Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect Virus - SCOUR Virus


  • This topic is locked This topic is locked
17 replies to this topic

#1 Bill898

Bill898

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:31 PM

Posted 26 August 2012 - 12:36 PM

Thank you for allowing me to register and for your help on this frustrating and elusive virus. I have tried to remove the virus through the various tools and directions on the forum but nothing has worked. I am attaching the requested files. After running a google search, when I click on one of the search results, I get a redirect to many different sites, one of which is scour. Many times, immediately after clicking on the rsearch link, I see credit-crush.com and then redirect and it will redirect to b00kmarks.com, gethorresutls.com, and thenfinally to a generic site or to scour. Attached please find the files. I have always been successful in remving these viruses but this one has me puzzled. Any help would be appreciated.
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1
Run by Bill at 12:18:20 on 2012-08-26
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.1908.538 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe
C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Lenovo\Access Connections\AcSvc.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\System32\TpShocks.exe
C:\Program Files\Integrated Camera Driver\RCIMGDIR.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe
C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\TPFanControl\TPFanControl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\system32\SearchIndexer.exe
C:\Users\Bill\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\WePrint\WePrint Server.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Lenovo\Access Connections\SvcGuiHlpr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Internet Explorer\IELowutil.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\sppsvc.exe
c:\Program Files\Lenovo\System Update\SUService.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_3_300_271_ActiveX.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://lenovo.msn.com
uInternet Settings,ProxyOverride = *.local
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - c:\program files\avg\avg2012\avgdtiex.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: WebEx Productivity Tools: {90e2ba2e-dd1b-4cde-9134-7a8b86d33ca7} - c:\program files\webex\productivity tools\ptonecli.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
TB: WebEx Productivity Tools: {90e2ba2e-dd1b-4cde-9134-7a8b86d33ca7} - c:\program files\webex\productivity tools\ptonecli.dll
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
mRun: [TpShocks] TpShocks.exe
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [SmartAudio] c:\program files\conexant\saii\SAIICpl.exe /t
mRun: [RotateImage] c:\program files\integrated camera driver\RCIMGDIR.exe
mRun: [PWMTRV] rundll32 c:\progra~1\thinkpad\utilit~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
mRun: [Message Center Plus] c:\program files\lenovo\message center plus\MCPLaunch.exe /start
mRun: [LENOVO.TPKNRRES] c:\program files\lenovo\communications utility\TPKNRRES.exe
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [IMSS] "c:\program files\intel\intel® management engine components\imss\PIconStartup.exe"
mRun: [IJNetworkScanUtility] c:\program files\canon\canon ij network scan utility\CNMNSUT.EXE
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [AcWin7Hlpr] c:\program files\lenovo\access connections\AcTBenabler.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [PrintWhere Router 3.6] c:\program files\printeron corporation\printwhere 3.6\pwcRoute.exe
mRun: [PrinterOn Printer Select 3.6] c:\program files\printeron corporation\printwhere 3.6\pwcPrinterSelect.exe -NOUI
mRun: [Wondershare Helper Compact.exe] c:\program files\common files\wondershare\wondershare helper compact\WSHelper.exe
mRun: [TPFanControl] c:\program files\tpfancontrol\TPFanControl.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Aimersoft Helper Compact.exe] c:\program files\common files\aimersoft\aimersoft helper compact\ASHelper.exe
mRun: [AT&T Communication Manager] "c:\program files\at&t\communication manager\ATTCM.exe" -a
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil32_11_3_300_271_ActiveX.exe -update activex
StartupFolder: c:\users\bill\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\bill\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\users\bill\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\users\bill\appdata\roaming\micros~1\windows\startm~1\programs\startup\weprin~1.lnk - c:\program files\weprint\WePrint Server.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mif5ba~1\office12\ONBttnIE.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\avg\avg2012\avgdtiex.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
Trusted Zone: aseonline.com\audi
Trusted Zone: aseonline.com\vwgroup
DPF: {070DC617-E3B7-468B-A29C-D4E84FAE938C} - hxxp://utilities.pcpitstop.com/pctuneup2/controls/pctuneup.cab
DPF: {3AB6C094-8157-4483-A209-F0075716DC4E} - hxxps://vwgroup.aseonline.com/PandoraWebClient/PandoraLoader.cab
DPF: {3E9C83B2-4133-46EF-8DBD-91FD0FA22886} - hxxps://kpi.ase-global.com/kpi3pcna/MAClient/MA_ClientX.cab
DPF: {41795ECB-411A-4F38-A1ED-0F34E8892BF7} - hxxps://vwgroup.aseonline.com/P3WebClient/P3Loader.cab
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {947EFED6-BCFD-4FBC-8B89-6B7251D7DA6E} - hxxps://vwgroup.aseonline.com/MetisWebClient/WebClientLoader.cab
DPF: {B3DFB9F9-6896-4D01-9465-2ABAD934A5B4} - hxxps://kpi.ase-global.com/kpiinput/MetisClientX.cab
DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://vwgoa.vw.com/dana-cached/sc/JuniperSetupClient.cab
TCP: DhcpNameServer = 65.32.5.111 65.32.5.112
TCP: Interfaces\{99F1BCA5-D580-46F3-9880-F0B3C92D7195} : DhcpNameServer = 65.32.5.111 65.32.5.112
TCP: Interfaces\{99F1BCA5-D580-46F3-9880-F0B3C92D7195}\34F657274797162746 : DhcpNameServer = 12.127.16.67 12.127.17.71 4.2.2.1
TCP: Interfaces\{99F1BCA5-D580-46F3-9880-F0B3C92D7195}\358656271647F6E61447C605562796D656475627E4F6274786 : DhcpNameServer = 8.8.8.8 208.67.222.222 4.2.2.1
TCP: Interfaces\{99F1BCA5-D580-46F3-9880-F0B3C92D7195}\8484F6E6F62737 : DhcpNameServer = 65.32.1.65 65.32.1.70
TCP: Interfaces\{99F1BCA5-D580-46F3-9880-F0B3C92D7195}\84F4D454D293032323 : DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{99F1BCA5-D580-46F3-9880-F0B3C92D7195}\F46756274627966756D2445323 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{D2058AE9-C874-4D8A-BBC6-F11223518F5C} : DhcpNameServer = 209.183.35.23 209.183.33.23
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
LSA: Notification Packages = scecli ACGina
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-1-31 31952]
R0 DozeHDD;DozeHDD;c:\windows\system32\drivers\DOZEHDD.SYS [2010-7-3 24304]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2010-6-16 20592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-2-22 235216]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-12-23 41040]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-3-19 301248]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2011-1-22 13680]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-7-4 5160568]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]
R2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\lenovo\communications utility\CamMute.exe [2010-7-3 50536]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\lenovo\hotkey\micmute.exe [2011-1-22 45496]
R2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\lenovo\communications utility\TPKNRSVC.exe [2010-7-3 74088]
R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\lenovo\virtscrl\lvvsst.exe [2011-1-22 93032]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032]
R2 rimspci;rimspci;c:\windows\system32\drivers\rimspe86.sys [2010-7-3 48640]
R2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\lenovo\hotkey\tphkload.exe [2011-1-22 99328]
R2 TPHKSVC;On Screen Display;c:\program files\lenovo\hotkey\tphksvc.exe [2011-1-22 64440]
R2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\drivers\TurboB.sys [2009-9-29 13752]
R3 5U877;USB Video Device;c:\windows\system32\drivers\5U877.sys [2010-7-3 127232]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k6232.sys [2011-1-22 215208]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2011-1-22 132480]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2012-1-31 270336]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\drivers\rtl8192se.sys [2011-10-21 1117800]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2009-10-8 38336]
R3 UNS;Intel® Management & Security Application User Notification Service;c:\program files\intel\intel® management engine components\uns\UNS.exe [2010-7-3 2533400]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-7-27 63960]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-6-11 250056]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\toolbarbroker.exe --> c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [?]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 DozeSvc;Lenovo Doze Mode Service;c:\program files\thinkpad\utilities\DOZESVC.EXE [2010-7-3 132456]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-11-25 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
S3 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-8-10 116648]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-8-10 116648]
S3 hitmanpro36;HitmanPro 3.6 Support Driver;c:\windows\system32\drivers\hitmanpro36.sys [2012-8-18 27424]
S3 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 45568]
S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys [2010-7-29 25112]
S3 JuniperAccessService;Juniper Unified Network Service;c:\program files\common files\juniper networks\juns\dsAccessService.exe [2009-3-2 124200]
S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
S3 pmxdrv;pmxdrv;c:\windows\system32\drivers\pmxdrv.sys [2010-7-3 816792]
S3 Power Manager DBC Service;Power Manager DBC Service;c:\program files\thinkpad\utilities\PWMDBSVC.exe [2010-7-3 75112]
S3 rixdpcie;rixdpcie;c:\windows\system32\drivers\rixdpe86.sys [2010-7-3 38912]
S3 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 45568]
S3 SWNC8U80;Sierra Wireless MUX NDIS Driver (UMTS80);c:\windows\system32\drivers\swnc8u80.sys [2010-5-11 199680]
S3 SWUMX80;Sierra Wireless USB MUX Driver (UMTS80);c:\windows\system32\drivers\swumx80.sys [2010-5-11 156032]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-4-5 52224]
S3 TurboBoost;TurboBoost;c:\program files\intel\turboboost\TurboBoost.exe [2009-9-29 99768]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-8-18 1343400]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2009-2-13 11520]
S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2012-8-9 25704]
S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [2012-8-9 25704]
S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [2012-8-9 25704]
S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [2012-8-9 25704]
S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [2012-8-9 25704]
S4 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\ca\PCPitstopScheduleService.exe [2010-8-25 90296]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2012-08-21 19:08:58 -------- d-sh--w- C:\$RECYCLE.BIN
2012-08-21 00:38:55 -------- d-----w- c:\program files\Oracle
2012-08-21 00:38:16 772544 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-08-19 03:21:45 27424 ----a-w- c:\windows\system32\drivers\hitmanpro36.sys
2012-08-19 01:28:18 -------- d-----w- c:\programdata\Simply Super Software
2012-08-19 01:24:22 -------- d-----w- c:\users\bill\DoctorWeb
2012-08-19 00:59:52 -------- d-----w- c:\users\bill\temp
2012-08-19 00:59:49 -------- d-----w- c:\users\bill\appdata\roaming\TeamViewer
2012-08-19 00:53:27 -------- d-----w- c:\program files\Citrix
2012-08-19 00:53:07 112272 ----a-w- c:\users\bill\g2ax_customer_downloadhelper_win32_x86.exe
2012-08-18 23:50:42 -------- d-----w- c:\programdata\Tarma Installer
2012-08-18 23:33:04 -------- d-----w- c:\programdata\RegAce
2012-08-18 23:31:38 -------- d-----w- c:\users\bill\appdata\local\APN
2012-08-18 19:45:36 -------- d-----w- C:\MATS
2012-08-18 19:44:18 -------- d-----w- c:\programdata\LG
2012-08-18 19:44:18 -------- d-----w- c:\program files\common files\PctelEapPeer Authentication
2012-08-18 19:06:25 480384 ------w- c:\windows\system32\bmnet.dll
2012-08-18 15:08:57 886 ----a-w- c:\programdata\rwfcdaa.tmp
2012-08-18 14:52:12 518144 ----a-w- c:\windows\SWREG.exe
2012-08-18 14:52:12 256000 ----a-w- c:\windows\PEV.exe
2012-08-18 01:52:29 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-08-18 01:52:29 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-08-17 21:25:32 -------- d-----w- c:\windows\CC1F6DA021D2425AB1B65B164A598450.TMP
2012-08-17 00:18:31 887 ----a-w- c:\programdata\moyraaa.tmp
2012-08-17 00:17:35 897 ----a-w- c:\programdata\noyraaa.tmp
2012-08-15 22:00:00 -------- d-----w- c:\users\bill\appdata\roaming\QuickScan
2012-08-15 12:55:03 886 ----a-w- c:\programdata\hhnmbaa.tmp
2012-08-15 12:00:14 897 ----a-w- c:\programdata\khwddaa.tmp
2012-08-15 01:05:58 98816 ----a-w- c:\windows\sed.exe
2012-08-15 01:05:58 208896 ----a-w- c:\windows\MBR.exe
2012-08-14 23:57:58 -------- d-----w- c:\users\bill\appdata\local\Threat Expert
2012-08-14 21:05:16 203120 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2012-08-09 04:45:10 25704 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(5).sys
2012-08-09 04:44:07 25704 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(4).sys
2012-08-09 04:42:58 25704 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(3).sys
2012-08-09 04:42:19 25704 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(2).sys
2012-08-09 04:41:01 25704 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(1).sys
2012-08-09 04:40:54 -------- d-----w- c:\users\bill\appdata\local\Aimersoft
2012-08-09 04:40:52 -------- d-----w- c:\program files\common files\Aimersoft
2012-08-09 04:40:39 892928 ----a-w- c:\windows\system32\iconv.dll
2012-08-09 04:40:39 675840 ----a-w- c:\windows\system32\ac3filter.ax
2012-08-09 04:40:39 496640 ----a-w- c:\windows\system32\xvid.ax
2012-08-09 04:40:36 -------- d-----w- c:\program files\Aimersoft
2012-07-28 13:27:40 -------- d-----w- c:\program files\iPod
2012-07-28 13:27:39 -------- d-----w- c:\program files\iTunes
2012-07-27 20:51:30 184248 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
.
==================== Find3M ====================
.
2012-08-18 21:46:58 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2012-08-14 20:35:23 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-14 20:35:23 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-17 12:36:06 132984 ----a-r- c:\windows\system32\IS3HTUI5.dll
2012-07-17 12:36:06 104312 ----a-r- c:\windows\system32\IS3Inet5.dll
2012-07-17 12:36:04 67448 ----a-r- c:\windows\system32\IS3Hks5.dll
2012-07-17 12:36:02 812920 ----a-r- c:\windows\system32\IS3Base5.dll
2012-06-12 02:40:48 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-06-06 05:05:52 1390080 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- c:\windows\system32\cdosys.dll
2012-06-05 20:01:23 12872 ----a-w- c:\windows\system32\bootdelete.exe
2012-06-02 22:12:32 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12:13 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19:42 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:12:20 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 08:33:25 1800192 ----a-w- c:\windows\system32\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-02 04:45:04 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 04:45:03 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 04:40:59 369336 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 04:40:39 225280 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- c:\windows\system32\ncrypt.dll
.
============= FINISH: 12:20:31.08 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:31 PM

Posted 27 August 2012 - 01:28 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Bill898

Bill898
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:31 PM

Posted 27 August 2012 - 07:37 AM

Hi Gringo, thank you so much for your help.I am attaching the checkup file but Combofix ran fro an extre,ely long time and I received a message that" Freeware implementation of XCACLS has stopped working. Any advice? Should I try to run again?

Results of screen317's Security Check version 0.99.46
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
AVG Anti-Virus Free Edition 2012
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
JavaFX 2.1.1
Java™ 7 Update 5
Java version out of Date!
Adobe Reader X (10.1.4)
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
AVG avgtray.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:31 PM

Posted 27 August 2012 - 07:59 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Bill898

Bill898
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:31 PM

Posted 27 August 2012 - 09:52 AM

Please find attached the results of the TDSS Killer and MBR scan. I did not press the MBR Fix button on the MBR scan but I have left the app open in the event you want me to press the button.

09:02:16.0502 5600 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
09:02:16.0970 5600 ============================================================
09:02:16.0970 5600 Current date / time: 2012/08/27 09:02:16.0970
09:02:16.0970 5600 SystemInfo:
09:02:16.0970 5600
09:02:16.0970 5600 OS Version: 6.1.7601 ServicePack: 1.0
09:02:16.0970 5600 Product type: Workstation
09:02:16.0970 5600 ComputerName: BILL-THINK-PC
09:02:16.0970 5600 UserName: Bill
09:02:16.0970 5600 Windows directory: C:\Windows
09:02:16.0970 5600 System windows directory: C:\Windows
09:02:16.0970 5600 Processor architecture: Intel x86
09:02:16.0970 5600 Number of processors: 4
09:02:16.0970 5600 Page size: 0x1000
09:02:16.0970 5600 Boot type: Normal boot
09:02:16.0970 5600 ============================================================
09:02:18.0093 5600 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x7E2D, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050
09:02:18.0124 5600 ============================================================
09:02:18.0124 5600 \Device\Harddisk0\DR0:
09:02:18.0124 5600 MBR partitions:
09:02:18.0124 5600 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x258000
09:02:18.0124 5600 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x258800, BlocksNum 0x1BBE47F8
09:02:18.0124 5600 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x1BE3D000, BlocksNum 0x1388000
09:02:18.0124 5600 ============================================================
09:02:18.0280 5600 C: <-> \Device\Harddisk0\DR0\Partition2
09:02:18.0343 5600 Q: <-> \Device\Harddisk0\DR0\Partition3
09:02:18.0390 5600 ============================================================
09:02:18.0390 5600 Initialize success
09:02:18.0390 5600 ============================================================
09:02:24.0567 9456 ============================================================
09:02:24.0567 9456 Scan started
09:02:24.0567 9456 Mode: Manual;
09:02:24.0567 9456 ============================================================
09:02:28.0140 9456 ================ Scan system memory ========================
09:02:28.0140 9456 System memory - ok
09:02:28.0140 9456 ================ Scan services =============================
09:02:28.0374 9456 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
09:02:28.0389 9456 1394ohci - ok
09:02:28.0420 9456 [ 5E67A474CBC887DAF0DDD343F6F7FEA0 ] 5U877 C:\Windows\system32\DRIVERS\5U877.sys
09:02:28.0420 9456 5U877 - ok
09:02:29.0013 9456 ACDaemon - ok
09:02:29.0060 9456 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
09:02:29.0060 9456 ACPI - ok
09:02:29.0107 9456 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
09:02:29.0107 9456 AcpiPmi - ok
09:02:29.0185 9456 [ 40C186D35C0E307240D6BCA399332B24 ] AcPrfMgrSvc C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe
09:02:29.0200 9456 AcPrfMgrSvc - ok
09:02:29.0216 9456 [ 51E12E36BDEB10C0D9DBDB1FA4914800 ] AcSvc C:\Program Files\Lenovo\Access Connections\AcSvc.exe
09:02:29.0216 9456 AcSvc - ok
09:02:29.0310 9456 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
09:02:29.0310 9456 AdobeARMservice - ok
09:02:29.0419 9456 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
09:02:29.0419 9456 AdobeFlashPlayerUpdateSvc - ok
09:02:29.0466 9456 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
09:02:29.0481 9456 adp94xx - ok
09:02:29.0512 9456 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
09:02:29.0512 9456 adpahci - ok
09:02:29.0528 9456 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
09:02:29.0559 9456 adpu320 - ok
09:02:29.0575 9456 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
09:02:29.0575 9456 AeLookupSvc - ok
09:02:29.0637 9456 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
09:02:29.0637 9456 AFD - ok
09:02:29.0684 9456 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
09:02:29.0684 9456 agp440 - ok
09:02:29.0731 9456 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
09:02:29.0731 9456 aic78xx - ok
09:02:29.0762 9456 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
09:02:29.0762 9456 ALG - ok
09:02:29.0809 9456 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
09:02:29.0809 9456 aliide - ok
09:02:29.0824 9456 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
09:02:29.0824 9456 amdagp - ok
09:02:29.0840 9456 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
09:02:29.0840 9456 amdide - ok
09:02:29.0887 9456 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
09:02:29.0887 9456 AmdK8 - ok
09:02:29.0887 9456 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
09:02:29.0902 9456 AmdPPM - ok
09:02:29.0934 9456 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
09:02:29.0934 9456 amdsata - ok
09:02:29.0965 9456 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
09:02:29.0965 9456 amdsbs - ok
09:02:29.0980 9456 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
09:02:29.0980 9456 amdxata - ok
09:02:30.0027 9456 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
09:02:30.0027 9456 AppID - ok
09:02:30.0043 9456 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
09:02:30.0043 9456 AppIDSvc - ok
09:02:30.0105 9456 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
09:02:30.0105 9456 Appinfo - ok
09:02:30.0199 9456 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
09:02:30.0199 9456 Apple Mobile Device - ok
09:02:30.0230 9456 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll
09:02:30.0230 9456 AppMgmt - ok
09:02:30.0261 9456 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
09:02:30.0261 9456 arc - ok
09:02:30.0277 9456 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
09:02:30.0277 9456 arcsas - ok
09:02:30.0292 9456 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
09:02:30.0292 9456 AsyncMac - ok
09:02:30.0339 9456 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
09:02:30.0339 9456 atapi - ok
09:02:30.0386 9456 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
09:02:30.0402 9456 AudioEndpointBuilder - ok
09:02:30.0417 9456 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
09:02:30.0417 9456 Audiosrv - ok
09:02:30.0729 9456 AVG Security Toolbar Service - ok
09:02:30.0916 9456 [ D67719BCFDE5798F5C30D14EFED3BCAF ] AVGIDSAgent C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
09:02:31.0010 9456 AVGIDSAgent - ok
09:02:31.0057 9456 [ 1074F787080068C71303B61FAE7E7CA4 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdriverx.sys
09:02:31.0057 9456 AVGIDSDriver - ok
09:02:31.0072 9456 [ 61A7E0B02F82CFF3DB2445BBE50B3589 ] AVGIDSFilter C:\Windows\system32\DRIVERS\avgidsfilterx.sys
09:02:31.0072 9456 AVGIDSFilter - ok
09:02:31.0088 9456 [ D63D83659EEDF60B3A3E620281A888E5 ] AVGIDSHX C:\Windows\system32\DRIVERS\avgidshx.sys
09:02:31.0088 9456 AVGIDSHX - ok
09:02:31.0119 9456 [ BAF975B72062F53D327788E99D64197E ] AVGIDSShim C:\Windows\system32\DRIVERS\avgidsshimx.sys
09:02:31.0135 9456 AVGIDSShim - ok
09:02:31.0150 9456 [ DDA6A2A18841E4C9172BB85958B8D948 ] Avgldx86 C:\Windows\system32\DRIVERS\avgldx86.sys
09:02:31.0166 9456 Avgldx86 - ok
09:02:31.0197 9456 [ CCDD61545AAEA265977E4B1EFDC74E8C ] Avgmfx86 C:\Windows\system32\DRIVERS\avgmfx86.sys
09:02:31.0197 9456 Avgmfx86 - ok
09:02:31.0197 9456 [ 1FD90B28D2C3100BF4500199C8AD6358 ] Avgrkx86 C:\Windows\system32\DRIVERS\avgrkx86.sys
09:02:31.0213 9456 Avgrkx86 - ok
09:02:31.0213 9456 [ 1263F2554ACE925C237A40B4C568D815 ] Avgtdix C:\Windows\system32\DRIVERS\avgtdix.sys
09:02:31.0228 9456 Avgtdix - ok
09:02:31.0275 9456 [ EA1145DEBCD508FD25BD1E95C4346929 ] avgwd C:\Program Files\AVG\AVG2012\avgwdsvc.exe
09:02:31.0275 9456 avgwd - ok
09:02:31.0322 9456 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
09:02:31.0322 9456 AxInstSV - ok
09:02:31.0353 9456 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
09:02:31.0369 9456 b06bdrv - ok
09:02:31.0400 9456 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
09:02:31.0400 9456 b57nd60x - ok
09:02:31.0431 9456 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
09:02:31.0431 9456 BDESVC - ok
09:02:31.0462 9456 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
09:02:31.0462 9456 Beep - ok
09:02:31.0509 9456 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
09:02:31.0509 9456 BFE - ok
09:02:31.0540 9456 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\System32\qmgr.dll
09:02:31.0681 9456 BITS - ok
09:02:31.0696 9456 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
09:02:31.0696 9456 blbdrive - ok
09:02:31.0806 9456 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
09:02:31.0806 9456 Bonjour Service - ok
09:02:31.0837 9456 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
09:02:31.0837 9456 bowser - ok
09:02:31.0852 9456 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
09:02:31.0852 9456 BrFiltLo - ok
09:02:31.0868 9456 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
09:02:31.0868 9456 BrFiltUp - ok
09:02:31.0915 9456 [ 77361D72A04F18809D0EFB6CCEB74D4B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
09:02:31.0930 9456 BridgeMP - ok
09:02:31.0962 9456 [ 6E11F33D14D020F58D5E02E4D67DFA19 ] Browser C:\Windows\System32\browser.dll
09:02:31.0977 9456 Browser - ok
09:02:32.0008 9456 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
09:02:32.0008 9456 Brserid - ok
09:02:32.0040 9456 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
09:02:32.0040 9456 BrSerWdm - ok
09:02:32.0071 9456 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
09:02:32.0071 9456 BrUsbMdm - ok
09:02:32.0071 9456 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
09:02:32.0071 9456 BrUsbSer - ok
09:02:32.0118 9456 [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
09:02:32.0118 9456 BthEnum - ok
09:02:32.0149 9456 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
09:02:32.0149 9456 BTHMODEM - ok
09:02:32.0164 9456 [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
09:02:32.0180 9456 BthPan - ok
09:02:32.0211 9456 [ C2FBF6D271D9A94D839C416BF186EAD9 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
09:02:32.0227 9456 BTHPORT - ok
09:02:32.0258 9456 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
09:02:32.0258 9456 bthserv - ok
09:02:32.0305 9456 [ C81E9413A25A439F436B1D4B6A0CF9E9 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
09:02:32.0305 9456 BTHUSB - ok
09:02:32.0383 9456 catchme - ok
09:02:32.0430 9456 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
09:02:32.0430 9456 cdfs - ok
09:02:32.0476 9456 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\drivers\cdrom.sys
09:02:32.0476 9456 cdrom - ok
09:02:32.0539 9456 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
09:02:32.0539 9456 CertPropSvc - ok
09:02:32.0570 9456 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
09:02:32.0570 9456 circlass - ok
09:02:32.0586 9456 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
09:02:32.0586 9456 CLFS - ok
09:02:32.0648 9456 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:02:32.0648 9456 clr_optimization_v2.0.50727_32 - ok
09:02:32.0710 9456 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:02:32.0742 9456 clr_optimization_v4.0.30319_32 - ok
09:02:32.0773 9456 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
09:02:32.0773 9456 CmBatt - ok
09:02:32.0788 9456 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
09:02:32.0788 9456 cmdide - ok
09:02:32.0835 9456 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys
09:02:32.0835 9456 CNG - ok
09:02:32.0882 9456 [ A0CDCA3E0936081C796B3A2059CDC940 ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT32.sys
09:02:32.0898 9456 CnxtHdAudService - ok
09:02:32.0913 9456 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
09:02:32.0913 9456 Compbatt - ok
09:02:32.0976 9456 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
09:02:32.0976 9456 CompositeBus - ok
09:02:32.0991 9456 COMSysApp - ok
09:02:33.0022 9456 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
09:02:33.0022 9456 crcdisk - ok
09:02:33.0054 9456 [ 06E771AA596B8761107AB57E99F128D7 ] CryptSvc C:\Windows\system32\cryptsvc.dll
09:02:33.0054 9456 CryptSvc - ok
09:02:33.0116 9456 [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC C:\Windows\system32\drivers\csc.sys
09:02:33.0132 9456 CSC - ok
09:02:33.0163 9456 [ 15F93B37F6801943360D9EB42485D5D3 ] CscService C:\Windows\System32\cscsvc.dll
09:02:33.0194 9456 CscService - ok
09:02:33.0256 9456 [ 7CAAF4AF453EF3582FEF65DD72CAA0AA ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys
09:02:33.0256 9456 dc3d - ok
09:02:33.0303 9456 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
09:02:33.0303 9456 DcomLaunch - ok
09:02:33.0319 9456 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
09:02:33.0334 9456 defragsvc - ok
09:02:33.0350 9456 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
09:02:33.0350 9456 DfsC - ok
09:02:33.0412 9456 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
09:02:33.0412 9456 Dhcp - ok
09:02:33.0444 9456 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
09:02:33.0444 9456 discache - ok
09:02:33.0475 9456 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
09:02:33.0475 9456 Disk - ok
09:02:33.0522 9456 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
09:02:33.0522 9456 Dnscache - ok
09:02:33.0568 9456 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
09:02:33.0568 9456 dot3svc - ok
09:02:33.0631 9456 [ B5E479EB83707DD698F66953E922042C ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
09:02:33.0646 9456 Dot4 - ok
09:02:33.0678 9456 [ CAEFD09B6A6249C53A67D55A9A9FCABF ] Dot4Print C:\Windows\system32\drivers\Dot4Prt.sys
09:02:33.0678 9456 Dot4Print - ok
09:02:33.0693 9456 [ CF491FF38D62143203C065260567E2F7 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
09:02:33.0693 9456 dot4usb - ok
09:02:33.0740 9456 [ E00B3CE273B17AEE1259C105DF5524CA ] DozeHDD C:\Windows\system32\DRIVERS\DozeHDD.sys
09:02:33.0740 9456 DozeHDD - ok
09:02:33.0802 9456 [ 1CFD5B47A899CFFF4CB5C44B8B66F0C2 ] DozeSvc C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE
09:02:33.0802 9456 DozeSvc - ok
09:02:33.0849 9456 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
09:02:33.0849 9456 DPS - ok
09:02:33.0880 9456 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
09:02:33.0880 9456 drmkaud - ok
09:02:33.0912 9456 [ 4823163C246868863D41A2F5EE06A21E ] dsNcAdpt C:\Windows\system32\DRIVERS\dsNcAdpt.sys
09:02:33.0912 9456 dsNcAdpt - ok
09:02:33.0974 9456 [ B44176D29E2E6BC2D840B64BF51D1B48 ] dsNcService C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
09:02:33.0990 9456 dsNcService - ok
09:02:34.0036 9456 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
09:02:34.0068 9456 DXGKrnl - ok
09:02:34.0083 9456 [ B0587C35E8C72A6FDF1782972EFEA03B ] e1kexpress C:\Windows\system32\DRIVERS\e1k6232.sys
09:02:34.0099 9456 e1kexpress - ok
09:02:34.0130 9456 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
09:02:34.0130 9456 EapHost - ok
09:02:34.0208 9456 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
09:02:34.0270 9456 ebdrv - ok
09:02:34.0302 9456 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
09:02:34.0302 9456 EFS - ok
09:02:34.0364 9456 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
09:02:34.0380 9456 ehRecvr - ok
09:02:34.0411 9456 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
09:02:34.0411 9456 ehSched - ok
09:02:34.0458 9456 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
09:02:34.0458 9456 elxstor - ok
09:02:34.0489 9456 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
09:02:34.0489 9456 ErrDev - ok
09:02:34.0567 9456 esgiguard - ok
09:02:34.0598 9456 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
09:02:34.0598 9456 EventSystem - ok
09:02:34.0629 9456 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
09:02:34.0629 9456 exfat - ok
09:02:34.0645 9456 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
09:02:34.0645 9456 fastfat - ok
09:02:34.0692 9456 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
09:02:34.0723 9456 Fax - ok
09:02:34.0738 9456 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
09:02:34.0738 9456 fdc - ok
09:02:34.0770 9456 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
09:02:34.0770 9456 fdPHost - ok
09:02:34.0770 9456 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
09:02:34.0770 9456 FDResPub - ok
09:02:34.0801 9456 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
09:02:34.0801 9456 FileInfo - ok
09:02:34.0816 9456 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
09:02:34.0816 9456 Filetrace - ok
09:02:34.0879 9456 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
09:02:34.0879 9456 flpydisk - ok
09:02:34.0910 9456 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
09:02:34.0910 9456 FltMgr - ok
09:02:34.0957 9456 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\Windows\system32\FntCache.dll
09:02:34.0988 9456 FontCache - ok
09:02:35.0035 9456 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
09:02:35.0035 9456 FontCache3.0.0.0 - ok
09:02:35.0050 9456 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
09:02:35.0050 9456 FsDepends - ok
09:02:35.0113 9456 [ D909075FA72C090F27AA926C32CB4612 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
09:02:35.0113 9456 fssfltr - ok
09:02:35.0175 9456 [ 4CE9DAC1518FF7E77BD213E6394B9D77 ] fsssvc C:\Program Files\Windows Live\Family Safety\fsssvc.exe
09:02:35.0222 9456 fsssvc - ok
09:02:35.0253 9456 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
09:02:35.0253 9456 Fs_Rec - ok
09:02:35.0300 9456 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
09:02:35.0300 9456 fvevol - ok
09:02:35.0347 9456 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
09:02:35.0347 9456 gagp30kx - ok
09:02:35.0394 9456 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
09:02:35.0394 9456 GEARAspiWDM - ok
09:02:35.0440 9456 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
09:02:35.0456 9456 gpsvc - ok
09:02:35.0518 9456 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
09:02:35.0534 9456 gupdate - ok
09:02:35.0550 9456 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
09:02:35.0550 9456 gupdatem - ok
09:02:35.0581 9456 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
09:02:35.0581 9456 hcw85cir - ok
09:02:35.0612 9456 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
09:02:35.0628 9456 HdAudAddService - ok
09:02:35.0674 9456 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
09:02:35.0674 9456 HDAudBus - ok
09:02:35.0706 9456 [ A88485DC6A7136C10D9A6C7E38FDFE3C ] HECI C:\Windows\system32\DRIVERS\HECI.sys
09:02:35.0706 9456 HECI - ok
09:02:35.0737 9456 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
09:02:35.0737 9456 HidBatt - ok
09:02:35.0737 9456 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
09:02:35.0752 9456 HidBth - ok
09:02:35.0768 9456 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
09:02:35.0768 9456 HidIr - ok
09:02:35.0799 9456 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\System32\hidserv.dll
09:02:35.0799 9456 hidserv - ok
09:02:35.0846 9456 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
09:02:35.0862 9456 HidUsb - ok
09:02:35.0940 9456 [ 47EECE68857817F39C8C6F33A7E5E76C ] hitmanpro36 C:\Windows\system32\drivers\hitmanpro36.sys
09:02:35.0940 9456 hitmanpro36 - ok
09:02:35.0986 9456 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
09:02:35.0986 9456 hkmsvc - ok
09:02:36.0002 9456 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
09:02:36.0018 9456 HomeGroupListener - ok
09:02:36.0049 9456 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
09:02:36.0049 9456 HomeGroupProvider - ok
09:02:36.0158 9456 [ 1DAE5C46D42B02A6D5862E1482EFB390 ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
09:02:36.0174 9456 hpqcxs08 - ok
09:02:36.0189 9456 [ 99E8EEF42FE2F4AF29B08C3355DD7685 ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
09:02:36.0189 9456 hpqddsvc - ok
09:02:36.0236 9456 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
09:02:36.0236 9456 HpSAMD - ok
09:02:36.0283 9456 [ 79737E0F7D25DE8405CB34D4C9882253 ] HPSLPSVC C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
09:02:36.0314 9456 HPSLPSVC - ok
09:02:36.0361 9456 [ 210388FD8225B02BD83D77628AAE64A9 ] HsfXAudioService C:\Windows\system32\XAudio32.dll
09:02:36.0392 9456 HsfXAudioService - ok
09:02:36.0423 9456 [ C761B4A8391F5E47F7C51A691CE773F4 ] HSF_DPV C:\Windows\system32\DRIVERS\HSX_DPV.sys
09:02:36.0439 9456 HSF_DPV - ok
09:02:36.0470 9456 [ 50B42EF358A2E5363BE6B77138A22391 ] HSXHWAZL C:\Windows\system32\DRIVERS\HSXHWAZL.sys
09:02:36.0470 9456 HSXHWAZL - ok
09:02:36.0517 9456 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
09:02:36.0532 9456 HTTP - ok
09:02:36.0564 9456 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
09:02:36.0564 9456 hwpolicy - ok
09:02:36.0610 9456 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
09:02:36.0610 9456 i8042prt - ok
09:02:36.0657 9456 [ 39F7C9AEEE865FE8E98CF3EDD2B4BB4A ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
09:02:36.0657 9456 iaStor - ok
09:02:36.0704 9456 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
09:02:36.0704 9456 iaStorV - ok
09:02:36.0751 9456 [ 400D7095D5AE08970F839BCAC1843106 ] IBMPMDRV C:\Windows\system32\DRIVERS\ibmpmdrv.sys
09:02:36.0751 9456 IBMPMDRV - ok
09:02:36.0751 9456 [ 06AF18300C5B511A3D85C3E0B7909C10 ] IBMPMSVC C:\Windows\system32\ibmpmsvc.exe
09:02:36.0766 9456 IBMPMSVC - ok
09:02:36.0813 9456 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
09:02:36.0860 9456 idsvc - ok
09:02:37.0094 9456 [ 45D1BFFAECF68A2247FC0E3B78A0ADFA ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
09:02:37.0297 9456 igfx - ok
09:02:37.0328 9456 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
09:02:37.0344 9456 iirsp - ok
09:02:37.0375 9456 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
09:02:37.0406 9456 IKEEXT - ok
09:02:37.0453 9456 [ E3C36AC5AE87EC970AE8EA2A93D59AE1 ] Impcd C:\Windows\system32\DRIVERS\Impcd.sys
09:02:37.0453 9456 Impcd - ok
09:02:37.0484 9456 [ C4FA261B9B5C9822D26020949605AC43 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
09:02:37.0484 9456 IntcDAud - ok
09:02:37.0531 9456 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
09:02:37.0531 9456 intelide - ok
09:02:37.0562 9456 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
09:02:37.0562 9456 intelppm - ok
09:02:37.0593 9456 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
09:02:37.0593 9456 IPBusEnum - ok
09:02:37.0609 9456 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:02:37.0609 9456 IpFilterDriver - ok
09:02:37.0656 9456 [ 4D65A07B795D6674312F879D09AA7663 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
09:02:37.0671 9456 iphlpsvc - ok
09:02:37.0702 9456 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
09:02:37.0702 9456 IPMIDRV - ok
09:02:37.0718 9456 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
09:02:37.0718 9456 IPNAT - ok
09:02:37.0812 9456 [ E6BE7A41A28D8F2DB174957454D32448 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
09:02:37.0827 9456 iPod Service - ok
09:02:37.0858 9456 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
09:02:37.0858 9456 IRENUM - ok
09:02:37.0890 9456 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
09:02:37.0890 9456 isapnp - ok
09:02:37.0905 9456 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
09:02:37.0921 9456 iScsiPrt - ok
09:02:37.0952 9456 [ 213822072085B5BBAD9AF30AB577D817 ] IviRegMgr C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
09:02:37.0952 9456 IviRegMgr - ok
09:02:37.0999 9456 [ 994EBB45C4B438E1F6EA0B958AE9B9A3 ] ivusb C:\Windows\system32\DRIVERS\ivusb.sys
09:02:37.0999 9456 ivusb - ok
09:02:38.0061 9456 [ AE1424091282813BD37581F1E9F182E4 ] JuniperAccessService C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe
09:02:38.0061 9456 JuniperAccessService - ok
09:02:38.0108 9456 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
09:02:38.0108 9456 kbdclass - ok
09:02:38.0139 9456 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
09:02:38.0155 9456 kbdhid - ok
09:02:38.0155 9456 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
09:02:38.0170 9456 KeyIso - ok
09:02:38.0202 9456 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
09:02:38.0202 9456 KSecDD - ok
09:02:38.0233 9456 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
09:02:38.0248 9456 KSecPkg - ok
09:02:38.0264 9456 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
09:02:38.0280 9456 KtmRm - ok
09:02:38.0326 9456 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\System32\srvsvc.dll
09:02:38.0326 9456 LanmanServer - ok
09:02:38.0342 9456 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
09:02:38.0342 9456 LanmanWorkstation - ok
09:02:38.0436 9456 [ 0F98B9384C37C8C29904B8AE4359A54F ] LBTServ C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
09:02:38.0436 9456 LBTServ - ok
09:02:38.0514 9456 [ 70481DABD9ADAB51A6933C5893B82925 ] LENOVO.CAMMUTE C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
09:02:38.0514 9456 LENOVO.CAMMUTE - ok
09:02:38.0560 9456 [ FCE735941DA27929DBFC1918F286FFD8 ] LENOVO.MICMUTE C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
09:02:38.0560 9456 LENOVO.MICMUTE - ok
09:02:38.0576 9456 [ 9AAC267A225F3CAEBB9E633F7EB16E4B ] lenovo.smi C:\Windows\system32\DRIVERS\smiif32.sys
09:02:38.0576 9456 lenovo.smi - ok
09:02:38.0607 9456 [ D0DAF6A22037F6DEE706A095C647AA41 ] LENOVO.TPKNRSVC C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
09:02:38.0607 9456 LENOVO.TPKNRSVC - ok
09:02:38.0638 9456 [ 6F2CC57EB5836D2AC9BD37F3554D55F8 ] Lenovo.VIRTSCRLSVC C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
09:02:38.0638 9456 Lenovo.VIRTSCRLSVC - ok
09:02:38.0670 9456 [ 318B3D608FBEC44B7E0C23BF759DCED5 ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys
09:02:38.0670 9456 LHidFilt - ok
09:02:38.0701 9456 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
09:02:38.0701 9456 lltdio - ok
09:02:38.0748 9456 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
09:02:38.0748 9456 lltdsvc - ok
09:02:38.0763 9456 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
09:02:38.0763 9456 lmhosts - ok
09:02:38.0779 9456 [ 84AF069D219DF3C43DC6792B2BBD7BED ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys
09:02:38.0794 9456 LMouFilt - ok
09:02:38.0857 9456 [ 25884CA77F8D926B69167BC231D3726E ] LMS C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
09:02:38.0872 9456 LMS - ok
09:02:38.0904 9456 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
09:02:38.0904 9456 LSI_FC - ok
09:02:38.0935 9456 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
09:02:38.0935 9456 LSI_SAS - ok
09:02:38.0950 9456 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
09:02:38.0950 9456 LSI_SAS2 - ok
09:02:38.0966 9456 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
09:02:38.0966 9456 LSI_SCSI - ok
09:02:38.0982 9456 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
09:02:38.0982 9456 luafv - ok
09:02:39.0028 9456 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
09:02:39.0028 9456 Mcx2Svc - ok
09:02:39.0044 9456 [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys
09:02:39.0044 9456 mdmxsdk - ok
09:02:39.0060 9456 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
09:02:39.0060 9456 megasas - ok
09:02:39.0091 9456 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
09:02:39.0091 9456 MegaSR - ok
09:02:39.0153 9456 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
09:02:39.0153 9456 Microsoft Office Groove Audit Service - ok
09:02:39.0231 9456 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
09:02:39.0231 9456 MMCSS - ok
09:02:39.0247 9456 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
09:02:39.0247 9456 Modem - ok
09:02:39.0309 9456 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
09:02:39.0309 9456 monitor - ok
09:02:39.0325 9456 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
09:02:39.0325 9456 mouclass - ok
09:02:39.0372 9456 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
09:02:39.0372 9456 mouhid - ok
09:02:39.0403 9456 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
09:02:39.0403 9456 mountmgr - ok
09:02:39.0418 9456 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
09:02:39.0418 9456 mpio - ok
09:02:39.0450 9456 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
09:02:39.0450 9456 mpsdrv - ok
09:02:39.0496 9456 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
09:02:39.0512 9456 MpsSvc - ok
09:02:39.0559 9456 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
09:02:39.0559 9456 MRxDAV - ok
09:02:39.0590 9456 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
09:02:39.0606 9456 mrxsmb - ok
09:02:39.0637 9456 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:02:39.0652 9456 mrxsmb10 - ok
09:02:39.0668 9456 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:02:39.0684 9456 mrxsmb20 - ok
09:02:39.0699 9456 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
09:02:39.0699 9456 msahci - ok
09:02:39.0746 9456 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
09:02:39.0746 9456 msdsm - ok
09:02:39.0762 9456 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
09:02:39.0762 9456 MSDTC - ok
09:02:39.0793 9456 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
09:02:39.0808 9456 Msfs - ok
09:02:39.0824 9456 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
09:02:39.0824 9456 mshidkmdf - ok
09:02:39.0855 9456 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
09:02:39.0855 9456 msisadrv - ok
09:02:39.0886 9456 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
09:02:39.0886 9456 MSiSCSI - ok
09:02:39.0886 9456 msiserver - ok
09:02:39.0933 9456 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
09:02:39.0933 9456 MSKSSRV - ok
09:02:39.0949 9456 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
09:02:39.0949 9456 MSPCLOCK - ok
09:02:39.0964 9456 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
09:02:39.0964 9456 MSPQM - ok
09:02:39.0980 9456 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
09:02:39.0980 9456 MsRPC - ok
09:02:40.0011 9456 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
09:02:40.0011 9456 mssmbios - ok
09:02:40.0042 9456 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
09:02:40.0042 9456 MSTEE - ok
09:02:40.0042 9456 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
09:02:40.0058 9456 MTConfig - ok
09:02:40.0074 9456 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
09:02:40.0074 9456 Mup - ok
09:02:40.0120 9456 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
09:02:40.0120 9456 napagent - ok
09:02:40.0167 9456 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
09:02:40.0167 9456 NativeWifiP - ok
09:02:40.0198 9456 [ E7C54812A2AAF43316EB6930C1FFA108 ] NDIS C:\Windows\system32\drivers\ndis.sys
09:02:40.0245 9456 NDIS - ok
09:02:40.0261 9456 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
09:02:40.0261 9456 NdisCap - ok
09:02:40.0292 9456 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
09:02:40.0292 9456 NdisTapi - ok
09:02:40.0308 9456 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
09:02:40.0308 9456 Ndisuio - ok
09:02:40.0339 9456 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
09:02:40.0354 9456 NdisWan - ok
09:02:40.0386 9456 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
09:02:40.0386 9456 NDProxy - ok
09:02:40.0432 9456 [ 510C138564486FF926A3F773205C63D1 ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
09:02:40.0432 9456 Net Driver HPZ12 - ok
09:02:40.0464 9456 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
09:02:40.0464 9456 NetBIOS - ok
09:02:40.0510 9456 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
09:02:40.0510 9456 NetBT - ok
09:02:40.0526 9456 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
09:02:40.0542 9456 Netlogon - ok
09:02:40.0620 9456 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
09:02:40.0620 9456 Netman - ok
09:02:40.0698 9456 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
09:02:40.0729 9456 netprofm - ok
09:02:40.0807 9456 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
09:02:40.0822 9456 NetTcpPortSharing - ok
09:02:41.0088 9456 [ 58218EC6B61B1169CF54AAB0D00F5FE2 ] netw5v32 C:\Windows\system32\DRIVERS\netw5v32.sys
09:02:41.0181 9456 netw5v32 - ok
09:02:41.0212 9456 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
09:02:41.0212 9456 nfrd960 - ok
09:02:41.0275 9456 [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc C:\Windows\System32\nlasvc.dll
09:02:41.0275 9456 NlaSvc - ok
09:02:41.0306 9456 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
09:02:41.0306 9456 Npfs - ok
09:02:41.0337 9456 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
09:02:41.0337 9456 nsi - ok
09:02:41.0353 9456 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
09:02:41.0353 9456 nsiproxy - ok
09:02:41.0400 9456 [ 81189C3D7763838E55C397759D49007A ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
09:02:41.0431 9456 Ntfs - ok
09:02:41.0493 9456 [ 37BE10FF10A92031FC5A01E8363925CC ] NuidFltr C:\Windows\system32\DRIVERS\NuidFltr.sys
09:02:41.0493 9456 NuidFltr - ok
09:02:41.0509 9456 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
09:02:41.0509 9456 Null - ok
09:02:41.0540 9456 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
09:02:41.0556 9456 nvraid - ok
09:02:41.0587 9456 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
09:02:41.0587 9456 nvstor - ok
09:02:41.0634 9456 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
09:02:41.0634 9456 nv_agp - ok
09:02:41.0696 9456 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
09:02:41.0712 9456 odserv - ok
09:02:41.0758 9456 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
09:02:41.0758 9456 ohci1394 - ok
09:02:41.0790 9456 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:02:41.0790 9456 ose - ok
09:02:41.0821 9456 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
09:02:41.0836 9456 p2pimsvc - ok
09:02:41.0868 9456 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
09:02:41.0868 9456 p2psvc - ok
09:02:41.0883 9456 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
09:02:41.0883 9456 Parport - ok
09:02:41.0930 9456 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
09:02:41.0930 9456 partmgr - ok
09:02:41.0946 9456 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
09:02:41.0946 9456 Parvdm - ok
09:02:41.0961 9456 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
09:02:41.0961 9456 PcaSvc - ok
09:02:41.0992 9456 PcdrNdisuio - ok
09:02:42.0024 9456 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
09:02:42.0024 9456 pci - ok
09:02:42.0039 9456 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
09:02:42.0039 9456 pciide - ok
09:02:42.0055 9456 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
09:02:42.0055 9456 pcmcia - ok
09:02:42.0102 9456 [ 4B6B2C73E469F2A7EE950CDEA1C19CD4 ] PCPitstop Scheduling C:\Program Files\CA\PCPitstopScheduleService.exe
09:02:42.0102 9456 PCPitstop Scheduling - ok
09:02:42.0180 9456 [ 1E715247EFFFDDA938C085913045D599 ] PCTINDIS5 C:\Windows\system32\PCTINDIS5.SYS
09:02:42.0180 9456 PCTINDIS5 - ok
09:02:42.0180 9456 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
09:02:42.0195 9456 pcw - ok
09:02:42.0226 9456 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
09:02:42.0226 9456 PEAUTH - ok
09:02:42.0273 9456 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
09:02:42.0304 9456 PeerDistSvc - ok
09:02:42.0367 9456 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
09:02:42.0398 9456 pla - ok
09:02:42.0445 9456 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
09:02:42.0460 9456 PlugPlay - ok
09:02:42.0492 9456 [ 37E5E8FFBAD35605DAEEC3224EA0E465 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
09:02:42.0507 9456 Pml Driver HPZ12 - ok
09:02:42.0554 9456 [ B4079D61B5C6B4919BDE17C38202E236 ] pmxdrv C:\Windows\system32\drivers\pmxdrv.sys
09:02:42.0585 9456 pmxdrv - ok
09:02:42.0616 9456 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
09:02:42.0616 9456 PNRPAutoReg - ok
09:02:42.0632 9456 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
09:02:42.0632 9456 PNRPsvc - ok
09:02:42.0663 9456 [ 896D916DE06F5502D301E8C4DC442AE8 ] Point32 C:\Windows\system32\DRIVERS\point32.sys
09:02:42.0663 9456 Point32 - ok
09:02:42.0710 9456 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
09:02:42.0710 9456 PolicyAgent - ok
09:02:42.0741 9456 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
09:02:42.0741 9456 Power - ok
09:02:42.0757 9456 [ 70BE64891555F23355D245F7A628731D ] Power Manager DBC Service C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
09:02:42.0757 9456 Power Manager DBC Service - ok
09:02:42.0804 9456 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
09:02:42.0804 9456 PptpMiniport - ok
09:02:42.0819 9456 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
09:02:42.0819 9456 Processor - ok
09:02:42.0866 9456 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
09:02:42.0882 9456 ProfSvc - ok
09:02:42.0882 9456 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
09:02:42.0882 9456 ProtectedStorage - ok
09:02:42.0913 9456 [ 72DE205CD4006DC45B1401859C506679 ] psadd C:\Windows\system32\DRIVERS\psadd.sys
09:02:42.0913 9456 psadd - ok
09:02:42.0944 9456 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
09:02:42.0944 9456 Psched - ok
09:02:42.0991 9456 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
09:02:43.0038 9456 ql2300 - ok
09:02:43.0053 9456 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
09:02:43.0069 9456 ql40xx - ok
09:02:43.0084 9456 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
09:02:43.0084 9456 QWAVE - ok
09:02:43.0100 9456 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
09:02:43.0100 9456 QWAVEdrv - ok
09:02:43.0116 9456 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
09:02:43.0116 9456 RasAcd - ok
09:02:43.0131 9456 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
09:02:43.0131 9456 RasAgileVpn - ok
09:02:43.0147 9456 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
09:02:43.0147 9456 RasAuto - ok
09:02:43.0178 9456 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
09:02:43.0178 9456 Rasl2tp - ok
09:02:43.0225 9456 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
09:02:43.0240 9456 RasMan - ok
09:02:43.0256 9456 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
09:02:43.0256 9456 RasPppoe - ok
09:02:43.0272 9456 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
09:02:43.0272 9456 RasSstp - ok
09:02:43.0303 9456 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
09:02:43.0303 9456 rdbss - ok
09:02:43.0334 9456 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
09:02:43.0334 9456 rdpbus - ok
09:02:43.0365 9456 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
09:02:43.0365 9456 RDPCDD - ok
09:02:43.0412 9456 [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
09:02:43.0428 9456 RDPDR - ok
09:02:43.0459 9456 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
09:02:43.0459 9456 RDPENCDD - ok
09:02:43.0459 9456 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
09:02:43.0474 9456 RDPREFMP - ok
09:02:43.0506 9456 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
09:02:43.0506 9456 RDPWD - ok
09:02:43.0552 9456 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
09:02:43.0552 9456 rdyboost - ok
09:02:43.0568 9456 [ 001B4278407F4303EFC902A2B16F2453 ] regi C:\Windows\system32\drivers\regi.sys
09:02:43.0568 9456 regi - ok
09:02:43.0599 9456 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
09:02:43.0599 9456 RemoteAccess - ok
09:02:43.0630 9456 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
09:02:43.0630 9456 RemoteRegistry - ok
09:02:43.0677 9456 [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
09:02:43.0677 9456 RFCOMM - ok
09:02:43.0693 9456 [ E891F07815AF88075705EF6A248711F6 ] rimspci C:\Windows\system32\DRIVERS\rimspe86.sys
09:02:43.0708 9456 rimspci - ok
09:02:43.0740 9456 [ F17713D108ACA124A139FDE877EEF68A ] RimUsb C:\Windows\system32\Drivers\RimUsb.sys
09:02:43.0740 9456 RimUsb - ok
09:02:43.0771 9456 [ 2C4FB2E9F039287767C384E46EE91030 ] RimVSerPort C:\Windows\system32\DRIVERS\RimSerial.sys
09:02:43.0771 9456 RimVSerPort - ok
09:02:43.0802 9456 [ 6A60626412129C713CC30C81870A8095 ] rixdpcie C:\Windows\system32\DRIVERS\rixdpe86.sys
09:02:43.0802 9456 rixdpcie - ok
09:02:43.0833 9456 [ 564297827D213F52C7A3A2FF749568CA ] ROOTMODEM C:\Windows\system32\Drivers\RootMdm.sys
09:02:43.0833 9456 ROOTMODEM - ok
09:02:43.0880 9456 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
09:02:43.0880 9456 RpcEptMapper - ok
09:02:43.0911 9456 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
09:02:43.0927 9456 RpcLocator - ok
09:02:43.0974 9456 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
09:02:43.0989 9456 RpcSs - ok
09:02:44.0005 9456 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
09:02:44.0005 9456 rspndr - ok
09:02:44.0052 9456 [ 4F04692424A23F2B36DD53D903AB27AE ] rtl8192se C:\Windows\system32\DRIVERS\rtl8192se.sys
09:02:44.0083 9456 rtl8192se - ok
09:02:44.0114 9456 [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
09:02:44.0114 9456 s3cap - ok
09:02:44.0145 9456 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
09:02:44.0145 9456 SamSs - ok
09:02:44.0176 9456 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
09:02:44.0192 9456 sbp2port - ok
09:02:44.0239 9456 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
09:02:44.0239 9456 SCardSvr - ok
09:02:44.0270 9456 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
09:02:44.0270 9456 scfilter - ok
09:02:44.0317 9456 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
09:02:44.0348 9456 Schedule - ok
09:02:44.0379 9456 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
09:02:44.0379 9456 SCPolicySvc - ok
09:02:44.0426 9456 [ 0328BE1C7F1CBA23848179F8762E391C ] sdbus C:\Windows\system32\drivers\sdbus.sys
09:02:44.0426 9456 sdbus - ok
09:02:44.0457 9456 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
09:02:44.0473 9456 SDRSVC - ok
09:02:44.0582 9456 [ 16A252022535B680046F6E34E136D378 ] SeaPort C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
09:02:44.0598 9456 SeaPort - ok
09:02:44.0660 9456 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
09:02:44.0660 9456 secdrv - ok
09:02:44.0691 9456 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
09:02:44.0691 9456 seclogon - ok
09:02:44.0707 9456 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
09:02:44.0707 9456 SENS - ok
09:02:44.0738 9456 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
09:02:44.0738 9456 SensrSvc - ok
09:02:44.0785 9456 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
09:02:44.0785 9456 Serenum - ok
09:02:44.0832 9456 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
09:02:44.0832 9456 Serial - ok
09:02:44.0863 9456 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
09:02:44.0863 9456 sermouse - ok
09:02:44.0910 9456 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
09:02:44.0910 9456 SessionEnv - ok
09:02:44.0956 9456 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
09:02:44.0956 9456 sffdisk - ok
09:02:44.0956 9456 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
09:02:44.0956 9456 sffp_mmc - ok
09:02:44.0988 9456 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
09:02:44.0988 9456 sffp_sd - ok
09:02:45.0034 9456 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
09:02:45.0034 9456 sfloppy - ok
09:02:45.0081 9456 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
09:02:45.0081 9456 SharedAccess - ok
09:02:45.0128 9456 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
09:02:45.0128 9456 ShellHWDetection - ok
09:02:45.0175 9456 [ BC31655A03D9E9ED6F7116BAFB9B38C7 ] Shockprf C:\Windows\system32\DRIVERS\Apsx86.sys
09:02:45.0175 9456 Shockprf - ok
09:02:45.0222 9456 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
09:02:45.0222 9456 sisagp - ok
09:02:45.0253 9456 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
09:02:45.0253 9456 SiSRaid2 - ok
09:02:45.0268 9456 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
09:02:45.0268 9456 SiSRaid4 - ok
09:02:45.0378 9456 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
09:02:45.0378 9456 SkypeUpdate - ok
09:02:45.0409 9456 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
09:02:45.0409 9456 Smb - ok
09:02:45.0440 9456 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
09:02:45.0440 9456 SNMPTRAP - ok
09:02:45.0456 9456 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
09:02:45.0456 9456 spldr - ok
09:02:45.0502 9456 [ 866A43013535DC8587C258E43579C764 ] Spooler C:\Windows\System32\spoolsv.exe
09:02:45.0502 9456 Spooler - ok
09:02:45.0596 9456 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
09:02:45.0643 9456 sppsvc - ok
09:02:45.0674 9456 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
09:02:45.0690 9456 sppuinotify - ok
09:02:45.0721 9456 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
09:02:45.0736 9456 srv - ok
09:02:45.0783 9456 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
09:02:45.0783 9456 srv2 - ok
09:02:45.0814 9456 [ E00FDFAFF025E94F9821153750C35A6D ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL3.SYS
09:02:45.0830 9456 SrvHsfHDA - ok
09:02:45.0861 9456 [ CEB4E3B6890E1E42DCA6694D9E59E1A0 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV3.SYS
09:02:45.0877 9456 SrvHsfV92 - ok
09:02:45.0908 9456 [ BC0C7EA89194C299F051C24119000E17 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
09:02:45.0924 9456 SrvHsfWinac - ok
09:02:45.0955 9456 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
09:02:45.0955 9456 srvnet - ok
09:02:45.0986 9456 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
09:02:45.0986 9456 SSDPSRV - ok
09:02:46.0002 9456 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
09:02:46.0017 9456 SstpSvc - ok
09:02:46.0033 9456 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
09:02:46.0033 9456 stexstor - ok
09:02:46.0064 9456 [ EDB05BD63148796F23EA78506404A538 ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
09:02:46.0064 9456 StillCam - ok
09:02:46.0189 9456 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
09:02:46.0220 9456 StiSvc - ok
09:02:46.0251 9456 [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
09:02:46.0251 9456 storflt - ok
09:02:46.0282 9456 [ 0BF669F0A910BEDA4A32258D363AF2A5 ] StorSvc C:\Windows\system32\storsvc.dll
09:02:46.0282 9456 StorSvc - ok
09:02:46.0298 9456 [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc C:\Windows\system32\drivers\storvsc.sys
09:02:46.0298 9456 storvsc - ok
09:02:46.0329 9456 [ F3C73E650F1CD3289F38E62CCC325A66 ] SUService c:\Program Files\Lenovo\System Update\SUService.exe
09:02:46.0329 9456 SUService - ok
09:02:46.0392 9456 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
09:02:46.0392 9456 swenum - ok
09:02:46.0438 9456 [ 4F3CA882769B78B7F9B1DD96DF4B6996 ] swmsflt C:\Windows\system32\DRIVERS\swmsflt.sys
09:02:46.0438 9456 swmsflt - ok
09:02:46.0485 9456 [ 1332760DB7BF09F29A750EB70C095191 ] SWNC8U80 C:\Windows\system32\DRIVERS\swnc8u80.sys
09:02:46.0485 9456 SWNC8U80 - ok
09:02:46.0516 9456 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
09:02:46.0532 9456 swprv - ok
09:02:46.0548 9456 SWUMX20 - ok
09:02:46.0594 9456 [ 20E3F070EA2B7CA0A093CA840BD65281 ] SWUMX80 C:\Windows\system32\DRIVERS\swumx80.sys
09:02:46.0594 9456 SWUMX80 - ok
09:02:46.0688 9456 [ 4F3FA14E8D306005F3F4CB771E806F40 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
09:02:46.0719 9456 SynTP - ok
09:02:46.0766 9456 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
09:02:46.0797 9456 SysMain - ok
09:02:46.0797 9456 szserver - ok
09:02:46.0828 9456 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
09:02:46.0844 9456 TabletInputService - ok
09:02:46.0875 9456 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
09:02:46.0875 9456 TapiSrv - ok
09:02:46.0906 9456 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
09:02:46.0922 9456 TBS - ok
09:02:46.0984 9456 [ 7FA2E0F8B072BD04B77B421480B6CC22 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
09:02:47.0016 9456 Tcpip - ok
09:02:47.0062 9456 [ 7FA2E0F8B072BD04B77B421480B6CC22 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
09:02:47.0062 9456 TCPIP6 - ok
09:02:47.0094 9456 [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
09:02:47.0094 9456 tcpipreg - ok
09:02:47.0140 9456 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
09:02:47.0140 9456 TDPIPE - ok
09:02:47.0187 9456 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
09:02:47.0187 9456 TDTCP - ok
09:02:47.0203 9456 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
09:02:47.0203 9456 tdx - ok
09:02:47.0218 9456 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
09:02:47.0218 9456 TermDD - ok
09:02:47.0265 9456 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
09:02:47.0281 9456 TermService - ok
09:02:47.0312 9456 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
09:02:47.0312 9456 Themes - ok
09:02:47.0390 9456 [ 39AC444E07FDBD8C2E8E291A65D515D3 ] ThinkVantage Registry Monitor Service C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
09:02:47.0406 9456 ThinkVantage Registry Monitor Service - ok
09:02:47.0421 9456 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
09:02:47.0421 9456 THREADORDER - ok
09:02:47.0452 9456 [ C5DC9E462407B274B504DE2AA3220C2E ] TPDIGIMN C:\Windows\system32\DRIVERS\ApsHM86.sys
09:02:47.0452 9456 TPDIGIMN - ok
09:02:47.0499 9456 [ 4B2F57221E4CA268967EED0C4F2B7726 ] TPHDEXLGSVC C:\Windows\system32\TPHDEXLG.exe
09:02:47.0499 9456 TPHDEXLGSVC - ok
09:02:47.0515 9456 [ 88D609BFDEB7E013E9E491434190BA43 ] TPHKLOAD C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
09:02:47.0530 9456 TPHKLOAD - ok
09:02:47.0562 9456 [ 9E6E4A9789F76593CC5A6A5AF8FC5929 ] TPHKSVC C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
09:02:47.0562 9456 TPHKSVC - ok
09:02:47.0593 9456 [ 5AD05191DC8B444A7BA4D79B76C42A30 ] TPM C:\Windows\system32\drivers\tpm.sys
09:02:47.0593 9456 TPM - ok
09:02:47.0624 9456 [ 6412DA2B8D079D821B99B3A99943284E ] TPPWRIF C:\Windows\system32\drivers\Tppwr32v.sys
09:02:47.0624 9456 TPPWRIF - ok
09:02:47.0655 9456 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
09:02:47.0671 9456 TrkWks - ok
09:02:47.0733 9456 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
09:02:47.0733 9456 TrustedInstaller - ok
09:02:47.0749 9456 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
09:02:47.0749 9456 tssecsrv - ok
09:02:47.0796 9456 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
09:02:47.0796 9456 TsUsbFlt - ok
09:02:47.0842 9456 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
09:02:47.0842 9456 tunnel - ok
09:02:47.0874 9456 [ C0847EDCCCEF8D4F5354E82EC9E90159 ] TurboB C:\Windows\system32\DRIVERS\TurboB.sys
09:02:47.0874 9456 TurboB - ok
09:02:47.0905 9456 [ 8629F69817902D9D0F00EB3247AABA51 ] TurboBoost C:\Program Files\Intel\TurboBoost\TurboBoost.exe
09:02:47.0920 9456 TurboBoost - ok
09:02:47.0967 9456 [ 3147063508EAE931BECC01573C204FAC ] TVicPort C:\Windows\system32\drivers\TVicPort.sys
09:02:47.0967 9456 TVicPort - ok
09:02:47.0998 9456 TVT Backup Service - ok
09:02:48.0030 9456 [ 3078906E991F29305E8066911153717E ] TVTI2C C:\Windows\system32\DRIVERS\Tvti2c.sys
09:02:48.0030 9456 TVTI2C - ok
09:02:48.0061 9456 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
09:02:48.0061 9456 uagp35 - ok
09:02:48.0092 9456 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
09:02:48.0092 9456 udfs - ok
09:02:48.0123 9456 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
09:02:48.0123 9456 UI0Detect - ok
09:02:48.0186 9456 [ BE788A747457E6916586C410EC0111E7 ] UleadBurningHelper C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
09:02:48.0186 9456 UleadBurningHelper - ok
09:02:48.0217 9456 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
09:02:48.0217 9456 uliagpkx - ok
09:02:48.0248 9456 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\drivers\umbus.sys
09:02:48.0248 9456 umbus - ok
09:02:48.0264 9456 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
09:02:48.0264 9456 UmPass - ok
09:02:48.0310 9456 [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService C:\Windows\System32\umrdp.dll
09:02:48.0310 9456 UmRdpService - ok
09:02:48.0388 9456 [ 2B971A72C0D6BD8A710E2748353773DD ] UNS C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
09:02:48.0435 9456 UNS - ok
09:02:48.0451 9456 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
09:02:48.0466 9456 upnphost - ok
09:02:48.0513 9456 [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
09:02:48.0513 9456 USBAAPL - ok
09:02:48.0544 9456 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
09:02:48.0544 9456 usbccgp - ok
09:02:48.0576 9456 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
09:02:48.0591 9456 usbcir - ok
09:02:48.0607 9456 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\drivers\usbehci.sys
09:02:48.0607 9456 usbehci - ok
09:02:48.0622 9456 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
09:02:48.0654 9456 usbhub - ok
09:02:48.0669 9456 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\drivers\usbohci.sys
09:02:48.0669 9456 usbohci - ok
09:02:48.0716 9456 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
09:02:48.0716 9456 usbprint - ok
09:02:48.0747 9456 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
09:02:48.0747 9456 usbscan - ok
09:02:48.0794 9456 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:02:48.0794 9456 USBSTOR - ok
09:02:48.0825 9456 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
09:02:48.0825 9456 usbuhci - ok
09:02:48.0872 9456 [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
09:02:48.0888 9456 usbvideo - ok
09:02:48.0903 9456 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
09:02:48.0903 9456 UxSms - ok
09:02:48.0919 9456 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
09:02:48.0919 9456 VaultSvc - ok
09:02:48.0966 9456 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
09:02:48.0966 9456 vdrvroot - ok
09:02:49.0012 9456 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
09:02:49.0028 9456 vds - ok
09:02:49.0059 9456 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
09:02:49.0059 9456 vga - ok
09:02:49.0075 9456 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
09:02:49.0075 9456 VgaSave - ok
09:02:49.0106 9456 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
09:02:49.0106 9456 vhdmp - ok
09:02:49.0137 9456 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
09:02:49.0137 9456 viaagp - ok
09:02:49.0168 9456 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
09:02:49.0168 9456 ViaC7 - ok
09:02:49.0200 9456 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
09:02:49.0200 9456 viaide - ok
09:02:49.0231 9456 [ C2F2911156FDC7817C52829C86DA494E ] vmbus C:\Windows\system32\drivers\vmbus.sys
09:02:49.0231 9456 vmbus - ok
09:02:49.0246 9456 [ D4D77455211E204F370D08F4963063CE ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
09:02:49.0246 9456 VMBusHID - ok
09:02:49.0262 9456 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
09:02:49.0262 9456 volmgr - ok
09:02:49.0293 9456 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
09:02:49.0309 9456 volmgrx - ok
09:02:49.0340 9456 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
09:02:49.0356 9456 volsnap - ok
09:02:49.0371 9456 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
09:02:49.0387 9456 vsmraid - ok
09:02:49.0434 9456 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
09:02:49.0465 9456 VSS - ok
09:02:49.0480 9456 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
09:02:49.0480 9456 vwifibus - ok
09:02:49.0496 9456 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
09:02:49.0496 9456 vwififlt - ok
09:02:49.0512 9456 [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
09:02:49.0512 9456 vwifimp - ok
09:02:49.0558 9456 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
09:02:49.0558 9456 W32Time - ok
09:02:49.0590 9456 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
09:02:49.0590 9456 WacomPen - ok
09:02:49.0621 9456 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
09:02:49.0621 9456 WANARP - ok
09:02:49.0621 9456 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
09:02:49.0621 9456 Wanarpv6 - ok
09:02:49.0699 9456 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
09:02:49.0730 9456 WatAdminSvc - ok
09:02:49.0777 9456 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
09:02:49.0808 9456 wbengine - ok
09:02:49.0839 9456 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
09:02:49.0855 9456 WbioSrvc - ok
09:02:49.0886 9456 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
09:02:49.0902 9456 wcncsvc - ok
09:02:49.0917 9456 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
09:02:49.0933 9456 WcsPlugInService - ok
09:02:49.0948 9456 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
09:02:49.0948 9456 Wd - ok
09:02:49.0995 9456 [ D6EFAF429FD30C5DF613D220E344CCE7 ] WDC_SAM C:\Windows\system32\DRIVERS\wdcsam.sys
09:02:50.0011 9456 WDC_SAM - ok
09:02:50.0026 9456 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
09:02:50.0058 9456 Wdf01000 - ok
09:02:50.0120 9456 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
09:02:50.0120 9456 WdiServiceHost - ok
09:02:50.0120 9456 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
09:02:50.0136 9456 WdiSystemHost - ok
09:02:50.0167 9456 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
09:02:50.0167 9456 WebClient - ok
09:02:50.0198 9456 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
09:02:50.0214 9456 Wecsvc - ok
09:02:50.0229 9456 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
09:02:50.0229 9456 wercplsupport - ok
09:02:50.0260 9456 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
09:02:50.0260 9456 WerSvc - ok
09:02:50.0307 9456 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
09:02:50.0307 9456 WfpLwf - ok
09:02:50.0323 9456 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
09:02:50.0323 9456 WIMMount - ok
09:02:50.0370 9456 [ 253A9C2DF9A2A7B3B23146014959F2CD ] winachsf C:\Windows\system32\DRIVERS\HSX_CNXT.sys
09:02:50.0385 9456 winachsf - ok
09:02:50.0448 9456 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
09:02:50.0463 9456 WinDefend - ok
09:02:50.0463 9456 WinHttpAutoProxySvc - ok
09:02:50.0510 9456 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
09:02:50.0510 9456 Winmgmt - ok
09:02:50.0572 9456 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
09:02:50.0604 9456 WinRM - ok
09:02:50.0666 9456 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
09:02:50.0666 9456 WinUsb - ok
09:02:50.0713 9456 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
09:02:50.0744 9456 Wlansvc - ok
09:02:50.0838 9456 [ 6067ACEF367E79914AF628FA1E9B5330 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
09:02:50.0838 9456 wlcrasvc - ok
09:02:50.0916 9456 [ 0A70F4022EC2E14C159EFC4F69AA2477 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
09:02:50.0947 9456 wlidsvc - ok
09:02:50.0994 9456 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
09:02:50.0994 9456 WmiAcpi - ok
09:02:51.0025 9456 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
09:02:51.0025 9456 wmiApSrv - ok
09:02:51.0103 9456 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
09:02:51.0134 9456 WMPNetworkSvc - ok
09:02:51.0150 9456 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
09:02:51.0165 9456 WPCSvc - ok
09:02:51.0196 9456 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
09:02:51.0196 9456 WPDBusEnum - ok
09:02:51.0228 9456 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
09:02:51.0228 9456 ws2ifsl - ok
09:02:51.0259 9456 [ 4160CBE59D9B5BE22E4C3897E8DB9D56 ] WsAudio_DeviceS(1) C:\Windows\system32\drivers\WsAudio_DeviceS(1).sys
09:02:51.0274 9456 WsAudio_DeviceS(1) - ok
09:02:51.0290 9456 [ 4160CBE59D9B5BE22E4C3897E8DB9D56 ] WsAudio_DeviceS(2) C:\Windows\system32\drivers\WsAudio_DeviceS(2).sys
09:02:51.0290 9456 WsAudio_DeviceS(2) - ok
09:02:51.0337 9456 [ 4160CBE59D9B5BE22E4C3897E8DB9D56 ] WsAudio_DeviceS(3) C:\Windows\system32\drivers\WsAudio_DeviceS(3).sys
09:02:51.0337 9456 WsAudio_DeviceS(3) - ok
09:02:51.0352 9456 [ 4160CBE59D9B5BE22E4C3897E8DB9D56 ] WsAudio_DeviceS(4) C:\Windows\system32\drivers\WsAudio_DeviceS(4).sys
09:02:51.0352 9456 WsAudio_DeviceS(4) - ok
09:02:51.0680 9456 [ 4160CBE59D9B5BE22E4C3897E8DB9D56 ] WsAudio_DeviceS(5) C:\Windows\system32\drivers\WsAudio_DeviceS(5).sys
09:02:51.0680 9456 WsAudio_DeviceS(5) - ok
09:02:51.0711 9456 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\system32\wscsvc.dll
09:02:51.0711 9456 wscsvc - ok
09:02:51.0727 9456 WSearch - ok
09:02:51.0805 9456 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
09:02:51.0852 9456 wuauserv - ok
09:02:51.0867 9456 [ E714A1C0354636837E20CCBF00888EE7 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
09:02:51.0867 9456 WudfPf - ok
09:02:51.0914 9456 [ 1023EE888C9B47178C5293ED5336AB69 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
09:02:51.0914 9456 WUDFRd - ok
09:02:51.0961 9456 [ 8D1E1E529A2C9E9B6A85B55A345F7629 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
09:02:51.0961 9456 wudfsvc - ok
09:02:51.0992 9456 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
09:02:52.0008 9456 WwanSvc - ok
09:02:52.0023 9456 [ 894F963BE999BA9DB5AAC3AED55B115D ] XAudio C:\Windows\system32\DRIVERS\XAudio32.sys
09:02:52.0023 9456 XAudio - ok
09:02:52.0086 9456 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
09:02:52.0101 9456 YahooAUService - ok
09:02:52.0117 9456 ================ Scan global ===============================
09:02:52.0164 9456 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
09:02:52.0210 9456 [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
09:02:52.0210 9456 [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
09:02:52.0242 9456 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
09:02:52.0257 9456 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
09:02:52.0257 9456 [Global] - ok
09:02:52.0257 9456 ================ Scan MBR ==================================
09:02:52.0273 9456 [ 46D770385A1103A2F578A936549A68A5 ] \Device\Harddisk0\DR0
09:02:52.0663 9456 \Device\Harddisk0\DR0 - ok
09:02:52.0663 9456 ================ Scan VBR ==================================
09:02:52.0663 9456 [ 7714FEBE8209F6D544C23E0945830A64 ] \Device\Harddisk0\DR0\Partition1
09:02:52.0663 9456 \Device\Harddisk0\DR0\Partition1 - ok
09:02:52.0663 9456 [ BA9D62EE34BA0FF06E1CE80012F4391D ] \Device\Harddisk0\DR0\Partition2
09:02:52.0678 9456 \Device\Harddisk0\DR0\Partition2 - ok
09:02:52.0694 9456 [ 25813487673981E54CDD7EEA8E4228CA ] \Device\Harddisk0\DR0\Partition3
09:02:52.0694 9456 \Device\Harddisk0\DR0\Partition3 - ok
09:02:52.0694 9456 ============================================================
09:02:52.0694 9456 Scan finished
09:02:52.0694 9456 ============================================================
09:02:52.0710 6836 Detected object count: 0
09:02:52.0710 6836 Actual detected object count: 0
09:07:35.0121 3216 Deinitialize success

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-27 09:08:05
-----------------------------
09:08:05.818 OS Version: Windows 6.1.7601 Service Pack 1
09:08:05.818 Number of processors: 4 586 0x2502
09:08:05.818 ComputerName: BILL-THINK-PC UserName: Bill
09:08:15.193 Initialize success
09:09:44.784 AVAST engine defs: 12082700
09:15:58.878 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
09:15:58.881 Disk 0 Vendor: FUJITSU_ 0084 Size: 238475MB BusType: 3
09:15:58.995 Disk 0 MBR read successfully
09:15:58.998 Disk 0 MBR scan
09:15:59.186 Disk 0 unknown MBR code
09:15:59.297 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 1200 MB offset 2048
09:15:59.401 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 227272 MB offset 2459648
09:15:59.493 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 10000 MB offset 467914752
09:15:59.532 Disk 0 scanning sectors +488394752
09:16:00.215 Disk 0 scanning C:\Windows\system32\drivers
09:18:42.318 Service scanning
09:19:58.540 Modules scanning
09:23:02.515 Disk 0 trace - called modules:
09:23:03.108 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll iaStor.sys
09:23:03.123 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87a1d660]
09:23:03.123 3 CLASSPNP.SYS[891db59e] -> nt!IofCallDriver -> [0x85ebe9c0]
09:23:03.139 5 ACPI.sys[88c9e3d4] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x85ecc028]
09:23:06.649 AVAST engine scan C:\Windows
09:25:17.877 AVAST engine scan C:\Windows\system32
09:53:28.841 AVAST engine scan C:\Windows\system32\drivers
09:57:39.480 AVAST engine scan C:\Users\Bill
10:31:11.911 AVAST engine scan C:\ProgramData
10:35:55.571 Scan finished successfully
10:46:45.821 Disk 0 MBR has been saved successfully to "C:\Users\Bill\Desktop\MBR.dat"
10:46:45.821 The log file has been saved successfully to "C:\Users\Bill\Desktop\aswMBR.txt"

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:31 PM

Posted 27 August 2012 - 02:05 PM

Hello

Ok lets try this, I want you to run combofix in safe mode but it is very important that when combofix reboots the computer for you to direct it back into safe mode so it can finish the scan.

Boot into Safe Mode

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.

after combofix has finished its scan please post the report back here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Bill898

Bill898
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:31 PM

Posted 27 August 2012 - 04:07 PM

Wow!! Took three hours but got the log. Looks like it fixed alot of things. Rebooted twice and I intercepted and made it relog in safemode. after combo fix was done, I had to reboot normally as i.e. would not work after combofix was done. Waiting for your next command!! Thanks so much for getting me this far. I was about ready to get a new computer and I don't have the money. Anyway, log following:

ComboFix 12-08-25.04 - Bill 08/27/2012 16:20:32.1.4 - x86 NETWORK
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.1908.1237 [GMT -4:00]
Running from: c:\users\Bill\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\hhnmbaa.tmp
c:\programdata\khwddaa.tmp
c:\programdata\moyraaa.tmp
c:\programdata\noyraaa.tmp
c:\programdata\rwfcdaa.tmp
c:\users\Bill\g2ax_customer_downloadhelper_win32_x86.exe
c:\windows\$NtUninstallKB24258$
c:\windows\$NtUninstallKB24258$\1954786536
c:\windows\expl.dat
c:\windows\system32\config\systemprofile\0.4556945931168549.exe
c:\windows\system32\config\systemprofile\0.9210044633955532.exe
c:\windows\system32\SET120A.tmp
c:\windows\system32\SET1249.tmp
c:\windows\system32\SET1FF1.tmp
c:\windows\system32\SET2E99.tmp
c:\windows\system32\SET2F08.tmp
c:\windows\system32\SET9EFD.tmp
c:\windows\system32\SETC90.tmp
c:\windows\system32\SETFF75.tmp
c:\windows\system32\svch.dat
c:\windows\system32\Thumbs.db
c:\windows\system32\winl.dat
Q:\Autorun.inf
.
Infected copy of c:\windows\system32\winlogon.exe was found and disinfected
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
.
Infected copy of c:\windows\system32\svchost.exe was found and disinfected
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
.
c:\windows\explorer.exe . . . is infected!!
.
.
((((((((((((((((((((((((( Files Created from 2012-07-27 to 2012-08-27 )))))))))))))))))))))))))))))))
.
.
2012-08-27 20:45 . 2012-08-27 20:48 -------- d-----w- c:\users\Bill\AppData\Local\temp
2012-08-27 20:45 . 2012-08-27 20:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-21 00:39 . 2012-08-21 00:39 -------- d-----w- c:\program files\Common Files\Java
2012-08-21 00:38 . 2012-08-21 00:38 -------- d-----w- c:\program files\Oracle
2012-08-21 00:38 . 2012-07-06 02:06 772544 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-08-19 03:21 . 2012-08-19 03:21 27424 ----a-w- c:\windows\system32\drivers\hitmanpro36.sys
2012-08-19 01:28 . 2012-08-19 01:28 -------- d-----w- c:\programdata\Simply Super Software
2012-08-19 01:24 . 2012-08-19 01:24 -------- d-----w- c:\users\Bill\DoctorWeb
2012-08-19 00:59 . 2012-08-19 00:59 -------- d-----w- c:\users\Bill\temp
2012-08-19 00:59 . 2012-08-19 00:59 -------- d-----w- c:\users\Bill\AppData\Roaming\TeamViewer
2012-08-19 00:53 . 2012-08-19 02:33 -------- d-----w- c:\program files\Citrix
2012-08-18 23:50 . 2012-08-19 02:14 -------- d-----w- c:\programdata\Tarma Installer
2012-08-18 23:33 . 2012-08-18 23:33 -------- d-----w- c:\programdata\RegAce
2012-08-18 23:31 . 2012-08-18 23:31 -------- d-----w- c:\users\Bill\AppData\Local\APN
2012-08-18 19:45 . 2012-08-18 19:45 -------- d-----w- C:\MATS
2012-08-18 19:44 . 2012-08-18 19:46 -------- d-----w- c:\program files\Common Files\PctelEapPeer Authentication
2012-08-18 19:44 . 2012-08-18 19:44 -------- d-----w- c:\programdata\LG
2012-08-18 19:06 . 2010-07-27 23:12 480384 ------w- c:\windows\system32\bmnet.dll
2012-08-18 01:52 . 2012-08-19 23:25 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-08-18 01:52 . 2012-08-19 23:16 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-08-17 21:25 . 2012-08-18 15:05 -------- d-----w- c:\windows\CC1F6DA021D2425AB1B65B164A598450.TMP
2012-08-15 23:21 . 2012-08-15 23:24 -------- d-----w- c:\users\TEMP
2012-08-15 22:00 . 2012-08-15 22:00 -------- d-----w- c:\users\Bill\AppData\Roaming\QuickScan
2012-08-15 11:59 . 2012-08-15 11:59 -------- d-----w- c:\windows\Sun
2012-08-14 23:57 . 2012-08-18 21:35 -------- d-----w- c:\users\Bill\AppData\Local\Threat Expert
2012-08-14 21:05 . 2012-06-22 19:34 203120 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2012-08-11 03:14 . 2012-08-11 03:14 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Google
2012-08-11 03:09 . 2012-08-15 00:02 -------- d-----w- c:\program files\Google
2012-08-09 04:45 . 2011-12-09 19:35 25704 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(5).sys
2012-08-09 04:44 . 2011-12-09 19:35 25704 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(4).sys
2012-08-09 04:42 . 2011-12-09 19:35 25704 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(3).sys
2012-08-09 04:42 . 2011-12-09 19:35 25704 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(2).sys
2012-08-09 04:41 . 2011-12-09 19:35 25704 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(1).sys
2012-08-09 04:40 . 2012-08-09 04:40 -------- d-----w- c:\users\Bill\AppData\Local\Aimersoft
2012-08-09 04:40 . 2012-08-09 04:40 -------- d-----w- c:\program files\Common Files\Aimersoft
2012-08-09 04:40 . 2011-12-09 19:35 892928 ----a-w- c:\windows\system32\iconv.dll
2012-08-09 04:40 . 2011-12-09 19:35 675840 ----a-w- c:\windows\system32\ac3filter.ax
2012-08-09 04:40 . 2011-12-09 19:35 496640 ----a-w- c:\windows\system32\xvid.ax
2012-08-09 04:40 . 2012-08-14 23:57 -------- d-----w- c:\program files\Aimersoft
2012-08-01 12:53 . 2012-08-01 12:53 -------- d-----w- c:\program files\Common Files\Skype
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-18 21:46 . 2011-01-22 00:56 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2012-08-14 20:35 . 2012-06-11 19:18 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-14 20:35 . 2011-11-07 13:56 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-17 12:36 . 2012-07-17 12:36 132984 ----a-r- c:\windows\system32\IS3HTUI5.dll
2012-07-17 12:36 . 2012-07-17 12:36 104312 ----a-r- c:\windows\system32\IS3Inet5.dll
2012-07-17 12:36 . 2012-07-17 12:36 67448 ----a-r- c:\windows\system32\IS3Hks5.dll
2012-07-17 12:36 . 2012-07-17 12:36 812920 ----a-r- c:\windows\system32\IS3Base5.dll
2012-06-12 02:40 . 2012-07-12 12:34 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-06-06 05:05 . 2012-07-11 18:49 1390080 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 05:05 . 2012-07-11 18:49 1236992 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 05:03 . 2012-07-11 18:49 805376 ----a-w- c:\windows\system32\cdosys.dll
2012-06-05 20:01 . 2012-06-05 20:01 12872 ----a-w- c:\windows\system32\bootdelete.exe
2012-06-02 22:19 . 2012-06-21 13:00 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 13:00 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 13:00 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 13:00 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-21 13:00 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-21 13:00 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-21 13:00 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19 . 2012-06-21 12:59 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:12 . 2012-06-21 12:59 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 08:33 . 2012-07-12 12:40 1800192 ----a-w- c:\windows\system32\jscript9.dll
2012-06-02 08:25 . 2012-07-12 12:40 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-06-02 08:25 . 2012-07-12 12:40 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-02 08:20 . 2012-07-12 12:40 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-02 08:16 . 2012-07-12 12:40 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-02 04:45 . 2012-07-11 18:49 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 04:45 . 2012-07-11 18:49 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 04:40 . 2012-07-11 18:49 369336 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 04:40 . 2012-07-11 18:49 225280 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 04:39 . 2012-07-11 18:49 219136 ----a-w- c:\windows\system32\ncrypt.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2010-11-20 . CAB11BC1BDF9907D7EC96DD7A81A96F1 . 311296 . . [6.1.7601.17514] . . c:\windows\System32\winlogon.exe
[7] 2010-11-20 . 6D13E1406F50C66E2A95D97F22C47560 . 286720 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[7] 2010-07-03 . 37CDB7E72EB66BA85A87CBE37E7F03FD . 285696 . . [6.1.7600.16447] . . c:\windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[7] 2010-07-03 . 3BABE6767C78FBF5FB8435FEED187F30 . 285696 . . [6.1.7600.20560] . . c:\windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[7] 2010-07-03 . B151128D1FEBF745BC7EFDE9FACB165A . 285696 . . [6.1.7600.16440] . . c:\windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16440_none_6fbf975e36292016\winlogon.exe
[7] 2010-07-03 . AB59486E41610AB13B1555D7D585AE8F . 285696 . . [6.1.7600.20548] . . c:\windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20548_none_705136794f3f8a98\winlogon.exe
[7] 2009-07-14 . 8EC6A4AB12B8F3759E21F8E3A388F2CF . 285696 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
.
[-] 2010-11-20 . 82F7BA7ABAF5D21125FB08396F5D9C99 . 45568 . . [6.1.7600.16385] . . c:\windows\System32\svchost.exe
[7] 2009-07-14 . 54A47F6B5E09A77E61649109C6A08866 . 20992 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
.
[7] 2011-02-26 . 255CF508D7CFB10E0794D6AC93280BD8 . 2614784 . . [6.1.7600.20910] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[7] 2011-02-26 . 2AF58D15EDC06EC6FDACCE1F19482BBF . 2614784 . . [6.1.7600.16768] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[7] 2011-02-26 . 0FB9C74046656D1579A64660AD67B746 . 2616320 . . [6.1.7601.21669] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[7] 2011-02-25 . 8B88EBBB05A0E56B7DCC708498C02B3E . 2616320 . . [6.1.7601.17567] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[-] 2010-11-20 . B9515C052081373D01ABF908FDE8DEAB . 2640896 . . [6.1.7600.16385] . . c:\windows\explorer.exe
[7] 2010-11-20 . 40D777B7A95E00593EB1568C68514493 . 2616320 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[7] 2010-07-03 . 2626FC9755BE22F805D3CFA0CE3EE727 . 2614272 . . [6.1.7600.16450] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[7] 2010-07-03 . C76153C7ECA00FA852BB0C193378F917 . 2614272 . . [6.1.7600.20563] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
[7] 2010-07-03 . B95EEB0F4E5EFBF1038A35B3351CF047 . 2613248 . . [6.1.7600.16404] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[7] 2010-07-03 . 9FF6C4C91A3711C0A3B18F87B08B518D . 2613248 . . [6.1.7600.20500] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[7] 2010-07-03 . FC89FACA0473641CB625EDA9277D0885 . 2613248 . . [6.1.7600.16434] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_51c00e6ddae85c4b\explorer.exe
[7] 2010-07-03 . 00B0358734CAA32C39D181FE6916B178 . 2613248 . . [6.1.7600.20542] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_523cdab8f40fe558\explorer.exe
[7] 2009-07-14 . 15BC38A7492BEFE831966ADB477CF76F . 2613248 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Bill\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Bill\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Bill\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17418928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TpShocks"="TpShocks.exe" [2010-07-02 337256]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-04-22 1725736]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-17 307768]
"RotateImage"="c:\program files\Integrated Camera Driver\RCIMGDIR.exe" [2008-10-30 31744]
"PWMTRV"="c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2010-11-05 894312]
"Message Center Plus"="c:\program files\LENOVO\Message Center Plus\MCPLaunch.exe" [2009-05-28 49976]
"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2010-04-20 62312]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2010-07-21 1778064]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 1821576]
"IMSS"="c:\program files\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" [2010-05-03 112152]
"IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE" [2007-05-21 124512]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-11 689488]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-18 1848648]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"AcWin7Hlpr"="c:\program files\Lenovo\Access Connections\AcTBenabler.exe" [2010-09-17 31592]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"Wondershare Helper Compact.exe"="c:\program files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe" [2012-02-28 1679360]
"TPFanControl"="c:\program files\TPFanControl\TPFanControl.exe" [2012-06-07 153600]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil32_11_3_300_271_ActiveX.exe" [2012-08-14 686792]
.
c:\users\Bill\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Bill\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
WePrint Server.lnk - c:\program files\WePrint\WePrint Server.exe [2010-12-31 2542080]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2010-7-3 50688]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-10-28 10:13 64592 ------w- c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [x]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiif32.sys [x]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [x]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [x]
R2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [x]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [x]
R2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [x]
R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [x]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [x]
R2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [x]
R2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [x]
R2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
R3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys [x]
R3 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [x]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [x]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfilterx.sys [x]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [x]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
R3 DozeSvc;Lenovo Doze Mode Service;c:\program files\ThinkPad\Utilities\DOZESVC.EXE [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 hitmanpro36;HitmanPro 3.6 Support Driver;c:\windows\system32\drivers\hitmanpro36.sys [x]
R3 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [x]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [x]
R3 JuniperAccessService;Juniper Unified Network Service;c:\program files\Common Files\Juniper Networks\JUNS\dsAccessService.exe [x]
R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x]
R3 pmxdrv;pmxdrv;c:\windows\system32\drivers\pmxdrv.sys [x]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.EXE [x]
R3 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe86.sys [x]
R3 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [x]
R3 SWNC8U80;Sierra Wireless MUX NDIS Driver (UMTS80);c:\windows\system32\DRIVERS\swnc8u80.sys [x]
R3 SWUMX80;Sierra Wireless USB MUX Driver (UMTS80);c:\windows\system32\DRIVERS\swumx80.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys [x]
R3 UNS;Intel® Management & Security Application User Notification Service;c:\program files\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [x]
R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [x]
R3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [x]
R3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [x]
R3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [x]
R3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [x]
R4 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\CA\PCPitstopScheduleService.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [x]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [x]
S0 DozeHDD;DozeHDD;c:\windows\System32\DRIVERS\DozeHDD.sys [x]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM86.sys [x]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe86.sys [x]
S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k6232.sys [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HsfXAudioService REG_MULTI_SZ HsfXAudioService
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-19 c:\windows\Tasks\0.job
- c:\program files\internet explorer\iexplore.exe [2012-07-12 09:08]
.
2012-08-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-11 20:35]
.
2012-08-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-08-11 03:09]
.
2012-08-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-08-11 03:09]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
Trusted Zone: aseonline.com\audi
Trusted Zone: aseonline.com\vwgroup
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
DPF: {070DC617-E3B7-468B-A29C-D4E84FAE938C} - hxxp://utilities.pcpitstop.com/pctuneup2/controls/pctuneup.cab
DPF: {3AB6C094-8157-4483-A209-F0075716DC4E} - hxxps://vwgroup.aseonline.com/PandoraWebClient/PandoraLoader.cab
DPF: {3E9C83B2-4133-46EF-8DBD-91FD0FA22886} - hxxps://kpi.ase-global.com/kpi3pcna/MAClient/MA_ClientX.cab
DPF: {41795ECB-411A-4F38-A1ED-0F34E8892BF7} - hxxps://vwgroup.aseonline.com/P3WebClient/P3Loader.cab
DPF: {947EFED6-BCFD-4FBC-8B89-6B7251D7DA6E} - hxxps://vwgroup.aseonline.com/MetisWebClient/WebClientLoader.cab
DPF: {B3DFB9F9-6896-4D01-9465-2ABAD934A5B4} - hxxps://kpi.ase-global.com/kpiinput/MetisClientX.cab
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll
Toolbar-10 - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll
HKLM-Run-PrintWhere Router 3.6 - c:\program files\PrinterOn Corporation\PrintWhere 3.6\pwcRoute.exe
HKLM-Run-PrinterOn Printer Select 3.6 - c:\program files\PrinterOn Corporation\PrintWhere 3.6\pwcPrinterSelect.exe
HKLM-Run-Aimersoft Helper Compact.exe - c:\program files\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
HKLM-Run-AT&T Communication Manager - c:\program files\AT&T\Communication Manager\ATTCM.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"=hex:51,66,7a,6c,4c,1d,38,12,4e,a0,d4,
c8,f8,fd,f7,04,ce,b0,dc,11,68,88,dc,3d
"{90E2BA2E-DD1B-4CDE-9134-7A8B86D33CA7}"=hex:51,66,7a,6c,4c,1d,38,12,40,b9,f1,
94,29,93,b0,09,ee,22,39,cb,83,8d,78,b3
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA}"=hex:51,66,7a,6c,4c,1d,38,12,81,2d,20,
35,ad,85,e1,00,d0,fd,90,4e,9f,38,f2,ae
"{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,38,12,7c,f0,b1,
38,5c,21,3d,0e,d9,78,0d,25,e1,c9,8c,d4
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{555D4D79-4BD2-4094-A395-CFC534424A05}"=hex:51,66,7a,6c,4c,1d,38,12,17,4e,4e,
51,e0,05,fa,05,dc,83,8c,85,31,1c,0e,11
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:ac,8a,b3,72,03,78,cd,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,54,d7,e1,8c,72,4f,b1,4e,99,50,84,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,54,d7,e1,8c,72,4f,b1,4e,99,50,84,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(508)
c:\users\Bill\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\conhost.exe
.
**************************************************************************
.
Completion time: 2012-08-27 16:52:24 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-27 20:52
.
Pre-Run: 147,181,572,096 bytes free
Post-Run: 147,317,063,680 bytes free
.
- - End Of File - - 5C694671E6D0A263F6C3F465472B336C

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:31 PM

Posted 27 August 2012 - 04:17 PM

Greetings

don't get to happy yet, it is going to come back - we are going to have to replace some files but I need to find their replacements first

SystemLook:

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
:filefind
explorer.exe
svchost.exe
winlogon.exe
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Bill898

Bill898
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:31 PM

Posted 27 August 2012 - 04:34 PM

Here you go....

SystemLook 30.07.11 by jpshortstuff
Log created at 17:21 on 27/08/2012 by Bill
Administrator - Elevation successful

========== filefind ==========

Searching for "explorer.exe"
C:\Windows\explorer.exe --a---- 2640896 bytes [14:26 27/04/2011] [12:21 20/11/2010] B9515C052081373D01ABF908FDE8DEAB
C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe ------- 2613248 bytes [23:41 13/07/2009] [01:14 14/07/2009] 15BC38A7492BEFE831966ADB477CF76F
C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe ------- 2613248 bytes [19:33 03/07/2010] [19:33 03/07/2010] B95EEB0F4E5EFBF1038A35B3351CF047
C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_51c00e6ddae85c4b\explorer.exe ------- 2613248 bytes [19:32 03/07/2010] [19:32 03/07/2010] FC89FACA0473641CB625EDA9277D0885
C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe ------- 2614272 bytes [19:34 03/07/2010] [19:34 03/07/2010] 2626FC9755BE22F805D3CFA0CE3EE727
C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe --a---- 2614784 bytes [14:26 27/04/2011] [05:33 26/02/2011] 2AF58D15EDC06EC6FDACCE1F19482BBF
C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe ------- 2613248 bytes [19:33 03/07/2010] [19:33 03/07/2010] 9FF6C4C91A3711C0A3B18F87B08B518D
C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_523cdab8f40fe558\explorer.exe ------- 2613248 bytes [19:32 03/07/2010] [19:32 03/07/2010] 00B0358734CAA32C39D181FE6916B178
C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe ------- 2614272 bytes [19:34 03/07/2010] [19:34 03/07/2010] C76153C7ECA00FA852BB0C193378F917
C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe --a---- 2614784 bytes [14:26 27/04/2011] [05:51 26/02/2011] 255CF508D7CFB10E0794D6AC93280BD8
C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe ------- 2616320 bytes [01:01 06/04/2011] [12:17 20/11/2010] 40D777B7A95E00593EB1568C68514493
C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe --a---- 2616320 bytes [14:26 27/04/2011] [05:30 25/02/2011] 8B88EBBB05A0E56B7DCC708498C02B3E
C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe --a---- 2616320 bytes [14:26 27/04/2011] [05:19 26/02/2011] 0FB9C74046656D1579A64660AD67B746

Searching for "svchost.exe"
C:\Windows\System32\svchost.exe --a---- 45568 bytes [23:19 13/07/2009] [12:21 20/11/2010] 82F7BA7ABAF5D21125FB08396F5D9C99
C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe --a---- 20992 bytes [23:19 13/07/2009] [01:14 14/07/2009] 54A47F6B5E09A77E61649109C6A08866

Searching for "winlogon.exe"
C:\Windows\System32\winlogon.exe --a---- 311296 bytes [01:01 06/04/2011] [12:21 20/11/2010] CAB11BC1BDF9907D7EC96DD7A81A96F1
C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe ------- 285696 bytes [23:37 13/07/2009] [01:14 14/07/2009] 8EC6A4AB12B8F3759E21F8E3A388F2CF
C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16440_none_6fbf975e36292016\winlogon.exe ------- 285696 bytes [19:34 03/07/2010] [19:34 03/07/2010] B151128D1FEBF745BC7EFDE9FACB165A
C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe ------- 285696 bytes [19:34 03/07/2010] [19:34 03/07/2010] 37CDB7E72EB66BA85A87CBE37E7F03FD
C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20548_none_705136794f3f8a98\winlogon.exe ------- 285696 bytes [19:34 03/07/2010] [19:34 03/07/2010] AB59486E41610AB13B1555D7D585AE8F
C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe ------- 285696 bytes [19:34 03/07/2010] [19:34 03/07/2010] 3BABE6767C78FBF5FB8435FEED187F30
C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe --a---- 286720 bytes [01:01 06/04/2011] [12:17 20/11/2010] 6D13E1406F50C66E2A95D97F22C47560

-= EOF =-

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:31 PM

Posted 27 August 2012 - 04:40 PM

Greetings

Lets run this now.

Blitzblank.

Download BlitzBlank and save it to your desktop. Open Blitzblank.exe

  • Click OK at the warning (and take note of it, this is a VERY powerful tool!).
  • Click the Script tab and copy/paste the following text there:
CopyFile:
c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe C:\WINDOWS\explorer.exe
c:\windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe C:\WINDOWS\system32\svchost.exe
c:\windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe C:\WINDOWS\system32\winlogon.exe
c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe C:\WINDOWS\system32\dllcache\explorer.exe
c:\windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe C:\WINDOWS\system32\dllcache\winlogon.exe
c:\windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe C:\WINDOWS\system32\dllcache\svchost.exe
  • Click Execute Now. Your computer will need to reboot in order to replace the files.
  • When done, post me the report created by Blitzblank. you can find it at the root of the drive Normaly C:\

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Bill898

Bill898
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:31 PM

Posted 27 August 2012 - 05:02 PM

Loaded file, I'm on another computer now. Have black screen. Looks like harddrive is spinning. Will it take some time to load

#12 Bill898

Bill898
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:31 PM

Posted 27 August 2012 - 05:59 PM

Hi gringo,
Sorrry to say all I have is a black screen with the cursor. Files looked like they were loading but have nothing but the mouse cursor. Screensaver is working other than that, a black screen

#13 Bill898

Bill898
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:31 PM

Posted 27 August 2012 - 08:28 PM

Is there a way to get my computer working again please. Need for work in the morning.

#14 Bill898

Bill898
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:31 PM

Posted 28 August 2012 - 02:38 AM

hi gringo,
not sure you are getting my responses as I am sending them from different computers. Ran blitz blank and now my machine is crippled. black screen with mouse cursor only. can get into safe mode and task manager. would appreciate whatever help you could give me to at least get this running again. thanks

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:31 PM

Posted 28 August 2012 - 06:23 PM

Hello

download Farbar Recovery Scan Tool and save it to a flash drive.


Plug the flash drive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.

[*]First Press the Scan button.
[*]It will make a log (FRST.txt)

[*]Second Type the following in the edit box after "Search:". services.exe
[*]Click the Search button
[*]It will make a log (Search.txt)
[/list]
I want you to poste Both the FRST.txt report and the Search.txt into your reply to me

Gringo

Edited by gringo_pr, 28 August 2012 - 06:26 PM.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users