2011-2-7 210896]
R2 LENOVO.CAMMUTE;Lenovo Camera Mute;C:\Program Files\Lenovo\Communications Utility\CamMute.exe [2011-8-13 41320]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute;C:\Program Files\Lenovo\HOTKEY\micmute.exe [2012-3-21 101736]
R2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe [2011-8-13 59240]
R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe [2012-3-21 133992]
R2 ltpSvc;TrackPoint Scroll Service;C:\Program Files\Lenovo\ThinkPad USB Keyboard with TrackPoint\ltpSvc.exe [2009-6-29 12800]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-4-21 2214504]
R2 risdxc;risdxc;C:\Windows\system32\DRIVERS\risdxc64.sys --> C:\Windows\system32\DRIVERS\risdxc64.sys [?]
R2 SAService;Conexant SmartAudio service;C:\Windows\System32\SASrv.exe [2011-4-21 446592]
R2 SBAMSvc;Ad-Aware;C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [2011-12-19 3289032]
R2 sbapifs;sbapifs;C:\Windows\system32\DRIVERS\sbapifs.sys --> C:\Windows\system32\DRIVERS\sbapifs.sys [?]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 smihlp2;SMI Helper Driver (smihlp2);C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [2011-5-30 13128]
R2 SROSVC;Screen Reading Optimizer Service Program;C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe [2011-8-4 443240]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-8-12 379496]
R2 TPHKLOAD;Lenovo Hotkey Client Loader;C:\Program Files\Lenovo\HOTKEY\tphkload.exe [2012-3-21 145256]
R2 TPHKSVC;On Screen Display;C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe [2012-3-21 142696]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-4-30 2656280]
R2 XCPSPWD;Xerox PrintingScout Status Watcher;C:\Program Files\Xerox Office Printing\PrintingScout\XCPWDN.EXE [2012-6-19 150016]
R2 XCPSSDB;Xerox PrintingScout Status Database;C:\Program Files\Xerox Office Printing\PrintingScout\XCSDBN.EXE [2012-6-19 338944]
R3 BTWAMPFL;BTWAMPFL;C:\Windows\system32\DRIVERS\btwampfl.sys --> C:\Windows\system32\DRIVERS\btwampfl.sys [?]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
R3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;C:\Windows\system32\DRIVERS\e1c62x64.sys --> C:\Windows\system32\DRIVERS\e1c62x64.sys [?]
R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\Windows\system32\DRIVERS\rtl8192Ce.sys --> C:\Windows\system32\DRIVERS\rtl8192Ce.sys [?]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 stdriver;Sound tap driver Upper Class Filter Driver v2.0.0.0;C:\Windows\System32\drivers\stdriver64.sys [2012-3-26 56408]
R3 TVTI2C;Lenovo SM bus driver;C:\Windows\system32\DRIVERS\Tvti2c.sys --> C:\Windows\system32\DRIVERS\Tvti2c.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-7-14 136176]
S2 HyperW7Svc;HyperW7 Service;C:\Program Files\Lenovo\RapidBoot\HyperW7Svc64.exe [2011-11-18 144448]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-5 250056]
S3 DozeSvc;Lenovo Doze Mode Service;C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2011-9-9 478056]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-1-13 1038088]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-7-14 136176]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys [2011-5-28 17152]
S3 ltpFilter;ThinkPad USB TrackPoint Lower Filter;C:\Windows\system32\DRIVERS\ltpFiltr.sys --> C:\Windows\system32\DRIVERS\ltpFiltr.sys [?]
S3 ltpwrFltr;ThinkPad USB TrackPoint Power Filter;C:\Windows\system32\DRIVERS\ltpwrflt.sys --> C:\Windows\system32\DRIVERS\ltpwrflt.sys [?]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
S3 PCDSRVC{127174DC-C366ED8B-06020200}_0;PCDSRVC{127174DC-C366ED8B-06020200}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\PC-Doctor\pcdsrvc_x64.pkms [2011-3-31 25584]
S3 pmxdrv;pmxdrv;\??\C:\Windows\system32\drivers\pmxdrv.sys --> C:\Windows\system32\drivers\pmxdrv.sys [?]
S3 Power Manager DBC Service;Power Manager DBC Service;C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe [2011-4-21 89152]
S3 PwmEWSvc;Cisco EnergyWise Enabler;C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.exe [2011-5-28 175168]
S3 sbhips;sbhips;C:\Windows\system32\drivers\sbhips.sys --> C:\Windows\system32\drivers\sbhips.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-08-07 09:18:54 -------- d-----w- C:\Users\Lawrence Hacken\AppData\Local\adaware
2012-08-07 09:18:46 60536 ----a-w- C:\Windows\System32\drivers\sbhips.sys
2012-08-07 09:18:46 45936 ----a-w- C:\Windows\System32\sbbd.exe
2012-08-07 09:18:45 -------- d-----w- C:\Program Files (x86)\Ad-Aware Antivirus
2012-08-07 09:17:37 -------- d-----w- C:\Users\Lawrence Hacken\AppData\Local\Downloaded Installations
2012-08-07 09:17:23 -------- d-----w- C:\Users\Lawrence Hacken\AppData\Local\adawarebp
2012-08-07 09:17:22 -------- d-----w- C:\ProgramData\Ad-Aware Browsing Protection
2012-08-07 09:17:22 -------- d-----w- C:\Program Files (x86)\Toolbar Cleaner
2012-08-07 09:17:19 -------- d-----w- C:\Program Files (x86)\adawaretb
2012-08-07 09:16:42 -------- d-----w- C:\Users\Lawrence Hacken\AppData\Roaming\Ad-Aware Antivirus
2012-08-07 09:09:14 256904 ----a-w- C:\Windows\SysWow64\drivers\tmcomm.sys
2012-08-07 03:48:29 328704 ----a-w- C:\Windows\System32\services.exe.E2EF23F3D57C434E
2012-08-07 03:11:46 -------- d-----w- C:\Users\Lawrence Hacken\AppData\Local\Macromedia
2012-08-07 02:27:00 -------- d-----w- C:\Program Files (x86)\ESET
2012-08-06 10:59:55 -------- d-----w- C:\FRST
2012-08-06 05:47:07 328704 ----a-w- C:\Windows\System32\services.exe.E94356A09842B1F4
2012-08-06 05:19:31 -------- d-----w- C:\Users\Lawrence Hacken\AppData\Local\Secunia PSI
2012-08-06 05:18:56 -------- d-----w- C:\Program Files (x86)\Secunia
2012-08-05 06:18:22 -------- d-----w- C:\ProgramData\SUPERSetup
2012-08-05 06:12:12 -------- d-sh--w- C:\Windows\System32\%APPDATA%
2012-08-05 06:08:56 -------- d-----w- C:\ProgramData\7531CCA978EB96C36414B142F875EF60
.
==================== Find3M ====================
.
2012-08-14 22:25:12 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-14 22:25:12 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-03 20:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-06-12 03:08:36 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-06-02 22:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
.
============= FINISH: 15:50:51.79 ===============

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:31:15 PM, on 8/14/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal

Running processes:
C:\PROGRA~1\Lenovo\Zoom\TPSCREX.EXE
C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE
C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files (x86)\AutoHotkey\AutoHotkey.exe
C:\Program Files (x86)\AutoHotkey\AutoHotkey.exe
C:\Program Files (x86)\AutoHotkey\AutoHotkey.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\AutoHotkey\AutoHotkey.exe
C:\Program Files (x86)\AutoHotkey\AutoHotkey.exe
C:\Program Files (x86)\Lenovo\Access Connections\ACTray.exe
C:\Program Files (x86)\Felitec\Mindful\Mindful.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
C:\Program Files (x86)\Technology Lighthouse\PTFB Pro\PTFBPro.exe
C:\PROGRA~2\AD-AWA~1\AdAware.exe
C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe
C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe
C:\Program Files (x86)\FSL\IconRestorer\IconRestorer.exe
C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\cvh.exe
R:\140066.enu\Office14\EXCELC.EXE
C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
R:\140066.enu\Office14\OffSpon.EXE
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Users\Lawrence Hacken\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Unsub2Managed - {5a197cf0-63cf-4ce7-a773-5299b1e98d13} - C:\Program Files (x86)\Unsubscribe Inc\Unsubscribe.com\adxloader.dll
O2 - BHO: Ad-Aware Security Toolbar - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Ad-Aware Security Toolbar - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
O4 - HKLM\..\Run: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [ACTray] C:\Program Files (x86)\Lenovo\Access Connections\ACTray.exe
O4 - HKLM\..\Run: [Mindful] C:\Program Files (x86)\Felitec\Mindful\Mindful.exe
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
O4 - HKLM\..\Run: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
O4 - HKCU\..\Run: [TLH_PTFBPro] "C:\Program Files (x86)\Technology Lighthouse\PTFB Pro\PTFBStart.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-3842861757-3716948847-2586722750-1000\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-3842861757-3716948847-2586722750-1000\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - Startup: Abbreviations.ahk - Shortcut.lnk = Lawrence Hacken\Documents\AutoHotKey SCRIPTS\Abbreviations.ahk
O4 - Startup: AutoHotkey.ahk - Shortcut.lnk = Lawrence Hacken\Documents\AutoHotKey SCRIPTS\AutoHotkey.ahk
O4 - Startup: KeyHook.ahk - Shortcut.lnk = Lawrence Hacken\Documents\AutoHotKey SCRIPTS\KeyHook.ahk
O4 - Startup: Run.ahk - Shortcut.lnk = Lawrence Hacken\Documents\AutoHotKey SCRIPTS\Run.ahk
O4 - Startup: SigME.ahk - Shortcut.lnk = Lawrence Hacken\Documents\AutoHotKey SCRIPTS\SigME.ahk
O4 - Global Startup: MozyHome Status.lnk = C:\Program Files\MozyHome\mozystat.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Identities Editor - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComEditIdent.html
O8 - Extra context menu item: Passcards Editor - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComEditPass.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Identities - {45DB34C3-955C-11D3-ABEF-444553540000} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComEditIdent.html
O9 - Extra 'Tools' menuitem: Identities Editor - {45DB34C3-955C-11D3-ABEF-444553540000} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComEditIdent.html
O9 - Extra button: Passcards - {45DB34C3-955C-11D3-ABEF-444553540001} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComEditPass.html
O9 - Extra 'Tools' menuitem: Passcards Editor - {45DB34C3-955C-11D3-ABEF-444553540001} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComEditPass.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77} (IASRunner Class) - http://support.lenovo.com/Resources/Lenovo/AutoDetect/acpirexe.cab
O16 - DPF: {A6616B31-4860-41E2-98E3-CA7649AF172F} (Launch Control) - file:///E:/launch.ocx
O16 - DPF: {C4B977A3-E8A2-37E9-ADCD-2597FAAC61F5} (MachineInfoActiveX.MachineInfoActiveX) - http://shop.lenovo.com/SEUILibrary/lenovo-portal/cab/autodetect/MachineInfo.cab
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: AcPrfMgrSvc - Lenovo - C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
O23 - Service: AcSvc - Lenovo - C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
O23 - Service: Ad-Aware Service - Lavasoft Limited - C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
O23 - Service: @C:\Windows\system32\CxAudMsg64.exe,-100 (CxAudMsg) - Unknown owner - C:\Windows\system32\CxAudMsg64.exe (file missing)
O23 - Service: Lenovo Doze Mode Service (DozeSvc) - Lenovo. - C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HyperW7 Service (HyperW7Svc) - Lenovo Group Limited - C:\Program Files\Lenovo\RapidBoot\HyperW7Svc64.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\Windows\system32\ibmpmsvc.exe (file missing)
O23 - Service: Intel® Identity Protection Technology Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Lenovo Camera Mute (LENOVO.CAMMUTE) - Lenovo Group Limited - C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
O23 - Service: Lenovo Microphone Mute (LENOVO.MICMUTE) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
O23 - Service: Lenovo Keyboard Noise Reduction (LENOVO.TPKNRSVC) - Lenovo Group Limited - C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
O23 - Service: Lenovo Auto Scroll (Lenovo.VIRTSCRLSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: TrackPoint Scroll Service (ltpSvc) - Unknown owner - C:\Program Files\Lenovo\ThinkPad USB Keyboard with TrackPoint\ltpSvc.exe
O23 - Service: MozyHome Backup Service (mozybackup) - Mozy, Inc. - C:\Program Files\MozyHome\mozybackup.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: Power Manager DBC Service - Lenovo - C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Cisco EnergyWise Enabler (PwmEWSvc) - Lenovo Group Limited - C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Conexant SmartAudio service (SAService) - Conexant Systems, Inc. - C:\Windows\system32\SAsrv.exe
O23 - Service: Ad-Aware (SBAMSvc) - GFI Software - C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Screen Reading Optimizer Service Program (SROSVC) - Lenovo Group Limited - C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - C:\Program Files (x86)\Lenovo\System Update\SUService.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Unknown owner - C:\Windows\System32\TPHDEXLG64.exe (file missing)
O23 - Service: Lenovo Hotkey Client Loader (TPHKLOAD) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
O23 - Service: On Screen Display (TPHKSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Xerox PrintingScout Status Watcher (XCPSPWD) - Xerox Co., Ltd. - C:\Program Files\Xerox Office Printing\PrintingScout\XCPWDN.EXE
O23 - Service: Xerox PrintingScout Status Database (XCPSSDB) - Xerox Co., Ltd. - C:\Program Files\Xerox Office Printing\PrintingScout\XCSDBN.EXE

--
End of file - 19391 bytes

Attached Files


Edited by Orange Blossom, 15 August 2012 - 09:10 AM.
Revealed link. ~ OB


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:10 AM

Posted 18 August 2012 - 12:53 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Silly Decision

Silly Decision
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:10 AM

Posted 19 August 2012 - 03:06 AM

Hi Gringo... Thanks so much for helping me!
Below are the results of the Security Check.
After I post this, I'll run combofix etc & put it in another post.
thanks again, Larry

Results of screen317's Security Check version 0.99.46
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Lavasoft Ad-Watch Live! Anti-Virus
Microsoft Security Essentials
(On Access scanning disabled!)
Error obtaining update status for antivirus!
`````````Anti-malware/Other Utilities Check:`````````
Ad-Aware
Malwarebytes Anti-Malware version 1.62.0.1300
Java™ 6 Update 31
Java version out of Date!
Mozilla Firefox 11.0 Firefox out of Date!
Mozilla Thunderbird (14.0.)
Google Chrome 21.0.1180.77
Google Chrome 21.0.1180.79
Google Chrome plugins...
````````Process Check: objlist.exe by Laurent````````
Ad-Aware AAWService.exe is disabled!
Ad-Aware AAWTray.exe is disabled!
Ad-Aware Antivirus AdAwareService.exe
Ad-Aware Antivirus SBAMSvc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:10 AM

Posted 19 August 2012 - 03:35 AM

Ok I will look out for the other post



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Silly Decision

Silly Decision
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:10 AM

Posted 19 August 2012 - 04:59 AM

Ok.. Below is the combofix log.
All went smoothly, but I did get the error message about the illegal operation etc, so I restarted& all is fine so far.
Up until the time I ran those scans, the computer was running fine, except after hibernation (as I mentioned above),
AND Thunderbird has not been responding when I 1st start it up & it takes a couple minutes before it would start responding.
thanks again, Larry

ComboFix 12-08-18.03 - Lawrence Hacken 08/19/2012 1:13.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8075.5971 [GMT -7:00]
Running from: c:\users\Lawrence Hacken\Desktop\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
C:\root
c:\root\wpfdot.exe
c:\users\Lawrence Hacken\AppData\Roaming\JomCap.dll
c:\windows\SysWow64\SET8D96.tmp
c:\windows\SysWow64\SET8DE6.tmp
c:\windows\SysWow64\SET90B7.tmp
c:\windows\SysWow64\SETD849.tmp
c:\windows\SysWow64\SETEB26.tmp
c:\windows\SysWow64\SETF20C.tmp
c:\windows\SysWow64\SETF48E.tmp
Q:\AUTORUN.INF
.
.
((((((((((((((((((((((((( Files Created from 2012-07-19 to 2012-08-19 )))))))))))))))))))))))))))))))
.
.
2012-08-19 08:32 . 2012-08-19 08:32 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-08-19 08:32 . 2012-08-19 08:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-14 23:30 . 2012-08-14 23:30 -------- d-----w- c:\program files (x86)\ieSpell
2012-08-07 09:18 . 2012-08-07 11:17 -------- d-----w- c:\users\Lawrence Hacken\AppData\Local\adaware
2012-08-07 09:18 . 2011-12-19 20:21 45936 ----a-w- c:\windows\system32\sbbd.exe
2012-08-07 09:18 . 2011-12-19 19:44 60536 ----a-w- c:\windows\system32\drivers\sbhips.sys
2012-08-07 09:18 . 2012-08-07 09:23 -------- d-----w- c:\program files (x86)\Ad-Aware Antivirus
2012-08-07 09:17 . 2012-08-07 09:17 -------- d-----w- c:\users\Lawrence Hacken\AppData\Local\Downloaded Installations
2012-08-07 09:17 . 2012-08-19 06:03 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection
2012-08-07 09:17 . 2012-08-07 09:17 -------- d-----w- c:\program files (x86)\Toolbar Cleaner
2012-08-07 09:17 . 2012-08-07 09:17 -------- d-----w- c:\program files (x86)\adawaretb
2012-08-07 09:16 . 2012-08-07 11:18 -------- d-----w- c:\users\Lawrence Hacken\AppData\Roaming\Ad-Aware Antivirus
2012-08-07 09:09 . 2012-06-05 07:37 256904 ----a-w- c:\windows\SysWow64\drivers\tmcomm.sys
2012-08-07 03:48 . 2012-08-07 03:48 328704 ----a-w- c:\windows\system32\services.exe.E2EF23F3D57C434E
2012-08-07 03:11 . 2012-08-07 03:11 -------- d-----w- c:\users\Lawrence Hacken\AppData\Local\Macromedia
2012-08-07 02:27 . 2012-08-07 02:27 -------- d-----w- c:\program files (x86)\ESET
2012-08-06 10:59 . 2012-08-06 11:00 -------- d-----w- C:\FRST
2012-08-06 05:47 . 2012-08-06 05:47 328704 ----a-w- c:\windows\system32\services.exe.E94356A09842B1F4
2012-08-06 05:19 . 2012-08-06 05:19 -------- d-----w- c:\users\Lawrence Hacken\AppData\Local\Secunia PSI
2012-08-06 05:18 . 2012-08-07 04:56 -------- d-----w- c:\program files (x86)\Secunia
2012-08-05 06:18 . 2012-08-05 06:27 -------- d-----w- c:\programdata\SUPERSetup
2012-08-05 06:12 . 2012-08-07 04:57 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-08-05 06:08 . 2012-08-05 06:10 -------- d-----w- c:\programdata\7531CCA978EB96C36414B142F875EF60
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-14 23:25 . 2012-04-06 06:48 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-14 23:25 . 2011-05-30 03:56 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-13 10:02 . 2011-04-29 11:22 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-07-03 20:46 . 2011-05-28 07:16 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-12 03:08 . 2012-07-13 10:05 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-06-09 05:43 . 2012-07-13 07:11 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-06-06 06:06 . 2012-07-13 07:11 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 06:06 . 2012-07-13 07:11 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 06:02 . 2012-07-13 07:11 1133568 ----a-w- c:\windows\system32\cdosys.dll
2012-06-06 05:05 . 2012-07-13 07:11 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-06-06 05:05 . 2012-07-13 07:11 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-06-06 05:03 . 2012-07-13 07:11 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
2012-06-02 22:19 . 2012-06-27 03:24 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-27 03:24 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-27 03:24 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-27 03:24 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-27 03:24 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 22:19 . 2012-06-27 03:24 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-27 03:24 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-27 03:24 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 22:15 . 2012-06-27 03:24 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 12:49 . 2012-07-13 10:01 17807360 ----a-w- c:\windows\system32\mshtml.dll
2012-06-02 12:17 . 2012-07-13 10:01 10924032 ----a-w- c:\windows\system32\ieframe.dll
2012-06-02 12:12 . 2012-07-13 10:01 2311680 ----a-w- c:\windows\system32\jscript9.dll
2012-06-02 12:05 . 2012-07-13 10:01 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-06-02 12:05 . 2012-07-13 10:01 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-06-02 12:04 . 2012-07-13 10:01 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-02 12:04 . 2012-07-13 10:01 237056 ----a-w- c:\windows\system32\url.dll
2012-06-02 12:03 . 2012-07-13 10:01 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-06-02 12:01 . 2012-07-13 10:01 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-02 12:00 . 2012-07-13 10:01 818688 ----a-w- c:\windows\system32\jscript.dll
2012-06-02 11:59 . 2012-07-13 10:01 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-06-02 11:57 . 2012-07-13 10:01 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-06-02 11:57 . 2012-07-13 10:01 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-02 11:54 . 2012-07-13 10:01 248320 ----a-w- c:\windows\system32\ieui.dll
2012-06-02 08:33 . 2012-07-13 10:01 1800192 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-06-02 08:25 . 2012-07-13 10:01 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-06-02 08:25 . 2012-07-13 10:01 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-06-02 08:20 . 2012-07-13 10:01 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-06-02 08:16 . 2012-07-13 10:01 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-06-02 05:50 . 2012-07-13 07:12 458704 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 05:48 . 2012-07-13 07:12 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 05:48 . 2012-07-13 07:12 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 05:45 . 2012-07-13 07:12 340992 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 05:44 . 2012-07-13 07:12 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-06-02 04:40 . 2012-07-13 07:11 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-06-02 04:40 . 2012-07-13 07:12 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-06-02 04:39 . 2012-07-13 07:12 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-06-02 04:34 . 2012-07-13 07:11 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{5a197cf0-63cf-4ce7-a773-5299b1e98d13}]
2011-08-08 22:43 479232 ------w- c:\program files (x86)\Unsubscribe Inc\Unsubscribe.com\adxloader.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
2012-04-11 20:08 87440 ----a-w- c:\program files (x86)\adawaretb\adawareDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\program files (x86)\adawaretb\adawareDx.dll" [2012-04-11 87440]
.
[HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TLH_PTFBPro"="c:\program files (x86)\Technology Lighthouse\PTFB Pro\PTFBStart.exe" [2006-10-17 49696]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-09-12 39408]
"RoboForm"="c:\program files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2012-02-03 160328]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Ad-Aware Antivirus"="c:\program files (x86)\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X]
"PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2012-01-23 1631808]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"ACTray"="c:\program files (x86)\Lenovo\Access Connections\ACTray.exe" [2011-10-20 433216]
"Mindful"="c:\program files (x86)\Felitec\Mindful\Mindful.exe" [2007-03-15 413696]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2011-10-21 198032]
.
c:\users\Lawrence Hacken\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Abbreviations.ahk - Shortcut.lnk - c:\users\Lawrence Hacken\Documents\AutoHotKey SCRIPTS\Abbreviations.ahk [2011-5-6 1784]
AutoHotkey.ahk - Shortcut.lnk - c:\users\Lawrence Hacken\Documents\AutoHotKey SCRIPTS\AutoHotkey.ahk [2011-5-6 1353]
KeyHook.ahk - Shortcut.lnk - c:\users\Lawrence Hacken\Documents\AutoHotKey SCRIPTS\KeyHook.ahk [2011-5-6 545]
Run.ahk - Shortcut.lnk - c:\users\Lawrence Hacken\Documents\AutoHotKey SCRIPTS\Run.ahk [2011-5-6 1151]
SigME.ahk - Shortcut.lnk - c:\users\Lawrence Hacken\Documents\AutoHotKey SCRIPTS\SigME.ahk [2011-5-6 613]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
MozyHome Status.lnk - c:\program files\MozyHome\mozystat.exe [2012-7-12 6271888]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"QuickLaunchEnabled"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
@="Ad-Aware Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-14 136176]
R2 HyperW7Svc;HyperW7 Service;c:\program files\Lenovo\RapidBoot\HyperW7Svc64.exe [2011-11-18 144448]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-14 250056]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2011-05-18 47616]
R3 DozeSvc;Lenovo Doze Mode Service;c:\program files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2012-01-23 478056]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-01-14 1038088]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-14 136176]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [2011-05-29 17152]
R3 ltpwrFltr;ThinkPad USB TrackPoint Power Filter;c:\windows\system32\DRIVERS\ltpwrflt.sys [2009-05-11 8192]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2011-05-10 174184]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 pmxdrv;pmxdrv;c:\windows\system32\drivers\pmxdrv.sys [2011-04-22 31152]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2012-01-23 89152]
R3 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE [2012-01-23 175168]
R3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [2011-12-19 60536]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-04-29 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 DzHDD64;DzHDD64;c:\windows\System32\DRIVERS\DzHDD64.sys [2012-01-23 31344]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2011-08-13 27240]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys [2011-03-30 23664]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys [2010-09-07 15472]
S1 PHCORE;PHCORE;c:\program files\Lenovo\RapidBoot\PHCORE64.SYS [2011-07-09 32104]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2011-10-26 57976]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 Ad-Aware Service;Ad-Aware Service;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2012-07-13 1239952]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg64.exe [2010-12-17 198784]
S2 jhi_service;Intel® Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2011-02-07 210896]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [2011-05-31 41320]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2011-07-12 101736]
S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [2011-05-31 59240]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2011-07-12 133992]
S2 ltpSvc;TrackPoint Scroll Service;c:\program files\Lenovo\ThinkPad USB Keyboard with TrackPoint\ltpSvc.exe [2009-06-30 12800]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-13 2214504]
S2 risdxc;risdxc;c:\windows\system32\DRIVERS\risdxc64.sys [2011-05-26 101888]
S2 SAService;Conexant SmartAudio service;c:\windows\system32\SAsrv.exe [x]
S2 SBAMSvc;Ad-Aware;c:\program files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [2011-12-19 3289032]
S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [2011-11-29 74872]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 smihlp2;SMI Helper Driver (smihlp2);c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [2011-05-31 13128]
S2 SROSVC;Screen Reading Optimizer Service Program;c:\program files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe [2011-03-02 443240]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-08-12 379496]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [2011-07-12 145256]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2011-07-12 142696]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-01-17 2656280]
S2 XCPSPWD;Xerox PrintingScout Status Watcher;c:\program files\Xerox Office Printing\PrintingScout\XCPWDN.EXE [2010-07-09 150016]
S2 XCPSSDB;Xerox PrintingScout Status Database;c:\program files\Xerox Office Printing\PrintingScout\XCSDBN.EXE [2010-07-09 338944]
S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [2010-12-19 425000]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-12-19 39464]
S3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [2011-08-04 341680]
S3 ltpFilter;ThinkPad USB TrackPoint Lower Filter;c:\windows\system32\DRIVERS\ltpFiltr.sys [2009-06-15 8192]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [2011-08-25 1161832]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 stdriver;Sound tap driver Upper Class Filter Driver v2.0.0.0;c:\windows\system32\DRIVERS\stdriver64.sys [2012-03-26 56408]
S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys [2009-09-24 41536]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 23:25]
.
2012-08-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-14 09:17]
.
2012-08-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-14 09:17]
.
2012-08-16 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 15:06]
.
2012-08-19 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 15:06]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5a197cf0-63cf-4ce7-a773-5299b1e98d13}]
2011-06-04 00:27 677376 ------w- c:\program files (x86)\Unsubscribe Inc\Unsubscribe.com\adxloader64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2]
@="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}"
[HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}]
2012-07-12 19:37 6301584 ----a-w- c:\program files\MozyHome\mozyshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3]
@="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}"
[HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}]
2012-07-12 19:37 6301584 ----a-w- c:\program files\MozyHome\mozyshell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TpShocks"="TpShocks.exe" [2011-03-29 380776]
"ForteConfig"="c:\program files\Conexant\ForteConfig\fmapp.exe" [2010-10-26 49056]
"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2011-05-31 40808]
"AcWin7Hlpr"="c:\program files (x86)\Lenovo\Access Connections\AcTBenabler.exe" [2011-10-20 33344]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-04-13 1860496]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-10-14 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-10 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-10 418840]
"PSQLLauncher"="c:\program files\ThinkVantage Fingerprint Software\launcher.exe" [2011-07-14 85832]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-12-15 316032]
"Skd8855"="c:\program files\Lenovo\ThinkPad USB Keyboard with TrackPoint\Skd8855.exe" [2010-04-07 382464]
"ltpPoint"="c:\program files\Lenovo\ThinkPad USB Keyboard with TrackPoint\ltpPoint.exe" [2009-10-26 1001472]
"XCPSPSP"="c:\program files\Xerox Office Printing\PrintingScout\XCPSPZ.EXE" [2010-09-14 1133568]
"combofix"="c:\combofix\CF22819.3XE" [2010-11-20 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: &ieSpell Options - c:\program files (x86)\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files (x86)\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Identities Editor - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComEditIdent.html
IE: Lookup on Merriam Webster - file://c:\program files (x86)\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files (x86)\ieSpell\wikipedia.HTM
IE: Passcards Editor - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComEditPass.html
IE: Save Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
Trusted Zone: all2ools.com\www
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77} - hxxp://support.lenovo.com/Resources/Lenovo/AutoDetect/acpirexe.cab
DPF: {A6616B31-4860-41E2-98E3-CA7649AF172F} - file:///E:/launch.ocx
DPF: {C4B977A3-E8A2-37E9-ADCD-2597FAAC61F5} - hxxp://shop.lenovo.com/SEUILibrary/lenovo-portal/cab/autodetect/MachineInfo.cab
FF - ProfilePath - c:\users\Lawrence Hacken\AppData\Roaming\Mozilla\Firefox\Profiles\xvi7yg0g.default\
FF - prefs.js: browser.startup.homepage - about:blank
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\windows\SysWOW64\SAsrv.exe
c:\program files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files (x86)\Lenovo\Access Connections\AcSvc.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Lenovo\System Update\SUService.exe
c:\program files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\progra~1\Lenovo\Zoom\TPSCREX.EXE
c:\progra~1\Lenovo\HOTKEY\TPONSCR.EXE
c:\program files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe
.
**************************************************************************
.
Completion time: 2012-08-19 02:28:11 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-19 09:28
.
Pre-Run: 205,996,892,160 bytes free
Post-Run: 206,396,538,880 bytes free
.
- - End Of File - - 792746990A9375E39F6950CDA860DF1C

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:10 AM

Posted 19 August 2012 - 05:50 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Silly Decision

Silly Decision
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:10 AM

Posted 20 August 2012 - 01:10 AM

Hi Gringo... TDSSKiller didn't find anything, probably because I ran it when was trying to fix it myself. Below I have pasted the first report, then today's report. Below TDSSKILLER reports is the aswMBR report
thanks!
01:23:16.0577 6388 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
01:23:16.0959 6388 ============================================================
01:23:16.0959 6388 Current date / time: 2012/08/09 01:23:16.0959
01:23:16.0959 6388 SystemInfo:
01:23:16.0959 6388
01:23:16.0959 6388 OS Version: 6.1.7601 ServicePack: 1.0
01:23:16.0959 6388 Product type: Workstation
01:23:16.0959 6388 ComputerName: HEAVYWEIGHTPAD
01:23:16.0959 6388 UserName: Lawrence Hacken
01:23:16.0959 6388 Windows directory: C:\Windows
01:23:16.0959 6388 System windows directory: C:\Windows
01:23:16.0959 6388 Running under WOW64
01:23:16.0959 6388 Processor architecture: Intel x64
01:23:16.0959 6388 Number of processors: 4
01:23:16.0959 6388 Page size: 0x1000
01:23:16.0959 6388 Boot type: Normal boot
01:23:16.0959 6388 ============================================================
01:23:17.0464 6388 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
01:23:17.0468 6388 ============================================================
01:23:17.0468 6388 \Device\Harddisk0\DR0:
01:23:17.0468 6388 MBR partitions:
01:23:17.0468 6388 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x258000
01:23:17.0468 6388 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x258800, BlocksNum 0x23A657F8
01:23:17.0468 6388 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x23CBE000, BlocksNum 0x1770000
01:23:17.0468 6388 ============================================================
01:23:17.0498 6388 C: <-> \Device\Harddisk0\DR0\Partition1
01:23:17.0549 6388 Q: <-> \Device\Harddisk0\DR0\Partition2
01:23:17.0549 6388 ============================================================
01:23:17.0549 6388 Initialize success
01:23:17.0549 6388 ============================================================
01:23:18.0713 9428 ============================================================
01:23:18.0713 9428 Scan started
01:23:18.0713 9428 Mode: Manual;
01:23:18.0713 9428 ============================================================
01:23:21.0296 9428 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
01:23:21.0651 9428 !SASCORE - ok
01:23:21.0842 9428 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
01:23:21.0844 9428 1394ohci - ok
01:23:21.0906 9428 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
01:23:21.0909 9428 ACPI - ok
01:23:21.0937 9428 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
01:23:21.0939 9428 AcpiPmi - ok
01:23:22.0081 9428 AcPrfMgrSvc (1933db4808793f3bd7ab34a39a809425) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
01:23:22.0083 9428 AcPrfMgrSvc - ok
01:23:22.0142 9428 AcSvc (e7af543334b21d84124709061a9ae4d7) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
01:23:22.0318 9428 AcSvc - ok
01:23:22.0460 9428 Ad-Aware Service (af9658974154c3b6a333d86dc2e0aac8) C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
01:23:22.0492 9428 Ad-Aware Service - ok
01:23:22.0678 9428 adfs (2f0683fd2df1d92e891caca14b45a8c1) C:\Windows\system32\drivers\adfs.sys
01:23:22.0680 9428 adfs - ok
01:23:22.0821 9428 AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
01:23:22.0823 9428 AdobeFlashPlayerUpdateSvc - ok
01:23:22.0893 9428 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
01:23:22.0901 9428 adp94xx - ok
01:23:22.0952 9428 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
01:23:22.0957 9428 adpahci - ok
01:23:22.0973 9428 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
01:23:22.0978 9428 adpu320 - ok
01:23:22.0995 9428 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
01:23:22.0996 9428 AeLookupSvc - ok
01:23:23.0063 9428 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
01:23:23.0072 9428 AFD - ok
01:23:23.0120 9428 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
01:23:23.0123 9428 agp440 - ok
01:23:23.0135 9428 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
01:23:23.0138 9428 ALG - ok
01:23:23.0176 9428 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
01:23:23.0178 9428 aliide - ok
01:23:23.0189 9428 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
01:23:23.0190 9428 amdide - ok
01:23:23.0211 9428 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
01:23:23.0213 9428 AmdK8 - ok
01:23:23.0226 9428 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
01:23:23.0228 9428 AmdPPM - ok
01:23:23.0266 9428 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
01:23:23.0269 9428 amdsata - ok
01:23:23.0286 9428 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
01:23:23.0292 9428 amdsbs - ok
01:23:23.0304 9428 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
01:23:23.0306 9428 amdxata - ok
01:23:23.0357 9428 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
01:23:23.0360 9428 AppID - ok
01:23:23.0372 9428 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
01:23:23.0374 9428 AppIDSvc - ok
01:23:23.0432 9428 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
01:23:23.0434 9428 Appinfo - ok
01:23:23.0481 9428 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
01:23:23.0484 9428 AppMgmt - ok
01:23:23.0512 9428 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
01:23:23.0514 9428 arc - ok
01:23:23.0526 9428 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
01:23:23.0528 9428 arcsas - ok
01:23:23.0570 9428 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
01:23:23.0572 9428 AsyncMac - ok
01:23:23.0625 9428 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
01:23:23.0626 9428 atapi - ok
01:23:23.0677 9428 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
01:23:23.0681 9428 AudioEndpointBuilder - ok
01:23:23.0686 9428 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
01:23:23.0689 9428 AudioSrv - ok
01:23:23.0754 9428 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
01:23:23.0757 9428 AxInstSV - ok
01:23:23.0806 9428 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
01:23:23.0815 9428 b06bdrv - ok
01:23:23.0873 9428 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
01:23:23.0880 9428 b57nd60a - ok
01:23:23.0937 9428 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
01:23:23.0940 9428 BDESVC - ok
01:23:23.0977 9428 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
01:23:23.0979 9428 Beep - ok
01:23:24.0020 9428 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
01:23:24.0022 9428 blbdrive - ok
01:23:24.0046 9428 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
01:23:24.0048 9428 bowser - ok
01:23:24.0057 9428 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
01:23:24.0059 9428 BrFiltLo - ok
01:23:24.0068 9428 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
01:23:24.0069 9428 BrFiltUp - ok
01:23:24.0120 9428 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
01:23:24.0122 9428 Browser - ok
01:23:24.0145 9428 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
01:23:24.0149 9428 Brserid - ok
01:23:24.0164 9428 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
01:23:24.0166 9428 BrSerWdm - ok
01:23:24.0186 9428 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
01:23:24.0188 9428 BrUsbMdm - ok
01:23:24.0192 9428 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
01:23:24.0193 9428 BrUsbSer - ok
01:23:24.0253 9428 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
01:23:24.0255 9428 BthEnum - ok
01:23:24.0281 9428 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
01:23:24.0284 9428 BTHMODEM - ok
01:23:24.0318 9428 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
01:23:24.0320 9428 BthPan - ok
01:23:24.0362 9428 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
01:23:24.0373 9428 BTHPORT - ok
01:23:24.0422 9428 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
01:23:24.0425 9428 bthserv - ok
01:23:24.0436 9428 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
01:23:24.0438 9428 BTHUSB - ok
01:23:24.0496 9428 BTWAMPFL (8834f87a6a745872894df8223201a6c3) C:\Windows\system32\DRIVERS\btwampfl.sys
01:23:24.0507 9428 BTWAMPFL - ok
01:23:24.0520 9428 btwaudio (9863d82ecbec6106d377ed73680d99d8) C:\Windows\system32\drivers\btwaudio.sys
01:23:24.0526 9428 btwaudio - ok
01:23:24.0542 9428 btwavdt (3432dd66ae75ab2de6d0527ad78dbfc7) C:\Windows\system32\DRIVERS\btwavdt.sys
01:23:24.0548 9428 btwavdt - ok
01:23:24.0644 9428 btwdins (eb4afe08fb39bb444f221d7d501e0915) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
01:23:24.0663 9428 btwdins - ok
01:23:24.0672 9428 btwl2cap (382dc5a631ced0462ea09b7eb898bdbf) C:\Windows\system32\DRIVERS\btwl2cap.sys
01:23:24.0676 9428 btwl2cap - ok
01:23:24.0684 9428 btwrchid (13a9c2cedd44c175e6ca39a536795ca6) C:\Windows\system32\DRIVERS\btwrchid.sys
01:23:24.0687 9428 btwrchid - ok
01:23:24.0735 9428 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
01:23:24.0737 9428 cdfs - ok
01:23:24.0796 9428 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
01:23:24.0801 9428 cdrom - ok
01:23:24.0856 9428 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
01:23:24.0858 9428 CertPropSvc - ok
01:23:24.0868 9428 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
01:23:24.0870 9428 circlass - ok
01:23:24.0905 9428 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
01:23:24.0908 9428 CLFS - ok
01:23:24.0963 9428 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
01:23:24.0966 9428 clr_optimization_v2.0.50727_32 - ok
01:23:24.0999 9428 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
01:23:25.0002 9428 clr_optimization_v2.0.50727_64 - ok
01:23:25.0086 9428 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
01:23:25.0088 9428 clr_optimization_v4.0.30319_32 - ok
01:23:25.0118 9428 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
01:23:25.0120 9428 clr_optimization_v4.0.30319_64 - ok
01:23:25.0165 9428 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
01:23:25.0166 9428 CmBatt - ok
01:23:25.0193 9428 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
01:23:25.0195 9428 cmdide - ok
01:23:25.0248 9428 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
01:23:25.0251 9428 CNG - ok
01:23:25.0360 9428 CnxtHdAudService (8de541b4cfa281a204baa3ea2109809e) C:\Windows\system32\drivers\CHDRT64.sys
01:23:25.0387 9428 CnxtHdAudService - ok
01:23:25.0508 9428 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
01:23:25.0510 9428 Compbatt - ok
01:23:25.0557 9428 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
01:23:25.0559 9428 CompositeBus - ok
01:23:25.0580 9428 COMSysApp - ok
01:23:25.0600 9428 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
01:23:25.0602 9428 crcdisk - ok
01:23:25.0655 9428 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
01:23:25.0657 9428 CryptSvc - ok
01:23:25.0705 9428 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
01:23:25.0714 9428 CSC - ok
01:23:25.0749 9428 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
01:23:25.0753 9428 CscService - ok
01:23:25.0870 9428 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
01:23:25.0877 9428 cvhsvc - ok
01:23:25.0981 9428 CxAudMsg (9d0d050170d47e778b624a28c90f23de) C:\Windows\system32\CxAudMsg64.exe
01:23:25.0984 9428 CxAudMsg - ok
01:23:26.0049 9428 dc3d (7af9dac504fbd047cbc3e64ae52c92bf) C:\Windows\system32\DRIVERS\dc3d.sys
01:23:26.0163 9428 dc3d - ok
01:23:26.0283 9428 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
01:23:26.0286 9428 DcomLaunch - ok
01:23:26.0342 9428 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
01:23:26.0344 9428 defragsvc - ok
01:23:26.0398 9428 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
01:23:26.0400 9428 DfsC - ok
01:23:26.0451 9428 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
01:23:26.0454 9428 Dhcp - ok
01:23:26.0482 9428 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
01:23:26.0483 9428 discache - ok
01:23:26.0529 9428 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
01:23:26.0531 9428 Disk - ok
01:23:26.0578 9428 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
01:23:26.0581 9428 Dnscache - ok
01:23:26.0623 9428 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
01:23:26.0627 9428 dot3svc - ok
01:23:26.0752 9428 DozeSvc (277247b79da2230d0c3aeb83e6cd8ca7) C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE
01:23:26.0767 9428 DozeSvc - ok
01:23:26.0795 9428 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
01:23:26.0797 9428 DPS - ok
01:23:26.0843 9428 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
01:23:26.0844 9428 drmkaud - ok
01:23:26.0924 9428 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
01:23:26.0930 9428 DXGKrnl - ok
01:23:26.0957 9428 DzHDD64 (ce4cffd9f64b86bceb1c343fc9924d72) C:\Windows\system32\DRIVERS\DzHDD64.sys
01:23:26.0961 9428 DzHDD64 - ok
01:23:27.0020 9428 e1cexpress (992f625b74c675087b5629fc79aba55b) C:\Windows\system32\DRIVERS\e1c62x64.sys
01:23:27.0028 9428 e1cexpress - ok
01:23:27.0084 9428 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
01:23:27.0087 9428 EapHost - ok
01:23:27.0211 9428 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
01:23:27.0262 9428 ebdrv - ok
01:23:27.0355 9428 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
01:23:27.0358 9428 EFS - ok
01:23:27.0431 9428 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
01:23:27.0443 9428 ehRecvr - ok
01:23:27.0469 9428 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
01:23:27.0473 9428 ehSched - ok
01:23:27.0545 9428 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
01:23:27.0557 9428 elxstor - ok
01:23:27.0590 9428 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
01:23:27.0592 9428 ErrDev - ok
01:23:27.0656 9428 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
01:23:27.0659 9428 EventSystem - ok
01:23:27.0675 9428 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
01:23:27.0680 9428 exfat - ok
01:23:27.0699 9428 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
01:23:27.0704 9428 fastfat - ok
01:23:27.0792 9428 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
01:23:27.0796 9428 Fax - ok
01:23:27.0827 9428 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
01:23:27.0829 9428 fdc - ok
01:23:27.0862 9428 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
01:23:27.0863 9428 fdPHost - ok
01:23:27.0902 9428 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
01:23:27.0904 9428 FDResPub - ok
01:23:27.0916 9428 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
01:23:27.0918 9428 FileInfo - ok
01:23:27.0927 9428 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
01:23:27.0929 9428 Filetrace - ok
01:23:28.0056 9428 FLEXnet Licensing Service (1f63900e2eb00101b9aca2b7a870704e) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
01:23:28.0066 9428 FLEXnet Licensing Service - ok
01:23:28.0154 9428 FLEXnet Licensing Service 64 (1c3fb052a0bb72edaed90785c34d6eed) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
01:23:28.0185 9428 FLEXnet Licensing Service 64 - ok
01:23:28.0293 9428 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
01:23:28.0295 9428 flpydisk - ok
01:23:28.0330 9428 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
01:23:28.0333 9428 FltMgr - ok
01:23:28.0403 9428 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
01:23:28.0410 9428 FontCache - ok
01:23:28.0497 9428 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
01:23:28.0498 9428 FontCache3.0.0.0 - ok
01:23:28.0517 9428 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
01:23:28.0520 9428 FsDepends - ok
01:23:28.0552 9428 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
01:23:28.0554 9428 Fs_Rec - ok
01:23:28.0603 9428 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
01:23:28.0605 9428 fvevol - ok
01:23:28.0650 9428 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
01:23:28.0652 9428 gagp30kx - ok
01:23:28.0701 9428 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
01:23:28.0706 9428 gpsvc - ok
01:23:28.0825 9428 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
01:23:28.0827 9428 gupdate - ok
01:23:28.0854 9428 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
01:23:28.0855 9428 gupdatem - ok
01:23:28.0892 9428 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
01:23:28.0894 9428 gusvc - ok
01:23:28.0901 9428 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
01:23:28.0903 9428 hcw85cir - ok
01:23:28.0972 9428 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
01:23:28.0977 9428 HdAudAddService - ok
01:23:29.0025 9428 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
01:23:29.0026 9428 HDAudBus - ok
01:23:29.0046 9428 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
01:23:29.0047 9428 HidBatt - ok
01:23:29.0060 9428 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
01:23:29.0063 9428 HidBth - ok
01:23:29.0079 9428 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
01:23:29.0081 9428 HidIr - ok
01:23:29.0104 9428 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
01:23:29.0106 9428 hidserv - ok
01:23:29.0144 9428 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
01:23:29.0146 9428 HidUsb - ok
01:23:29.0178 9428 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
01:23:29.0180 9428 hkmsvc - ok
01:23:29.0216 9428 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
01:23:29.0219 9428 HomeGroupListener - ok
01:23:29.0257 9428 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
01:23:29.0259 9428 HomeGroupProvider - ok
01:23:29.0315 9428 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
01:23:29.0317 9428 HpSAMD - ok
01:23:29.0376 9428 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
01:23:29.0388 9428 HTTP - ok
01:23:29.0424 9428 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
01:23:29.0425 9428 hwpolicy - ok
01:23:29.0546 9428 HyperW7Svc (aeff0de7ba1f175657efc427f4f13857) C:\Program Files\Lenovo\RapidBoot\HyperW7Svc64.exe
01:23:29.0849 9428 HyperW7Svc - ok
01:23:29.0898 9428 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
01:23:29.0901 9428 i8042prt - ok
01:23:29.0930 9428 iaStor (2fdaec4b02729c48c0fd1b0b4695995b) C:\Windows\system32\DRIVERS\iaStor.sys
01:23:29.0932 9428 iaStor - ok
01:23:29.0984 9428 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
01:23:29.0991 9428 iaStorV - ok
01:23:30.0036 9428 IBMPMDRV (a9bd44426a69079240767fe4aee0ea71) C:\Windows\system32\DRIVERS\ibmpmdrv.sys
01:23:30.0040 9428 IBMPMDRV - ok
01:23:30.0066 9428 IBMPMSVC (57d4a3ed5497db0c5a53e680a9bdd1c6) C:\Windows\system32\ibmpmsvc.exe
01:23:30.0070 9428 IBMPMSVC - ok
01:23:30.0163 9428 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
01:23:30.0177 9428 idsvc - ok
01:23:30.0655 9428 igfx (978d876a581d57e0de6437674eb0014d) C:\Windows\system32\DRIVERS\igdkmd64.sys
01:23:30.0987 9428 igfx - ok
01:23:31.0127 9428 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
01:23:31.0130 9428 iirsp - ok
01:23:31.0215 9428 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
01:23:31.0223 9428 IKEEXT - ok
01:23:31.0255 9428 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
01:23:31.0256 9428 intelide - ok
01:23:31.0295 9428 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
01:23:31.0297 9428 intelppm - ok
01:23:31.0320 9428 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
01:23:31.0323 9428 IPBusEnum - ok
01:23:31.0357 9428 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
01:23:31.0359 9428 IpFilterDriver - ok
01:23:31.0373 9428 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
01:23:31.0376 9428 IPMIDRV - ok
01:23:31.0393 9428 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
01:23:31.0397 9428 IPNAT - ok
01:23:31.0442 9428 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
01:23:31.0444 9428 IRENUM - ok
01:23:31.0459 9428 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
01:23:31.0461 9428 isapnp - ok
01:23:31.0495 9428 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
01:23:31.0500 9428 iScsiPrt - ok
01:23:31.0613 9428 jhi_service (6faf199fdffdd2376973143c3e012765) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
01:23:31.0856 9428 jhi_service - ok
01:23:31.0914 9428 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
01:23:31.0916 9428 kbdclass - ok
01:23:31.0965 9428 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
01:23:31.0967 9428 kbdhid - ok
01:23:31.0997 9428 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
01:23:31.0999 9428 KeyIso - ok
01:23:32.0016 9428 KMW_KBD - ok
01:23:32.0045 9428 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
01:23:32.0047 9428 KSecDD - ok
01:23:32.0064 9428 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
01:23:32.0066 9428 KSecPkg - ok
01:23:32.0088 9428 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
01:23:32.0090 9428 ksthunk - ok
01:23:32.0150 9428 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
01:23:32.0158 9428 KtmRm - ok
01:23:32.0226 9428 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
01:23:32.0229 9428 LanmanServer - ok
01:23:32.0262 9428 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
01:23:32.0265 9428 LanmanWorkstation - ok
01:23:32.0367 9428 Lavasoft Kernexplorer (9a7fa6371f68335fd3c3d6488bc5a9f8) C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys
01:23:32.0369 9428 Lavasoft Kernexplorer - ok
01:23:32.0480 9428 LENOVO.CAMMUTE (56b74943929bc575914631edc0e72220) C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
01:23:32.0485 9428 LENOVO.CAMMUTE - ok
01:23:32.0568 9428 LENOVO.MICMUTE (340288b3b2edc8afd5ff127df85142a7) C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
01:23:32.0573 9428 LENOVO.MICMUTE - ok
01:23:32.0618 9428 lenovo.smi (2b9d8555dc004e240082d18e7725ce20) C:\Windows\system32\DRIVERS\smiifx64.sys
01:23:32.0622 9428 lenovo.smi - ok
01:23:32.0643 9428 LENOVO.TPKNRSVC (f9b51b2a5da1222a910021c71e9ea559) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
01:23:32.0647 9428 LENOVO.TPKNRSVC - ok
01:23:32.0689 9428 Lenovo.VIRTSCRLSVC (f7de50781dc4d162c1005eb30d98f931) C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
01:23:32.0694 9428 Lenovo.VIRTSCRLSVC - ok
01:23:32.0749 9428 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
01:23:32.0751 9428 lltdio - ok
01:23:32.0788 9428 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
01:23:32.0793 9428 lltdsvc - ok
01:23:32.0808 9428 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
01:23:32.0810 9428 lmhosts - ok
01:23:32.0885 9428 LMS (97f9eaac985a663394cd8f54dcd3e73a) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
01:23:32.0888 9428 LMS - ok
01:23:32.0928 9428 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
01:23:32.0931 9428 LSI_FC - ok
01:23:32.0950 9428 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
01:23:32.0953 9428 LSI_SAS - ok
01:23:32.0971 9428 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
01:23:32.0973 9428 LSI_SAS2 - ok
01:23:32.0985 9428 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
01:23:32.0988 9428 LSI_SCSI - ok
01:23:33.0030 9428 ltpFilter (34683a6c2116531270fcb8b2a720a56e) C:\Windows\system32\DRIVERS\ltpFiltr.sys
01:23:33.0094 9428 ltpFilter - ok
01:23:33.0173 9428 ltpSvc (400fa8f8d1294fd59e34889aa9948aa9) C:\Program Files\Lenovo\ThinkPad USB Keyboard with TrackPoint\ltpSvc.exe
01:23:33.0332 9428 ltpSvc - ok
01:23:33.0338 9428 ltpwrFltr (04c120ff41db297c7ca5fda420676b67) C:\Windows\system32\DRIVERS\ltpwrflt.sys
01:23:33.0554 9428 ltpwrFltr - ok
01:23:33.0579 9428 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
01:23:33.0580 9428 luafv - ok
01:23:33.0613 9428 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
01:23:33.0616 9428 Mcx2Svc - ok
01:23:33.0639 9428 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
01:23:33.0641 9428 megasas - ok
01:23:33.0667 9428 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
01:23:33.0673 9428 MegaSR - ok
01:23:33.0715 9428 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
01:23:33.0717 9428 MEIx64 - ok
01:23:33.0740 9428 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
01:23:33.0741 9428 MMCSS - ok
01:23:33.0751 9428 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
01:23:33.0754 9428 Modem - ok
01:23:33.0802 9428 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
01:23:33.0804 9428 monitor - ok
01:23:33.0856 9428 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
01:23:33.0858 9428 mouclass - ok
01:23:33.0932 9428 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
01:23:33.0935 9428 mouhid - ok
01:23:33.0965 9428 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
01:23:33.0967 9428 mountmgr - ok
01:23:34.0023 9428 mozybackup (4559f45671297fe955b3b6de1bdf26ce) C:\Program Files\MozyHome\mozybackup.exe
01:23:34.0027 9428 mozybackup - ok
01:23:34.0081 9428 mozyFilter (792e9d1d6160df481dea44d8171b8e25) C:\Windows\system32\DRIVERS\mozy.sys
01:23:34.0086 9428 mozyFilter - ok
01:23:34.0119 9428 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
01:23:34.0124 9428 mpio - ok
01:23:34.0142 9428 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
01:23:34.0145 9428 mpsdrv - ok
01:23:34.0184 9428 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
01:23:34.0188 9428 MRxDAV - ok
01:23:34.0236 9428 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
01:23:34.0239 9428 mrxsmb - ok
01:23:34.0282 9428 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
01:23:34.0284 9428 mrxsmb10 - ok
01:23:34.0320 9428 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
01:23:34.0322 9428 mrxsmb20 - ok
01:23:34.0366 9428 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
01:23:34.0367 9428 msahci - ok
01:23:34.0408 9428 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
01:23:34.0413 9428 msdsm - ok
01:23:34.0444 9428 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
01:23:34.0449 9428 MSDTC - ok
01:23:34.0495 9428 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
01:23:34.0496 9428 Msfs - ok
01:23:34.0536 9428 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
01:23:34.0538 9428 mshidkmdf - ok
01:23:34.0546 9428 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
01:23:34.0548 9428 msisadrv - ok
01:23:34.0572 9428 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
01:23:34.0578 9428 MSiSCSI - ok
01:23:34.0580 9428 msiserver - ok
01:23:34.0616 9428 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
01:23:34.0618 9428 MSKSSRV - ok
01:23:34.0622 9428 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
01:23:34.0624 9428 MSPCLOCK - ok
01:23:34.0636 9428 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
01:23:34.0639 9428 MSPQM - ok
01:23:34.0682 9428 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
01:23:34.0685 9428 MsRPC - ok
01:23:34.0721 9428 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
01:23:34.0723 9428 mssmbios - ok
01:23:34.0727 9428 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
01:23:34.0731 9428 MSTEE - ok
01:23:34.0740 9428 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
01:23:34.0742 9428 MTConfig - ok
01:23:34.0757 9428 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
01:23:34.0759 9428 Mup - ok
01:23:34.0788 9428 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
01:23:34.0792 9428 napagent - ok
01:23:34.0853 9428 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
01:23:34.0858 9428 NativeWifiP - ok
01:23:34.0944 9428 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys
01:23:34.0950 9428 NDIS - ok
01:23:34.0962 9428 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
01:23:34.0964 9428 NdisCap - ok
01:23:35.0004 9428 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
01:23:35.0006 9428 NdisTapi - ok
01:23:35.0037 9428 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
01:23:35.0040 9428 Ndisuio - ok
01:23:35.0074 9428 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
01:23:35.0079 9428 NdisWan - ok
01:23:35.0114 9428 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
01:23:35.0117 9428 NDProxy - ok
01:23:35.0168 9428 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
01:23:35.0169 9428 NetBIOS - ok
01:23:35.0208 9428 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
01:23:35.0214 9428 NetBT - ok
01:23:35.0248 9428 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
01:23:35.0249 9428 Netlogon - ok
01:23:35.0282 9428 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
01:23:35.0286 9428 Netman - ok
01:23:35.0303 9428 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
01:23:35.0306 9428 netprofm - ok
01:23:35.0362 9428 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
01:23:35.0365 9428 NetTcpPortSharing - ok
01:23:35.0584 9428 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
01:23:35.0651 9428 netw5v64 - ok
01:23:35.0780 9428 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
01:23:35.0782 9428 nfrd960 - ok
01:23:35.0850 9428 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
01:23:35.0854 9428 NlaSvc - ok
01:23:35.0868 9428 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
01:23:35.0871 9428 Npfs - ok
01:23:35.0901 9428 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
01:23:35.0903 9428 nsi - ok
01:23:35.0910 9428 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
01:23:35.0912 9428 nsiproxy - ok
01:23:36.0001 9428 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
01:23:36.0010 9428 Ntfs - ok
01:23:36.0097 9428 NuidFltr (317020d31f1696334679b9d0416eb62e) C:\Windows\system32\DRIVERS\NuidFltr.sys
01:23:36.0103 9428 NuidFltr - ok
01:23:36.0122 9428 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
01:23:36.0123 9428 Null - ok
01:23:36.0170 9428 NVHDA (960e39a54e525df58cb29193147dffa1) C:\Windows\system32\drivers\nvhda64v.sys
01:23:36.0173 9428 NVHDA - ok
01:23:36.0701 9428 nvlddmkm (7c7e6935e986c5237a883d2b82c654e2) C:\Windows\system32\DRIVERS\nvlddmkm.sys
01:23:36.0906 9428 nvlddmkm - ok
01:23:37.0050 9428 nvpciflt (ee58a22403c31a23731dd2ad2cb707c8) C:\Windows\system32\DRIVERS\nvpciflt.sys
01:23:37.0054 9428 nvpciflt - ok
01:23:37.0089 9428 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
01:23:37.0094 9428 nvraid - ok
01:23:37.0113 9428 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
01:23:37.0118 9428 nvstor - ok
01:23:37.0183 9428 NVSvc (e62e113d487958cbc5137af65922de4c) C:\Windows\system32\nvvsvc.exe
01:23:37.0203 9428 NVSvc - ok
01:23:37.0351 9428 nvUpdatusService (31d61ec056fab73a911d9987099575e0) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
01:23:37.0392 9428 nvUpdatusService - ok
01:23:37.0477 9428 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
01:23:37.0480 9428 nv_agp - ok
01:23:37.0510 9428 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
01:23:37.0513 9428 ohci1394 - ok
01:23:37.0611 9428 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
01:23:37.0616 9428 ose - ok
01:23:37.0813 9428 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
01:23:37.0834 9428 osppsvc - ok
01:23:37.0915 9428 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
01:23:37.0919 9428 p2pimsvc - ok
01:23:37.0943 9428 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
01:23:37.0947 9428 p2psvc - ok
01:23:37.0977 9428 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
01:23:37.0979 9428 Parport - ok
01:23:38.0017 9428 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
01:23:38.0019 9428 partmgr - ok
01:23:38.0028 9428 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
01:23:38.0031 9428 PcaSvc - ok
01:23:38.0072 9428 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
01:23:38.0074 9428 pci - ok
01:23:38.0085 9428 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
01:23:38.0086 9428 pciide - ok
01:23:38.0105 9428 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
01:23:38.0109 9428 pcmcia - ok
01:23:38.0128 9428 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
01:23:38.0131 9428 pcw - ok
01:23:38.0162 9428 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
01:23:38.0173 9428 PEAUTH - ok
01:23:38.0295 9428 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
01:23:38.0303 9428 PeerDistSvc - ok
01:23:38.0394 9428 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
01:23:38.0396 9428 PerfHost - ok
01:23:38.0500 9428 PHCORE (52c9f4359af4a25969b882aecc6f3bda) C:\Program Files\Lenovo\RapidBoot\PHCORE64.SYS
01:23:38.0515 9428 PHCORE - ok
01:23:38.0634 9428 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
01:23:38.0657 9428 pla - ok
01:23:38.0724 9428 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
01:23:38.0729 9428 PlugPlay - ok
01:23:38.0784 9428 pmxdrv (0bee791c7c7ace453c134e73633c497d) C:\Windows\system32\drivers\pmxdrv.sys
01:23:39.0041 9428 pmxdrv - ok
01:23:39.0077 9428 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
01:23:39.0080 9428 PNRPAutoReg - ok
01:23:39.0099 9428 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
01:23:39.0101 9428 PNRPsvc - ok
01:23:39.0148 9428 Point64 (4f0878fd62d5f7444c5f1c4c66d9d293) C:\Windows\system32\DRIVERS\point64.sys
01:23:39.0154 9428 Point64 - ok
01:23:39.0201 9428 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
01:23:39.0205 9428 PolicyAgent - ok
01:23:39.0237 9428 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
01:23:39.0240 9428 Power - ok
01:23:39.0352 9428 Power Manager DBC Service (6f51482adced13cebfe0f1054f2116f2) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
01:23:39.0491 9428 Power Manager DBC Service - ok
01:23:39.0543 9428 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
01:23:39.0545 9428 PptpMiniport - ok
01:23:39.0566 9428 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
01:23:39.0568 9428 Processor - ok
01:23:39.0603 9428 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
01:23:39.0606 9428 ProfSvc - ok
01:23:39.0639 9428 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
01:23:39.0640 9428 ProtectedStorage - ok
01:23:39.0661 9428 psadd (05a4779e4994b21473edbe85aabe8030) C:\Windows\system32\DRIVERS\psadd.sys
01:23:39.0665 9428 psadd - ok
01:23:39.0716 9428 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
01:23:39.0721 9428 Psched - ok
01:23:39.0757 9428 PSI_SVC_2 (f036cfb275d0c55f4e45fbbf5f98b3c8) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
01:23:39.0763 9428 PSI_SVC_2 - ok
01:23:39.0814 9428 PwmEWSvc (af8b60d65f8b39c4fac6be8641923f37) C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE
01:23:40.0042 9428 PwmEWSvc - ok
01:23:40.0120 9428 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
01:23:40.0144 9428 ql2300 - ok
01:23:40.0280 9428 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
01:23:40.0283 9428 ql40xx - ok
01:23:40.0324 9428 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
01:23:40.0330 9428 QWAVE - ok
01:23:40.0347 9428 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
01:23:40.0350 9428 QWAVEdrv - ok
01:23:40.0360 9428 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
01:23:40.0362 9428 RasAcd - ok
01:23:40.0413 9428 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
01:23:40.0415 9428 RasAgileVpn - ok
01:23:40.0428 9428 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
01:23:40.0431 9428 RasAuto - ok
01:23:40.0470 9428 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
01:23:40.0473 9428 Rasl2tp - ok
01:23:40.0514 9428 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
01:23:40.0522 9428 RasMan - ok
01:23:40.0545 9428 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
01:23:40.0548 9428 RasPppoe - ok
01:23:40.0563 9428 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
01:23:40.0566 9428 RasSstp - ok
01:23:40.0589 9428 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
01:23:40.0592 9428 rdbss - ok
01:23:40.0604 9428 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
01:23:40.0606 9428 rdpbus - ok
01:23:40.0614 9428 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
01:23:40.0615 9428 RDPCDD - ok
01:23:40.0653 9428 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
01:23:40.0658 9428 RDPDR - ok
01:23:40.0695 9428 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
01:23:40.0696 9428 RDPENCDD - ok
01:23:40.0710 9428 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
01:23:40.0712 9428 RDPREFMP - ok
01:23:40.0754 9428 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
01:23:40.0759 9428 RDPWD - ok
01:23:40.0799 9428 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
01:23:40.0802 9428 rdyboost - ok
01:23:40.0831 9428 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
01:23:40.0834 9428 RemoteAccess - ok
01:23:40.0866 9428 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
01:23:40.0875 9428 RemoteRegistry - ok
01:23:40.0916 9428 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
01:23:40.0921 9428 RFCOMM - ok
01:23:40.0972 9428 risdxc (5a227511ed22ddfedf7ef7323c8f7d2f) C:\Windows\system32\DRIVERS\risdxc64.sys
01:23:41.0067 9428 risdxc - ok
01:23:41.0083 9428 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
01:23:41.0085 9428 RpcEptMapper - ok
01:23:41.0095 9428 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
01:23:41.0097 9428 RpcLocator - ok
01:23:41.0149 9428 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
01:23:41.0153 9428 RpcSs - ok
01:23:41.0167 9428 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
01:23:41.0169 9428 rspndr - ok
01:23:41.0251 9428 RTL8192Ce (c81613490cfe41d1cfaf35d0da324ed8) C:\Windows\system32\DRIVERS\rtl8192Ce.sys
01:23:41.0272 9428 RTL8192Ce - ok
01:23:41.0303 9428 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
01:23:41.0304 9428 s3cap - ok
01:23:41.0339 9428 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
01:23:41.0340 9428 SamSs - ok
01:23:41.0442 9428 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
01:23:41.0445 9428 SASDIFSV - ok
01:23:41.0447 9428 SAService - ok
01:23:41.0456 9428 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
01:23:41.0460 9428 SASKUTIL - ok
01:23:41.0673 9428 SBAMSvc (bce943896289a91ad75cc5652620b1c6) C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
01:23:41.0688 9428 SBAMSvc - ok
01:23:41.0816 9428 sbapifs (6e342316e72f4b6fa39c99e06373a1a3) C:\Windows\system32\DRIVERS\sbapifs.sys
01:23:41.0818 9428 sbapifs - ok
01:23:41.0861 9428 sbhips (b671eef468d13016b9286f5835a06ae1) C:\Windows\system32\drivers\sbhips.sys
01:23:41.0863 9428 sbhips - ok
01:23:41.0894 9428 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
01:23:41.0896 9428 sbp2port - ok
01:23:41.0940 9428 SBRE (9aceb2a2362fc87a3825963e61ba9076) C:\Windows\system32\drivers\SBREdrv.sys
01:23:41.0942 9428 SBRE - ok
01:23:41.0966 9428 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
01:23:41.0972 9428 SCardSvr - ok
01:23:42.0004 9428 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
01:23:42.0005 9428 scfilter - ok
01:23:42.0077 9428 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
01:23:42.0096 9428 Schedule - ok
01:23:42.0131 9428 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
01:23:42.0132 9428 SCPolicySvc - ok
01:23:42.0184 9428 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
01:23:42.0186 9428 sdbus - ok
01:23:42.0224 9428 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
01:23:42.0227 9428 SDRSVC - ok
01:23:42.0339 9428 SeaPort (331e7bde228914574fc9ae6cd520dafa) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
01:23:42.0341 9428 SeaPort - ok
01:23:42.0391 9428 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
01:23:42.0393 9428 secdrv - ok
01:23:42.0435 9428 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
01:23:42.0437 9428 seclogon - ok
01:23:42.0458 9428 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
01:23:42.0460 9428 SENS - ok
01:23:42.0468 9428 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
01:23:42.0471 9428 SensrSvc - ok
01:23:42.0484 9428 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
01:23:42.0485 9428 Serenum - ok
01:23:42.0497 9428 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
01:23:42.0499 9428 Serial - ok
01:23:42.0530 9428 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
01:23:42.0531 9428 sermouse - ok
01:23:42.0567 9428 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
01:23:42.0570 9428 SessionEnv - ok
01:23:42.0594 9428 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
01:23:42.0596 9428 sffdisk - ok
01:23:42.0605 9428 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
01:23:42.0607 9428 sffp_mmc - ok
01:23:42.0615 9428 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
01:23:42.0616 9428 sffp_sd - ok
01:23:42.0627 9428 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
01:23:42.0628 9428 sfloppy - ok
01:23:42.0706 9428 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys
01:23:42.0710 9428 Sftfs - ok
01:23:42.0805 9428 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
01:23:42.0809 9428 sftlist - ok
01:23:42.0890 9428 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys
01:23:42.0892 9428 Sftplay - ok
01:23:42.0903 9428 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys
01:23:42.0904 9428 Sftredir - ok
01:23:42.0952 9428 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys
01:23:42.0954 9428 Sftvol - ok
01:23:42.0968 9428 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
01:23:42.0970 9428 sftvsa - ok
01:23:43.0008 9428 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
01:23:43.0012 9428 ShellHWDetection - ok
01:23:43.0053 9428 Shockprf (c3f190562fe82efda7ccef305ebad3e3) C:\Windows\system32\DRIVERS\Apsx64.sys
01:23:43.0059 9428 Shockprf - ok
01:23:43.0102 9428 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
01:23:43.0104 9428 SiSRaid2 - ok
01:23:43.0123 9428 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
01:23:43.0125 9428 SiSRaid4 - ok
01:23:43.0140 9428 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
01:23:43.0142 9428 Smb - ok
01:23:43.0230 9428 smihlp2 (3bc2844af786ca422cc31d505acfa9f2) C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys
01:23:43.0233 9428 smihlp2 - ok
01:23:43.0288 9428 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
01:23:43.0290 9428 SNMPTRAP - ok
01:23:43.0311 9428 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
01:23:43.0312 9428 spldr - ok
01:23:43.0366 9428 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
01:23:43.0370 9428 Spooler - ok
01:23:43.0519 9428 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
01:23:43.0536 9428 sppsvc - ok
01:23:43.0602 9428 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
01:23:43.0605 9428 sppuinotify - ok
01:23:43.0721 9428 SROSVC (47118a04b1d4dccce3a1cda3c10095b9) C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe
01:23:43.0733 9428 SROSVC - ok
01:23:43.0790 9428 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
01:23:43.0793 9428 srv - ok
01:23:43.0822 9428 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
01:23:43.0825 9428 srv2 - ok
01:23:43.0863 9428 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
01:23:43.0866 9428 SrvHsfHDA - ok
01:23:43.0932 9428 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
01:23:43.0940 9428 SrvHsfV92 - ok
01:23:44.0028 9428 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
01:23:44.0033 9428 SrvHsfWinac - ok
01:23:44.0048 9428 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
01:23:44.0050 9428 srvnet - ok
01:23:44.0071 9428 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
01:23:44.0074 9428 SSDPSRV - ok
01:23:44.0088 9428 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
01:23:44.0092 9428 SstpSvc - ok
01:23:44.0153 9428 stdriver (50aadc94ba90dc3de1ae0020c877baae) C:\Windows\system32\DRIVERS\stdriver64.sys
01:23:44.0154 9428 stdriver - ok
01:23:44.0285 9428 Stereo Service (88c1bee3cbe1b46a58730fdd0484bd3a) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
01:23:44.0288 9428 Stereo Service - ok
01:23:44.0333 9428 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
01:23:44.0334 9428 stexstor - ok
01:23:44.0384 9428 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
01:23:44.0389 9428 stisvc - ok
01:23:44.0436 9428 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
01:23:44.0438 9428 storflt - ok
01:23:44.0462 9428 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
01:23:44.0466 9428 StorSvc - ok
01:23:44.0503 9428 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
01:23:44.0505 9428 storvsc - ok
01:23:44.0562 9428 SUService (59b5a060a31bd4bab030c4fcd1048292) C:\Program Files (x86)\Lenovo\System Update\SUService.exe
01:23:44.0566 9428 SUService - ok
01:23:44.0579 9428 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
01:23:44.0580 9428 swenum - ok
01:23:44.0612 9428 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
01:23:44.0616 9428 swprv - ok
01:23:44.0680 9428 SynTP (c0b7405c899c485aa0b6f9866a4061cd) C:\Windows\system32\DRIVERS\SynTP.sys
01:23:44.0690 9428 SynTP - ok
01:23:44.0779 9428 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
01:23:44.0789 9428 SysMain - ok
01:23:44.0880 9428 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
01:23:44.0884 9428 TabletInputService - ok
01:23:44.0909 9428 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
01:23:44.0916 9428 TapiSrv - ok
01:23:44.0938 9428 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
01:23:44.0941 9428 TBS - ok
01:23:45.0046 9428 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
01:23:45.0056 9428 Tcpip - ok
01:23:45.0153 9428 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
01:23:45.0161 9428 TCPIP6 - ok
01:23:45.0210 9428 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
01:23:45.0212 9428 tcpipreg - ok
01:23:45.0232 9428 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
01:23:45.0234 9428 TDPIPE - ok
01:23:45.0268 9428 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
01:23:45.0270 9428 TDTCP - ok
01:23:45.0312 9428 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
01:23:45.0314 9428 tdx - ok
01:23:45.0345 9428 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
01:23:45.0347 9428 TermDD - ok
01:23:45.0399 9428 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
01:23:45.0404 9428 TermService - ok
01:23:45.0429 9428 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
01:23:45.0431 9428 Themes - ok
01:23:45.0568 9428 ThinkVantage Registry Monitor Service (d3504242e506af450c0a30e79363097c) C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
01:23:45.0874 9428 ThinkVantage Registry Monitor Service - ok
01:23:45.0915 9428 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
01:23:45.0916 9428 THREADORDER - ok
01:23:45.0970 9428 TPDIGIMN (1bb77eccbfa3675b1ee8d6d6d37a1e1e) C:\Windows\system32\DRIVERS\ApsHM64.sys
01:23:45.0974 9428 TPDIGIMN - ok
01:23:45.0992 9428 TPHDEXLGSVC (88f81d810ff16ac65b02643daf308d4f) C:\Windows\system32\TPHDEXLG64.exe
01:23:45.0998 9428 TPHDEXLGSVC - ok
01:23:46.0079 9428 TPHKLOAD (83415782d47f8064fcafea308abb2246) C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
01:23:46.0086 9428 TPHKLOAD - ok
01:23:46.0100 9428 TPHKSVC (c04bb65441913ab621c58a8bd3169b23) C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
01:23:46.0107 9428 TPHKSVC - ok
01:23:46.0150 9428 TPM (dbcc20c02e8a3e43b03c304a4e40a84f) C:\Windows\system32\drivers\tpm.sys
01:23:46.0152 9428 TPM - ok
01:23:46.0214 9428 TPPWRIF (7165b5a9b4867f64a6d6935f57d4196b) C:\Windows\system32\drivers\Tppwr64v.sys
01:23:46.0222 9428 TPPWRIF - ok
01:23:46.0253 9428 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
01:23:46.0256 9428 TrkWks - ok
01:23:46.0332 9428 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
01:23:46.0334 9428 TrustedInstaller - ok
01:23:46.0368 9428 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
01:23:46.0371 9428 tssecsrv - ok
01:23:46.0418 9428 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
01:23:46.0419 9428 TsUsbFlt - ok
01:23:46.0471 9428 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
01:23:46.0473 9428 tunnel - ok
01:23:46.0617 9428 TVT Backup Service (c9859779f9c29aadfbf454b7605452e6) C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe
01:23:46.0659 9428 TVT Backup Service - ok
01:23:46.0759 9428 TVTI2C (4daae0413cd4e816258838e2fafb3147) C:\Windows\system32\DRIVERS\Tvti2c.sys
01:23:46.0763 9428 TVTI2C - ok
01:23:46.0785 9428 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
01:23:46.0787 9428 uagp35 - ok
01:23:46.0824 9428 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
01:23:46.0827 9428 udfs - ok
01:23:46.0855 9428 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
01:23:46.0858 9428 UI0Detect - ok
01:23:46.0933 9428 UleadBurningHelper (be788a747457e6916586c410ec0111e7) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
01:23:47.0195 9428 UleadBurningHelper - ok
01:23:47.0224 9428 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
01:23:47.0232 9428 uliagpkx - ok
01:23:47.0280 9428 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
01:23:47.0282 9428 umbus - ok
01:23:47.0294 9428 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
01:23:47.0296 9428 UmPass - ok
01:23:47.0333 9428 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
01:23:47.0337 9428 UmRdpService - ok
01:23:47.0499 9428 UNS (a69cd6bdb82872999d2e46f9324ada83) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
01:23:47.0513 9428 UNS - ok
01:23:47.0608 9428 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
01:23:47.0612 9428 upnphost - ok
01:23:47.0632 9428 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
01:23:47.0633 9428 usbccgp - ok
01:23:47.0665 9428 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
01:23:47.0667 9428 usbcir - ok
01:23:47.0691 9428 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
01:23:47.0693 9428 usbehci - ok
01:23:47.0756 9428 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
01:23:47.0759 9428 usbhub - ok
01:23:47.0785 9428 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
01:23:47.0787 9428 usbohci - ok
01:23:47.0831 9428 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
01:23:47.0833 9428 usbprint - ok
01:23:47.0868 9428 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
01:23:47.0874 9428 usbscan - ok
01:23:47.0904 9428 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
01:23:47.0906 9428 USBSTOR - ok
01:23:47.0930 9428 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
01:23:47.0931 9428 usbuhci - ok
01:23:47.0984 9428 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
01:23:47.0986 9428 usbvideo - ok
01:23:48.0004 9428 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
01:23:48.0007 9428 UxSms - ok
01:23:48.0040 9428 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
01:23:48.0041 9428 VaultSvc - ok
01:23:48.0081 9428 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
01:23:48.0082 9428 vdrvroot - ok
01:23:48.0131 9428 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
01:23:48.0141 9428 vds - ok
01:23:48.0192 9428 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
01:23:48.0194 9428 vga - ok
01:23:48.0223 9428 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
01:23:48.0224 9428 VgaSave - ok
01:23:48.0261 9428 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
01:23:48.0263 9428 vhdmp - ok
01:23:48.0297 9428 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
01:23:48.0299 9428 viaide - ok
01:23:48.0321 9428 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
01:23:48.0323 9428 vmbus - ok
01:23:48.0337 9428 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
01:23:48.0339 9428 VMBusHID - ok
01:23:48.0366 9428 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
01:23:48.0370 9428 volmgr - ok
01:23:48.0422 9428 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
01:23:48.0426 9428 volmgrx - ok
01:23:48.0454 9428 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
01:23:48.0457 9428 volsnap - ok
01:23:48.0507 9428 vpcbus (b4a73ca4ef9a02b9738cea9ad5fe5917) C:\Windows\system32\DRIVERS\vpchbus.sys
01:23:48.0510 9428 vpcbus - ok
01:23:48.0542 9428 vpcnfltr (e675fb2b48c54f09895482e2253b289c) C:\Windows\system32\DRIVERS\vpcnfltr.sys
01:23:48.0544 9428 vpcnfltr - ok
01:23:48.0591 9428 vpcusb (5fb42082b0d19a0268705f1dd343df20) C:\Windows\system32\DRIVERS\vpcusb.sys
01:23:48.0593 9428 vpcusb - ok
01:23:48.0638 9428 vpcvmm (207b6539799cc1c112661a9b620dd233) C:\Windows\system32\drivers\vpcvmm.sys
01:23:48.0641 9428 vpcvmm - ok
01:23:48.0701 9428 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
01:23:48.0703 9428 vsmraid - ok
01:23:48.0811 9428 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
01:23:48.0820 9428 VSS - ok
01:23:48.0914 9428 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
01:23:48.0916 9428 vwifibus - ok
01:23:48.0955 9428 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
01:23:48.0957 9428 vwififlt - ok
01:23:49.0006 9428 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
01:23:49.0010 9428 W32Time - ok
01:23:49.0030 9428 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
01:23:49.0032 9428 WacomPen - ok
01:23:49.0090 9428 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
01:23:49.0092 9428 WANARP - ok
01:23:49.0095 9428 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
01:23:49.0096 9428 Wanarpv6 - ok
01:23:49.0247 9428 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
01:23:49.0267 9428 WatAdminSvc - ok
01:23:49.0359 9428 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
01:23:49.0368 9428 wbengine - ok
01:23:49.0480 9428 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
01:23:49.0484 9428 WbioSrvc - ok
01:23:49.0527 9428 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
01:23:49.0531 9428 wcncsvc - ok
01:23:49.0539 9428 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
01:23:49.0542 9428 WcsPlugInService - ok
01:23:49.0577 9428 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
01:23:49.0579 9428 Wd - ok
01:23:49.0617 9428 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
01:23:49.0622 9428 Wdf01000 - ok
01:23:49.0641 9428 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
01:23:49.0643 9428 WdiServiceHost - ok
01:23:49.0645 9428 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
01:23:49.0647 9428 WdiSystemHost - ok
01:23:49.0684 9428 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
01:23:49.0691 9428 WebClient - ok
01:23:49.0709 9428 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
01:23:49.0716 9428 Wecsvc - ok
01:23:49.0745 9428 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
01:23:49.0749 9428 wercplsupport - ok
01:23:49.0791 9428 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
01:23:49.0793 9428 WerSvc - ok
01:23:49.0842 9428 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
01:23:49.0845 9428 WfpLwf - ok
01:23:49.0865 9428 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
01:23:49.0868 9428 WIMMount - ok
01:23:49.0872 9428 WinHttpAutoProxySvc - ok
01:23:49.0929 9428 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
01:23:49.0931 9428 Winmgmt - ok
01:23:50.0034 9428 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
01:23:50.0065 9428 WinRM - ok
01:23:50.0211 9428 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUSB.sys
01:23:50.0212 9428 WinUsb - ok
01:23:50.0264 9428 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
01:23:50.0270 9428 Wlansvc - ok
01:23:50.0324 9428 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
01:23:50.0326 9428 wlcrasvc - ok
01:23:50.0438 9428 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
01:23:50.0449 9428 wlidsvc - ok
01:23:50.0577 9428 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
01:23:50.0578 9428 WmiAcpi - ok
01:23:50.0633 9428 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
01:23:50.0636 9428 wmiApSrv - ok
01:23:50.0694 9428 WMPNetworkSvc - ok
01:23:50.0744 9428 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
01:23:50.0747 9428 WPCSvc - ok
01:23:50.0788 9428 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
01:23:50.0790 9428 WPDBusEnum - ok
01:23:50.0811 9428 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
01:23:50.0813 9428 ws2ifsl - ok
01:23:50.0816 9428 WSearch - ok
01:23:50.0852 9428 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
01:23:50.0853 9428 WudfPf - ok
01:23:50.0870 9428 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
01:23:50.0873 9428 WUDFRd - ok
01:23:50.0907 9428 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
01:23:50.0911 9428 wudfsvc - ok
01:23:50.0924 9428 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
01:23:50.0931 9428 WwanSvc - ok
01:23:51.0020 9428 XCPSPWD (8b5b7f5fd1d8e5c7038e54be18f58132) C:\Program Files\Xerox Office Printing\PrintingScout\XCPWDN.EXE
01:23:51.0325 9428 XCPSPWD - ok
01:23:51.0377 9428 XCPSSDB (25531ad711127cef85a2ed1ec13f59ef) C:\Program Files\Xerox Office Printing\PrintingScout\XCSDBN.EXE
01:23:51.0570 9428 XCPSSDB - ok
01:23:51.0648 9428 MBR (0x1B8) (de07d0518bc04ac37225dc1ed9207f2e) \Device\Harddisk0\DR0
01:23:51.0803 9428 \Device\Harddisk0\DR0 - ok
01:23:51.0805 9428 Boot (0x1200) (248fb765c5700ed932bfaf36498e2c9e) \Device\Harddisk0\DR0\Partition0
01:23:51.0806 9428 \Device\Harddisk0\DR0\Partition0 - ok
01:23:51.0817 9428 Boot (0x1200) (ceec18e42aafd7e98e06201d4d722526) \Device\Harddisk0\DR0\Partition1
01:23:51.0818 9428 \Device\Harddisk0\DR0\Partition1 - ok
01:23:51.0841 9428 Boot (0x1200) (0d12c3825287bc38a884811a86933c81) \Device\Harddisk0\DR0\Partition2
01:23:51.0842 9428 \Device\Harddisk0\DR0\Partition2 - ok
01:23:51.0842 9428 ============================================================
01:23:51.0842 9428 Scan finished
01:23:51.0842 9428 ============================================================
01:23:51.0849 10832 Detected object count: 0
01:23:51.0849 10832 Actual detected object count: 0
01:28:36.0827 5460 Deinitialize success


22:44:35.0872 3260 TDSS rootkit removing tool 2.8.6.0 Aug 13 2012 17:24:05
22:44:37.0269 3260 ============================================================
22:44:37.0269 3260 Current date / time: 2012/08/19 22:44:37.0269
22:44:37.0269 3260 SystemInfo:
22:44:37.0269 3260
22:44:37.0269 3260 OS Version: 6.1.7601 ServicePack: 1.0
22:44:37.0269 3260 Product type: Workstation
22:44:37.0269 3260 ComputerName: HEAVYWEIGHTPAD
22:44:37.0270 3260 UserName: Lawrence Hacken
22:44:37.0270 3260 Windows directory: C:\Windows
22:44:37.0270 3260 System windows directory: C:\Windows
22:44:37.0270 3260 Running under WOW64
22:44:37.0270 3260 Processor architecture: Intel x64
22:44:37.0270 3260 Number of processors: 4
22:44:37.0270 3260 Page size: 0x1000
22:44:37.0270 3260 Boot type: Normal boot
22:44:37.0270 3260 ============================================================
22:44:37.0713 3260 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:44:37.0718 3260 ============================================================
22:44:37.0718 3260 \Device\Harddisk0\DR0:
22:44:37.0718 3260 MBR partitions:
22:44:37.0718 3260 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x258000
22:44:37.0718 3260 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x258800, BlocksNum 0x23A657F8
22:44:37.0718 3260 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x23CBE000, BlocksNum 0x1770000
22:44:37.0718 3260 ============================================================
22:44:37.0747 3260 C: <-> \Device\Harddisk0\DR0\Partition2
22:44:37.0798 3260 Q: <-> \Device\Harddisk0\DR0\Partition3
22:44:37.0798 3260 ============================================================
22:44:37.0798 3260 Initialize success
22:44:37.0798 3260 ============================================================
22:44:40.0805 5472 ============================================================
22:44:40.0805 5472 Scan started
22:44:40.0805 5472 Mode: Manual;
22:44:40.0805 5472 ============================================================
22:44:41.0671 5472 ================ Scan services =============================
22:44:41.0776 5472 [ 7d9d615201a483d6fa99491c2e655a5a ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
22:44:41.0777 5472 !SASCORE - ok
22:44:42.0344 5472 [ a87d604aea360176311474c87a63bb88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
22:44:42.0349 5472 1394ohci - ok
22:44:42.0397 5472 [ d81d9e70b8a6dd14d42d7b4efa65d5f2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
22:44:42.0399 5472 ACPI - ok
22:44:42.0435 5472 [ 99f8e788246d495ce3794d7e7821d2ca ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
22:44:42.0438 5472 AcpiPmi - ok
22:44:42.0537 5472 [ 1933db4808793f3bd7ab34a39a809425 ] AcPrfMgrSvc C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
22:44:42.0538 5472 AcPrfMgrSvc - ok
22:44:42.0585 5472 [ e7af543334b21d84124709061a9ae4d7 ] AcSvc C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
22:44:42.0587 5472 AcSvc - ok
22:44:42.0658 5472 [ af9658974154c3b6a333d86dc2e0aac8 ] Ad-Aware Service C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
22:44:42.0663 5472 Ad-Aware Service - ok
22:44:42.0749 5472 [ 2f0683fd2df1d92e891caca14b45a8c1 ] adfs C:\Windows\system32\drivers\adfs.sys
22:44:42.0752 5472 adfs - ok
22:44:42.0837 5472 [ a9d3b95e8466bd58eeb8a1154654e162 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
22:44:42.0839 5472 AdobeFlashPlayerUpdateSvc - ok
22:44:42.0890 5472 [ 2f6b34b83843f0c5118b63ac634f5bf4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
22:44:42.0899 5472 adp94xx - ok
22:44:42.0943 5472 [ 597f78224ee9224ea1a13d6350ced962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
22:44:42.0951 5472 adpahci - ok
22:44:42.0967 5472 [ e109549c90f62fb570b9540c4b148e54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
22:44:42.0972 5472 adpu320 - ok
22:44:42.0992 5472 [ 4b78b431f225fd8624c5655cb1de7b61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
22:44:42.0992 5472 AeLookupSvc - ok
22:44:43.0044 5472 [ 1c7857b62de5994a75b054a9fd4c3825 ] AFD C:\Windows\system32\drivers\afd.sys
22:44:43.0046 5472 AFD - ok
22:44:43.0101 5472 [ 608c14dba7299d8cb6ed035a68a15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
22:44:43.0103 5472 agp440 - ok
22:44:43.0115 5472 [ 3290d6946b5e30e70414990574883ddb ] ALG C:\Windows\System32\alg.exe
22:44:43.0117 5472 ALG - ok
22:44:43.0150 5472 [ 5812713a477a3ad7363c7438ca2ee038 ] aliide C:\Windows\system32\drivers\aliide.sys
22:44:43.0151 5472 aliide - ok
22:44:43.0162 5472 [ 1ff8b4431c353ce385c875f194924c0c ] amdide C:\Windows\system32\drivers\amdide.sys
22:44:43.0164 5472 amdide - ok
22:44:43.0209 5472 [ 7024f087cff1833a806193ef9d22cda9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
22:44:43.0211 5472 AmdK8 - ok
22:44:43.0224 5472 [ 1e56388b3fe0d031c44144eb8c4d6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
22:44:43.0227 5472 AmdPPM - ok
22:44:43.0236 5472 [ d4121ae6d0c0e7e13aa221aa57ef2d49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
22:44:43.0239 5472 amdsata - ok
22:44:43.0263 5472 [ f67f933e79241ed32ff46a4f29b5120b ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
22:44:43.0267 5472 amdsbs - ok
22:44:43.0278 5472 [ 540daf1cea6094886d72126fd7c33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
22:44:43.0280 5472 amdxata - ok
22:44:43.0338 5472 [ 89a69c3f2f319b43379399547526d952 ] AppID C:\Windows\system32\drivers\appid.sys
22:44:43.0340 5472 AppID - ok
22:44:43.0352 5472 [ 0bc381a15355a3982216f7172f545de1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
22:44:43.0355 5472 AppIDSvc - ok
22:44:43.0395 5472 [ 3977d4a871ca0d4f2ed1e7db46829731 ] Appinfo C:\Windows\System32\appinfo.dll
22:44:43.0396 5472 Appinfo - ok
22:44:43.0434 5472 [ 4aba3e75a76195a3e38ed2766c962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
22:44:43.0439 5472 AppMgmt - ok
22:44:43.0483 5472 [ c484f8ceb1717c540242531db7845c4e ] arc C:\Windows\system32\DRIVERS\arc.sys
22:44:43.0486 5472 arc - ok
22:44:43.0513 5472 [ 019af6924aefe7839f61c830227fe79c ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
22:44:43.0516 5472 arcsas - ok
22:44:43.0544 5472 [ 769765ce2cc62867468cea93969b2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
22:44:43.0546 5472 AsyncMac - ok
22:44:43.0590 5472 [ 02062c0b390b7729edc9e69c680a6f3c ] atapi C:\Windows\system32\drivers\atapi.sys
22:44:43.0592 5472 atapi - ok
22:44:43.0626 5472 [ f23fef6d569fce88671949894a8becf1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
22:44:43.0629 5472 AudioEndpointBuilder - ok
22:44:43.0637 5472 [ f23fef6d569fce88671949894a8becf1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
22:44:43.0640 5472 AudioSrv - ok
22:44:43.0692 5472 [ a6bf31a71b409dfa8cac83159e1e2aff ] AxInstSV C:\Windows\System32\AxInstSV.dll
22:44:43.0695 5472 AxInstSV - ok
22:44:43.0735 5472 [ 3e5b191307609f7514148c6832bb0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
22:44:43.0743 5472 b06bdrv - ok
22:44:43.0791 5472 [ b5ace6968304a3900eeb1ebfd9622df2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
22:44:43.0796 5472 b57nd60a - ok
22:44:43.0840 5472 [ fde360167101b4e45a96f939f388aeb0 ] BDESVC C:\Windows\System32\bdesvc.dll
22:44:43.0844 5472 BDESVC - ok
22:44:43.0867 5472 [ 16a47ce2decc9b099349a5f840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
22:44:43.0869 5472 Beep - ok
22:44:43.0939 5472 [ 82974d6a2fd19445cc5171fc378668a4 ] BFE C:\Windows\System32\bfe.dll
22:44:43.0942 5472 BFE - ok
22:44:43.0985 5472 [ 61583ee3c3a17003c4acd0475646b4d3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
22:44:43.0987 5472 blbdrive - ok
22:44:44.0025 5472 [ 6c02a83164f5cc0a262f4199f0871cf5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
22:44:44.0028 5472 bowser - ok
22:44:44.0055 5472 [ f09eee9edc320b5e1501f749fde686c8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:44:44.0057 5472 BrFiltLo - ok
22:44:44.0075 5472 [ b114d3098e9bdb8bea8b053685831be6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:44:44.0077 5472 BrFiltUp - ok
22:44:44.0122 5472 [ 5c2f352a4e961d72518261257aae204b ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
22:44:44.0125 5472 BridgeMP - ok
22:44:44.0165 5472 [ 8ef0d5c41ec907751b8429162b1239ed ] Browser C:\Windows\System32\browser.dll
22:44:44.0166 5472 Browser - ok
22:44:44.0179 5472 [ 43bea8d483bf1870f018e2d02e06a5bd ] Brserid C:\Windows\System32\Drivers\Brserid.sys
22:44:44.0186 5472 Brserid - ok
22:44:44.0194 5472 [ a6eca2151b08a09caceca35c07f05b42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
22:44:44.0196 5472 BrSerWdm - ok
22:44:44.0198 5472 [ b79968002c277e869cf38bd22cd61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
22:44:44.0200 5472 BrUsbMdm - ok
22:44:44.0202 5472 [ a87528880231c54e75ea7a44943b38bf ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
22:44:44.0204 5472 BrUsbSer - ok
22:44:44.0250 5472 [ cf98190a94f62e405c8cb255018b2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
22:44:44.0253 5472 BthEnum - ok
22:44:44.0261 5472 [ 9da669f11d1f894ab4eb69bf546a42e8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
22:44:44.0264 5472 BTHMODEM - ok
22:44:44.0288 5472 [ 02dd601b708dd0667e1331fa8518e9ff ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
22:44:44.0289 5472 BthPan - ok
22:44:44.0313 5472 [ 64c198198501f7560ee41d8d1efa7952 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
22:44:44.0322 5472 BTHPORT - ok
22:44:44.0370 5472 [ 95f9c2976059462cbbf227f7aab10de9 ] bthserv C:\Windows\system32\bthserv.dll
22:44:44.0370 5472 bthserv - ok
22:44:44.0382 5472 [ f188b7394d81010767b6df3178519a37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
22:44:44.0385 5472 BTHUSB - ok
22:44:44.0441 5472 [ 8834f87a6a745872894df8223201a6c3 ] BTWAMPFL C:\Windows\system32\DRIVERS\btwampfl.sys
22:44:44.0456 5472 BTWAMPFL - ok
22:44:44.0465 5472 [ 9863d82ecbec6106d377ed73680d99d8 ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
22:44:44.0473 5472 btwaudio - ok
22:44:44.0487 5472 [ 3432dd66ae75ab2de6d0527ad78dbfc7 ] btwavdt C:\Windows\system32\DRIVERS\btwavdt.sys
22:44:44.0495 5472 btwavdt - ok
22:44:44.0556 5472 [ eb4afe08fb39bb444f221d7d501e0915 ] btwdins C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
22:44:44.0560 5472 btwdins - ok
22:44:44.0595 5472 [ 382dc5a631ced0462ea09b7eb898bdbf ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
22:44:44.0599 5472 btwl2cap - ok
22:44:44.0615 5472 [ 13a9c2cedd44c175e6ca39a536795ca6 ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
22:44:44.0619 5472 btwrchid - ok
22:44:44.0665 5472 catchme - ok
22:44:44.0697 5472 [ b8bd2bb284668c84865658c77574381a ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
22:44:44.0700 5472 cdfs - ok
22:44:44.0758 5472 [ f036ce71586e93d94dab220d7bdf4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
22:44:44.0762 5472 cdrom - ok
22:44:44.0803 5472 [ f17d1d393bbc69c5322fbfafaca28c7f ] CertPropSvc C:\Windows\System32\certprop.dll
22:44:44.0805 5472 CertPropSvc - ok
22:44:44.0842 5472 [ d7cd5c4e1b71fa62050515314cfb52cf ] circlass C:\Windows\system32\DRIVERS\circlass.sys
22:44:44.0844 5472 circlass - ok
22:44:44.0864 5472 [ fe1ec06f2253f691fe36217c592a0206 ] CLFS C:\Windows\system32\CLFS.sys
22:44:44.0866 5472 CLFS - ok
22:44:44.0927 5472 [ d88040f816fda31c3b466f0fa0918f29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:44:44.0930 5472 clr_optimization_v2.0.50727_32 - ok
22:44:44.0961 5472 [ d1ceea2b47cb998321c579651ce3e4f8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:44:44.0964 5472 clr_optimization_v2.0.50727_64 - ok
22:44:45.0040 5472 [ c5a75eb48e2344abdc162bda79e16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:44:45.0041 5472 clr_optimization_v4.0.30319_32 - ok
22:44:45.0064 5472 [ c6f9af94dcd58122a4d7e89db6bed29d ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:44:45.0065 5472 clr_optimization_v4.0.30319_64 - ok
22:44:45.0113 5472 [ 0840155d0bddf1190f84a663c284bd33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
22:44:45.0115 5472 CmBatt - ok
22:44:45.0125 5472 [ e19d3f095812725d88f9001985b94edd ] cmdide C:\Windows\system32\drivers\cmdide.sys
22:44:45.0127 5472 cmdide - ok
22:44:45.0168 5472 [ 9ac4f97c2d3e93367e2148ea940cd2cd ] CNG C:\Windows\system32\Drivers\cng.sys
22:44:45.0176 5472 CNG - ok
22:44:45.0241 5472 [ 8de541b4cfa281a204baa3ea2109809e ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT64.sys
22:44:45.0283 5472 CnxtHdAudService - ok
22:44:45.0339 5472 [ 102de219c3f61415f964c88e9085ad14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
22:44:45.0341 5472 Compbatt - ok
22:44:45.0388 5472 [ 03edb043586cceba243d689bdda370a8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
22:44:45.0391 5472 CompositeBus - ok
22:44:45.0407 5472 COMSysApp - ok
22:44:45.0424 5472 [ 1c827878a998c18847245fe1f34ee597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
22:44:45.0426 5472 crcdisk - ok
22:44:45.0483 5472 [ 4f5414602e2544a4554d95517948b705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
22:44:45.0484 5472 CryptSvc - ok
22:44:45.0526 5472 [ 54da3dfd29ed9f1619b6f53f3ce55e49 ] CSC C:\Windows\system32\drivers\csc.sys
22:44:45.0534 5472 CSC - ok
22:44:45.0550 5472 [ 3ab183ab4d2c79dcf459cd2c1266b043 ] CscService C:\Windows\System32\cscsvc.dll
22:44:45.0553 5472 CscService - ok
22:44:45.0643 5472 [ 72794d112cbaff3bc0c29bf7350d4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
22:44:45.0646 5472 cvhsvc - ok
22:44:45.0692 5472 [ 9d0d050170d47e778b624a28c90f23de ] CxAudMsg C:\Windows\system32\CxAudMsg64.exe
22:44:45.0693 5472 CxAudMsg - ok
22:44:45.0737 5472 [ 7af9dac504fbd047cbc3e64ae52c92bf ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys
22:44:45.0852 5472 dc3d - ok
22:44:45.0902 5472 [ 5c627d1b1138676c0a7ab2c2c190d123 ] DcomLaunch C:\Windows\system32\rpcss.dll
22:44:45.0905 5472 DcomLaunch - ok
22:44:45.0933 5472 [ 3cec7631a84943677aa8fa8ee5b6b43d ] defragsvc C:\Windows\System32\defragsvc.dll
22:44:45.0935 5472 defragsvc - ok
22:44:45.0976 5472 [ 9bb2ef44eaa163b29c4a4587887a0fe4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
22:44:45.0980 5472 DfsC - ok
22:44:46.0018 5472 [ 43d808f5d9e1a18e5eeb5ebc83969e4e ] Dhcp C:\Windows\system32\dhcpcore.dll
22:44:46.0020 5472 Dhcp - ok
22:44:46.0064 5472 [ 13096b05847ec78f0977f2c0f79e9ab3 ] discache C:\Windows\system32\drivers\discache.sys
22:44:46.0065 5472 discache - ok
22:44:46.0109 5472 [ 9819eee8b5ea3784ec4af3b137a5244c ] Disk C:\Windows\system32\DRIVERS\disk.sys
22:44:46.0112 5472 Disk - ok
22:44:46.0139 5472 [ 16835866aaa693c7d7fceba8fff706e4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
22:44:46.0140 5472 Dnscache - ok
22:44:46.0173 5472 [ b1fb3ddca0fdf408750d5843591afbc6 ] dot3svc C:\Windows\System32\dot3svc.dll
22:44:46.0178 5472 dot3svc - ok
22:44:46.0264 5472 [ 277247b79da2230d0c3aeb83e6cd8ca7 ] DozeSvc C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE
22:44:46.0279 5472 DozeSvc - ok
22:44:46.0315 5472 [ b26f4f737e8f9df4f31af6cf31d05820 ] DPS C:\Windows\system32\dps.dll
22:44:46.0317 5472 DPS - ok
22:44:46.0350 5472 [ 9b19f34400d24df84c858a421c205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
22:44:46.0351 5472 drmkaud - ok
22:44:46.0396 5472 [ f5bee30450e18e6b83a5012c100616fd ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
22:44:46.0412 5472 DXGKrnl - ok
22:44:46.0438 5472 [ ce4cffd9f64b86bceb1c343fc9924d72 ] DzHDD64 C:\Windows\system32\DRIVERS\DzHDD64.sys
22:44:46.0443 5472 DzHDD64 - ok
22:44:46.0486 5472 [ 992f625b74c675087b5629fc79aba55b ] e1cexpress C:\Windows\system32\DRIVERS\e1c62x64.sys
22:44:46.0500 5472 e1cexpress - ok
22:44:46.0548 5472 [ e2dda8726da9cb5b2c4000c9018a9633 ] EapHost C:\Windows\System32\eapsvc.dll
22:44:46.0549 5472 EapHost - ok
22:44:46.0595 5472 [ dc5d737f51be844d8c82c695eb17372f ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
22:44:46.0641 5472 ebdrv - ok
22:44:46.0670 5472 [ c118a82cd78818c29ab228366ebf81c3 ] EFS C:\Windows\System32\lsass.exe
22:44:46.0671 5472 EFS - ok
22:44:46.0730 5472 [ c4002b6b41975f057d98c439030cea07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
22:44:46.0742 5472 ehRecvr - ok
22:44:46.0764 5472 [ 4705e8ef9934482c5bb488ce28afc681 ] ehSched C:\Windows\ehome\ehsched.exe
22:44:46.0768 5472 ehSched - ok
22:44:46.0815 5472 [ 0e5da5369a0fcaea12456dd852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
22:44:46.0824 5472 elxstor - ok
22:44:46.0856 5472 [ 34a3c54752046e79a126e15c51db409b ] ErrDev C:\Windows\system32\drivers\errdev.sys
22:44:46.0858 5472 ErrDev - ok
22:44:46.0910 5472 [ 4166f82be4d24938977dd1746be9b8a0 ] EventSystem C:\Windows\system32\es.dll
22:44:46.0912 5472 EventSystem - ok
22:44:46.0920 5472 [ a510c654ec00c1e9bdd91eeb3a59823b ] exfat C:\Windows\system32\drivers\exfat.sys
22:44:46.0924 5472 exfat - ok
22:44:46.0935 5472 [ 0adc83218b66a6db380c330836f3e36d ] fastfat C:\Windows\system32\drivers\fastfat.sys
22:44:46.0939 5472 fastfat - ok
22:44:46.0994 5472 [ dbefd454f8318a0ef691fdd2eaab44eb ] Fax C:\Windows\system32\fxssvc.exe
22:44:47.0006 5472 Fax - ok
22:44:47.0051 5472 [ d765d19cd8ef61f650c384f62fac00ab ] fdc C:\Windows\system32\DRIVERS\fdc.sys
22:44:47.0053 5472 fdc - ok
22:44:47.0085 5472 [ 0438cab2e03f4fb61455a7956026fe86 ] fdPHost C:\Windows\system32\fdPHost.dll
22:44:47.0086 5472 fdPHost - ok
22:44:47.0117 5472 [ 802496cb59a30349f9a6dd22d6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
22:44:47.0118 5472 FDResPub - ok
22:44:47.0131 5472 [ 655661be46b5f5f3fd454e2c3095b930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
22:44:47.0133 5472 FileInfo - ok
22:44:47.0141 5472 [ 5f671ab5bc87eea04ec38a6cd5962a47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
22:44:47.0144 5472 Filetrace - ok
22:44:47.0230 5472 [ 1f63900e2eb00101b9aca2b7a870704e ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
22:44:47.0241 5472 FLEXnet Licensing Service - ok
22:44:47.0288 5472 [ 1c3fb052a0bb72edaed90785c34d6eed ] FLEXnet Licensing Service 64 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
22:44:47.0318 5472 FLEXnet Licensing Service 64 - ok
22:44:47.0366 5472 [ c172a0f53008eaeb8ea33fe10e177af5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
22:44:47.0369 5472 flpydisk - ok
22:44:47.0407 5472 [ da6b67270fd9db3697b20fce94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
22:44:47.0414 5472 FltMgr - ok
22:44:47.0452 5472 [ 5c4cb4086fb83115b153e47add961a0c ] FontCache C:\Windows\system32\FntCache.dll
22:44:47.0457 5472 FontCache - ok
22:44:47.0528 5472 [ a8b7f3818ab65695e3a0bb3279f6dce6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:44:47.0528 5472 FontCache3.0.0.0 - ok
22:44:47.0539 5472 [ d43703496149971890703b4b1b723eac ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
22:44:47.0541 5472 FsDepends - ok
22:44:47.0591 5472 [ 6bd9295cc032dd3077c671fccf579a7b ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
22:44:47.0594 5472 Fs_Rec - ok
22:44:47.0631 5472 [ 1f7b25b858fa27015169fe95e54108ed ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
22:44:47.0632 5472 fvevol - ok
22:44:47.0672 5472 [ 8c778d335c9d272cfd3298ab02abe3b6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
22:44:47.0674 5472 gagp30kx - ok
22:44:47.0709 5472 [ 277bbc7e1aa1ee957f573a10eca7ef3a ] gpsvc C:\Windows\System32\gpsvc.dll
22:44:47.0713 5472 gpsvc - ok
22:44:47.0787 5472 [ f02a533f517eb38333cb12a9e8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:44:47.0788 5472 gupdate - ok
22:44:47.0808 5472 [ f02a533f517eb38333cb12a9e8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:44:47.0809 5472 gupdatem - ok
22:44:47.0853 5472 [ cc839e8d766cc31a7710c9f38cf3e375 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
22:44:47.0854 5472 gusvc - ok
22:44:47.0882 5472 [ f2523ef6460fc42405b12248338ab2f0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
22:44:47.0884 5472 hcw85cir - ok
22:44:47.0953 5472 [ 975761c778e33cd22498059b91e7373a ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
22:44:47.0960 5472 HdAudAddService - ok
22:44:47.0977 5472 [ 97bfed39b6b79eb12cddbfeed51f56bb ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
22:44:47.0980 5472 HDAudBus - ok
22:44:48.0001 5472 [ 78e86380454a7b10a5eb255dc44a355f ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
22:44:48.0003 5472 HidBatt - ok
22:44:48.0015 5472 [ 7fd2a313f7afe5c4dab14798c48dd104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
22:44:48.0018 5472 HidBth - ok
22:44:48.0042 5472 [ 0a77d29f311b88cfae3b13f9c1a73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
22:44:48.0044 5472 HidIr - ok
22:44:48.0059 5472 [ bd9eb3958f213f96b97b1d897dee006d ] hidserv C:\Windows\System32\hidserv.dll
22:44:48.0060 5472 hidserv - ok
22:44:48.0108 5472 [ 9592090a7e2b61cd582b612b6df70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
22:44:48.0110 5472 HidUsb - ok
22:44:48.0156 5472 [ 387e72e739e15e3d37907a86d9ff98e2 ] hkmsvc C:\Windows\system32\kmsvc.dll
22:44:48.0160 5472 hkmsvc - ok
22:44:48.0200 5472 [ efdfb3dd38a4376f93e7985173813abd ] HomeGroupListener C:\Windows\system32\ListSvc.dll
22:44:48.0202 5472 HomeGroupListener - ok
22:44:48.0240 5472 [ 908acb1f594274965a53926b10c81e89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
22:44:48.0242 5472 HomeGroupProvider - ok
22:44:48.0303 5472 [ 39d2abcd392f3d8a6dce7b60ae7b8efc ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
22:44:48.0306 5472 HpSAMD - ok
22:44:48.0356 5472 [ 0ea7de1acb728dd5a369fd742d6eee28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
22:44:48.0360 5472 HTTP - ok
22:44:48.0388 5472 [ a5462bd6884960c9dc85ed49d34ff392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
22:44:48.0389 5472 hwpolicy - ok
22:44:48.0482 5472 [ aeff0de7ba1f175657efc427f4f13857 ] HyperW7Svc C:\Program Files\Lenovo\RapidBoot\HyperW7Svc64.exe
22:44:48.0483 5472 HyperW7Svc - ok
22:44:48.0534 5472 [ fa55c73d4affa7ee23ac4be53b4592d3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
22:44:48.0538 5472 i8042prt - ok
22:44:48.0562 5472 [ 2fdaec4b02729c48c0fd1b0b4695995b ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
22:44:48.0565 5472 iaStor - ok
22:44:48.0604 5472 [ aaaf44db3bd0b9d1fb6969b23ecc8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
22:44:48.0612 5472 iaStorV - ok
22:44:48.0642 5472 [ a9bd44426a69079240767fe4aee0ea71 ] IBMPMDRV C:\Windows\system32\DRIVERS\ibmpmdrv.sys
22:44:48.0646 5472 IBMPMDRV - ok
22:44:48.0671 5472 [ 57d4a3ed5497db0c5a53e680a9bdd1c6 ] IBMPMSVC C:\Windows\system32\ibmpmsvc.exe
22:44:48.0672 5472 IBMPMSVC - ok
22:44:48.0721 5472 [ 5988fc40f8db5b0739cd1e3a5d0d78bd ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:44:48.0736 5472 idsvc - ok
22:44:48.0926 5472 [ 978d876a581d57e0de6437674eb0014d ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
22:44:49.0266 5472 igfx - ok
22:44:49.0349 5472 [ 5c18831c61933628f5bb0ea2675b9d21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
22:44:49.0351 5472 iirsp - ok
22:44:49.0410 5472 [ fcd84c381e0140af901e58d48882d26b ] IKEEXT C:\Windows\System32\ikeext.dll
22:44:49.0414 5472 IKEEXT - ok
22:44:49.0461 5472 [ f00f20e70c6ec3aa366910083a0518aa ] intelide C:\Windows\system32\drivers\intelide.sys
22:44:49.0462 5472 intelide - ok
22:44:49.0491 5472 [ ada036632c664caa754079041cf1f8c1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
22:44:49.0492 5472 intelppm - ok
22:44:49.0539 5472 [ 098a91c54546a3b878dad6a7e90a455b ] IPBusEnum C:\Windows\system32\ipbusenum.dll
22:44:49.0543 5472 IPBusEnum - ok
22:44:49.0576 5472 [ c9f0e1bd74365a8771590e9008d22ab6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:44:49.0579 5472 IpFilterDriver - ok
22:44:49.0642 5472 [ a34a587fffd45fa649fba6d03784d257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
22:44:49.0645 5472 iphlpsvc - ok
22:44:49.0677 5472 [ 0fc1aea580957aa8817b8f305d18ca3a ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
22:44:49.0680 5472 IPMIDRV - ok
22:44:49.0705 5472 [ af9b39a7e7b6caa203b3862582e9f2d0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
22:44:49.0709 5472 IPNAT - ok
22:44:49.0748 5472 [ 3abf5e7213eb28966d55d58b515d5ce9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
22:44:49.0750 5472 IRENUM - ok
22:44:49.0765 5472 [ 2f7b28dc3e1183e5eb418df55c204f38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
22:44:49.0767 5472 isapnp - ok
22:44:49.0777 5472 [ d931d7309deb2317035b07c9f9e6b0bd ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
22:44:49.0783 5472 iScsiPrt - ok
22:44:49.0882 5472 [ 6faf199fdffdd2376973143c3e012765 ] jhi_service C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
22:44:49.0884 5472 jhi_service - ok
22:44:49.0919 5472 [ bc02336f1cba7dcc7d1213bb588a68a5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
22:44:49.0921 5472 kbdclass - ok
22:44:49.0970 5472 [ 0705eff5b42a9db58548eec3b26bb484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
22:44:49.0972 5472 kbdhid - ok
22:44:49.0978 5472 [ c118a82cd78818c29ab228366ebf81c3 ] KeyIso C:\Windows\system32\lsass.exe
22:44:49.0979 5472 KeyIso - ok
22:44:49.0998 5472 KMW_KBD - ok
22:44:50.0023 5472 [ 97a7070aea4c058b6418519e869a63b4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
22:44:50.0027 5472 KSecDD - ok
22:44:50.0050 5472 [ 26c43a7c2862447ec59deda188d1da07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
22:44:50.0054 5472 KSecPkg - ok
22:44:50.0069 5472 [ 6869281e78cb31a43e969f06b57347c4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
22:44:50.0071 5472 ksthunk - ok
22:44:50.0123 5472 [ 6ab66e16aa859232f64deb66887a8c9c ] KtmRm C:\Windows\system32\msdtckrm.dll
22:44:50.0131 5472 KtmRm - ok
22:44:50.0179 5472 [ d9f42719019740baa6d1c6d536cbdaa6 ] LanmanServer C:\Windows\System32\srvsvc.dll
22:44:50.0181 5472 LanmanServer - ok
22:44:50.0224 5472 [ 851a1382eed3e3a7476db004f4ee3e1a ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:44:50.0226 5472 LanmanWorkstation - ok
22:44:50.0280 5472 [ 9a7fa6371f68335fd3c3d6488bc5a9f8 ] Lavasoft Kernexplorer C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys
22:44:50.0282 5472 Lavasoft Kernexplorer - ok
22:44:50.0343 5472 [ 56b74943929bc575914631edc0e72220 ] LENOVO.CAMMUTE C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
22:44:50.0344 5472 LENOVO.CAMMUTE - ok
22:44:50.0413 5472 [ 340288b3b2edc8afd5ff127df85142a7 ] LENOVO.MICMUTE C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
22:44:50.0414 5472 LENOVO.MICMUTE - ok
22:44:50.0449 5472 [ 2b9d8555dc004e240082d18e7725ce20 ] lenovo.smi C:\Windows\system32\DRIVERS\smiifx64.sys
22:44:50.0453 5472 lenovo.smi - ok
22:44:50.0480 5472 [ f9b51b2a5da1222a910021c71e9ea559 ] LENOVO.TPKNRSVC C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
22:44:50.0481 5472 LENOVO.TPKNRSVC - ok
22:44:50.0525 5472 [ f7de50781dc4d162c1005eb30d98f931 ] Lenovo.VIRTSCRLSVC C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
22:44:50.0526 5472 Lenovo.VIRTSCRLSVC - ok
22:44:50.0570 5472 [ 1538831cf8ad2979a04c423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
22:44:50.0573 5472 lltdio - ok
22:44:50.0594 5472 [ c1185803384ab3feed115f79f109427f ] lltdsvc C:\Windows\System32\lltdsvc.dll
22:44:50.0601 5472 lltdsvc - ok
22:44:50.0622 5472 [ f993a32249b66c9d622ea5592a8b76b8 ] lmhosts C:\Windows\System32\lmhsvc.dll
22:44:50.0623 5472 lmhosts - ok
22:44:50.0666 5472 [ 97f9eaac985a663394cd8f54dcd3e73a ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
22:44:50.0667 5472 LMS - ok
22:44:50.0706 5472 [ 1a93e54eb0ece102495a51266dcdb6a6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
22:44:50.0710 5472 LSI_FC - ok
22:44:50.0721 5472 [ 1047184a9fdc8bdbff857175875ee810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
22:44:50.0725 5472 LSI_SAS - ok
22:44:50.0733 5472 [ 30f5c0de1ee8b5bc9306c1f0e4a75f93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:44:50.0736 5472 LSI_SAS2 - ok
22:44:50.0748 5472 [ 0504eacaff0d3c8aed161c4b0d369d4a ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:44:50.0751 5472 LSI_SCSI - ok
22:44:50.0795 5472 [ 34683a6c2116531270fcb8b2a720a56e ] ltpFilter C:\Windows\system32\DRIVERS\ltpFiltr.sys
22:44:50.0858 5472 ltpFilter - ok
22:44:50.0904 5472 [ 400fa8f8d1294fd59e34889aa9948aa9 ] ltpSvc C:\Program Files\Lenovo\ThinkPad USB Keyboard with TrackPoint\ltpSvc.exe
22:44:50.0904 5472 ltpSvc - ok
22:44:50.0911 5472 [ 04c120ff41db297c7ca5fda420676b67 ] ltpwrFltr C:\Windows\system32\DRIVERS\ltpwrflt.sys
22:44:51.0118 5472 ltpwrFltr - ok
22:44:51.0140 5472 [ 43d0f98e1d56ccddb0d5254cff7b356e ] luafv C:\Windows\system32\drivers\luafv.sys
22:44:51.0143 5472 luafv - ok
22:44:51.0175 5472 [ 0be09cd858abf9df6ed259d57a1a1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
22:44:51.0178 5472 Mcx2Svc - ok
22:44:51.0196 5472 [ a55805f747c6edb6a9080d7c633bd0f4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
22:44:51.0198 5472 megasas - ok
22:44:51.0214 5472 [ baf74ce0072480c3b6b7c13b2a94d6b3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
22:44:51.0220 5472 MegaSR - ok
22:44:51.0245 5472 [ a6518dcc42f7a6e999bb3bea8fd87567 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
22:44:51.0247 5472 MEIx64 - ok
22:44:51.0270 5472 [ e40e80d0304a73e8d269f7141d77250b ] MMCSS C:\Windows\system32\mmcss.dll
22:44:51.0271 5472 MMCSS - ok
22:44:51.0282 5472 [ 800ba92f7010378b09f9ed9270f07137 ] Modem C:\Windows\system32\drivers\modem.sys
22:44:51.0284 5472 Modem - ok
22:44:51.0332 5472 [ b03d591dc7da45ece20b3b467e6aadaa ] monitor C:\Windows\system32\DRIVERS\monitor.sys
22:44:51.0333 5472 monitor - ok
22:44:51.0378 5472 [ 7d27ea49f3c1f687d357e77a470aea99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
22:44:51.0381 5472 mouclass - ok
22:44:51.0413 5472 [ d3bf052c40b0c4166d9fd86a4288c1e6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
22:44:51.0415 5472 mouhid - ok
22:44:51.0443 5472 [ 32e7a3d591d671a6df2db515a5cbe0fa ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
22:44:51.0444 5472 mountmgr - ok
22:44:51.0511 5472 [ 4559f45671297fe955b3b6de1bdf26ce ] mozybackup C:\Program Files\MozyHome\mozybackup.exe
22:44:51.0511 5472 mozybackup - ok
22:44:51.0569 5472 [ 792e9d1d6160df481dea44d8171b8e25 ] mozyFilter C:\Windows\system32\DRIVERS\mozy.sys
22:44:51.0575 5472 mozyFilter - ok
22:44:51.0588 5472 [ a44b420d30bd56e145d6a2bc8768ec58 ] mpio C:\Windows\system32\drivers\mpio.sys
22:44:51.0592 5472 mpio - ok
22:44:51.0613 5472 [ 6c38c9e45ae0ea2fa5e551f2ed5e978f ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
22:44:51.0616 5472 mpsdrv - ok
22:44:51.0685 5472 [ 54ffc9c8898113ace189d4aa7199d2c1 ] MpsSvc C:\Windows\system32\mpssvc.dll
22:44:51.0689 5472 MpsSvc - ok
22:44:51.0718 5472 [ dc722758b8261e1abafd31a3c0a66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
22:44:51.0722 5472 MRxDAV - ok
22:44:51.0746 5472 [ a5d9106a73dc88564c825d317cac68ac ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
22:44:51.0750 5472 mrxsmb - ok
22:44:51.0780 5472 [ d711b3c1d5f42c0c2415687be09fc163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:44:51.0787 5472 mrxsmb10 - ok
22:44:51.0814 5472 [ 9423e9d355c8d303e76b8cfbd8a5c30c ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:44:51.0817 5472 mrxsmb20 - ok
22:44:51.0861 5472 [ c25f0bafa182cbca2dd3c851c2e75796 ] msahci C:\Windows\system32\drivers\msahci.sys
22:44:51.0863 5472 msahci - ok
22:44:51.0879 5472 [ db801a638d011b9633829eb6f663c900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
22:44:51.0883 5472 msdsm - ok
22:44:51.0896 5472 [ de0ece52236cfa3ed2dbfc03f28253a8 ] MSDTC C:\Windows\System32\msdtc.exe
22:44:51.0900 5472 MSDTC - ok
22:44:51.0942 5472 [ aa3fb40e17ce1388fa1bedab50ea8f96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
22:44:51.0944 5472 Msfs - ok
22:44:51.0976 5472 [ f9d215a46a8b9753f61767fa72a20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
22:44:51.0978 5472 mshidkmdf - ok
22:44:52.0002 5472 [ d916874bbd4f8b07bfb7fa9b3ccae29d ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
22:44:52.0004 5472 msisadrv - ok
22:44:52.0024 5472 [ 808e98ff49b155c522e6400953177b08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
22:44:52.0029 5472 MSiSCSI - ok
22:44:52.0031 5472 msiserver - ok
22:44:52.0066 5472 [ 49ccf2c4fea34ffad8b1b59d49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
22:44:52.0068 5472 MSKSSRV - ok
22:44:52.0079 5472 [ bdd71ace35a232104ddd349ee70e1ab3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
22:44:52.0081 5472 MSPCLOCK - ok
22:44:52.0083 5472 [ 4ed981241db27c3383d72092b618a1d0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
22:44:52.0085 5472 MSPQM - ok
22:44:52.0120 5472 [ 759a9eeb0fa9ed79da1fb7d4ef78866d ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
22:44:52.0127 5472 MsRPC - ok
22:44:52.0169 5472 [ 0eed230e37515a0eaee3c2e1bc97b288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
22:44:52.0169 5472 mssmbios - ok
22:44:52.0181 5472 [ 2e66f9ecb30b4221a318c92ac2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
22:44:52.0183 5472 MSTEE - ok
22:44:52.0195 5472 [ 7ea404308934e675bffde8edf0757bcd ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
22:44:52.0198 5472 MTConfig - ok
22:44:52.0236 5472 [ f9a18612fd3526fe473c1bda678d61c8 ] Mup C:\Windows\system32\Drivers\mup.sys
22:44:52.0239 5472 Mup - ok
22:44:52.0276 5472 [ 582ac6d9873e31dfa28a4547270862dd ] napagent C:\Windows\system32\qagentRT.dll
22:44:52.0279 5472 napagent - ok
22:44:52.0336 5472 [ 1ea3749c4114db3e3161156ffffa6b33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
22:44:52.0343 5472 NativeWifiP - ok
22:44:52.0378 5472 [ c38b8ae57f78915905064a9a24dc1586 ] NDIS C:\Windows\system32\drivers\ndis.sys
22:44:52.0382 5472 NDIS - ok
22:44:52.0394 5472 [ 9f9a1f53aad7da4d6fef5bb73ab811ac ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
22:44:52.0397 5472 NdisCap - ok
22:44:52.0435 5472 [ 30639c932d9fef22b31268fe25a1b6e5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
22:44:52.0438 5472 NdisTapi - ok
22:44:52.0468 5472 [ 136185f9fb2cc61e573e676aa5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
22:44:52.0470 5472 Ndisuio - ok
22:44:52.0502 5472 [ 53f7305169863f0a2bddc49e116c2e11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
22:44:52.0506 5472 NdisWan - ok
22:44:52.0536 5472 [ 015c0d8e0e0421b4cfd48cffe2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
22:44:52.0538 5472 NDProxy - ok
22:44:52.0581 5472 [ 86743d9f5d2b1048062b14b1d84501c4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
22:44:52.0584 5472 NetBIOS - ok
22:44:52.0617 5472 [ 09594d1089c523423b32a4229263f068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
22:44:52.0619 5472 NetBT - ok
22:44:52.0628 5472 [ c118a82cd78818c29ab228366ebf81c3 ] Netlogon C:\Windows\system32\lsass.exe
22:44:52.0629 5472 Netlogon - ok
22:44:52.0671 5472 [ 847d3ae376c0817161a14a82c8922a9e ] Netman C:\Windows\System32\netman.dll
22:44:52.0674 5472 Netman - ok
22:44:52.0683 5472 [ 5f28111c648f1e24f7dbc87cdeb091b8 ] netprofm C:\Windows\System32\netprofm.dll
22:44:52.0686 5472 netprofm - ok
22:44:52.0707 5472 [ 3e5a36127e201ddf663176b66828fafe ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:44:52.0710 5472 NetTcpPortSharing - ok
22:44:52.0807 5472 [ 64428dfdaf6e88366cb51f45a79c5f69 ] netw5v64 C:\Windows\system32\DRIVERS\netw5v64.sys
22:44:52.0883 5472 netw5v64 - ok
22:44:52.0918 5472 [ 77889813be4d166cdab78ddba990da92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
22:44:52.0921 5472 nfrd960 - ok
22:44:52.0966 5472 [ 1ee99a89cc788ada662441d1e9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
22:44:52.0968 5472 NlaSvc - ok
22:44:52.0990 5472 [ 1e4c4ab5c9b8dd13179bbdc75a2a01f7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
22:44:52.0993 5472 Npfs - ok
22:44:53.0015 5472 [ d54bfdf3e0c953f823b3d0bfe4732528 ] nsi C:\Windows\system32\nsisvc.dll
22:44:53.0016 5472 nsi - ok
22:44:53.0024 5472 [ e7f5ae18af4168178a642a9247c63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
22:44:53.0025 5472 nsiproxy - ok
22:44:53.0076 5472 [ a2f74975097f52a00745f9637451fdd8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
22:44:53.0101 5472 Ntfs - ok
22:44:53.0145 5472 [ 317020d31f1696334679b9d0416eb62e ] NuidFltr C:\Windows\system32\DRIVERS\NuidFltr.sys
22:44:53.0150 5472 NuidFltr - ok
22:44:53.0170 5472 [ 9899284589f75fa8724ff3d16aed75c1 ] Null C:\Windows\system32\drivers\Null.sys
22:44:53.0172 5472 Null - ok
22:44:53.0222 5472 [ 960e39a54e525df58cb29193147dffa1 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
22:44:53.0223 5472 NVHDA - ok
22:44:53.0439 5472 [ 7c7e6935e986c5237a883d2b82c654e2 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
22:44:53.0771 5472 nvlddmkm - ok
22:44:53.0855 5472 [ ee58a22403c31a23731dd2ad2cb707c8 ] nvpciflt C:\Windows\system32\DRIVERS\nvpciflt.sys
22:44:53.0859 5472 nvpciflt - ok
22:44:53.0909 5472 [ 0a92cb65770442ed0dc44834632f66ad ] nvraid C:\Windows\system32\drivers\nvraid.sys
22:44:53.0913 5472 nvraid - ok
22:44:53.0923 5472 [ dab0e87525c10052bf65f06152f37e4a ] nvstor C:\Windows\system32\drivers\nvstor.sys
22:44:53.0927 5472 nvstor - ok
22:44:53.0967 5472 [ e62e113d487958cbc5137af65922de4c ] NVSvc C:\Windows\system32\nvvsvc.exe
22:44:53.0971 5472 NVSvc - ok
22:44:54.0056 5472 [ 31d61ec056fab73a911d9987099575e0 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
22:44:54.0065 5472 nvUpdatusService - ok
22:44:54.0111 5472 [ 270d7cd42d6e3979f6dd0146650f0e05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
22:44:54.0115 5472 nv_agp - ok
22:44:54.0124 5472 [ 3589478e4b22ce21b41fa1bfc0b8b8a0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
22:44:54.0127 5472 ohci1394 - ok
22:44:54.0182 5472 [ 9d10f99a6712e28f8acd5641e3a7ea6b ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:44:54.0186 5472 ose - ok
22:44:54.0276 5472 [ 61bffb5f57ad12f83ab64b7181829b34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
22:44:54.0295 5472 osppsvc - ok
22:44:54.0324 5472 [ 3eac4455472cc2c97107b5291e0dcafe ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
22:44:54.0326 5472 p2pimsvc - ok
22:44:54.0340 5472 [ 927463ecb02179f88e4b9a17568c63c3 ] p2psvc C:\Windows\system32\p2psvc.dll
22:44:54.0343 5472 p2psvc - ok
22:44:54.0364 5472 [ 0086431c29c35be1dbc43f52cc273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
22:44:54.0367 5472 Parport - ok
22:44:54.0397 5472 [ e9766131eeade40a27dc27d2d68fba9c ] partmgr C:\Windows\system32\drivers\partmgr.sys
22:44:54.0400 5472 partmgr - ok
22:44:54.0404 5472 [ 3aeaa8b561e63452c655dc0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
22:44:54.0406 5472 PcaSvc - ok
22:44:54.0425 5472 [ 94575c0571d1462a0f70bde6bd6ee6b3 ] pci C:\Windows\system32\drivers\pci.sys
22:44:54.0429 5472 pci - ok
22:44:54.0476 5472 [ b5b8b5ef2e5cb34df8dcf8831e3534fa ] pciide C:\Windows\system32\drivers\pciide.sys
22:44:54.0478 5472 pciide - ok
22:44:54.0490 5472 [ b2e81d4e87ce48589f98cb8c05b01f2f ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
22:44:54.0495 5472 pcmcia - ok
22:44:54.0509 5472 [ d6b9c2e1a11a3a4b26a182ffef18f603 ] pcw C:\Windows\system32\drivers\pcw.sys
22:44:54.0511 5472 pcw - ok
22:44:54.0527 5472 [ 68769c3356b3be5d1c732c97b9a80d6e ] PEAUTH C:\Windows\system32\drivers\peauth.sys
22:44:54.0539 5472 PEAUTH - ok
22:44:54.0582 5472 [ b9b0a4299dd2d76a4243f75fd54dc680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
22:44:54.0589 5472 PeerDistSvc - ok
22:44:54.0643 5472 [ e495e408c93141e8fc72dc0c6046ddfa ] PerfHost C:\Windows\SysWow64\perfhost.exe
22:44:54.0645 5472 PerfHost - ok
22:44:54.0682 5472 [ 52c9f4359af4a25969b882aecc6f3bda ] PHCORE C:\Program Files\Lenovo\RapidBoot\PHCORE64.SYS
22:44:54.0694 5472 PHCORE - ok
22:44:54.0735 5472 [ c7cf6a6e137463219e1259e3f0f0dd6c ] pla C:\Windows\system32\pla.dll
22:44:54.0756 5472 pla - ok
22:44:54.0798 5472 [ 25fbdef06c4d92815b353f6e792c8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
22:44:54.0801 5472 PlugPlay - ok
22:44:54.0840 5472 [ 0bee791c7c7ace453c134e73633c497d ] pmxdrv C:\Windows\system32\drivers\pmxdrv.sys
22:44:55.0086 5472 pmxdrv - ok
22:44:55.0117 5472 [ 7195581cec9bb7d12abe54036acc2e38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
22:44:55.0120 5472 PNRPAutoReg - ok
22:44:55.0132 5472 [ 3eac4455472cc2c97107b5291e0dcafe ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
22:44:55.0134 5472 PNRPsvc - ok
22:44:55.0179 5472 [ 4f0878fd62d5f7444c5f1c4c66d9d293 ] Point64 C:\Windows\system32\DRIVERS\point64.sys
22:44:55.0186 5472 Point64 - ok
22:44:55.0220 5472 [ 4f15d75adf6156bf56eced6d4a55c389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
22:44:55.0222 5472 PolicyAgent - ok
22:44:55.0248 5472 [ 6ba9d927dded70bd1a9caded45f8b184 ] Power C:\Windows\system32\umpo.dll
22:44:55.0249 5472 Power - ok
22:44:55.0324 5472 [ 6f51482adced13cebfe0f1054f2116f2 ] Power Manager DBC Service C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
22:44:55.0456 5472 Power Manager DBC Service - ok
22:44:55.0555 5472 [ f92a2c41117a11a00be01ca01a7fcde9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
22:44:55.0558 5472 PptpMiniport - ok
22:44:55.0580 5472 [ 0d922e23c041efb1c3fac2a6f943c9bf ] Processor C:\Windows\system32\DRIVERS\processr.sys
22:44:55.0583 5472 Processor - ok
22:44:55.0606 5472 [ 53e83f1f6cf9d62f32801cf66d8352a8 ] ProfSvc C:\Windows\system32\profsvc.dll
22:44:55.0608 5472 ProfSvc - ok
22:44:55.0621 5472 [ c118a82cd78818c29ab228366ebf81c3 ] ProtectedStorage C:\Windows\system32\lsass.exe
22:44:55.0622 5472 ProtectedStorage - ok
22:44:55.0643 5472 [ 05a4779e4994b21473edbe85aabe8030 ] psadd C:\Windows\system32\DRIVERS\psadd.sys
22:44:55.0648 5472 psadd - ok
22:44:55.0680 5472 [ 0557cf5a2556bd58e26384169d72438d ] Psched C:\Windows\system32\DRIVERS\pacer.sys
22:44:55.0680 5472 Psched - ok
22:44:55.0710 5472 [ f036cfb275d0c55f4e45fbbf5f98b3c8 ] PSI_SVC_2 C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
22:44:55.0711 5472 PSI_SVC_2 - ok
22:44:55.0761 5472 [ af8b60d65f8b39c4fac6be8641923f37 ] PwmEWSvc C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE
22:44:55.0763 5472 PwmEWSvc - ok
22:44:55.0811 5472 [ a53a15a11ebfd21077463ee2c7afeef0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
22:44:55.0833 5472 ql2300 - ok
22:44:55.0860 5472 [ 4f6d12b51de1aaeff7dc58c4d75423c8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
22:44:55.0864 5472 ql40xx - ok
22:44:55.0901 5472 [ 906191634e99aea92c4816150bda3732 ] QWAVE C:\Windows\system32\qwave.dll
22:44:55.0907 5472 QWAVE - ok
22:44:55.0920 5472 [ 76707bb36430888d9ce9d705398adb6c ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
22:44:55.0923 5472 QWAVEdrv - ok
22:44:55.0942 5472 [ 5a0da8ad5762fa2d91678a8a01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
22:44:55.0945 5472 RasAcd - ok
22:44:55.0984 5472 [ 7ecff9b22276b73f43a99a15a6094e90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
22:44:55.0987 5472 RasAgileVpn - ok
22:44:56.0007 5472 [ 8f26510c5383b8dbe976de1cd00fc8c7 ] RasAuto C:\Windows\System32\rasauto.dll
22:44:56.0012 5472 RasAuto - ok
22:44:56.0050 5472 [ 471815800ae33e6f1c32fb1b97c490ca ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
22:44:56.0054 5472 Rasl2tp - ok
22:44:56.0104 5472 [ ee867a0870fc9e4972ba9eaad35651e2 ] RasMan C:\Windows\System32\rasmans.dll
22:44:56.0106 5472 RasMan - ok
22:44:56.0124 5472 [ 855c9b1cd4756c5e9a2aa58a15f58c25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
22:44:56.0128 5472 RasPppoe - ok
22:44:56.0135 5472 [ e8b1e447b008d07ff47d016c2b0eeecb ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
22:44:56.0137 5472 RasSstp - ok
22:44:56.0171 5472 [ 77f665941019a1594d887a74f301fa2f ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
22:44:56.0180 5472 rdbss - ok
22:44:56.0194 5472 [ 302da2a0539f2cf54d7c6cc30c1f2d8d ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
22:44:56.0196 5472 rdpbus - ok
22:44:56.0204 5472 [ cea6cc257fc9b7715f1c2b4849286d24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
22:44:56.0205 5472 RDPCDD - ok
22:44:56.0231 5472 [ 1b6163c503398b23ff8b939c67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
22:44:56.0235 5472 RDPDR - ok
22:44:56.0269 5472 [ bb5971a4f00659529a5c44831af22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
22:44:56.0269 5472 RDPENCDD - ok
22:44:56.0284 5472 [ 216f3fa57533d98e1f74ded70113177a ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
22:44:56.0285 5472 RDPREFMP - ok
22:44:56.0320 5472 [ e61608aa35e98999af9aaeeea6114b0a ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
22:44:56.0325 5472 RDPWD - ok
22:44:56.0367 5472 [ 34ed295fa0121c241bfef24764fc4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
22:44:56.0373 5472 rdyboost - ok
22:44:56.0393 5472 [ 254fb7a22d74e5511c73a3f6d802f192 ] RemoteAccess C:\Windows\System32\mprdim.dll
22:44:56.0397 5472 RemoteAccess - ok
22:44:56.0419 5472 [ e4d94f24081440b5fc5aa556c7c62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
22:44:56.0424 5472 RemoteRegistry - ok
22:44:56.0470 5472 [ 3dd798846e2c28102b922c56e71b7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
22:44:56.0475 5472 RFCOMM - ok
22:44:56.0510 5472 [ 5a227511ed22ddfedf7ef7323c8f7d2f ] risdxc C:\Windows\system32\DRIVERS\risdxc64.sys
22:44:56.0599 5472 risdxc - ok
22:44:56.0604 5472 [ e4dc58cf7b3ea515ae917ff0d402a7bb ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
22:44:56.0606 5472 RpcEptMapper - ok
22:44:56.0619 5472 [ d5ba242d4cf8e384db90e6a8ed850b8c ] RpcLocator C:\Windows\system32\locator.exe
22:44:56.0622 5472 RpcLocator - ok
22:44:56.0652 5472 [ 5c627d1b1138676c0a7ab2c2c190d123 ] RpcSs C:\Windows\system32\rpcss.dll
22:44:56.0655 5472 RpcSs - ok
22:44:56.0697 5472 [ ddc86e4f8e7456261e637e3552e804ff ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
22:44:56.0700 5472 rspndr - ok
22:44:56.0758 5472 [ c81613490cfe41d1cfaf35d0da324ed8 ] RTL8192Ce C:\Windows\system32\DRIVERS\rtl8192Ce.sys
22:44:56.0790 5472 RTL8192Ce - ok
22:44:56.0818 5472 [ e60c0a09f997826c7627b244195ab581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
22:44:56.0820 5472 s3cap - ok
22:44:56.0837 5472 [ c118a82cd78818c29ab228366ebf81c3 ] SamSs C:\Windows\system32\lsass.exe
22:44:56.0838 5472 SamSs - ok
22:44:56.0882 5472 [ 3289766038db2cb14d07dc84392138d5 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
22:44:56.0886 5472 SASDIFSV - ok
22:44:56.0888 5472 SAService - ok
22:44:56.0922 5472 [ 58a38e75f3316a83c23df6173d41f2b5 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
22:44:56.0925 5472 SASKUTIL - ok
22:44:57.0041 5472 [ bce943896289a91ad75cc5652620b1c6 ] SBAMSvc C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
22:44:57.0054 5472 SBAMSvc - ok
22:44:57.0113 5472 [ 6e342316e72f4b6fa39c99e06373a1a3 ] sbapifs C:\Windows\system32\DRIVERS\sbapifs.sys
22:44:57.0116 5472 sbapifs - ok
22:44:57.0158 5472 [ b671eef468d13016b9286f5835a06ae1 ] sbhips C:\Windows\system32\drivers\sbhips.sys
22:44:57.0160 5472 sbhips - ok
22:44:57.0199 5472 [ ac03af3329579fffb455aa2daabbe22b ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
22:44:57.0201 5472 sbp2port - ok
22:44:57.0219 5472 [ 9aceb2a2362fc87a3825963e61ba9076 ] SBRE C:\Windows\system32\drivers\SBREdrv.sys
22:44:57.0221 5472 SBRE - ok
22:44:57.0244 5472 [ 9b7395789e3791a3b6d000fe6f8b131e ] SCardSvr C:\Windows\System32\SCardSvr.dll
22:44:57.0249 5472 SCardSvr - ok
22:44:57.0277 5472 [ 253f38d0d7074c02ff8deb9836c97d2b ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
22:44:57.0279 5472 scfilter - ok
22:44:57.0325 5472 [ 262f6592c3299c005fd6bec90fc4463a ] Schedule C:\Windows\system32\schedsvc.dll
22:44:57.0332 5472 Schedule - ok
22:44:57.0361 5472 [ f17d1d393bbc69c5322fbfafaca28c7f ] SCPolicySvc C:\Windows\System32\certprop.dll
22:44:57.0362 5472 SCPolicySvc - ok
22:44:57.0405 5472 [ 111e0ebc0ad79cb0fa014b907b231cf0 ] sdbus C:\Windows\system32\drivers\sdbus.sys
22:44:57.0408 5472 sdbus - ok
22:44:57.0444 5472 [ 6ea4234dc55346e0709560fe7c2c1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
22:44:57.0446 5472 SDRSVC - ok
22:44:57.0514 5472 [ 331e7bde228914574fc9ae6cd520dafa ] SeaPort C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
22:44:57.0516 5472 SeaPort - ok
22:44:57.0556 5472 [ 3ea8a16169c26afbeb544e0e48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
22:44:57.0558 5472 secdrv - ok
22:44:57.0583 5472 [ bc617a4e1b4fa8df523a061739a0bd87 ] seclogon C:\Windows\system32\seclogon.dll
22:44:57.0585 5472 seclogon - ok
22:44:57.0631 5472 [ c32ab8fa018ef34c0f113bd501436d21 ] SENS C:\Windows\system32\sens.dll
22:44:57.0632 5472 SENS - ok
22:44:57.0641 5472 [ 0336cffafaab87a11541f1cf1594b2b2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
22:44:57.0644 5472 SensrSvc - ok
22:44:57.0674 5472 [ cb624c0035412af0debec78c41f5ca1b ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
22:44:57.0676 5472 Serenum - ok
22:44:57.0685 5472 [ c1d8e28b2c2adfaec4ba89e9fda69bd6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
22:44:57.0688 5472 Serial - ok
22:44:57.0720 5472 [ 1c545a7d0691cc4a027396535691c3e3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
22:44:57.0722 5472 sermouse - ok
22:44:57.0763 5472 [ 0b6231bf38174a1628c4ac812cc75804 ] SessionEnv C:\Windows\system32\sessenv.dll
22:44:57.0767 5472 SessionEnv - ok
22:44:57.0793 5472 [ a554811bcd09279536440c964ae35bbf ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
22:44:57.0795 5472 sffdisk - ok
22:44:57.0812 5472 [ ff414f0baefeba59bc6c04b3db0b87bf ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
22:44:57.0814 5472 sffp_mmc - ok
22:44:57.0839 5472 [ dd85b78243a19b59f0637dcf284da63c ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
22:44:57.0841 5472 sffp_sd - ok
22:44:57.0867 5472 [ a9d601643a1647211a1ee2ec4e433ff4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
22:44:57.0869 5472 sfloppy - ok
22:44:57.0927 5472 [ c6cc9297bd53e5229653303e556aa539 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
22:44:57.0930 5472 Sftfs - ok
22:44:57.0983 5472 [ 13693b6354dd6e72dc5131da7d764b90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
22:44:57.0986 5472 sftlist - ok
22:44:57.0999 5472 [ 390aa7bc52cee43f6790cdea1e776703 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
22:44:58.0001 5472 Sftplay - ok
22:44:58.0034 5472 [ 617e29a0b0a2807466560d4c4e338d3e ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
22:44:58.0035 5472 Sftredir - ok
22:44:58.0047 5472 [ 8f571f016fa1976f445147e9e6c8ae9b ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
22:44:58.0048 5472 Sftvol - ok
22:44:58.0061 5472 [ c3cddd18f43d44ab713cf8c4916f7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
22:44:58.0063 5472 sftvsa - ok
22:44:58.0129 5472 [ b95f6501a2f8b2e78c697fec401970ce ] SharedAccess C:\Windows\System32\ipnathlp.dll
22:44:58.0136 5472 SharedAccess - ok
22:44:58.0165 5472 [ aaf932b4011d14052955d4b212a4da8d ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:44:58.0168 5472 ShellHWDetection - ok
22:44:58.0198 5472 [ c3f190562fe82efda7ccef305ebad3e3 ] Shockprf C:\Windows\system32\DRIVERS\Apsx64.sys
22:44:58.0205 5472 Shockprf - ok
22:44:58.0242 5472 [ 843caf1e5fde1ffd5ff768f23a51e2e1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:44:58.0244 5472 SiSRaid2 - ok
22:44:58.0270 5472 [ 6a6c106d42e9ffff8b9fcb4f754f6da4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
22:44:58.0273 5472 SiSRaid4 - ok
22:44:58.0281 5472 [ 548260a7b8654e024dc30bf8a7c5baa4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
22:44:58.0284 5472 Smb - ok
22:44:58.0362 5472 [ 3bc2844af786ca422cc31d505acfa9f2 ] smihlp2 C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys
22:44:58.0366 5472 smihlp2 - ok
22:44:58.0428 5472 [ 6313f223e817cc09aa41811daa7f541d ] SNMPTRAP C:\Windows\System32\snmptrap.exe
22:44:58.0431 5472 SNMPTRAP - ok
22:44:58.0443 5472 [ b9e31e5cacdfe584f34f730a677803f9 ] spldr C:\Windows\system32\drivers\spldr.sys
22:44:58.0445 5472 spldr - ok
22:44:58.0469 5472 [ b96c17b5dc1424d56eea3a99e97428cd ] Spooler C:\Windows\System32\spoolsv.exe
22:44:58.0472 5472 Spooler - ok
22:44:58.0543 5472 [ e17e0188bb90fae42d83e98707efa59c ] sppsvc C:\Windows\system32\sppsvc.exe
22:44:58.0557 5472 sppsvc - ok
22:44:58.0575 5472 [ 93d7d61317f3d4bc4f4e9f8a96a7de45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
22:44:58.0579 5472 sppuinotify - ok
22:44:58.0670 5472 [ 47118a04b1d4dccce3a1cda3c10095b9 ] SROSVC C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe
22:44:58.0672 5472 SROSVC - ok
22:44:58.0705 5472 [ 441fba48bff01fdb9d5969ebc1838f0b ] srv C:\Windows\system32\DRIVERS\srv.sys
22:44:58.0714 5472 srv - ok
22:44:58.0726 5472 [ b4adebbf5e3677cce9651e0f01f7cc28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
22:44:58.0734 5472 srv2 - ok
22:44:58.0757 5472 [ 0c4540311e11664b245a263e1154cef8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS
22:44:58.0763 5472 SrvHsfHDA - ok
22:44:58.0793 5472 [ 02071d207a9858fbe3a48cbfd59c4a04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS
22:44:58.0815 5472 SrvHsfV92 - ok
22:44:58.0839 5472 [ 18e40c245dbfaf36fd0134a7ef2df396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
22:44:58.0852 5472 SrvHsfWinac - ok
22:44:58.0885 5472 [ 27e461f0be5bff5fc737328f749538c3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
22:44:58.0889 5472 srvnet - ok
22:44:58.0934 5472 [ 51b52fbd583cde8aa9ba62b8b4298f33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
22:44:58.0936 5472 SSDPSRV - ok
22:44:58.0952 5472 [ ab7aebf58dad8daab7a6c45e6a8885cb ] SstpSvc C:\Windows\system32\sstpsvc.dll
22:44:58.0953 5472 SstpSvc - ok
22:44:59.0033 5472 [ 50aadc94ba90dc3de1ae0020c877baae ] stdriver C:\Windows\system32\DRIVERS\stdriver64.sys
22:44:59.0036 5472 stdriver - ok
22:44:59.0125 5472 [ 88c1bee3cbe1b46a58730fdd0484bd3a ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
22:44:59.0126 5472 Stereo Service - ok
22:44:59.0155 5472 [ f3817967ed533d08327dc73bc4d5542a ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
22:44:59.0158 5472 stexstor - ok
22:44:59.0196 5472 [ 8dd52e8e6128f4b2da92ce27402871c1 ] stisvc C:\Windows\System32\wiaservc.dll
22:44:59.0200 5472 stisvc - ok
22:44:59.0243 5472 [ 7785dc213270d2fc066538daf94087e7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
22:44:59.0246 5472 storflt - ok
22:44:59.0278 5472 [ c40841817ef57d491f22eb103da587cc ] StorSvc C:\Windows\system32\storsvc.dll
22:44:59.0280 5472 StorSvc - ok
22:44:59.0307 5472 [ d34e4943d5ac096c8edeebfd80d76e23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
22:44:59.0309 5472 storvsc - ok
22:44:59.0369 5472 [ 59b5a060a31bd4bab030c4fcd1048292 ] SUService C:\Program Files (x86)\Lenovo\System Update\SUService.exe
22:44:59.0369 5472 SUService - ok
22:44:59.0378 5472 [ d01ec09b6711a5f8e7e6564a4d0fbc90 ] swenum C:\Windows\system32\drivers\swenum.sys
22:44:59.0380 5472 swenum - ok
22:44:59.0400 5472 [ e08e46fdd841b7184194011ca1955a0b ] swprv C:\Windows\System32\swprv.dll
22:44:59.0404 5472 swprv - ok
22:44:59.0460 5472 [ c0b7405c899c485aa0b6f9866a4061cd ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
22:44:59.0474 5472 SynTP - ok
22:44:59.0529 5472 [ bf9ccc0bf39b418c8d0ae8b05cf95b7d ] SysMain C:\Windows\system32\sysmain.dll
22:44:59.0537 5472 SysMain - ok
22:44:59.0568 5472 [ e3c61fd7b7c2557e1f1b0b4cec713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
22:44:59.0572 5472 TabletInputService - ok
22:44:59.0580 5472 [ 40f0849f65d13ee87b9a9ae3c1dd6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
22:44:59.0583 5472 TapiSrv - ok
22:44:59.0627 5472 [ 1be03ac720f4d302ea01d40f588162f6 ] TBS C:\Windows\System32\tbssvc.dll
22:44:59.0629 5472 TBS - ok
22:44:59.0680 5472 [ acb82bda8f46c84f465c1afa517dc4b9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
22:44:59.0708 5472 Tcpip - ok
22:44:59.0739 5472 [ acb82bda8f46c84f465c1afa517dc4b9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
22:44:59.0746 5472 TCPIP6 - ok
22:44:59.0775 5472 [ df687e3d8836bfb04fcc0615bf15a519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
22:44:59.0778 5472 tcpipreg - ok
22:44:59.0795 5472 [ 3371d21011695b16333a3934340c4e7c ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
22:44:59.0799 5472 TDPIPE - ok
22:44:59.0839 5472 [ 51c5eceb1cdee2468a1748be550cfbc8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
22:44:59.0841 5472 TDTCP - ok
22:44:59.0874 5472 [ ddad5a7ab24d8b65f8d724f5c20fd806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
22:44:59.0878 5472 tdx - ok
22:44:59.0918 5472 [ 561e7e1f06895d78de991e01dd0fb6e5 ] TermDD C:\Windows\system32\drivers\termdd.sys
22:44:59.0920 5472 TermDD - ok
22:44:59.0965 5472 [ 2e648163254233755035b46dd7b89123 ] TermService C:\Windows\System32\termsrv.dll
22:44:59.0978 5472 TermService - ok
22:45:00.0002 5472 [ f0344071948d1a1fa732231785a0664c ] Themes C:\Windows\system32\themeservice.dll
22:45:00.0003 5472 Themes - ok
22:45:00.0096 5472 [ d3504242e506af450c0a30e79363097c ] ThinkVantage Registry Monitor Service C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
22:45:00.0100 5472 ThinkVantage Registry Monitor Service - ok
22:45:00.0129 5472 [ e40e80d0304a73e8d269f7141d77250b ] THREADORDER C:\Windows\system32\mmcss.dll
22:45:00.0130 5472 THREADORDER - ok
22:45:00.0136 5472 [ 1bb77eccbfa3675b1ee8d6d6d37a1e1e ] TPDIGIMN C:\Windows\system32\DRIVERS\ApsHM64.sys
22:45:00.0140 5472 TPDIGIMN - ok
22:45:00.0165 5472 [ 88f81d810ff16ac65b02643daf308d4f ] TPHDEXLGSVC C:\Windows\system32\TPHDEXLG64.exe
22:45:00.0171 5472 TPHDEXLGSVC - ok
22:45:00.0242 5472 [ 83415782d47f8064fcafea308abb2246 ] TPHKLOAD C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
22:45:00.0243 5472 TPHKLOAD - ok
22:45:00.0253 5472 [ c04bb65441913ab621c58a8bd3169b23 ] TPHKSVC C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
22:45:00.0254 5472 TPHKSVC - ok
22:45:00.0289 5472 [ dbcc20c02e8a3e43b03c304a4e40a84f ] TPM C:\Windows\system32\drivers\tpm.sys
22:45:00.0292 5472 TPM - ok
22:45:00.0347 5472 [ 7165b5a9b4867f64a6d6935f57d4196b ] TPPWRIF C:\Windows\system32\drivers\Tppwr64v.sys
22:45:00.0351 5472 TPPWRIF - ok
22:45:00.0391 5472 [ 7e7afd841694f6ac397e99d75cead49d ] TrkWks C:\Windows\System32\trkwks.dll
22:45:00.0393 5472 TrkWks - ok
22:45:00.0442 5472 [ 773212b2aaa24c1e31f10246b15b276c ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:45:00.0443 5472 TrustedInstaller - ok
22:45:00.0473 5472 [ ce18b2cdfc837c99e5fae9ca6cba5d30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
22:45:00.0476 5472 tssecsrv - ok
22:45:00.0520 5472 [ d11c783e3ef9a3c52c0ebe83cc5000e9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
22:45:00.0522 5472 TsUsbFlt - ok
22:45:00.0567 5472 [ 3566a8daafa27af944f5d705eaa64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
22:45:00.0571 5472 tunnel - ok
22:45:00.0641 5472 [ c9859779f9c29aadfbf454b7605452e6 ] TVT Backup Service C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe
22:45:00.0681 5472 TVT Backup Service - ok
22:45:00.0714 5472 [ 4daae0413cd4e816258838e2fafb3147 ] TVTI2C C:\Windows\system32\DRIVERS\Tvti2c.sys
22:45:00.0719 5472 TVTI2C - ok
22:45:00.0756 5472 [ b4dd609bd7e282bfc683cec7eaaaad67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
22:45:00.0759 5472 uagp35 - ok
22:45:00.0797 5472 [ ff4232a1a64012baa1fd97c7b67df593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
22:45:00.0805 5472 udfs - ok
22:45:00.0836 5472 [ 3cbdec8d06b9968aba702eba076364a1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
22:45:00.0840 5472 UI0Detect - ok
22:45:00.0888 5472 [ be788a747457e6916586c410ec0111e7 ] UleadBurningHelper C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
22:45:00.0889 5472 UleadBurningHelper - ok
22:45:00.0938 5472 [ 4bfe1bc28391222894cbf1e7d0e42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
22:45:00.0941 5472 uliagpkx - ok
22:45:00.0978 5472 [ dc54a574663a895c8763af0fa1ff7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
22:45:00.0980 5472 umbus - ok
22:45:01.0001 5472 [ b2e8e8cb557b156da5493bbddcc1474d ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
22:45:01.0002 5472 UmPass - ok
22:45:01.0035 5472 [ a293dcd756d04d8492a750d03b9a297c ] UmRdpService C:\Windows\System32\umrdp.dll
22:45:01.0040 5472 UmRdpService - ok
22:45:01.0150 5472 [ a69cd6bdb82872999d2e46f9324ada83 ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
22:45:01.0160 5472 UNS - ok
22:45:01.0181 5472 [ d47ec6a8e81633dd18d2436b19baf6de ] upnphost C:\Windows\System32\upnphost.dll
22:45:01.0184 5472 upnphost - ok
22:45:01.0220 5472 [ 6f1a3157a1c89435352ceb543cdb359c ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
22:45:01.0223 5472 usbccgp - ok
22:45:01.0253 5472 [ af0892a803fdda7492f595368e3b68e7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
22:45:01.0256 5472 usbcir - ok
22:45:01.0272 5472 [ c025055fe7b87701eb042095df1a2d7b ] usbehci C:\Windows\system32\drivers\usbehci.sys
22:45:01.0274 5472 usbehci - ok
22:45:01.0329 5472 [ 287c6c9410b111b68b52ca298f7b8c24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
22:45:01.0338 5472 usbhub - ok
22:45:01.0358 5472 [ 9840fc418b4cbd632d3d0a667a725c31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
22:45:01.0360 5472 usbohci - ok
22:45:01.0395 5472 [ 73188f58fb384e75c4063d29413cee3d ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
22:45:01.0397 5472 usbprint - ok
22:45:01.0433 5472 [ aaa2513c8aed8b54b189fd0c6b1634c0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
22:45:01.0435 5472 usbscan - ok
22:45:01.0441 5472 [ fed648b01349a3c8395a5169db5fb7d6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:45:01.0444 5472 USBSTOR - ok
22:45:01.0469 5472 [ 62069a34518bcf9c1fd9e74b3f6db7cd ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
22:45:01.0471 5472 usbuhci - ok
22:45:01.0504 5472 [ 454800c2bc7f3927ce030141ee4f4c50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
22:45:01.0509 5472 usbvideo - ok
22:45:01.0526 5472 [ edbb23cbcf2cdf727d64ff9b51a6070e ] UxSms C:\Windows\System32\uxsms.dll
22:45:01.0527 5472 UxSms - ok
22:45:01.0537 5472 [ c118a82cd78818c29ab228366ebf81c3 ] VaultSvc C:\Windows\system32\lsass.exe
22:45:01.0538 5472 VaultSvc - ok
22:45:01.0578 5472 [ c5c876ccfc083ff3b128f933823e87bd ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
22:45:01.0580 5472 vdrvroot - ok
22:45:01.0615 5472 [ 8d6b481601d01a456e75c3210f1830be ] vds C:\Windows\System32\vds.exe
22:45:01.0626 5472 vds - ok
22:45:01.0673 5472 [ da4da3f5e02943c2dc8c6ed875de68dd ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
22:45:01.0675 5472 vga - ok
22:45:01.0687 5472 [ 53e92a310193cb3c03bea963de7d9cfc ] VgaSave C:\Windows\System32\drivers\vga.sys
22:45:01.0689 5472 VgaSave - ok
22:45:01.0705 5472 [ 2ce2df28c83aeaf30084e1b1eb253cbb ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
22:45:01.0710 5472 vhdmp - ok
22:45:01.0751 5472 [ e5689d93ffe4e5d66c0178761240dd54 ] viaide C:\Windows\system32\drivers\viaide.sys
22:45:01.0753 5472 viaide - ok
22:45:01.0771 5472 [ 86ea3e79ae350fea5331a1303054005f ] vmbus C:\Windows\system32\drivers\vmbus.sys
22:45:01.0776 5472 vmbus - ok
22:45:01.0790 5472 [ 7de90b48f210d29649380545db45a187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
22:45:01.0793 5472 VMBusHID - ok
22:45:01.0838 5472 [ d2aafd421940f640b407aefaaebd91b0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
22:45:01.0841 5472 volmgr - ok
22:45:01.0887 5472 [ a255814907c89be58b79ef2f189b843b ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
22:45:01.0889 5472 volmgrx - ok
22:45:01.0928 5472 [ 0d08d2f3b3ff84e433346669b5e0f639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
22:45:01.0934 5472 volsnap - ok
22:45:01.0975 5472 [ b4a73ca4ef9a02b9738cea9ad5fe5917 ] vpcbus C:\Windows\system32\DRIVERS\vpchbus.sys
22:45:01.0980 5472 vpcbus - ok
22:45:02.0005 5472 [ e675fb2b48c54f09895482e2253b289c ] vpcnfltr C:\Windows\system32\DRIVERS\vpcnfltr.sys
22:45:02.0008 5472 vpcnfltr - ok
22:45:02.0045 5472 [ 5fb42082b0d19a0268705f1dd343df20 ] vpcusb C:\Windows\system32\DRIVERS\vpcusb.sys
22:45:02.0048 5472 vpcusb - ok
22:45:02.0086 5472 [ 207b6539799cc1c112661a9b620dd233 ] vpcvmm C:\Windows\system32\drivers\vpcvmm.sys
22:45:02.0088 5472 vpcvmm - ok
22:45:02.0135 5472 [ 5e2016ea6ebaca03c04feac5f330d997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
22:45:02.0139 5472 vsmraid - ok
22:45:02.0190 5472 [ b60ba0bc31b0cb414593e169f6f21cc2 ] VSS C:\Windows\system32\vssvc.exe
22:45:02.0198 5472 VSS - ok
22:45:02.0211 5472 [ 36d4720b72b5c5d9cb2b9c29e9df67a1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
22:45:02.0214 5472 vwifibus - ok
22:45:02.0252 5472 [ 6a3d66263414ff0d6fa754c646612f3f ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
22:45:02.0254 5472 vwififlt - ok
22:45:02.0280 5472 [ 1c9d80cc3849b3788048078c26486e1a ] W32Time C:\Windows\system32\w32time.dll
22:45:02.0290 5472 W32Time - ok
22:45:02.0320 5472 [ 4e9440f4f152a7b944cb1663d3935a3e ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
22:45:02.0322 5472 WacomPen - ok
22:45:02.0370 5472 [ 356afd78a6ed4457169241ac3965230c ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
22:45:02.0374 5472 WANARP - ok
22:45:02.0377 5472 [ 356afd78a6ed4457169241ac3965230c ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
22:45:02.0378 5472 Wanarpv6 - ok
22:45:02.0443 5472 [ 3cec96de223e49eaae3651fcf8faea6c ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
22:45:02.0463 5472 WatAdminSvc - ok
22:45:02.0513 5472 [ 78f4e7f5c56cb9716238eb57da4b6a75 ] wbengine C:\Windows\system32\wbengine.exe
22:45:02.0520 5472 wbengine - ok
22:45:02.0566 5472 [ 3aa101e8edab2db4131333f4325c76a3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
22:45:02.0568 5472 WbioSrvc - ok
22:45:02.0610 5472 [ 7368a2afd46e5a4481d1de9d14848edd ] wcncsvc C:\Windows\System32\wcncsvc.dll
22:45:02.0612 5472 wcncsvc - ok
22:45:02.0619 5472 [ 20f7441334b18cee52027661df4a6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:45:02.0623 5472 WcsPlugInService - ok
22:45:02.0641 5472 [ 72889e16ff12ba0f235467d6091b17dc ] Wd C:\Windows\system32\DRIVERS\wd.sys
22:45:02.0643 5472 Wd - ok
22:45:02.0664 5472 [ 441bd2d7b4f98134c3a4f9fa570fd250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
22:45:02.0676 5472 Wdf01000 - ok
22:45:02.0687 5472 [ bf1fc3f79b863c914687a737c2f3d681 ] WdiServiceHost C:\Windows\system32\wdi.dll
22:45:02.0689 5472 WdiServiceHost - ok
22:45:02.0691 5472 [ bf1fc3f79b863c914687a737c2f3d681 ] WdiSystemHost C:\Windows\system32\wdi.dll
22:45:02.0693 5472 WdiSystemHost - ok
22:45:02.0726 5472 [ 3db6d04e1c64272f8b14eb8bc4616280 ] WebClient C:\Windows\System32\webclnt.dll
22:45:02.0733 5472 WebClient - ok
22:45:02.0759 5472 [ c749025a679c5103e575e3b48e092c43 ] Wecsvc C:\Windows\system32\wecsvc.dll
22:45:02.0768 5472 Wecsvc - ok
22:45:02.0782 5472 [ 7e591867422dc788b9e5bd337a669a08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
22:45:02.0784 5472 wercplsupport - ok
22:45:02.0820 5472 [ 6d137963730144698cbd10f202e9f251 ] WerSvc C:\Windows\System32\WerSvc.dll
22:45:02.0822 5472 WerSvc - ok
22:45:02.0865 5472 [ 611b23304bf067451a9fdee01fbdd725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
22:45:02.0867 5472 WfpLwf - ok
22:45:02.0879 5472 [ 05ecaec3e4529a7153b3136ceb49f0ec ] WIMMount C:\Windows\system32\drivers\wimmount.sys
22:45:02.0881 5472 WIMMount - ok
22:45:02.0913 5472 WinDefend - ok
22:45:02.0916 5472 WinHttpAutoProxySvc - ok
22:45:02.0955 5472 [ 19b07e7e8915d701225da41cb3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
22:45:02.0957 5472 Winmgmt - ok
22:45:03.0006 5472 [ bcb1310604aa415c4508708975b3931e ] WinRM C:\Windows\system32\WsmSvc.dll
22:45:03.0037 5472 WinRM - ok
22:45:03.0100 5472 [ fe88b288356e7b47b74b13372add906d ] WinUsb C:\Windows\system32\DRIVERS\WinUSB.sys
22:45:03.0102 5472 WinUsb - ok
22:45:03.0135 5472 [ 4fada86e62f18a1b2f42ba18ae24e6aa ] Wlansvc C:\Windows\System32\wlansvc.dll
22:45:03.0140 5472 Wlansvc - ok
22:45:03.0170 5472 [ 06c8fa1cf39de6a735b54d906ba791c6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
22:45:03.0173 5472 wlcrasvc - ok
22:45:03.0242 5472 [ 7e47c328fc4768cb8beafbcfafa70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
22:45:03.0251 5472 wlidsvc - ok
22:45:03.0299 5472 [ f6ff8944478594d0e414d3f048f0d778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
22:45:03.0300 5472 WmiAcpi - ok
22:45:03.0327 5472 [ 38b84c94c5a8af291adfea478ae54f93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
22:45:03.0328 5472 wmiApSrv - ok
22:45:03.0351 5472 WMPNetworkSvc - ok
22:45:03.0401 5472 [ 96c6e7100d724c69fcf9e7bf590d1dca ] WPCSvc C:\Windows\System32\wpcsvc.dll
22:45:03.0404 5472 WPCSvc - ok
22:45:03.0433 5472 [ 93221146d4ebbf314c29b23cd6cc391d ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
22:45:03.0435 5472 WPDBusEnum - ok
22:45:03.0459 5472 [ 6bcc1d7d2fd2453957c5479a32364e52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
22:45:03.0459 5472 ws2ifsl - ok
22:45:03.0500 5472 [ e8b1fe6669397d1772d8196df0e57a9e ] wscsvc C:\Windows\system32\wscsvc.dll
22:45:03.0502 5472 wscsvc - ok
22:45:03.0504 5472 WSearch - ok
22:45:03.0582 5472 [ d9ef901dca379cfe914e9fa13b73b4c4 ] wuauserv C:\Windows\system32\wuaueng.dll
22:45:03.0593 5472 wuauserv - ok
22:45:03.0605 5472 [ d3381dc54c34d79b22cee0d65ba91b7c ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
22:45:03.0610 5472 WudfPf - ok
22:45:03.0639 5472 [ cf8d590be3373029d57af80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
22:45:03.0643 5472 WUDFRd - ok
22:45:03.0678 5472 [ 7a95c95b6c4cf292d689106bcae49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
22:45:03.0680 5472 wudfsvc - ok
22:45:03.0700 5472 [ 9a3452b3c2a46c073166c5cf49fad1ae ] WwanSvc C:\Windows\System32\wwansvc.dll
22:45:03.0707 5472 WwanSvc - ok
22:45:03.0790 5472 [ 8b5b7f5fd1d8e5c7038e54be18f58132 ] XCPSPWD C:\Program Files\Xerox Office Printing\PrintingScout\XCPWDN.EXE
22:45:03.0791 5472 XCPSPWD - ok
22:45:03.0841 5472 [ 25531ad711127cef85a2ed1ec13f59ef ] XCPSSDB C:\Program Files\Xerox Office Printing\PrintingScout\XCSDBN.EXE
22:45:03.0843 5472 XCPSSDB - ok
22:45:03.0876 5472 ================ Scan global ===============================
22:45:03.0904 5472 (ba0cd8c393e8c9f83354106093832c7b) C:\Windows\system32\basesrv.dll
22:45:03.0939 5472 (eb6a48cc998e1090e44e8e7f1009a640) C:\Windows\system32\winsrv.dll
22:45:03.0945 5472 (eb6a48cc998e1090e44e8e7f1009a640) C:\Windows\system32\winsrv.dll
22:45:03.0976 5472 (d6160f9d869ba3af0b787f971db56368) C:\Windows\system32\sxssrv.dll
22:45:03.0989 5472 (24acb7e5be595468e3b9aa488b9b4fcb) C:\Windows\system32\services.exe
22:45:03.0992 5472 [Global] - ok
22:45:03.0992 5472 ================ Scan MBR ==================================
22:45:04.0030 5472 MBR (0x1B8) (de07d0518bc04ac37225dc1ed9207f2e) \Device\Harddisk0\DR0
22:45:04.0214 5472 \Device\Harddisk0\DR0 - ok
22:45:04.0214 5472 ================ Scan VBR ==================================
22:45:04.0216 5472 Boot (0x1200) (248fb765c5700ed932bfaf36498e2c9e) \Device\Harddisk0\DR0\Partition1
22:45:04.0217 5472 \Device\Harddisk0\DR0\Partition1 - ok
22:45:04.0232 5472 Boot (0x1200) (ceec18e42aafd7e98e06201d4d722526) \Device\Harddisk0\DR0\Partition2
22:45:04.0234 5472 \Device\Harddisk0\DR0\Partition2 - ok
22:45:04.0256 5472 Boot (0x1200) (0d12c3825287bc38a884811a86933c81) \Device\Harddisk0\DR0\Partition3
22:45:04.0257 5472 \Device\Harddisk0\DR0\Partition3 - ok
22:45:04.0258 5472 ============================================================
22:45:04.0258 5472 Scan finished
22:45:04.0258 5472 ============================================================
22:45:04.0264 6264 Detected object count: 0
22:45:04.0264 6264 Actual detected object count: 0

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-19 22:54:08
-----------------------------
22:54:08.433 OS Version: Windows x64 6.1.7601 Service Pack 1
22:54:08.433 Number of processors: 4 586 0x2A07
22:54:08.434 ComputerName: HEAVYWEIGHTPAD UserName:
22:54:09.451 Initialize success
22:54:54.216 AVAST engine defs: 12081900
22:55:32.602 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
22:55:32.603 Disk 0 Vendor: HITACHI_ PC3Z Size: 305245MB BusType: 3
22:55:32.620 Disk 0 MBR read successfully
22:55:32.621 Disk 0 MBR scan
22:55:32.625 Disk 0 unknown MBR code
22:55:32.635 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 1200 MB offset 2048
22:55:32.647 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 292042 MB offset 2459648
22:55:32.670 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 12000 MB offset 600563712
22:55:32.720 Disk 0 scanning C:\Windows\system32\drivers
22:55:42.249 Service scanning
22:56:06.202 Modules scanning
22:56:06.206 Disk 0 trace - called modules:
22:56:06.228 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
22:56:06.554 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800a001060]
22:56:06.557 3 CLASSPNP.SYS[fffff88001a1743f] -> nt!IofCallDriver -> [0xfffffa8008d584b0]
22:56:06.560 5 ACPI.sys[fffff88000f8e7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8008d5d050]
22:56:07.468 AVAST engine scan C:\Windows
22:56:10.234 AVAST engine scan C:\Windows\system32
22:58:49.187 AVAST engine scan C:\Windows\system32\drivers
22:59:01.859 AVAST engine scan C:\Users\Lawrence Hacken
23:07:12.915 Disk 0 MBR has been saved successfully to "C:\Users\Lawrence Hacken\Desktop\MBR.dat"
23:07:12.920 The log file has been saved successfully to "C:\Users\Lawrence Hacken\Desktop\aswMBR.txt"

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:10 AM

Posted 20 August 2012 - 02:06 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Silly Decision

Silly Decision
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:10 AM

Posted 20 August 2012 - 04:06 AM

Ok... did that... I should mention that while combofix was running I left the computer unattended for a few minutes. When I got back, I found the computer asleep. I realized then that the power strip that the laptop is plugged into, was off for some reason, so the battery ran out & put the computer to sleep. Not to worry though, because combofix finished up fine after I plugged back in & woke it up.

Everything seems to be working fine, before & after the script/2nd combofix run. so far so good...
Here's the log:

ComboFix 12-08-20.01 - Lawrence Hacken 08/20/2012 0:20.2.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8075.5900 [GMT -7:00]
Running from: c:\users\Lawrence Hacken\Desktop\ComboFix.exe
Command switches used :: c:\users\Lawrence Hacken\Desktop\CFScript.txt
AV: Lavasoft Ad-Aware *Enabled/Updated* {445B48C3-0FA4-6B16-8F07-6506F305D800}
FW: Lavasoft Ad-Aware *Disabled* {7C60C9E6-45CB-6A4E-A458-CC330DD69F7B}
SP: Lavasoft Ad-Aware *Enabled/Updated* {FF3AA927-299E-6498-B5B7-5E74888292BD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-07-20 to 2012-08-20 )))))))))))))))))))))))))))))))
.
.
2012-08-20 07:37 . 2012-08-20 07:37 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-08-20 07:37 . 2012-08-20 07:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-14 23:30 . 2012-08-14 23:30 -------- d-----w- c:\program files (x86)\ieSpell
2012-08-07 09:18 . 2012-08-07 11:17 -------- d-----w- c:\users\Lawrence Hacken\AppData\Local\adaware
2012-08-07 09:18 . 2011-12-19 20:21 45936 ----a-w- c:\windows\system32\sbbd.exe
2012-08-07 09:18 . 2011-12-19 19:44 60536 ----a-w- c:\windows\system32\drivers\sbhips.sys
2012-08-07 09:18 . 2012-08-07 09:23 -------- d-----w- c:\program files (x86)\Ad-Aware Antivirus
2012-08-07 09:17 . 2012-08-07 09:17 -------- d-----w- c:\users\Lawrence Hacken\AppData\Local\Downloaded Installations
2012-08-07 09:17 . 2012-08-19 09:47 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection
2012-08-07 09:17 . 2012-08-07 09:17 -------- d-----w- c:\program files (x86)\Toolbar Cleaner
2012-08-07 09:17 . 2012-08-07 09:17 -------- d-----w- c:\program files (x86)\adawaretb
2012-08-07 09:16 . 2012-08-20 07:19 -------- d-----w- c:\users\Lawrence Hacken\AppData\Roaming\Ad-Aware Antivirus
2012-08-07 09:09 . 2012-06-05 07:37 256904 ----a-w- c:\windows\SysWow64\drivers\tmcomm.sys
2012-08-07 03:48 . 2012-08-07 03:48 328704 ----a-w- c:\windows\system32\services.exe.E2EF23F3D57C434E
2012-08-07 03:11 . 2012-08-07 03:11 -------- d-----w- c:\users\Lawrence Hacken\AppData\Local\Macromedia
2012-08-07 02:27 . 2012-08-07 02:27 -------- d-----w- c:\program files (x86)\ESET
2012-08-06 10:59 . 2012-08-06 11:00 -------- d-----w- C:\FRST
2012-08-06 05:47 . 2012-08-06 05:47 328704 ----a-w- c:\windows\system32\services.exe.E94356A09842B1F4
2012-08-06 05:19 . 2012-08-06 05:19 -------- d-----w- c:\users\Lawrence Hacken\AppData\Local\Secunia PSI
2012-08-06 05:18 . 2012-08-07 04:56 -------- d-----w- c:\program files (x86)\Secunia
2012-08-05 06:18 . 2012-08-05 06:27 -------- d-----w- c:\programdata\SUPERSetup
2012-08-05 06:12 . 2012-08-07 04:57 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-08-05 06:08 . 2012-08-05 06:10 -------- d-----w- c:\programdata\7531CCA978EB96C36414B142F875EF60
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-14 23:25 . 2012-04-06 06:48 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-14 23:25 . 2011-05-30 03:56 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-13 10:02 . 2011-04-29 11:22 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-07-03 20:46 . 2011-05-28 07:16 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-12 03:08 . 2012-07-13 10:05 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-06-09 05:43 . 2012-07-13 07:11 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-06-06 06:06 . 2012-07-13 07:11 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 06:06 . 2012-07-13 07:11 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 06:02 . 2012-07-13 07:11 1133568 ----a-w- c:\windows\system32\cdosys.dll
2012-06-06 05:05 . 2012-07-13 07:11 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-06-06 05:05 . 2012-07-13 07:11 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-06-06 05:03 . 2012-07-13 07:11 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
2012-06-02 22:19 . 2012-06-27 03:24 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-27 03:24 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-27 03:24 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-27 03:24 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-27 03:24 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 22:19 . 2012-06-27 03:24 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-27 03:24 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-27 03:24 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 22:15 . 2012-06-27 03:24 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 12:49 . 2012-07-13 10:01 17807360 ----a-w- c:\windows\system32\mshtml.dll
2012-06-02 12:17 . 2012-07-13 10:01 10924032 ----a-w- c:\windows\system32\ieframe.dll
2012-06-02 12:12 . 2012-07-13 10:01 2311680 ----a-w- c:\windows\system32\jscript9.dll
2012-06-02 12:05 . 2012-07-13 10:01 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-06-02 12:05 . 2012-07-13 10:01 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-06-02 12:04 . 2012-07-13 10:01 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-02 12:04 . 2012-07-13 10:01 237056 ----a-w- c:\windows\system32\url.dll
2012-06-02 12:03 . 2012-07-13 10:01 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-06-02 12:01 . 2012-07-13 10:01 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-02 12:00 . 2012-07-13 10:01 818688 ----a-w- c:\windows\system32\jscript.dll
2012-06-02 11:59 . 2012-07-13 10:01 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-06-02 11:57 . 2012-07-13 10:01 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-06-02 11:57 . 2012-07-13 10:01 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-02 11:54 . 2012-07-13 10:01 248320 ----a-w- c:\windows\system32\ieui.dll
2012-06-02 08:33 . 2012-07-13 10:01 1800192 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-06-02 08:25 . 2012-07-13 10:01 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-06-02 08:25 . 2012-07-13 10:01 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-06-02 08:20 . 2012-07-13 10:01 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-06-02 08:16 . 2012-07-13 10:01 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-06-02 05:50 . 2012-07-13 07:12 458704 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 05:48 . 2012-07-13 07:12 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 05:48 . 2012-07-13 07:12 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 05:45 . 2012-07-13 07:12 340992 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 05:44 . 2012-07-13 07:12 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-06-02 04:40 . 2012-07-13 07:11 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-06-02 04:40 . 2012-07-13 07:12 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-06-02 04:39 . 2012-07-13 07:12 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-06-02 04:34 . 2012-07-13 07:11 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-08-19_09.13.08 )))))))))))))))))))))))))))))))))))))))))
.
- 2012-08-19 08:34 . 2012-08-19 08:34 13396 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
+ 2012-08-19 09:45 . 2012-08-19 09:45 13396 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
+ 2011-04-22 03:29 . 2012-08-19 09:48 60664 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-08-19 09:48 44538 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-04-30 08:36 . 2012-08-19 09:48 14026 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3842861757-3716948847-2586722750-1001_UserData.bin
+ 2012-08-19 09:45 . 2012-08-19 09:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-08-19 08:35 . 2012-08-19 08:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-19 09:45 . 2012-08-19 09:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-08-19 08:35 . 2012-08-19 08:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-05-10 06:34 . 2012-08-20 05:21 541868 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2009-07-14 02:36 . 2012-08-19 09:50 626468 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-08-19 08:41 626468 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-08-19 09:50 107544 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-08-19 08:41 107544 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2012-08-19 08:34 479924 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-08-19 09:45 479924 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2012-04-06 06:40 . 2012-08-19 08:34 8731600 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2012-04-06 06:40 . 2012-08-19 09:45 8731600 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{5a197cf0-63cf-4ce7-a773-5299b1e98d13}]
2011-08-08 22:43 479232 ------w- c:\program files (x86)\Unsubscribe Inc\Unsubscribe.com\adxloader.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
2012-04-11 20:08 87440 ----a-w- c:\program files (x86)\adawaretb\adawareDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\program files (x86)\adawaretb\adawareDx.dll" [2012-04-11 87440]
.
[HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TLH_PTFBPro"="c:\program files (x86)\Technology Lighthouse\PTFB Pro\PTFBStart.exe" [2006-10-17 49696]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-09-12 39408]
"RoboForm"="c:\program files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2012-02-03 160328]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Ad-Aware Antivirus"="c:\program files (x86)\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X]
"PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2012-01-23 1631808]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"ACTray"="c:\program files (x86)\Lenovo\Access Connections\ACTray.exe" [2011-10-20 433216]
"Mindful"="c:\program files (x86)\Felitec\Mindful\Mindful.exe" [2007-03-15 413696]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2011-10-21 198032]
.
c:\users\Lawrence Hacken\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Abbreviations.ahk - Shortcut.lnk - c:\users\Lawrence Hacken\Documents\AutoHotKey SCRIPTS\Abbreviations.ahk [2011-5-6 1784]
AutoHotkey.ahk - Shortcut.lnk - c:\users\Lawrence Hacken\Documents\AutoHotKey SCRIPTS\AutoHotkey.ahk [2011-5-6 1353]
KeyHook.ahk - Shortcut.lnk - c:\users\Lawrence Hacken\Documents\AutoHotKey SCRIPTS\KeyHook.ahk [2011-5-6 545]
Run.ahk - Shortcut.lnk - c:\users\Lawrence Hacken\Documents\AutoHotKey SCRIPTS\Run.ahk [2011-5-6 1151]
SigME.ahk - Shortcut.lnk - c:\users\Lawrence Hacken\Documents\AutoHotKey SCRIPTS\SigME.ahk [2011-5-6 613]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
MozyHome Status.lnk - c:\program files\MozyHome\mozystat.exe [2012-7-12 6271888]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"QuickLaunchEnabled"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
@="Ad-Aware Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2011-10-26 57976]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-14 136176]
R2 HyperW7Svc;HyperW7 Service;c:\program files\Lenovo\RapidBoot\HyperW7Svc64.exe [2011-11-18 144448]
R2 SBAMSvc;Ad-Aware;c:\program files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [2011-12-19 3289032]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-14 250056]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2011-05-18 47616]
R3 DozeSvc;Lenovo Doze Mode Service;c:\program files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2012-01-23 478056]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-01-14 1038088]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-14 136176]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [2011-05-29 17152]
R3 ltpFilter;ThinkPad USB TrackPoint Lower Filter;c:\windows\system32\DRIVERS\ltpFiltr.sys [2009-06-15 8192]
R3 ltpwrFltr;ThinkPad USB TrackPoint Power Filter;c:\windows\system32\DRIVERS\ltpwrflt.sys [2009-05-11 8192]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2011-05-10 174184]
R3 pmxdrv;pmxdrv;c:\windows\system32\drivers\pmxdrv.sys [2011-04-22 31152]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2012-01-23 89152]
R3 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE [2012-01-23 175168]
R3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [2011-12-19 60536]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-04-29 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 DzHDD64;DzHDD64;c:\windows\System32\DRIVERS\DzHDD64.sys [2012-01-23 31344]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2011-08-13 27240]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys [2011-03-30 23664]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys [2010-09-07 15472]
S1 PHCORE;PHCORE;c:\program files\Lenovo\RapidBoot\PHCORE64.SYS [2011-07-09 32104]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 Ad-Aware Service;Ad-Aware Service;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2012-07-13 1239952]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg64.exe [2010-12-17 198784]
S2 jhi_service;Intel® Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2011-02-07 210896]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [2011-05-31 41320]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2011-07-12 101736]
S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [2011-05-31 59240]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2011-07-12 133992]
S2 ltpSvc;TrackPoint Scroll Service;c:\program files\Lenovo\ThinkPad USB Keyboard with TrackPoint\ltpSvc.exe [2009-06-30 12800]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-13 2214504]
S2 risdxc;risdxc;c:\windows\system32\DRIVERS\risdxc64.sys [2011-05-26 101888]
S2 SAService;Conexant SmartAudio service;c:\windows\system32\SAsrv.exe [x]
S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [2011-11-29 74872]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 smihlp2;SMI Helper Driver (smihlp2);c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [2011-05-31 13128]
S2 SROSVC;Screen Reading Optimizer Service Program;c:\program files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe [2011-03-02 443240]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-08-12 379496]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [2011-07-12 145256]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2011-07-12 142696]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-01-17 2656280]
S2 XCPSPWD;Xerox PrintingScout Status Watcher;c:\program files\Xerox Office Printing\PrintingScout\XCPWDN.EXE [2010-07-09 150016]
S2 XCPSSDB;Xerox PrintingScout Status Database;c:\program files\Xerox Office Printing\PrintingScout\XCSDBN.EXE [2010-07-09 338944]
S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [2010-12-19 425000]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-12-19 39464]
S3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [2011-08-04 341680]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
S3 PCDSRVC{127174DC-C366ED8B-06020200}_0;PCDSRVC{127174DC-C366ED8B-06020200}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor\pcdsrvc_x64.pkms [2011-06-27 25584]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [2011-08-25 1161832]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 stdriver;Sound tap driver Upper Class Filter Driver v2.0.0.0;c:\windows\system32\DRIVERS\stdriver64.sys [2012-03-26 56408]
S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys [2009-09-24 41536]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 43019339
*NewlyCreated* - ASWMBR
*NewlyCreated* - PCDSRVC{127174DC-C366ED8B-06020200}_0
*Deregistered* - 43019339
*Deregistered* - aswMBR
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 23:25]
.
2012-08-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-14 09:17]
.
2012-08-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-14 09:17]
.
2012-08-16 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 15:06]
.
2012-08-20 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 15:06]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5a197cf0-63cf-4ce7-a773-5299b1e98d13}]
2011-06-04 00:27 677376 ------w- c:\program files (x86)\Unsubscribe Inc\Unsubscribe.com\adxloader64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2]
@="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}"
[HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}]
2012-07-12 19:37 6301584 ----a-w- c:\program files\MozyHome\mozyshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3]
@="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}"
[HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}]
2012-07-12 19:37 6301584 ----a-w- c:\program files\MozyHome\mozyshell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TpShocks"="TpShocks.exe" [2011-03-29 380776]
"ForteConfig"="c:\program files\Conexant\ForteConfig\fmapp.exe" [2010-10-26 49056]
"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2011-05-31 40808]
"AcWin7Hlpr"="c:\program files (x86)\Lenovo\Access Connections\AcTBenabler.exe" [2011-10-20 33344]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-04-13 1860496]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-10-14 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-10 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-10 418840]
"PSQLLauncher"="c:\program files\ThinkVantage Fingerprint Software\launcher.exe" [2011-07-14 85832]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-12-15 316032]
"Skd8855"="c:\program files\Lenovo\ThinkPad USB Keyboard with TrackPoint\Skd8855.exe" [2010-04-07 382464]
"ltpPoint"="c:\program files\Lenovo\ThinkPad USB Keyboard with TrackPoint\ltpPoint.exe" [2009-10-26 1001472]
"XCPSPSP"="c:\program files\Xerox Office Printing\PrintingScout\XCPSPZ.EXE" [2010-09-14 1133568]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: &ieSpell Options - c:\program files (x86)\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files (x86)\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Identities Editor - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComEditIdent.html
IE: Lookup on Merriam Webster - file://c:\program files (x86)\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files (x86)\ieSpell\wikipedia.HTM
IE: Passcards Editor - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComEditPass.html
IE: Save Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
Trusted Zone: all2ools.com\www
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77} - hxxp://support.lenovo.com/Resources/Lenovo/AutoDetect/acpirexe.cab
DPF: {A6616B31-4860-41E2-98E3-CA7649AF172F} - file:///E:/launch.ocx
DPF: {C4B977A3-E8A2-37E9-ADCD-2597FAAC61F5} - hxxp://shop.lenovo.com/SEUILibrary/lenovo-portal/cab/autodetect/MachineInfo.cab
FF - ProfilePath - c:\users\Lawrence Hacken\AppData\Roaming\Mozilla\Firefox\Profiles\xvi7yg0g.default\
FF - prefs.js: browser.startup.homepage - about:blank
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCDSRVC{127174DC-C366ED8B-06020200}_0]
"ImagePath"="\??\c:\program files\pc-doctor\pcdsrvc_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-08-20 01:46:31
ComboFix-quarantined-files.txt 2012-08-20 08:46
ComboFix2.txt 2012-08-19 09:28
.
Pre-Run: 206,051,848,192 bytes free
Post-Run: 206,679,048,192 bytes free
.
- - End Of File - - F7372BFB80B503C63923938C289EECB9

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:10 AM

Posted 20 August 2012 - 04:17 AM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Java™ 6 Update 31 [/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.



Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Silly Decision

Silly Decision
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:10 AM

Posted 20 August 2012 - 05:06 AM

Ok... MBAM found nothing. When I went to ◦C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt" to get the log, but it gave me the error about illegal operation on a registry key to be deleted. So I clicked on the log tab in the program & it let me open it from there.
Both logs requested are pasted below.
thanks & talk to you probably tomorrow.

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.20.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Lawrence Hacken :: HEAVYWEIGHTPAD [administrator]

8/20/2012 2:52:50 AM
mbam-log-2012-08-20 (02-52-50).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 217305
Time elapsed: 1 minute(s), 52 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:01:28 AM, on 8/20/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal

Running processes:
C:\PROGRA~1\Lenovo\Zoom\TPSCREX.EXE
C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE
C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files (x86)\AutoHotkey\AutoHotkey.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\AutoHotkey\AutoHotkey.exe
C:\Program Files (x86)\Lenovo\Access Connections\ACTray.exe
C:\Program Files (x86)\AutoHotkey\AutoHotkey.exe
C:\Program Files (x86)\Felitec\Mindful\Mindful.exe
C:\Program Files (x86)\AutoHotkey\AutoHotkey.exe
C:\Program Files (x86)\AutoHotkey\AutoHotkey.exe
C:\Program Files (x86)\Technology Lighthouse\PTFB Pro\PTFBPro.exe
C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe
C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\cvh.exe
C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\Collectorz.com\Music Collector\MusicCollector.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_271_ActiveX.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Users\Lawrence Hacken\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Unsub2Managed - {5a197cf0-63cf-4ce7-a773-5299b1e98d13} - C:\Program Files (x86)\Unsubscribe Inc\Unsubscribe.com\adxloader.dll
O2 - BHO: Ad-Aware Security Toolbar - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O3 - Toolbar: @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Ad-Aware Security Toolbar - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
O4 - HKLM\..\Run: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [ACTray] C:\Program Files (x86)\Lenovo\Access Connections\ACTray.exe
O4 - HKLM\..\Run: [Mindful] C:\Program Files (x86)\Felitec\Mindful\Mindful.exe
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
O4 - HKLM\..\Run: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [TLH_PTFBPro] "C:\Program Files (x86)\Technology Lighthouse\PTFB Pro\PTFBStart.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\system32\StikyNot.exe
O4 - HKUS\S-1-5-21-3842861757-3716948847-2586722750-1000\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-3842861757-3716948847-2586722750-1000\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - Startup: Abbreviations.ahk - Shortcut.lnk = Lawrence Hacken\Documents\AutoHotKey SCRIPTS\Abbreviations.ahk
O4 - Startup: AutoHotkey.ahk - Shortcut.lnk = Lawrence Hacken\Documents\AutoHotKey SCRIPTS\AutoHotkey.ahk
O4 - Startup: KeyHook.ahk - Shortcut.lnk = Lawrence Hacken\Documents\AutoHotKey SCRIPTS\KeyHook.ahk
O4 - Startup: Run.ahk - Shortcut.lnk = Lawrence Hacken\Documents\AutoHotKey SCRIPTS\Run.ahk
O4 - Startup: SigME.ahk - Shortcut.lnk = Lawrence Hacken\Documents\AutoHotKey SCRIPTS\SigME.ahk
O4 - Global Startup: MozyHome Status.lnk = C:\Program Files\MozyHome\mozystat.exe
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files (x86)\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files (x86)\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Identities Editor - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComEditIdent.html
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files (x86)\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files (x86)\ieSpell\wikipedia.HTM
O8 - Extra context menu item: Passcards Editor - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComEditPass.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files (x86)\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files (x86)\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files (x86)\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files (x86)\ieSpell\iespell.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Identities - {45DB34C3-955C-11D3-ABEF-444553540000} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComEditIdent.html
O9 - Extra 'Tools' menuitem: Identities Editor - {45DB34C3-955C-11D3-ABEF-444553540000} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComEditIdent.html
O9 - Extra button: Passcards - {45DB34C3-955C-11D3-ABEF-444553540001} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComEditPass.html
O9 - Extra 'Tools' menuitem: Passcards Editor - {45DB34C3-955C-11D3-ABEF-444553540001} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComEditPass.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77} (IASRunner Class) - http://support.lenovo.com/Resources/Lenovo/AutoDetect/acpirexe.cab
O16 - DPF: {A6616B31-4860-41E2-98E3-CA7649AF172F} (Launch Control) - file:///E:/launch.ocx
O16 - DPF: {C4B977A3-E8A2-37E9-ADCD-2597FAAC61F5} (MachineInfoActiveX.MachineInfoActiveX) - http://shop.lenovo.com/SEUILibrary/lenovo-portal/cab/autodetect/MachineInfo.cab
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: AcPrfMgrSvc - Lenovo - C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
O23 - Service: AcSvc - Lenovo - C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
O23 - Service: Ad-Aware Service - Lavasoft Limited - C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
O23 - Service: @C:\Windows\system32\CxAudMsg64.exe,-100 (CxAudMsg) - Unknown owner - C:\Windows\system32\CxAudMsg64.exe (file missing)
O23 - Service: Lenovo Doze Mode Service (DozeSvc) - Lenovo. - C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HyperW7 Service (HyperW7Svc) - Lenovo Group Limited - C:\Program Files\Lenovo\RapidBoot\HyperW7Svc64.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\Windows\system32\ibmpmsvc.exe (file missing)
O23 - Service: Intel® Identity Protection Technology Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Lenovo Camera Mute (LENOVO.CAMMUTE) - Lenovo Group Limited - C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
O23 - Service: Lenovo Microphone Mute (LENOVO.MICMUTE) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
O23 - Service: Lenovo Keyboard Noise Reduction (LENOVO.TPKNRSVC) - Lenovo Group Limited - C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
O23 - Service: Lenovo Auto Scroll (Lenovo.VIRTSCRLSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: TrackPoint Scroll Service (ltpSvc) - Unknown owner - C:\Program Files\Lenovo\ThinkPad USB Keyboard with TrackPoint\ltpSvc.exe
O23 - Service: MozyHome Backup Service (mozybackup) - Mozy, Inc. - C:\Program Files\MozyHome\mozybackup.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: Power Manager DBC Service - Lenovo - C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Cisco EnergyWise Enabler (PwmEWSvc) - Lenovo Group Limited - C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Conexant SmartAudio service (SAService) - Conexant Systems, Inc. - C:\Windows\system32\SAsrv.exe
O23 - Service: Ad-Aware (SBAMSvc) - GFI Software - C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Screen Reading Optimizer Service Program (SROSVC) - Lenovo Group Limited - C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - C:\Program Files (x86)\Lenovo\System Update\SUService.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Unknown owner - C:\Windows\System32\TPHDEXLG64.exe (file missing)
O23 - Service: Lenovo Hotkey Client Loader (TPHKLOAD) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
O23 - Service: On Screen Display (TPHKSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Xerox PrintingScout Status Watcher (XCPSPWD) - Xerox Co., Ltd. - C:\Program Files\Xerox Office Printing\PrintingScout\XCPWDN.EXE
O23 - Service: Xerox PrintingScout Status Database (XCPSSDB) - Xerox Co., Ltd. - C:\Program Files\Xerox Office Printing\PrintingScout\XCSDBN.EXE

--
End of file - 19747 bytes

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:10 AM

Posted 20 August 2012 - 07:15 AM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
      O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
      O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
      O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\system32\StikyNot.exe
      O4 - HKUS\S-1-5-21-3842861757-3716948847-2586722750-1000\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
      O4 - HKUS\S-1-5-21-3842861757-3716948847-2586722750-1000\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the add/on to be installed
    • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

When the scan is complete

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

  • If threats were found
  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish
  • close program
  • copy and paste the report here


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Silly Decision

Silly Decision
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:10 AM

Posted 21 August 2012 - 04:18 AM

Ok... Eset found nothing!
Thanks for helping cleanup the startup programs ... I try to stay on top of those by running msconfig. I have noticed in the past that the Google Toolbar Notifier keeps coming back even if I uncheck it.

The computer is working fine so far, even after i tripped while carrying it last night. The computer & I took a header into a woodpile & it remained unscathed.
I can't say the same about my face, though. Ouch! :axe: :pirate:
That's why i like thinkpads... I'm clumsy & they're sturdy. My last thinkpad got ran over with my car & still booted up afterwards.

Could you please recommend security software? Should I just use MSE & nothing else?
If not, please suggest free software that does not hog resources.
Thanks so much for your genius help!!
Once this post is solved, i will certainly throw a donation your way.

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:10 AM

Posted 21 August 2012 - 06:54 PM

Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.


:Why we need to remove some of our tools:

Some of the tools we have used to clean your computer were made by fellow malware fighters and are very powerful and if used incorrectly or at the wrong time can make the computer an expensive paper weight.
They are updated all the time and some of them more than once a day so by the time you are ready to use them again they will already be outdated.

The following procedures will implement some cleanup procedures to remove these tools. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.
:DeFogger:

Note** Defogger only needs to be run if it was run when we first started. If you have not already run it then skip this.

  • To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK.
Your Emulation drivers are now re-enabled.
:Uninstall ComboFix:

  • turn off all active protection software
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • Posted Image

:Remove the rest of our tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • If asked to restart the computer, please do so
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

:The programs you can keep:

Some of the programs that we have used would be a good idea to keep and used often in helping to keep the computer clean. I use these programs on my computer.

Revo Uninstaller Free - this is the uninstaller that I had you download and works allot better than add/remove in windows and has saved me more than once from corrupted installs and uninstalls

CCleaner - This is a good program to clean out temp files, I would use this once a week or before any malware scan to remove unwanted temp files - It has a built in registry cleaner but I would leave that alone and not use any registry cleaner

Malwarebytes' Anti-Malware The Gold standard today in antimalware scanners

:Security programs:

One of the questions I am asked all the time is "What programs do you use" I have at this time 4 computers in my home and I have this setup on all 4 of them.


  • Microsoft Security Essentials - provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software.
  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often. (I have upgraded to the paid version of MBAM and I am glad I did)

    Note** If you decide to install MSE you will need to uninstall your present Antivirus

:Security awareness:

The other question I am asked all the time is "How can I prevent this from happening again." and the short answer to that is to be aware of what is out there and how to start spotting dangers.

Here are some articles that are must reads and should be read by everybody in your household that uses the internet

internetsafety

Internet Safety for Kids

Here is some more reading for you from some of my colleges

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum

COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

quoted from Tech Support Forum

Conclusion

There is no such thing as ‘perfect security’. This applies to many things, not just computer systems. Using the above guide you should be able to take all the reasonable steps you can to prevent infection. However, the most important part of all this is you, the user. Surf sensibly and think before you download a file or click on a link. Take a few moments to assess the possible risks and you should be able to enjoy all the internet has to offer.


I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 Silly Decision

Silly Decision
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:10 AM

Posted 22 August 2012 - 01:37 AM

Many Thanks Gringo! So far, so good!
You are a modern day HERO! I have sent a small donation in hopes you will use it to make your day a little bit better.
& thanks for the security program recommendations!

One question... I can just move TDDSKiller, & Security Check to recycling, right?

All the best!
Larry

Many Thanks Gringo! So far, so good!
You are a modern day HERO! I have sent a small donation in hopes you will use it to make your day a little bit better.
& thanks for the security program recommendations!

One question... I can just move TDDSKiller, & Security Check to recycling, right?

All the best!
Larry




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users