Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Inexperienced--> Google Redirect


  • Please log in to reply
10 replies to this topic

#1 DexMax

DexMax

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:08:14 AM

Posted 11 September 2012 - 12:40 PM

Hello-

I am not as experienced when it comes to forums and posting logs. I was having a hard time following / reading through the previous posts regarding the click.get-amazing-results google redirect thing.

I just got this google-redirect issue affecting my computer today and would love some step-by-step help. So far, all I have done is run something called RKill followed by Malwarebytes. This found one infected file called Trojan.BHO in my temporary internet files. I removed this file with Malware bytes. I do not have the log anymore. Apologies. It seems the process is much more involved judging by the responses and I was hoping that someone could take me through this step-by-step with links to the appropriate download files. Seems that others are using defogger, followed by combofix, followed by some sort of TDS killer.

Please help.

Thanks so much for the service you provide!!

Edit: Moved topic from Virus, Trojan, Spyware, and Malware Removal Logs to the more appropriate forum. ~ Animal

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:14 AM

Posted 11 September 2012 - 12:45 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 DexMax

DexMax
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:08:14 AM

Posted 11 September 2012 - 07:42 PM

Thank you so much fr taking the time to help me. I have done the things you have suggested. The logs from TDSSKiller and aswMBR are below. There were no threats found with ESET online scanner and thus a list was not generated.

You have no idea how much I appreciate this. Thanks again!!

-DexMax

14:03:20.0973 5016 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
14:03:22.0486 5016 ============================================================
14:03:22.0486 5016 Current date / time: 2012/09/11 14:03:22.0486
14:03:22.0486 5016 SystemInfo:
14:03:22.0486 5016
14:03:22.0486 5016 OS Version: 6.1.7601 ServicePack: 1.0
14:03:22.0486 5016 Product type: Workstation
14:03:22.0486 5016 ComputerName: ANAND
14:03:22.0486 5016 UserName: ansingla
14:03:22.0486 5016 Windows directory: C:\Windows
14:03:22.0486 5016 System windows directory: C:\Windows
14:03:22.0486 5016 Running under WOW64
14:03:22.0486 5016 Processor architecture: Intel x64
14:03:22.0486 5016 Number of processors: 2
14:03:22.0486 5016 Page size: 0x1000
14:03:22.0486 5016 Boot type: Normal boot
14:03:22.0486 5016 ============================================================
14:03:23.0984 5016 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:03:23.0999 5016 ============================================================
14:03:23.0999 5016 \Device\Harddisk0\DR0:
14:03:23.0999 5016 MBR partitions:
14:03:23.0999 5016 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x258000
14:03:23.0999 5016 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x258800, BlocksNum 0x23E4D800
14:03:23.0999 5016 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x240A6000, BlocksNum 0x1388000
14:03:23.0999 5016 ============================================================
14:03:24.0030 5016 C: <-> \Device\Harddisk0\DR0\Partition2
14:03:24.0062 5016 Q: <-> \Device\Harddisk0\DR0\Partition3
14:03:24.0077 5016 ============================================================
14:03:24.0077 5016 Initialize success
14:03:24.0077 5016 ============================================================
14:03:32.0408 5920 ============================================================
14:03:32.0408 5920 Scan started
14:03:32.0408 5920 Mode: Manual;
14:03:32.0408 5920 ============================================================
14:03:34.0950 5920 ================ Scan system memory ========================
14:03:34.0950 5920 System memory - ok
14:03:34.0950 5920 ================ Scan services =============================
14:03:35.0122 5920 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
14:03:35.0153 5920 1394ohci - ok
14:03:35.0184 5920 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
14:03:35.0216 5920 ACPI - ok
14:03:35.0231 5920 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
14:03:35.0262 5920 AcpiPmi - ok
14:03:35.0372 5920 [ 1933DB4808793F3BD7AB34A39A809425 ] AcPrfMgrSvc C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
14:03:35.0372 5920 AcPrfMgrSvc - ok
14:03:35.0403 5920 [ E7AF543334B21D84124709061A9AE4D7 ] AcSvc C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
14:03:35.0403 5920 AcSvc - ok
14:03:35.0434 5920 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
14:03:35.0481 5920 adp94xx - ok
14:03:35.0512 5920 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
14:03:35.0559 5920 adpahci - ok
14:03:35.0574 5920 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
14:03:35.0590 5920 adpu320 - ok
14:03:35.0621 5920 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
14:03:35.0621 5920 AeLookupSvc - ok
14:03:35.0668 5920 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
14:03:35.0668 5920 AFD - ok
14:03:35.0699 5920 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
14:03:35.0715 5920 agp440 - ok
14:03:35.0730 5920 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
14:03:35.0730 5920 ALG - ok
14:03:35.0762 5920 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
14:03:35.0777 5920 aliide - ok
14:03:35.0808 5920 [ 643B0E0002D96AE7DB610494C43EB4B7 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
14:03:35.0808 5920 AMD External Events Utility - ok
14:03:35.0840 5920 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
14:03:35.0871 5920 amdide - ok
14:03:35.0902 5920 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
14:03:35.0918 5920 AmdK8 - ok
14:03:36.0136 5920 [ A1DD42B62B657F2076D67AF26CE2521F ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
14:03:36.0308 5920 amdkmdag - ok
14:03:36.0370 5920 [ AC517CDF8FC9C43312EDCCA110FF8119 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
14:03:36.0401 5920 amdkmdap - ok
14:03:36.0448 5920 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
14:03:36.0464 5920 AmdPPM - ok
14:03:36.0479 5920 [ CC3021D064EB6D3C2F949530E2B0BA47 ] amdsata C:\Windows\system32\DRIVERS\amdsata.sys
14:03:36.0479 5920 amdsata - ok
14:03:36.0526 5920 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
14:03:36.0542 5920 amdsbs - ok
14:03:36.0573 5920 [ FFC5A0F6263574EF0D5467496B721F77 ] amdxata C:\Windows\system32\drivers\amdxata.sys
14:03:36.0588 5920 amdxata - ok
14:03:36.0604 5920 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
14:03:36.0620 5920 AppID - ok
14:03:36.0635 5920 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
14:03:36.0635 5920 AppIDSvc - ok
14:03:36.0666 5920 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
14:03:36.0666 5920 Appinfo - ok
14:03:36.0698 5920 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
14:03:36.0713 5920 AppMgmt - ok
14:03:36.0744 5920 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
14:03:36.0760 5920 arc - ok
14:03:36.0776 5920 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
14:03:36.0791 5920 arcsas - ok
14:03:36.0807 5920 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
14:03:36.0807 5920 AsyncMac - ok
14:03:36.0838 5920 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
14:03:36.0854 5920 atapi - ok
14:03:36.0916 5920 [ 4BF5BCA6E2608CD8A00BC4A6673A9F47 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
14:03:36.0932 5920 AtiHDAudioService - ok
14:03:36.0994 5920 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
14:03:37.0025 5920 AudioEndpointBuilder - ok
14:03:37.0056 5920 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
14:03:37.0056 5920 AudioSrv - ok
14:03:37.0088 5920 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
14:03:37.0088 5920 AxInstSV - ok
14:03:37.0119 5920 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
14:03:37.0150 5920 b06bdrv - ok
14:03:37.0181 5920 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
14:03:37.0212 5920 b57nd60a - ok
14:03:37.0244 5920 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
14:03:37.0244 5920 BDESVC - ok
14:03:37.0259 5920 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
14:03:37.0259 5920 Beep - ok
14:03:37.0306 5920 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
14:03:37.0322 5920 BFE - ok
14:03:37.0368 5920 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
14:03:37.0400 5920 BITS - ok
14:03:37.0431 5920 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
14:03:37.0446 5920 blbdrive - ok
14:03:37.0478 5920 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
14:03:37.0493 5920 bowser - ok
14:03:37.0509 5920 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
14:03:37.0524 5920 BrFiltLo - ok
14:03:37.0540 5920 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
14:03:37.0556 5920 BrFiltUp - ok
14:03:37.0587 5920 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
14:03:37.0587 5920 Browser - ok
14:03:37.0602 5920 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
14:03:37.0634 5920 Brserid - ok
14:03:37.0649 5920 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
14:03:37.0665 5920 BrSerWdm - ok
14:03:37.0665 5920 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
14:03:37.0680 5920 BrUsbMdm - ok
14:03:37.0696 5920 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
14:03:37.0712 5920 BrUsbSer - ok
14:03:37.0758 5920 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
14:03:37.0758 5920 BthEnum - ok
14:03:37.0774 5920 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
14:03:37.0790 5920 BTHMODEM - ok
14:03:37.0836 5920 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
14:03:37.0836 5920 BthPan - ok
14:03:37.0868 5920 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
14:03:37.0883 5920 BTHPORT - ok
14:03:37.0930 5920 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
14:03:37.0930 5920 bthserv - ok
14:03:37.0946 5920 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
14:03:37.0946 5920 BTHUSB - ok
14:03:37.0977 5920 [ 2641A3FE3D7B0646308F33B67F3B5300 ] btusbflt C:\Windows\system32\drivers\btusbflt.sys
14:03:37.0977 5920 btusbflt - ok
14:03:38.0024 5920 [ A72A9101F9730DB7332714E566614E4D ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
14:03:38.0024 5920 btwaudio - ok
14:03:38.0039 5920 [ 5CEEC634B617525F2B6AD29F871033F7 ] btwavdt C:\Windows\system32\DRIVERS\btwavdt.sys
14:03:38.0039 5920 btwavdt - ok
14:03:38.0117 5920 [ 1D2A95842F8DDDEDD9B600A9CC7936B5 ] btwdins C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
14:03:38.0148 5920 btwdins - ok
14:03:38.0180 5920 [ 6149301DC3F81D6F9667A3FBAC410975 ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
14:03:38.0180 5920 btwl2cap - ok
14:03:38.0195 5920 [ 2AF5604D28BEF77B7CF4B9D232FE7CD3 ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
14:03:38.0195 5920 btwrchid - ok
14:03:38.0258 5920 [ 27D036FB3D22CA8A6662FE960D1A937D ] ccEvtMgr C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
14:03:38.0258 5920 ccEvtMgr - ok
14:03:38.0273 5920 [ 27D036FB3D22CA8A6662FE960D1A937D ] ccSetMgr C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
14:03:38.0273 5920 ccSetMgr - ok
14:03:38.0304 5920 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
14:03:38.0304 5920 cdfs - ok
14:03:38.0336 5920 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
14:03:38.0351 5920 cdrom - ok
14:03:38.0398 5920 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
14:03:38.0398 5920 CertPropSvc - ok
14:03:38.0429 5920 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
14:03:38.0445 5920 circlass - ok
14:03:38.0460 5920 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
14:03:38.0476 5920 CLFS - ok
14:03:38.0554 5920 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:03:38.0554 5920 clr_optimization_v2.0.50727_32 - ok
14:03:38.0601 5920 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:03:38.0616 5920 clr_optimization_v2.0.50727_64 - ok
14:03:38.0679 5920 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:03:38.0679 5920 clr_optimization_v4.0.30319_32 - ok
14:03:38.0710 5920 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:03:38.0710 5920 clr_optimization_v4.0.30319_64 - ok
14:03:38.0757 5920 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
14:03:38.0757 5920 CmBatt - ok
14:03:38.0788 5920 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
14:03:38.0804 5920 cmdide - ok
14:03:38.0850 5920 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
14:03:38.0850 5920 CNG - ok
14:03:38.0913 5920 [ 290CD2777CAF8A5E5499C7FC9E74CB87 ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT64.sys
14:03:39.0053 5920 CnxtHdAudService - ok
14:03:39.0084 5920 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
14:03:39.0100 5920 Compbatt - ok
14:03:39.0116 5920 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
14:03:39.0131 5920 CompositeBus - ok
14:03:39.0147 5920 COMSysApp - ok
14:03:39.0162 5920 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
14:03:39.0194 5920 crcdisk - ok
14:03:39.0256 5920 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
14:03:39.0256 5920 CryptSvc - ok
14:03:39.0287 5920 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
14:03:39.0303 5920 CSC - ok
14:03:39.0350 5920 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
14:03:39.0365 5920 CscService - ok
14:03:39.0396 5920 [ 9D0D050170D47E778B624A28C90F23DE ] CxAudMsg C:\Windows\system32\CxAudMsg64.exe
14:03:39.0396 5920 CxAudMsg - ok
14:03:39.0428 5920 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
14:03:39.0443 5920 DcomLaunch - ok
14:03:39.0459 5920 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
14:03:39.0474 5920 defragsvc - ok
14:03:39.0490 5920 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
14:03:39.0490 5920 DfsC - ok
14:03:39.0537 5920 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
14:03:39.0537 5920 Dhcp - ok
14:03:39.0552 5920 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
14:03:39.0552 5920 discache - ok
14:03:39.0584 5920 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
14:03:39.0599 5920 Disk - ok
14:03:39.0630 5920 [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
14:03:39.0646 5920 dmvsc - ok
14:03:39.0677 5920 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
14:03:39.0677 5920 Dnscache - ok
14:03:39.0708 5920 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
14:03:39.0708 5920 dot3svc - ok
14:03:39.0724 5920 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
14:03:39.0740 5920 DPS - ok
14:03:39.0755 5920 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
14:03:39.0771 5920 drmkaud - ok
14:03:39.0802 5920 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
14:03:39.0818 5920 DXGKrnl - ok
14:03:39.0864 5920 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
14:03:39.0864 5920 EapHost - ok
14:03:39.0942 5920 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
14:03:40.0083 5920 ebdrv - ok
14:03:40.0130 5920 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
14:03:40.0145 5920 eeCtrl - ok
14:03:40.0176 5920 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
14:03:40.0176 5920 EFS - ok
14:03:40.0239 5920 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
14:03:40.0254 5920 ehRecvr - ok
14:03:40.0270 5920 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
14:03:40.0286 5920 ehSched - ok
14:03:40.0317 5920 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
14:03:40.0364 5920 elxstor - ok
14:03:40.0426 5920 [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
14:03:40.0442 5920 EraserUtilRebootDrv - ok
14:03:40.0442 5920 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
14:03:40.0473 5920 ErrDev - ok
14:03:40.0520 5920 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
14:03:40.0535 5920 EventSystem - ok
14:03:40.0551 5920 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
14:03:40.0566 5920 exfat - ok
14:03:40.0598 5920 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
14:03:40.0598 5920 fastfat - ok
14:03:40.0629 5920 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
14:03:40.0644 5920 Fax - ok
14:03:40.0660 5920 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
14:03:40.0707 5920 fdc - ok
14:03:40.0738 5920 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
14:03:40.0738 5920 fdPHost - ok
14:03:40.0754 5920 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
14:03:40.0754 5920 FDResPub - ok
14:03:40.0785 5920 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
14:03:40.0785 5920 FileInfo - ok
14:03:40.0800 5920 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
14:03:40.0800 5920 Filetrace - ok
14:03:40.0816 5920 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
14:03:40.0832 5920 flpydisk - ok
14:03:40.0878 5920 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
14:03:40.0878 5920 FltMgr - ok
14:03:40.0956 5920 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
14:03:40.0972 5920 FontCache - ok
14:03:41.0019 5920 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:03:41.0034 5920 FontCache3.0.0.0 - ok
14:03:41.0050 5920 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
14:03:41.0050 5920 FsDepends - ok
14:03:41.0097 5920 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
14:03:41.0097 5920 Fs_Rec - ok
14:03:41.0112 5920 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
14:03:41.0128 5920 fvevol - ok
14:03:41.0144 5920 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
14:03:41.0159 5920 gagp30kx - ok
14:03:41.0206 5920 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
14:03:41.0222 5920 gpsvc - ok
14:03:41.0268 5920 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:03:41.0268 5920 gupdate - ok
14:03:41.0300 5920 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:03:41.0300 5920 gupdatem - ok
14:03:41.0331 5920 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
14:03:41.0331 5920 gusvc - ok
14:03:41.0362 5920 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
14:03:41.0378 5920 hcw85cir - ok
14:03:41.0393 5920 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
14:03:41.0424 5920 HdAudAddService - ok
14:03:41.0440 5920 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
14:03:41.0456 5920 HDAudBus - ok
14:03:41.0471 5920 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
14:03:41.0487 5920 HidBatt - ok
14:03:41.0502 5920 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
14:03:41.0518 5920 HidBth - ok
14:03:41.0534 5920 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
14:03:41.0549 5920 HidIr - ok
14:03:41.0596 5920 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
14:03:41.0596 5920 hidserv - ok
14:03:41.0612 5920 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
14:03:41.0627 5920 HidUsb - ok
14:03:41.0643 5920 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
14:03:41.0658 5920 hkmsvc - ok
14:03:41.0674 5920 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
14:03:41.0690 5920 HomeGroupListener - ok
14:03:41.0721 5920 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
14:03:41.0721 5920 HomeGroupProvider - ok
14:03:41.0736 5920 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
14:03:41.0768 5920 HpSAMD - ok
14:03:41.0799 5920 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
14:03:41.0814 5920 HTTP - ok
14:03:41.0830 5920 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
14:03:41.0830 5920 hwpolicy - ok
14:03:41.0861 5920 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
14:03:41.0877 5920 i8042prt - ok
14:03:41.0924 5920 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
14:03:41.0970 5920 iaStorV - ok
14:03:42.0017 5920 [ 72B253CDBCAA10E88AAD0BA39CC83BCD ] IBMPMDRV C:\Windows\system32\DRIVERS\ibmpmdrv.sys
14:03:42.0033 5920 IBMPMDRV - ok
14:03:42.0048 5920 [ 4925FFB084C9AD02E8EEF01FB18BF5AC ] IBMPMSVC C:\Windows\system32\ibmpmsvc.exe
14:03:42.0048 5920 IBMPMSVC - ok
14:03:42.0095 5920 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:03:42.0126 5920 idsvc - ok
14:03:42.0142 5920 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
14:03:42.0173 5920 iirsp - ok
14:03:42.0204 5920 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
14:03:42.0236 5920 IKEEXT - ok
14:03:42.0267 5920 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
14:03:42.0282 5920 intelide - ok
14:03:42.0298 5920 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\drivers\intelppm.sys
14:03:42.0314 5920 intelppm - ok
14:03:42.0329 5920 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
14:03:42.0329 5920 IPBusEnum - ok
14:03:42.0345 5920 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:03:42.0345 5920 IpFilterDriver - ok
14:03:42.0376 5920 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
14:03:42.0392 5920 iphlpsvc - ok
14:03:42.0392 5920 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
14:03:42.0407 5920 IPMIDRV - ok
14:03:42.0423 5920 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
14:03:42.0423 5920 IPNAT - ok
14:03:42.0438 5920 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
14:03:42.0454 5920 IRENUM - ok
14:03:42.0470 5920 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
14:03:42.0485 5920 isapnp - ok
14:03:42.0501 5920 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
14:03:42.0532 5920 iScsiPrt - ok
14:03:42.0548 5920 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
14:03:42.0563 5920 kbdclass - ok
14:03:42.0594 5920 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
14:03:42.0610 5920 kbdhid - ok
14:03:42.0626 5920 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
14:03:42.0626 5920 KeyIso - ok
14:03:42.0641 5920 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
14:03:42.0641 5920 KSecDD - ok
14:03:42.0672 5920 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
14:03:42.0672 5920 KSecPkg - ok
14:03:42.0688 5920 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
14:03:42.0704 5920 ksthunk - ok
14:03:42.0735 5920 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
14:03:42.0735 5920 KtmRm - ok
14:03:42.0782 5920 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
14:03:42.0797 5920 LanmanServer - ok
14:03:42.0813 5920 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
14:03:42.0828 5920 LanmanWorkstation - ok
14:03:42.0891 5920 [ A4973DF3264791952D6D7AB56565DD55 ] LENOVO.CAMMUTE C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
14:03:42.0891 5920 LENOVO.CAMMUTE - ok
14:03:42.0938 5920 [ 340288B3B2EDC8AFD5FF127DF85142A7 ] LENOVO.MICMUTE C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
14:03:42.0938 5920 LENOVO.MICMUTE - ok
14:03:42.0969 5920 [ 2B9D8555DC004E240082D18E7725CE20 ] lenovo.smi C:\Windows\system32\DRIVERS\smiifx64.sys
14:03:43.0000 5920 lenovo.smi - ok
14:03:43.0031 5920 [ 05D72DE005BE625CE60CE3BE4FAB9714 ] LENOVO.TPKNRSVC C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
14:03:43.0031 5920 LENOVO.TPKNRSVC - ok
14:03:43.0047 5920 [ F7DE50781DC4D162C1005EB30D98F931 ] Lenovo.VIRTSCRLSVC C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
14:03:43.0047 5920 Lenovo.VIRTSCRLSVC - ok
14:03:43.0172 5920 [ E34152D03CAAAAA81DD66D803F392522 ] LiveUpdate C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE
14:03:43.0203 5920 LiveUpdate - ok
14:03:43.0234 5920 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
14:03:43.0234 5920 lltdio - ok
14:03:43.0250 5920 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
14:03:43.0265 5920 lltdsvc - ok
14:03:43.0296 5920 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
14:03:43.0296 5920 lmhosts - ok
14:03:43.0328 5920 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
14:03:43.0343 5920 LSI_FC - ok
14:03:43.0374 5920 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
14:03:43.0390 5920 LSI_SAS - ok
14:03:43.0406 5920 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
14:03:43.0421 5920 LSI_SAS2 - ok
14:03:43.0437 5920 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
14:03:43.0452 5920 LSI_SCSI - ok
14:03:43.0484 5920 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
14:03:43.0484 5920 luafv - ok
14:03:43.0499 5920 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
14:03:43.0515 5920 Mcx2Svc - ok
14:03:43.0515 5920 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
14:03:43.0530 5920 megasas - ok
14:03:43.0546 5920 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
14:03:43.0577 5920 MegaSR - ok
14:03:43.0640 5920 Microsoft SharePoint Workspace Audit Service - ok
14:03:43.0655 5920 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
14:03:43.0655 5920 MMCSS - ok
14:03:43.0686 5920 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
14:03:43.0686 5920 Modem - ok
14:03:43.0718 5920 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
14:03:43.0733 5920 monitor - ok
14:03:43.0764 5920 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
14:03:43.0780 5920 mouclass - ok
14:03:43.0811 5920 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
14:03:43.0827 5920 mouhid - ok
14:03:43.0842 5920 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
14:03:43.0842 5920 mountmgr - ok
14:03:43.0874 5920 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
14:03:43.0889 5920 mpio - ok
14:03:43.0905 5920 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
14:03:43.0920 5920 mpsdrv - ok
14:03:43.0967 5920 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
14:03:43.0983 5920 MpsSvc - ok
14:03:44.0014 5920 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
14:03:44.0014 5920 MRxDAV - ok
14:03:44.0045 5920 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
14:03:44.0061 5920 mrxsmb - ok
14:03:44.0092 5920 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:03:44.0092 5920 mrxsmb10 - ok
14:03:44.0123 5920 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:03:44.0123 5920 mrxsmb20 - ok
14:03:44.0154 5920 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
14:03:44.0170 5920 msahci - ok
14:03:44.0186 5920 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
14:03:44.0217 5920 msdsm - ok
14:03:44.0232 5920 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
14:03:44.0248 5920 MSDTC - ok
14:03:44.0279 5920 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
14:03:44.0279 5920 Msfs - ok
14:03:44.0295 5920 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
14:03:44.0295 5920 mshidkmdf - ok
14:03:44.0310 5920 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
14:03:44.0326 5920 msisadrv - ok
14:03:44.0357 5920 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
14:03:44.0357 5920 MSiSCSI - ok
14:03:44.0373 5920 msiserver - ok
14:03:44.0404 5920 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
14:03:44.0404 5920 MSKSSRV - ok
14:03:44.0404 5920 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
14:03:44.0404 5920 MSPCLOCK - ok
14:03:44.0435 5920 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
14:03:44.0435 5920 MSPQM - ok
14:03:44.0451 5920 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
14:03:44.0466 5920 MsRPC - ok
14:03:44.0482 5920 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
14:03:44.0498 5920 mssmbios - ok
14:03:44.0513 5920 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
14:03:44.0513 5920 MSTEE - ok
14:03:44.0529 5920 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
14:03:44.0544 5920 MTConfig - ok
14:03:44.0544 5920 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
14:03:44.0544 5920 Mup - ok
14:03:44.0591 5920 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
14:03:44.0607 5920 napagent - ok
14:03:44.0638 5920 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
14:03:44.0654 5920 NativeWifiP - ok
14:03:44.0810 5920 [ 149A9AD81BB327E892FA1ACB77722442 ] NAVENG C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20120910.002\ENG64.SYS
14:03:44.0810 5920 NAVENG - ok
14:03:44.0919 5920 [ 4AF8750E71B549FEC5F6D1D01398CA69 ] NAVEX15 C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20120910.002\EX64.SYS
14:03:44.0981 5920 NAVEX15 - ok
14:03:45.0059 5920 [ C38B8AE57F78915905064A9A24DC1586 ] NDIS C:\Windows\system32\drivers\ndis.sys
14:03:45.0106 5920 NDIS - ok
14:03:45.0137 5920 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
14:03:45.0137 5920 NdisCap - ok
14:03:45.0168 5920 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
14:03:45.0168 5920 NdisTapi - ok
14:03:45.0200 5920 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
14:03:45.0200 5920 Ndisuio - ok
14:03:45.0215 5920 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
14:03:45.0215 5920 NdisWan - ok
14:03:45.0246 5920 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
14:03:45.0246 5920 NDProxy - ok
14:03:45.0262 5920 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
14:03:45.0262 5920 NetBIOS - ok
14:03:45.0293 5920 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
14:03:45.0293 5920 NetBT - ok
14:03:45.0309 5920 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
14:03:45.0309 5920 Netlogon - ok
14:03:45.0340 5920 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
14:03:45.0356 5920 Netman - ok
14:03:45.0371 5920 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
14:03:45.0387 5920 netprofm - ok
14:03:45.0418 5920 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:03:45.0418 5920 NetTcpPortSharing - ok
14:03:45.0434 5920 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
14:03:45.0449 5920 nfrd960 - ok
14:03:45.0480 5920 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
14:03:45.0480 5920 NlaSvc - ok
14:03:45.0496 5920 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
14:03:45.0496 5920 Npfs - ok
14:03:45.0543 5920 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
14:03:45.0543 5920 nsi - ok
14:03:45.0558 5920 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
14:03:45.0558 5920 nsiproxy - ok
14:03:45.0636 5920 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
14:03:45.0668 5920 Ntfs - ok
14:03:45.0699 5920 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
14:03:45.0699 5920 Null - ok
14:03:45.0730 5920 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
14:03:45.0746 5920 nvraid - ok
14:03:45.0777 5920 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
14:03:45.0792 5920 nvstor - ok
14:03:45.0808 5920 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
14:03:45.0839 5920 nv_agp - ok
14:03:45.0855 5920 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
14:03:45.0870 5920 ohci1394 - ok
14:03:45.0917 5920 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:03:45.0917 5920 ose - ok
14:03:46.0073 5920 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
14:03:46.0120 5920 osppsvc - ok
14:03:46.0167 5920 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
14:03:46.0167 5920 p2pimsvc - ok
14:03:46.0214 5920 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
14:03:46.0229 5920 p2psvc - ok
14:03:46.0276 5920 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
14:03:46.0292 5920 Parport - ok
14:03:46.0307 5920 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
14:03:46.0307 5920 partmgr - ok
14:03:46.0338 5920 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
14:03:46.0338 5920 PcaSvc - ok
14:03:46.0416 5920 [ 4B5F5774FF1C577B9515FDD2B5C535C5 ] PCDSRVC{127174DC-C366ED8B-06020200}_0 c:\program files\pc-doctor\pcdsrvc_x64.pkms
14:03:46.0416 5920 PCDSRVC{127174DC-C366ED8B-06020200}_0 - ok
14:03:46.0448 5920 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
14:03:46.0448 5920 pci - ok
14:03:46.0463 5920 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
14:03:46.0479 5920 pciide - ok
14:03:46.0510 5920 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
14:03:46.0526 5920 pcmcia - ok
14:03:46.0557 5920 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
14:03:46.0557 5920 pcw - ok
14:03:46.0572 5920 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
14:03:46.0588 5920 PEAUTH - ok
14:03:46.0650 5920 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
14:03:46.0682 5920 PeerDistSvc - ok
14:03:46.0775 5920 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
14:03:46.0775 5920 PerfHost - ok
14:03:46.0853 5920 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
14:03:46.0900 5920 pla - ok
14:03:46.0931 5920 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
14:03:46.0947 5920 PlugPlay - ok
14:03:46.0947 5920 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
14:03:46.0962 5920 PNRPAutoReg - ok
14:03:46.0978 5920 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
14:03:46.0994 5920 PNRPsvc - ok
14:03:47.0040 5920 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
14:03:47.0056 5920 PolicyAgent - ok
14:03:47.0087 5920 [ A2CCA4FB273E6050F17A0A416CFF2FCD ] Power C:\Windows\system32\umpo.dll
14:03:47.0103 5920 Power - ok
14:03:47.0181 5920 [ 6F51482ADCED13CEBFE0F1054F2116F2 ] Power Manager DBC Service C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
14:03:47.0181 5920 Power Manager DBC Service - ok
14:03:47.0228 5920 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
14:03:47.0228 5920 PptpMiniport - ok
14:03:47.0243 5920 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
14:03:47.0274 5920 Processor - ok
14:03:47.0306 5920 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
14:03:47.0306 5920 ProfSvc - ok
14:03:47.0321 5920 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
14:03:47.0337 5920 ProtectedStorage - ok
14:03:47.0368 5920 [ 05A4779E4994B21473EDBE85AABE8030 ] psadd C:\Windows\system32\DRIVERS\psadd.sys
14:03:47.0384 5920 psadd - ok
14:03:47.0415 5920 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
14:03:47.0415 5920 Psched - ok
14:03:47.0477 5920 [ AF8B60D65F8B39C4FAC6BE8641923F37 ] PwmEWSvc C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE
14:03:47.0493 5920 PwmEWSvc - ok
14:03:47.0555 5920 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
14:03:47.0696 5920 ql2300 - ok
14:03:47.0727 5920 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
14:03:47.0742 5920 ql40xx - ok
14:03:47.0774 5920 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
14:03:47.0789 5920 QWAVE - ok
14:03:47.0805 5920 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
14:03:47.0805 5920 QWAVEdrv - ok
14:03:47.0820 5920 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
14:03:47.0820 5920 RasAcd - ok
14:03:47.0852 5920 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
14:03:47.0867 5920 RasAgileVpn - ok
14:03:47.0883 5920 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
14:03:47.0883 5920 RasAuto - ok
14:03:47.0898 5920 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
14:03:47.0898 5920 Rasl2tp - ok
14:03:47.0914 5920 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
14:03:47.0930 5920 RasMan - ok
14:03:47.0945 5920 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
14:03:47.0945 5920 RasPppoe - ok
14:03:47.0976 5920 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
14:03:47.0976 5920 RasSstp - ok
14:03:47.0992 5920 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
14:03:48.0008 5920 rdbss - ok
14:03:48.0023 5920 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
14:03:48.0039 5920 rdpbus - ok
14:03:48.0054 5920 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
14:03:48.0054 5920 RDPCDD - ok
14:03:48.0086 5920 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
14:03:48.0101 5920 RDPDR - ok
14:03:48.0117 5920 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
14:03:48.0117 5920 RDPENCDD - ok
14:03:48.0148 5920 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
14:03:48.0148 5920 RDPREFMP - ok
14:03:48.0179 5920 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
14:03:48.0195 5920 RDPWD - ok
14:03:48.0226 5920 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
14:03:48.0226 5920 rdyboost - ok
14:03:48.0257 5920 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
14:03:48.0257 5920 RemoteAccess - ok
14:03:48.0288 5920 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
14:03:48.0288 5920 RemoteRegistry - ok
14:03:48.0320 5920 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
14:03:48.0335 5920 RFCOMM - ok
14:03:48.0351 5920 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
14:03:48.0351 5920 RpcEptMapper - ok
14:03:48.0382 5920 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
14:03:48.0382 5920 RpcLocator - ok
14:03:48.0398 5920 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
14:03:48.0413 5920 RpcSs - ok
14:03:48.0460 5920 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
14:03:48.0460 5920 rspndr - ok
14:03:48.0491 5920 [ 763AE0C6D9DF4C24B7E2C26036A8188A ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
14:03:48.0507 5920 RSUSBSTOR - ok
14:03:48.0554 5920 [ 3372196F61AF48503656EF6AA3E92D1B ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
14:03:48.0600 5920 RTL8167 - ok
14:03:48.0663 5920 [ 330FE44D0487E1D75B83298BD2E92FD3 ] RTL8192Ce C:\Windows\system32\DRIVERS\rtl8192Ce.sys
14:03:48.0710 5920 RTL8192Ce - ok
14:03:48.0725 5920 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
14:03:48.0741 5920 s3cap - ok
14:03:48.0756 5920 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
14:03:48.0756 5920 SamSs - ok
14:03:48.0850 5920 [ E4718D7BB75A0303700F4F57E485F952 ] SAS PC Files Server C:\Program Files\SAS\PCFilesServer\9.2\pcfservice.exe
14:03:48.0866 5920 SAS PC Files Server - ok
14:03:48.0866 5920 SAService - ok
14:03:48.0912 5920 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
14:03:48.0928 5920 sbp2port - ok
14:03:48.0959 5920 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
14:03:48.0959 5920 SCardSvr - ok
14:03:48.0990 5920 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
14:03:48.0990 5920 scfilter - ok
14:03:49.0022 5920 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
14:03:49.0053 5920 Schedule - ok
14:03:49.0084 5920 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
14:03:49.0084 5920 SCPolicySvc - ok
14:03:49.0100 5920 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
14:03:49.0115 5920 SDRSVC - ok
14:03:49.0146 5920 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
14:03:49.0162 5920 secdrv - ok
14:03:49.0178 5920 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
14:03:49.0178 5920 seclogon - ok
14:03:49.0193 5920 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
14:03:49.0209 5920 SENS - ok
14:03:49.0224 5920 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
14:03:49.0224 5920 SensrSvc - ok
14:03:49.0256 5920 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
14:03:49.0271 5920 Serenum - ok
14:03:49.0287 5920 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
14:03:49.0302 5920 Serial - ok
14:03:49.0318 5920 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
14:03:49.0334 5920 sermouse - ok
14:03:49.0365 5920 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
14:03:49.0365 5920 SessionEnv - ok
14:03:49.0396 5920 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
14:03:49.0412 5920 sffdisk - ok
14:03:49.0412 5920 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
14:03:49.0427 5920 sffp_mmc - ok
14:03:49.0443 5920 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
14:03:49.0458 5920 sffp_sd - ok
14:03:49.0458 5920 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
14:03:49.0474 5920 sfloppy - ok
14:03:49.0505 5920 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
14:03:49.0521 5920 SharedAccess - ok
14:03:49.0536 5920 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
14:03:49.0552 5920 ShellHWDetection - ok
14:03:49.0583 5920 [ C3F190562FE82EFDA7CCEF305EBAD3E3 ] Shockprf C:\Windows\system32\DRIVERS\Apsx64.sys
14:03:49.0614 5920 Shockprf - ok
14:03:49.0614 5920 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
14:03:49.0630 5920 SiSRaid2 - ok
14:03:49.0646 5920 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
14:03:49.0661 5920 SiSRaid4 - ok
14:03:49.0692 5920 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
14:03:49.0692 5920 Smb - ok
14:03:49.0833 5920 [ AD97B711074CF27DA0C00F2C26E1A62C ] SmcService C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
14:03:49.0895 5920 SmcService - ok
14:03:49.0942 5920 [ 91BD8E268D93AAF5F59AAC9DE84A25BB ] SNAC C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE
14:03:49.0942 5920 SNAC - ok
14:03:49.0989 5920 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
14:03:50.0004 5920 SNMPTRAP - ok
14:03:50.0020 5920 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
14:03:50.0020 5920 spldr - ok
14:03:50.0067 5920 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
14:03:50.0082 5920 Spooler - ok
14:03:50.0160 5920 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
14:03:50.0223 5920 sppsvc - ok
14:03:50.0238 5920 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
14:03:50.0238 5920 sppuinotify - ok
14:03:50.0316 5920 [ D2AEEB5C15B4B256DC4EC2CE8219B090 ] SROSVC C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe
14:03:50.0332 5920 SROSVC - ok
14:03:50.0379 5920 [ 32900AC9CFDC578531279886CA16A4DF ] SRTSP C:\Windows\system32\Drivers\SRTSP64.SYS
14:03:50.0379 5920 SRTSP - ok
14:03:50.0410 5920 [ 8929566D1F14685FD78EAF25BEE3ECC7 ] SRTSPL C:\Windows\system32\Drivers\SRTSPL64.SYS
14:03:50.0457 5920 SRTSPL - ok
14:03:50.0472 5920 [ CB2FDF47EE67F8CCA5362ED9B94FE955 ] SRTSPX C:\Windows\system32\Drivers\SRTSPX64.SYS
14:03:50.0488 5920 SRTSPX - ok
14:03:50.0535 5920 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
14:03:50.0535 5920 srv - ok
14:03:50.0566 5920 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
14:03:50.0566 5920 srv2 - ok
14:03:50.0582 5920 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
14:03:50.0597 5920 srvnet - ok
14:03:50.0628 5920 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
14:03:50.0644 5920 SSDPSRV - ok
14:03:50.0660 5920 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
14:03:50.0660 5920 SstpSvc - ok
14:03:50.0691 5920 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
14:03:50.0738 5920 stexstor - ok
14:03:50.0784 5920 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
14:03:50.0800 5920 stisvc - ok
14:03:50.0816 5920 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
14:03:50.0847 5920 storflt - ok
14:03:50.0862 5920 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
14:03:50.0862 5920 StorSvc - ok
14:03:50.0878 5920 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
14:03:50.0894 5920 storvsc - ok
14:03:50.0956 5920 [ 59B5A060A31BD4BAB030C4FCD1048292 ] SUService C:\Program Files (x86)\Lenovo\System Update\SUService.exe
14:03:50.0972 5920 SUService - ok
14:03:50.0987 5920 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
14:03:51.0003 5920 swenum - ok
14:03:51.0034 5920 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
14:03:51.0050 5920 swprv - ok
14:03:51.0112 5920 [ BA2FB8F8AB24D0279CAA98A4C118150E ] Symantec AntiVirus C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
14:03:51.0143 5920 Symantec AntiVirus - ok
14:03:51.0190 5920 [ 7E4D281982E19ABD06728C7EE9AC40A8 ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
14:03:51.0221 5920 SymEvent - ok
14:03:51.0268 5920 [ C0B7405C899C485AA0B6F9866A4061CD ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
14:03:51.0268 5920 SynTP - ok
14:03:51.0330 5920 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
14:03:51.0377 5920 SysMain - ok
14:03:51.0393 5920 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
14:03:51.0393 5920 TabletInputService - ok
14:03:51.0424 5920 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
14:03:51.0424 5920 TapiSrv - ok
14:03:51.0440 5920 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
14:03:51.0440 5920 TBS - ok
14:03:51.0518 5920 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
14:03:51.0549 5920 Tcpip - ok
14:03:51.0596 5920 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
14:03:51.0611 5920 TCPIP6 - ok
14:03:51.0642 5920 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
14:03:51.0658 5920 tcpipreg - ok
14:03:51.0674 5920 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
14:03:51.0674 5920 TDPIPE - ok
14:03:51.0705 5920 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
14:03:51.0705 5920 TDTCP - ok
14:03:51.0736 5920 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
14:03:51.0736 5920 tdx - ok
14:03:51.0783 5920 [ 13657DC475DE564247745BF4DA23207C ] Teefer2 C:\Windows\system32\DRIVERS\teefer2.sys
14:03:51.0783 5920 Teefer2 - ok
14:03:51.0814 5920 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
14:03:51.0830 5920 TermDD - ok
14:03:51.0876 5920 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
14:03:51.0908 5920 TermService - ok
14:03:51.0923 5920 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
14:03:51.0923 5920 Themes - ok
14:03:51.0939 5920 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
14:03:51.0939 5920 THREADORDER - ok
14:03:51.0970 5920 [ 1BB77ECCBFA3675B1EE8D6D6D37A1E1E ] TPDIGIMN C:\Windows\system32\DRIVERS\ApsHM64.sys
14:03:51.0986 5920 TPDIGIMN - ok
14:03:52.0032 5920 [ 88F81D810FF16AC65B02643DAF308D4F ] TPHDEXLGSVC C:\Windows\system32\TPHDEXLG64.exe
14:03:52.0048 5920 TPHDEXLGSVC - ok
14:03:52.0126 5920 [ 83415782D47F8064FCAFEA308ABB2246 ] TPHKLOAD C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
14:03:52.0126 5920 TPHKLOAD - ok
14:03:52.0157 5920 [ C04BB65441913AB621C58A8BD3169B23 ] TPHKSVC C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
14:03:52.0173 5920 TPHKSVC - ok
14:03:52.0204 5920 [ DBCC20C02E8A3E43B03C304A4E40A84F ] TPM C:\Windows\system32\drivers\tpm.sys
14:03:52.0235 5920 TPM - ok
14:03:52.0266 5920 [ 7165B5A9B4867F64A6D6935F57D4196B ] TPPWRIF C:\Windows\system32\drivers\Tppwr64v.sys
14:03:52.0298 5920 TPPWRIF - ok
14:03:52.0313 5920 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
14:03:52.0329 5920 TrkWks - ok
14:03:52.0376 5920 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
14:03:52.0376 5920 TrustedInstaller - ok
14:03:52.0422 5920 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
14:03:52.0422 5920 tssecsrv - ok
14:03:52.0454 5920 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
14:03:52.0454 5920 TsUsbFlt - ok
14:03:52.0469 5920 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
14:03:52.0485 5920 TsUsbGD - ok
14:03:52.0516 5920 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
14:03:52.0516 5920 tunnel - ok
14:03:52.0547 5920 [ 4DAAE0413CD4E816258838E2FAFB3147 ] TVTI2C C:\Windows\system32\DRIVERS\Tvti2c.sys
14:03:52.0563 5920 TVTI2C - ok
14:03:52.0578 5920 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
14:03:52.0594 5920 uagp35 - ok
14:03:52.0610 5920 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
14:03:52.0625 5920 udfs - ok
14:03:52.0656 5920 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
14:03:52.0672 5920 UI0Detect - ok
14:03:52.0672 5920 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
14:03:52.0688 5920 uliagpkx - ok
14:03:52.0719 5920 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
14:03:52.0734 5920 umbus - ok
14:03:52.0734 5920 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
14:03:52.0750 5920 UmPass - ok
14:03:52.0781 5920 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
14:03:52.0781 5920 UmRdpService - ok
14:03:52.0812 5920 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
14:03:52.0828 5920 upnphost - ok
14:03:52.0859 5920 [ EBF228A52517042DE4F38A40285BC8D9 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
14:03:52.0890 5920 usbccgp - ok
14:03:52.0937 5920 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
14:03:52.0953 5920 usbcir - ok
14:03:53.0015 5920 [ 6B3D5E6A9DA786EC755B00BC180C700B ] usbehci C:\Windows\system32\drivers\usbehci.sys
14:03:53.0031 5920 usbehci - ok
14:03:53.0062 5920 [ 76E2FFAD301490BA27B947C6507752FB ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys
14:03:53.0078 5920 usbfilter - ok
14:03:53.0109 5920 [ 94ABE9DA48E466BBE84C73E0C6652ED1 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
14:03:53.0140 5920 usbhub - ok
14:03:53.0171 5920 [ 660B2C08CE7103E71EAA26F85B0B0A56 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
14:03:53.0187 5920 usbohci - ok
14:03:53.0234 5920 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
14:03:53.0249 5920 usbprint - ok
14:03:53.0280 5920 [ 6B2566E0B44C14577A40DE521AD92563 ] usbsmi C:\Windows\system32\DRIVERS\SMIksdrv.sys
14:03:53.0312 5920 usbsmi - ok
14:03:53.0327 5920 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:03:53.0343 5920 USBSTOR - ok
14:03:53.0390 5920 [ 1529632FC96032D337B298F8A285D640 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
14:03:53.0405 5920 usbuhci - ok
14:03:53.0436 5920 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
14:03:53.0468 5920 usbvideo - ok
14:03:53.0483 5920 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
14:03:53.0483 5920 UxSms - ok
14:03:53.0499 5920 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
14:03:53.0499 5920 VaultSvc - ok
14:03:53.0530 5920 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
14:03:53.0546 5920 vdrvroot - ok
14:03:53.0561 5920 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
14:03:53.0577 5920 vds - ok
14:03:53.0592 5920 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
14:03:53.0608 5920 vga - ok
14:03:53.0624 5920 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
14:03:53.0639 5920 VgaSave - ok
14:03:53.0639 5920 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
14:03:53.0670 5920 vhdmp - ok
14:03:53.0670 5920 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
14:03:53.0686 5920 viaide - ok
14:03:53.0717 5920 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
14:03:53.0748 5920 vmbus - ok
14:03:53.0764 5920 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
14:03:53.0780 5920 VMBusHID - ok
14:03:53.0795 5920 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
14:03:53.0811 5920 volmgr - ok
14:03:53.0842 5920 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
14:03:53.0842 5920 volmgrx - ok
14:03:53.0873 5920 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
14:03:53.0904 5920 volsnap - ok
14:03:54.0014 5920 [ EA8869FA708554BD8130C91BB985C14D ] vpnagent C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
14:03:54.0029 5920 vpnagent - ok
14:03:54.0060 5920 [ 13E6D95E7AC67ABB7A1196557EF8849F ] vpnva C:\Windows\system32\DRIVERS\vpnva64.sys
14:03:54.0076 5920 vpnva - ok
14:03:54.0092 5920 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
14:03:54.0123 5920 vsmraid - ok
14:03:54.0185 5920 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
14:03:54.0232 5920 VSS - ok
14:03:54.0248 5920 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
14:03:54.0248 5920 vwifibus - ok
14:03:54.0279 5920 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
14:03:54.0279 5920 vwififlt - ok
14:03:54.0310 5920 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
14:03:54.0310 5920 vwifimp - ok
14:03:54.0341 5920 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
14:03:54.0341 5920 W32Time - ok
14:03:54.0357 5920 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
14:03:54.0388 5920 WacomPen - ok
14:03:54.0419 5920 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
14:03:54.0419 5920 WANARP - ok
14:03:54.0435 5920 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
14:03:54.0435 5920 Wanarpv6 - ok
14:03:54.0497 5920 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
14:03:54.0560 5920 WatAdminSvc - ok
14:03:54.0606 5920 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
14:03:54.0638 5920 wbengine - ok
14:03:54.0653 5920 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
14:03:54.0669 5920 WbioSrvc - ok
14:03:54.0684 5920 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
14:03:54.0700 5920 wcncsvc - ok
14:03:54.0716 5920 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
14:03:54.0716 5920 WcsPlugInService - ok
14:03:54.0747 5920 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
14:03:54.0762 5920 Wd - ok
14:03:54.0794 5920 [ A3D04EBF5227886029B4532F20D026F7 ] WDC_SAM C:\Windows\system32\DRIVERS\wdcsam64.sys
14:03:54.0809 5920 WDC_SAM - ok
14:03:54.0840 5920 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
14:03:54.0856 5920 Wdf01000 - ok
14:03:54.0887 5920 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
14:03:54.0887 5920 WdiServiceHost - ok
14:03:54.0903 5920 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
14:03:54.0903 5920 WdiSystemHost - ok
14:03:54.0934 5920 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
14:03:54.0934 5920 WebClient - ok
14:03:54.0965 5920 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
14:03:54.0965 5920 Wecsvc - ok
14:03:54.0981 5920 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
14:03:54.0996 5920 wercplsupport - ok
14:03:55.0012 5920 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
14:03:55.0012 5920 WerSvc - ok
14:03:55.0043 5920 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
14:03:55.0059 5920 WfpLwf - ok
14:03:55.0074 5920 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
14:03:55.0074 5920 WIMMount - ok
14:03:55.0090 5920 WinDefend - ok
14:03:55.0106 5920 WinHttpAutoProxySvc - ok
14:03:55.0168 5920 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
14:03:55.0168 5920 Winmgmt - ok
14:03:55.0230 5920 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
14:03:55.0262 5920 WinRM - ok
14:03:55.0340 5920 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
14:03:55.0355 5920 Wlansvc - ok
14:03:55.0402 5920 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
14:03:55.0402 5920 wlcrasvc - ok
14:03:55.0511 5920 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
14:03:55.0574 5920 wlidsvc - ok
14:03:55.0605 5920 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
14:03:55.0620 5920 WmiAcpi - ok
14:03:55.0652 5920 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
14:03:55.0652 5920 wmiApSrv - ok
14:03:55.0683 5920 WMPNetworkSvc - ok
14:03:55.0714 5920 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
14:03:55.0714 5920 WPCSvc - ok
14:03:55.0730 5920 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
14:03:55.0730 5920 WPDBusEnum - ok
14:03:55.0776 5920 [ 6CAB753B203F39B4CE05FF10013DE2EF ] WPS C:\Windows\system32\drivers\wpsdrvnt.sys
14:03:55.0776 5920 WPS - ok
14:03:55.0808 5920 [ D9B5A13804B7D97770C42DA484A9D86E ] WpsHelper C:\Windows\system32\drivers\WpsHelper.sys
14:03:55.0823 5920 WpsHelper - ok
14:03:55.0839 5920 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
14:03:55.0854 5920 ws2ifsl - ok
14:03:55.0870 5920 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
14:03:55.0870 5920 wscsvc - ok
14:03:55.0886 5920 WSearch - ok
14:03:55.0964 5920 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
14:03:56.0010 5920 wuauserv - ok
14:03:56.0042 5920 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
14:03:56.0042 5920 WudfPf - ok
14:03:56.0073 5920 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
14:03:56.0073 5920 WUDFRd - ok
14:03:56.0088 5920 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
14:03:56.0104 5920 wudfsvc - ok
14:03:56.0120 5920 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
14:03:56.0120 5920 WwanSvc - ok
14:03:56.0166 5920 ================ Scan global ===============================
14:03:56.0198 5920 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
14:03:56.0229 5920 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
14:03:56.0244 5920 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
14:03:56.0276 5920 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
14:03:56.0307 5920 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
14:03:56.0322 5920 [Global] - ok
14:03:56.0322 5920 ================ Scan MBR ==================================
14:03:56.0338 5920 [ 0627613439EB2F9B0B99B6E6487FCA92 ] \Device\Harddisk0\DR0
14:03:56.0681 5920 \Device\Harddisk0\DR0 - ok
14:03:56.0681 5920 ================ Scan VBR ==================================
14:03:56.0697 5920 [ 690576162B03B3990D97A1C950AB6C1B ] \Device\Harddisk0\DR0\Partition1
14:03:56.0697 5920 \Device\Harddisk0\DR0\Partition1 - ok
14:03:56.0712 5920 [ F9A1BCE4A5717081E0928288D8354786 ] \Device\Harddisk0\DR0\Partition2
14:03:56.0712 5920 \Device\Harddisk0\DR0\Partition2 - ok
14:03:56.0744 5920 [ 4B1EA3DA9EBB68794D8B81EB3F9D434E ] \Device\Harddisk0\DR0\Partition3
14:03:56.0744 5920 \Device\Harddisk0\DR0\Partition3 - ok
14:03:56.0759 5920 ============================================================
14:03:56.0759 5920 Scan finished
14:03:56.0759 5920 ============================================================
14:03:56.0775 2484 Detected object count: 0
14:03:56.0775 2484 Actual detected object count: 0
14:05:32.0500 3572 Deinitialize success




aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-11 14:05:41
-----------------------------
14:05:41.219 OS Version: Windows x64 6.1.7601 Service Pack 1
14:05:41.219 Number of processors: 2 586 0x100
14:05:41.219 ComputerName: ANAND UserName:
14:05:42.686 Initialize success
14:06:44.230 AVAST engine defs: 12091100
14:06:51.811 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000079
14:06:51.811 Disk 0 Vendor: WDC_WD32 02.0 Size: 305245MB BusType: 11
14:06:51.827 Disk 0 MBR read successfully
14:06:51.827 Disk 0 MBR scan
14:06:51.842 Disk 0 unknown MBR code
14:06:51.842 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 1200 MB offset 2048
14:06:51.874 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 294043 MB offset 2459648
14:06:51.920 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 10000 MB offset 604659712
14:06:51.983 Disk 0 scanning C:\Windows\system32\drivers
14:07:09.704 Service scanning
14:07:53.712 Modules scanning
14:07:53.728 Disk 0 trace - called modules:
14:07:53.759 ntoskrnl.exe CLASSPNP.SYS disk.sys amdxata.sys ACPI.sys storport.sys hal.dll amdsata.sys
14:07:53.774 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80045c35c0]
14:07:53.790 3 CLASSPNP.SYS[fffff8800165a43f] -> nt!IofCallDriver -> [0xfffffa8004076760]
14:07:53.790 5 amdxata.sys[fffff880011177a8] -> nt!IofCallDriver -> [0xfffffa8004076d30]
14:07:53.806 7 ACPI.sys[fffff88000f7f7a1] -> nt!IofCallDriver -> \Device\00000079[0xfffffa8004076060]
14:07:55.459 AVAST engine scan C:\Windows
14:07:59.624 AVAST engine scan C:\Windows\system32
14:14:28.986 AVAST engine scan C:\Windows\system32\drivers
14:15:09.000 AVAST engine scan C:\Users\ansingla
14:23:33.114 Disk 0 MBR has been saved successfully to "C:\Users\ansingla\Desktop\VIRUS\MBR.dat"
14:23:33.130 The log file has been saved successfully to "C:\Users\ansingla\Desktop\VIRUS\aswMBR.txt"
14:28:12.627 File: C:\Users\ansingla\AppData\Local\Symantec\Sun\gyhjoybfe.dll **INFECTED** Win32:Labedo-A [Trj]
14:31:42.962 AVAST engine scan C:\ProgramData
14:35:36.120 Scan finished successfully
14:58:09.111 Disk 0 MBR has been saved successfully to "C:\Users\ansingla\Desktop\VIRUS\MBR.dat"
14:58:09.126 The log file has been saved successfully to "C:\Users\ansingla\Desktop\VIRUS\aswMBR.txt"

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:14 AM

Posted 11 September 2012 - 07:44 PM

Are you sure ESET scan didnt find threats ????


Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.


Download

adware cleaner

Launch it click on Delete

post the generated log

#5 DexMax

DexMax
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:08:14 AM

Posted 11 September 2012 - 07:46 PM

Yes, ESET spent 1 hour and 52 minutes running the scan and 0 threats were found. I think only the aswMBR is the only one that found a threat (i.e. one of the files was marked as "infected" in the log above).

I will do these other things presently.

-DexMax

#6 DexMax

DexMax
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:08:14 AM

Posted 11 September 2012 - 11:52 PM

Here are the logs in the following order: Malwarebytes, MiniToolBox, FSS, Adware Cleaner.

Thanks again!

Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.09.11.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
ansingla :: ANAND [administrator]

9/11/2012 11:19:18 PM
mbam-log-2012-09-11 (23-19-18).txt

Scan type: Full scan (C:\|Q:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 344336
Time elapsed: 1 hour(s), 14 minute(s), 38 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)




MiniToolBox by Farbar Version: 23-07-2012
Ran by ansingla (administrator) on 12-09-2012 at 00:36:19
Microsoft Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================



========================= IP Configuration: ================================

1x1 11b/g/n Wireless LAN PCI Express Half Mini Card Adapter = Wireless Network Connection (Connected)
Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64 = Local Area Connection 2 (Hardware not present)
Realtek PCIe GBE Family Controller = Local Area Connection (Media disconnected)
Bluetooth Device (Personal Area Network) = Bluetooth Network Connection (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
set interface interface="Local Area Connection 2" forwarding=enabled advertise=enabled metric=1 nud=enabled
add address name="Local Area Connection 2" address=155.41.162.195 mask=255.255.255.255
add address name="Local Area Connection 2" address=155.41.162.163 mask=255.255.255.255


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Anand
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : home

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : E8-9A-8F-89-70-07
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
Physical Address. . . . . . . . . : EC-55-F9-C8-A3-8A
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : home
Description . . . . . . . . . . . : 1x1 11b/g/n Wireless LAN PCI Express Half Mini Card Adapter
Physical Address. . . . . . . . . : EC-55-F9-C8-A3-8A
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::58c4:570:c6d6:d0ef%13(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.6(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Tuesday, September 11, 2012 11:13:59 PM
Lease Expires . . . . . . . . . . : Wednesday, September 12, 2012 11:14:38 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 384587257
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-B5-D4-BE-E8-9A-8F-89-70-07
DNS Servers . . . . . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Bluetooth Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
Physical Address. . . . . . . . . : CC-52-AF-E1-37-51
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{B05846AB-C01B-4032-88DE-8A8306D966C3}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:8b1:147:52cf:844e(Preferred)
Link-local IPv6 Address . . . . . : fe80::8b1:147:52cf:844e%14(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.{A9E83826-21E9-4B9C-A2BF-17914244B60E}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.home:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{2742AEC8-5793-4738-9A72-14107619C337}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: Wireless_Broadband_Router.home
Address: 192.168.1.1

Name: google.com
Addresses: 2607:f8b0:4006:802::1006
173.194.43.6
173.194.43.4
173.194.43.0
173.194.43.7
173.194.43.5
173.194.43.9
173.194.43.2
173.194.43.1
173.194.43.8
173.194.43.14
173.194.43.3


Pinging google.com [74.125.226.193] with 32 bytes of data:
Reply from 74.125.226.193: bytes=32 time=58ms TTL=252
Reply from 74.125.226.193: bytes=32 time=20ms TTL=252

Ping statistics for 74.125.226.193:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 20ms, Maximum = 58ms, Average = 39ms
Server: Wireless_Broadband_Router.home
Address: 192.168.1.1

Name: yahoo.com
Addresses: 72.30.38.140
98.139.183.24
98.138.253.109


Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
Reply from 98.138.253.109: bytes=32 time=206ms TTL=49
Reply from 98.138.253.109: bytes=32 time=86ms TTL=50

Ping statistics for 98.138.253.109:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 86ms, Maximum = 206ms, Average = 146ms
Server: Wireless_Broadband_Router.home
Address: 192.168.1.1

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
23...e8 9a 8f 89 70 07 ......Realtek PCIe GBE Family Controller
21...ec 55 f9 c8 a3 8a ......Microsoft Virtual WiFi Miniport Adapter
13...ec 55 f9 c8 a3 8a ......1x1 11b/g/n Wireless LAN PCI Express Half Mini Card Adapter
12...cc 52 af e1 37 51 ......Bluetooth Device (Personal Area Network)
1...........................Software Loopback Interface 1
26...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
14...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
28...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
29...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
27...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.6 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.6 281
192.168.1.6 255.255.255.255 On-link 192.168.1.6 281
192.168.1.255 255.255.255.255 On-link 192.168.1.6 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.6 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.6 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
14 58 ::/0 On-link
1 306 ::1/128 On-link
14 58 2001::/32 On-link
14 306 2001:0:4137:9e76:8b1:147:52cf:844e/128
On-link
13 281 fe80::/64 On-link
14 306 fe80::/64 On-link
14 306 fe80::8b1:147:52cf:844e/128
On-link
13 281 fe80::58c4:570:c6d6:d0ef/128
On-link
1 306 ff00::/8 On-link
14 306 ff00::/8 On-link
13 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Windows\SysWOW64\wshbth.dll [36352] (Microsoft Corporation)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [47104] (Microsoft Corporation)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (09/11/2012 11:13:58 PM) (Source: Microsoft-Windows-EapHost) (User: NT AUTHORITY)NT AUTHORITY
Description: Skipping: Eap method DLL path validation failed. Error: typeId=88, authorId=0, vendorId=0, vendorType=0

Error: (09/11/2012 11:13:58 PM) (Source: Microsoft-Windows-EapHost) (User: NT AUTHORITY)NT AUTHORITY
Description: Skipping: Eap method DLL path validation failed. Error: typeId=25, authorId=0, vendorId=0, vendorType=0

Error: (09/11/2012 11:13:58 PM) (Source: Microsoft-Windows-EapHost) (User: NT AUTHORITY)NT AUTHORITY
Description: Skipping: Eap method DLL path validation failed. Error: typeId=13, authorId=0, vendorId=0, vendorType=0

Error: (09/11/2012 11:13:58 PM) (Source: Microsoft-Windows-EapHost) (User: NT AUTHORITY)NT AUTHORITY
Description: Skipping: Eap method DLL path validation failed. Error: typeId=43, authorId=9, vendorId=0, vendorType=0

Error: (09/11/2012 11:13:58 PM) (Source: Microsoft-Windows-EapHost) (User: NT AUTHORITY)NT AUTHORITY
Description: Skipping: Eap method DLL path validation failed. Error: typeId=25, authorId=9, vendorId=0, vendorType=0

Error: (09/11/2012 11:13:58 PM) (Source: Microsoft-Windows-EapHost) (User: NT AUTHORITY)NT AUTHORITY
Description: Skipping: Eap method DLL path validation failed. Error: typeId=17, authorId=9, vendorId=0, vendorType=0

Error: (09/11/2012 11:13:56 PM) (Source: Microsoft-Windows-EapHost) (User: NT AUTHORITY)NT AUTHORITY
Description: Skipping: Eap method DLL path validation failed. Error: typeId=88, authorId=0, vendorId=0, vendorType=0

Error: (09/11/2012 11:13:56 PM) (Source: Microsoft-Windows-EapHost) (User: NT AUTHORITY)NT AUTHORITY
Description: Skipping: Eap method DLL path validation failed. Error: typeId=25, authorId=0, vendorId=0, vendorType=0

Error: (09/11/2012 11:13:56 PM) (Source: Microsoft-Windows-EapHost) (User: NT AUTHORITY)NT AUTHORITY
Description: Skipping: Eap method DLL path validation failed. Error: typeId=13, authorId=0, vendorId=0, vendorType=0

Error: (09/11/2012 11:13:56 PM) (Source: Microsoft-Windows-EapHost) (User: NT AUTHORITY)NT AUTHORITY
Description: Skipping: Eap method DLL path validation failed. Error: typeId=43, authorId=9, vendorId=0, vendorType=0


System errors:
=============
Error: (09/11/2012 08:36:37 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.

Error: (09/11/2012 10:44:30 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (09/10/2012 04:55:13 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (08/26/2012 08:39:04 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.

Error: (08/26/2012 02:43:50 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (08/24/2012 10:13:12 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (08/21/2012 01:34:23 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (08/21/2012 00:13:49 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (08/18/2012 03:30:33 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (08/17/2012 02:24:25 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.


Microsoft Office Sessions:
=========================
Error: (09/11/2012 11:13:58 PM) (Source: Microsoft-Windows-EapHost)(User: NT AUTHORITY)NT AUTHORITY
Description: Eap method DLL path88000

Error: (09/11/2012 11:13:58 PM) (Source: Microsoft-Windows-EapHost)(User: NT AUTHORITY)NT AUTHORITY
Description: Eap method DLL path25000

Error: (09/11/2012 11:13:58 PM) (Source: Microsoft-Windows-EapHost)(User: NT AUTHORITY)NT AUTHORITY
Description: Eap method DLL path13000

Error: (09/11/2012 11:13:58 PM) (Source: Microsoft-Windows-EapHost)(User: NT AUTHORITY)NT AUTHORITY
Description: Eap method DLL path43900

Error: (09/11/2012 11:13:58 PM) (Source: Microsoft-Windows-EapHost)(User: NT AUTHORITY)NT AUTHORITY
Description: Eap method DLL path25900

Error: (09/11/2012 11:13:58 PM) (Source: Microsoft-Windows-EapHost)(User: NT AUTHORITY)NT AUTHORITY
Description: Eap method DLL path17900

Error: (09/11/2012 11:13:56 PM) (Source: Microsoft-Windows-EapHost)(User: NT AUTHORITY)NT AUTHORITY
Description: Eap method DLL path88000

Error: (09/11/2012 11:13:56 PM) (Source: Microsoft-Windows-EapHost)(User: NT AUTHORITY)NT AUTHORITY
Description: Eap method DLL path25000

Error: (09/11/2012 11:13:56 PM) (Source: Microsoft-Windows-EapHost)(User: NT AUTHORITY)NT AUTHORITY
Description: Eap method DLL path13000

Error: (09/11/2012 11:13:56 PM) (Source: Microsoft-Windows-EapHost)(User: NT AUTHORITY)NT AUTHORITY
Description: Eap method DLL path43900


=========================== Installed Programs ============================

Access Help (Version: 3.00)
Adobe Flash Player 10 ActiveX (Version: 10.3.181.34)
Adobe Reader 9.4.0 (Version: 9.4.0)
ATI Catalyst Install Manager (Version: 3.0.808.0)
ATI Uninstaller (Version: 8.813.4-110505a-118728C-Lenovo)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (Version: 2011.0506.720.11242)
Catalyst Control Center InstallProxy (Version: 2011.0506.720.11242)
Catalyst Control Center Localization All (Version: 2011.0506.720.11242)
ccc-core-static (Version: 2011.0506.720.11242)
ccc-utility64 (Version: 2011.0506.720.11242)
CCC Help Chinese Standard (Version: 2011.0506.0719.11242)
CCC Help Chinese Traditional (Version: 2011.0506.0719.11242)
CCC Help Czech (Version: 2011.0506.0719.11242)
CCC Help Danish (Version: 2011.0506.0719.11242)
CCC Help Dutch (Version: 2011.0506.0719.11242)
CCC Help English (Version: 2011.0506.0719.11242)
CCC Help Finnish (Version: 2011.0506.0719.11242)
CCC Help French (Version: 2011.0506.0719.11242)
CCC Help German (Version: 2011.0506.0719.11242)
CCC Help Greek (Version: 2011.0506.0719.11242)
CCC Help Hungarian (Version: 2011.0506.0719.11242)
CCC Help Italian (Version: 2011.0506.0719.11242)
CCC Help Japanese (Version: 2011.0506.0719.11242)
CCC Help Korean (Version: 2011.0506.0719.11242)
CCC Help Norwegian (Version: 2011.0506.0719.11242)
CCC Help Polish (Version: 2011.0506.0719.11242)
CCC Help Portuguese (Version: 2011.0506.0719.11242)
CCC Help Russian (Version: 2011.0506.0719.11242)
CCC Help Spanish (Version: 2011.0506.0719.11242)
CCC Help Swedish (Version: 2011.0506.0719.11242)
CCC Help Thai (Version: 2011.0506.0719.11242)
CCC Help Turkish (Version: 2011.0506.0719.11242)
Cisco AnyConnect VPN Client (Version: 2.5.3041)
Cisco EAP-FAST Module (Version: 2.2.14)
Cisco LEAP Module (Version: 1.0.19)
Cisco PEAP Module (Version: 1.1.6)
Citrix Presentation Server Client (Version: 10.150.58643)
Conexant HD Audio (Version: 8.32.27.51)
Create Recovery Media (Version: 1.20.0.00)
D3DX10 (Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dropbox (Version: 1.4.7)
ESET Online Scanner v3
Google Talk Plugin (Version: 3.5.1.8982)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.4.3203.136)
Google Update Helper (Version: 1.3.21.115)
Integrated Camera (Version: 5.50.3.0)
J2SE Runtime Environment 5.0 Update 12 (Version: 1.5.0.120)
Java Auto Updater (Version: 2.0.7.1)
Java™ 6 Update 31 (Version: 6.0.310)
Junk Mail filter update (Version: 15.4.3502.0922)
Lenovo Auto Scroll Utility (Version: 1.11)
Lenovo Patch Utility (Version: 1.0.1.1)
Lenovo Patch Utility (Version: 1.3.0.007)
Lenovo Patch Utility 64 bit (Version: 1.2.0.1)
Lenovo Patch Utility 64 bit (Version: 1.3.0.007)
Lenovo Registration (Version: 1.0.2)
Lenovo Screen Reading Optimizer (Version: 1.10)
Lenovo System Interface Driver (Version: 1.05)
Lenovo ThinkVantage Toolbox (Version: 6.0.5849.23)
Lenovo Warranty Information (Version: 1.0.0005.00)
Lenovo Welcome (Version: 2.02.003.0)
LiveUpdate 3.3 (Symantec Corporation) (Version: 3.3.0.92)
Malwarebytes Anti-Malware version 1.65.0.1400 (Version: 1.65.0.1400)
Mesh Runtime (Version: 15.4.5722.2)
Message Center Plus (Version: 2.0.0012.00)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access database engine 2007 (English) (Version: 12.0.6612.1000)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft WSE 3.0 Runtime (Version: 3.0.5305.0)
MKSAP 15 (Version: )
Mobile Broadband (Version: 3.6.0034)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
On Screen Display (Version: 6.60.03)
Realtek Ethernet Controller Driver (Version: 7.42.304.2011)
Realtek USB 2.0 Card Reader (Version: 6.1.7600.30122)
Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 (Version: 1.00)
SAS 9.2 (32) (Version: 9.2)
SAS BI Web Services for .Net (Version: 9.2)
SAS Client Connection Profile Configuration 9.2
SAS Deployment Tester - Client 1.3
SAS Deployment Tester - Server 1.3
SAS Deployment Tester 1.3 for SAS Management Console
SAS Drivers for JDBC 9.2
SAS Drivers for ODBC (Version: 9.2)
SAS Enterprise Guide 4.2 (Version: 4.2)
SAS Foundation Services 9.2
SAS Help Viewer for the Web
SAS Intelligence Platform Object Framework 9.2
SAS Locale Setup Manager 2.1
SAS Management Console 9.2
SAS OnlineDoc 9.2 for the Web
SAS OnlineDoc 9.2 for Windows (Version: 9.2)
SAS Package Reader 9.2
SAS PC Files Server 9.2 (Version: 9.2)
SAS Personal Login Manager 9.2
SAS Power and Sample Size 3.1
SAS Remote Browser Server
SAS SQL Library for C 9.2
SAS Universal Viewer 1.1 (Version: 1.1)
SAS Versioned Jar Repository 9.2
SAS Web Application Themes 9.2
SAS Web Infrastructure Client 4.2
SAS Web Infrastructure Platform 9.2
SAS XML Mapper 9.2
SAS/ETS Model Editor 9.2
SAS/GRAPH NV Workshop 2.1 (Version: 9.2)
SAS/GRAPH ODS Graphics Editor 9.2
SAS/IML Studio 3.2 (Version: 3.2)
SAS/SECURE Java 9.2
Scalable Performance Data Server Plug-in 4.5 for SAS Management Console
Symantec Endpoint Protection (Version: 11.0.5002.333)
System Update (Version: 4.03.0012)
ThinkPad Bluetooth with Enhanced Data Rate Software (Version: 6.2.1.2500)
ThinkPad FullScreen Magnifier (Version: 2.40)
ThinkPad Power Management Driver (Version: 1.65.05.20)
ThinkPad Power Manager (Version: 3.66)
ThinkPad UltraNav Driver (Version: 15.3.39.1)
ThinkPad UltraNav Utility (Version: 2.13.0)
ThinkPad Wireless LAN Adapter Software (Version: 1.00.0029.4)
ThinkVantage Access Connections (Version: 5.85)
ThinkVantage Active Protection System (Version: 1.75)
ThinkVantage Communications Utility (Version: 2.09)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598289) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Usmleworld QBank
Usmleworld Step3 CCS
VLC media player 2.0.0 (Version: 2.0.0)
Windows Driver Package - AMD (amdsata) HDC (04/07/2010 1.2.001.197) (Version: 04/07/2010 1.2.001.197)
Windows Driver Package - AMD USB (03/30/2010 1.0.0.5) (Version: 03/30/2010 1.0.0.5)
Windows Driver Package - Broadcom (BTHUSB) Bluetooth (04/08/2010 6.3.5.430) (Version: 04/08/2010 6.3.5.430)
Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) (Version: 07/28/2009 6.2.0.9800)
Windows Driver Package - Lenovo 1.61.00.11 (11/11/2010 1.61.00.11) (Version: 11/11/2010 1.61.00.11)
Windows Driver Package - Synaptics (SynTP) Mouse (03/24/2011 15.2.19.0) (Version: 03/24/2011 15.2.19.0)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3555.0308)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
WMV9/VC-1 Video Playback (Version: 1.00.0000)

========================= Memory info: ===================================

Percentage of memory in use: 64%
Total physical RAM: 3688.17 MB
Available physical RAM: 1296.94 MB
Total Pagefile: 7374.54 MB
Available Pagefile: 5161.57 MB
Total Virtual: 4095.88 MB
Available Virtual: 3973.03 MB

========================= Partitions: =====================================

1 Drive c: (Windows7_OS) (Fixed) (Total:287.15 GB) (Free:234.75 GB) NTFS
2 Drive q: (Lenovo_Recovery) (Fixed) (Total:9.77 GB) (Free:0.02 GB) NTFS

========================= Users: ========================================

User accounts for \\ANAND

Administrator ansingla Guest


**** End of log ****







Farbar Service Scanner Version: 06-08-2012
Ran by ansingla (administrator) on 12-09-2012 at 00:41:07
Running from "C:\Users\ansingla\Desktop\VIRUS"
Microsoft Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****







# AdwCleaner v2.001 - Logfile created 09/12/2012 at 00:43:30
# Updated 09/09/2012 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : ansingla - ANAND
# Boot Mode : Normal
# Running from : C:\Users\ansingla\Desktop\VIRUS\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Restored : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

*************************

AdwCleaner[R1].txt - [784 octets] - [12/09/2012 00:43:07]
AdwCleaner[S1].txt - [1335 octets] - [12/09/2012 00:43:30]

########## EOF - C:\AdwCleaner[S1].txt - [1395 octets] ##########

#7 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:14 AM

Posted 12 September 2012 - 02:12 AM

Download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here


Download

Autoruns

Extract and launch autoruns.exe

Allow the scan to get finished

Now click on FILE-SAVE

Filename:Autoruns.txt
Save as :Text

Paste the text contents here

#8 DexMax

DexMax
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:08:14 AM

Posted 12 September 2012 - 03:59 PM

Rkill and Autoruns were completed. Here are the logs...

Thanks again for your help...






Rkill 2.3.11 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 09/12/2012 04:54:08 PM in x64 mode.
Windows Version: Windows 7 Professional Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Defender Disabled

[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

* Windows Defender (WinDefend) is not Running.
Startup Type set to: Manual

Searching for Missing Digital Signatures:

* No issues found.

Program finished at: 09/12/2012 04:54:16 PM
Execution time: 0 hours(s), 0 minute(s), and 8 seconds(s)




"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "AcWin7Hlpr" "Access Connections Toolbar Enabler Module" "Lenovo" "c:\program files (x86)\lenovo\access connections\actbenabler.exe"
+ "ForteConfig" "FMAPP Application" "" "c:\program files\conexant\forteconfig\fmapp.exe"
+ "LENOVO.TPKNRRES" "Microphone volume control module" "Lenovo Group Limited" "c:\program files\lenovo\communications utility\tpknrres.exe"
+ "SmartAudio" "SmartAudio Control Panel application" "Conexant Systems, Inc." "c:\program files\conexant\saii\saiicpl.exe"
+ "SynTPEnh" "Synaptics TouchPad Enhancements" "Synaptics Incorporated" "c:\program files\synaptics\syntp\syntpenh.exe"
+ "TpShocks" "ThinkVantage Active Protection System" "Lenovo." "c:\windows\system32\tpshocks.exe"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Adobe ARM" "Adobe Reader and Acrobat Manager" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\arm\1.0\adobearm.exe"
+ "BCSSync" "Microsoft Office 2010 component" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\bcssync.exe"
+ "ccApp" "Symantec User Session" "Symantec Corporation" "c:\program files (x86)\common files\symantec shared\ccapp.exe"
+ "Lenovo Registration" "Lenovo Registration" "Lenovo, Inc." "c:\program files (x86)\lenovo registration\lenovoreg.exe"
+ "PWMTRV" "ThinkPad Power Manager Background Monitor and Tray Battery Gauge" "Lenovo Group Limited" "c:\program files (x86)\thinkpad\utilities\pwmtr64v.dll"
+ "StartCCC" "Catalyst® Control Center Launcher" "Advanced Micro Devices, Inc." "c:\program files (x86)\ati technologies\ati.ace\core-static\clistart.exe"
+ "SunJavaUpdateSched" "Java™ Update Scheduler" "Sun Microsystems, Inc." "c:\program files (x86)\common files\java\java update\jusched.exe"
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup" "" "" ""
+ "Bluetooth.lnk" "Bluetooth Tray Application" "Broadcom Corporation." "c:\program files\thinkpad\bluetooth software\bttray.exe"
"C:\Users\ansingla\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup" "" "" ""
+ "Dropbox.lnk" "Dropbox" "Dropbox, Inc." "c:\users\ansingla\appdata\roaming\dropbox\bin\dropbox.exe"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Microsoft Windows" "Windows Mail" "Microsoft Corporation" "c:\program files\windows mail\winmail.exe"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Microsoft Windows" "Windows Mail" "Microsoft Corporation" "c:\program files (x86)\windows mail\winmail.exe"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Google Update" "Google Installer" "Google Inc." "c:\users\ansingla\appdata\local\google\update\googleupdate.exe"
+ "Sun" "MotionWavelets Video Codec" "Aware Inc." "c:\users\ansingla\appdata\local\symantec\sun\gyhjoybfe.dll"
"HKLM\SOFTWARE\Classes\Protocols\Filter" "" "" ""
+ "text/xml" "Microsoft Office XML MIME Filter" "Microsoft Corporation" "c:\program files\common files\microsoft shared\office14\msoxmlmf.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks" "" "" ""
+ "Groove GFS Stub Execution Hook" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks" "" "" ""
+ "Groove GFS Stub Execution Hook" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\grooveex.dll"
"HKCU\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "DropboxExt" "Dropbox Shell Extension" "Dropbox, Inc." "c:\users\ansingla\appdata\roaming\dropbox\bin\dropboxext64.14.dll"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "XXX Groove GFS Context Menu Handler XXX" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
"HKLM\Software\Wow6432Node\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "LDVPMenu" "Symantec AntiVirus" "Symantec Corporation" "c:\program files (x86)\symantec\symantec endpoint protection\vpshell2.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\grooveex.dll"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
"HKLM\Software\Wow6432Node\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "XXX Groove GFS Context Menu Handler XXX" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\grooveex.dll"
"HKCU\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "DropboxExt" "Dropbox Shell Extension" "Dropbox, Inc." "c:\users\ansingla\appdata\roaming\dropbox\bin\dropboxext64.14.dll"
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "XXX Groove GFS Context Menu Handler XXX" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
"HKLM\Software\Wow6432Node\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "XXX Groove GFS Context Menu Handler XXX" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\grooveex.dll"
"HKLM\Software\Classes\Directory\Shellex\CopyHookHandlers" "" "" ""
+ "Monitor" "BTNCopy Module" "Broadcom Corporation." "c:\program files\thinkpad\bluetooth software\btncopy.dll"
"HKCU\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "DropboxExt" "Dropbox Shell Extension" "Dropbox, Inc." "c:\users\ansingla\appdata\roaming\dropbox\bin\dropboxext64.14.dll"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "ACE" "AMD Desktop Control Panel" "Advanced Micro Devices, Inc." "c:\program files (x86)\ati technologies\ati.ace\core-static\atiacm64.dll"
+ "Gadgets" "Sidebar droptarget" "Microsoft Corporation" "c:\program files\windows sidebar\sbdrop.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
"HKLM\Software\Wow6432Node\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "Gadgets" "Sidebar droptarget" "Microsoft Corporation" "c:\program files (x86)\windows sidebar\sbdrop.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\grooveex.dll"
"HKLM\Software\Wow6432Node\Classes\Folder\Shellex\ColumnHandlers" "" "" ""
+ "PDF Shell Extension" "PDF Shell Extension" "Adobe Systems, Inc." "c:\program files (x86)\common files\adobe\acrobat\activex\pdfshell.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
"HKLM\Software\Wow6432Node\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "LDVPMenu" "Symantec AntiVirus" "Symantec Corporation" "c:\program files (x86)\symantec\symantec endpoint protection\vpshell2.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\grooveex.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers" "" "" ""
+ "DropboxExt1" "Dropbox Shell Extension" "Dropbox, Inc." "c:\users\ansingla\appdata\roaming\dropbox\bin\dropboxext64.14.dll"
+ "DropboxExt2" "Dropbox Shell Extension" "Dropbox, Inc." "c:\users\ansingla\appdata\roaming\dropbox\bin\dropboxext64.14.dll"
+ "DropboxExt3" "Dropbox Shell Extension" "Dropbox, Inc." "c:\users\ansingla\appdata\roaming\dropbox\bin\dropboxext64.14.dll"
+ "DropboxExt4" "Dropbox Shell Extension" "Dropbox, Inc." "c:\users\ansingla\appdata\roaming\dropbox\bin\dropboxext64.14.dll"
+ "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
+ "Groove Explorer Icon Overlay 2 (GFS Stub)" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
+ "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
+ "Groove Explorer Icon Overlay 3 (GFS Folder)" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
+ "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers" "" "" ""
+ "DropboxExt1" "Dropbox Shell Extension" "Dropbox, Inc." "c:\users\ansingla\appdata\roaming\dropbox\bin\dropboxext.14.dll"
+ "DropboxExt2" "Dropbox Shell Extension" "Dropbox, Inc." "c:\users\ansingla\appdata\roaming\dropbox\bin\dropboxext.14.dll"
+ "DropboxExt3" "Dropbox Shell Extension" "Dropbox, Inc." "c:\users\ansingla\appdata\roaming\dropbox\bin\dropboxext.14.dll"
+ "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\grooveex.dll"
+ "Groove Explorer Icon Overlay 2 (GFS Stub)" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\grooveex.dll"
+ "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\grooveex.dll"
+ "Groove Explorer Icon Overlay 3 (GFS Folder)" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\grooveex.dll"
+ "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\grooveex.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "Google Toolbar Helper" "Google Toolbar" "Google Inc." "c:\program files (x86)\google\google toolbar\googletoolbar_64.dll"
+ "Groove GFS Browser Helper" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
+ "Office Document Cache Handler" "Microsoft Office Document Cache Handler" "Microsoft Corporation" "c:\program files\microsoft office\office14\urlredir.dll"
+ "Windows Live ID Sign-in Helper" "Microsoft® Windows Live ID Login Helper" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll"
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "Adobe PDF Link Helper" "Adobe PDF Helper for Internet Explorer" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\acrobat\activex\acroiehelpershim.dll"
+ "Google Toolbar Helper" "Google Toolbar" "Google Inc." "c:\program files (x86)\google\google toolbar\googletoolbar_32.dll"
+ "Groove GFS Browser Helper" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\grooveex.dll"
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "Sun Microsystems, Inc." "c:\program files (x86)\java\jre6\bin\jp2ssv.dll"
+ "Java™ Plug-In SSV Helper" "Java™ Platform SE binary" "Sun Microsystems, Inc." "c:\program files (x86)\java\jre6\bin\ssv.dll"
+ "Office Document Cache Handler" "Microsoft Office Document Cache Handler" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\urlredir.dll"
+ "Windows Live ID Sign-in Helper" "Microsoft® Windows Live ID Login Helper" "Microsoft Corp." "c:\program files (x86)\common files\microsoft shared\windows live\windowslivelogin.dll"
"HKLM\Software\Microsoft\Internet Explorer\Toolbar" "" "" ""
+ "Google Toolbar" "Google Toolbar" "Google Inc." "c:\program files (x86)\google\google toolbar\googletoolbar_64.dll"
"HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar" "" "" ""
+ "Google Toolbar" "Google Toolbar" "Google Inc." "c:\program files (x86)\google\google toolbar\googletoolbar_32.dll"
"HKLM\Software\Microsoft\Internet Explorer\Extensions" "" "" ""
+ "OneNote Lin&ked Notes" "Microsoft OneNote Internet Explorer Add-in" "Microsoft Corporation" "c:\program files\microsoft office\office14\onbttnielinkednotes.dll"
+ "Se&nd to OneNote" "Microsoft OneNote Internet Explorer Add-in" "Microsoft Corporation" "c:\program files\microsoft office\office14\onbttnie.dll"
+ "Send to &Bluetooth Device..." "" "" "c:\program files\thinkpad\bluetooth software\btsendto_ie.htm"
"HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Extensions" "" "" ""
+ "&Blog This in Windows Live Writer" "Windows Live Writer Blog This Extension" "Microsoft Corporation" "c:\program files (x86)\windows live\writer\writerbrowserextension.dll"
+ "OneNote Lin&ked Notes" "Microsoft OneNote Internet Explorer Add-in" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\onbttnielinkednotes.dll"
+ "Se&nd to OneNote" "Microsoft OneNote Internet Explorer Add-in" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\onbttnie.dll"
+ "Send to &Bluetooth Device..." "" "" "c:\program files\thinkpad\bluetooth software\btsendto_ie.htm"
"Task Scheduler" "" "" ""
+ "\GoogleUpdateTaskUserS-1-5-21-2714946229-3663360230-2566735870-1000Core" "Google Installer" "Google Inc." "c:\users\ansingla\appdata\local\google\update\googleupdate.exe"
+ "\GoogleUpdateTaskUserS-1-5-21-2714946229-3663360230-2566735870-1000UA" "Google Installer" "Google Inc." "c:\users\ansingla\appdata\local\google\update\googleupdate.exe"
+ "\Lenovo\SROptimizer" "Lenovo Screen Reading Optimizer Resident Module" "Lenovo Group Limited" "c:\program files (x86)\lenovo\screen reading optimizer\srorest.exe"
+ "\MCP" "Message Center Plus Launcher" "" "c:\program files (x86)\lenovo\message center plus\mcplaunch.exe"
+ "\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task" "Windows Live Social Object Extractor Engine" "Microsoft Corporation" "c:\program files (x86)\windows live\soxe\wlsoxe.dll"
+ "\Microsoft\Windows\NetTrace\GatherNetworkInfo" "" "" "c:\windows\system32\gathernetworkinfo.vbs"
+ "\Microsoft\Windows\Windows Media Sharing\UpdateLibrary" "Windows Media Player Network Sharing Service Configuration Application" "Microsoft Corporation" "c:\program files\windows media player\wmpnscfg.exe"
+ "\PCDEventLauncher" "PC-Doctor Module" "PC-Doctor, Inc." "c:\program files\pc-doctor\sessionchecker.exe"
+ "\PCDoctorBackgroundMonitorTask" "PC-Doctor Module" "PC-Doctor, Inc." "c:\program files\pc-doctor\uaclauncher.exe"
+ "\PMTask" "ThinkPad Power Manager Idle Task" "Lenovo Group Limited" "c:\program files (x86)\thinkpad\utilities\pwmidtsv.exe"
+ "\SystemToolsDailyTest" "PC-Doctor Module" "PC-Doctor, Inc." "c:\program files\pc-doctor\uaclauncher.exe"
+ "\TVT\TVSUUpdateTask_Anand_ansingla" "TVSU Application" "" "c:\program files (x86)\lenovo\system update\tvsu.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "AcPrfMgrSvc" "ThinkVantage Access Connections Profile Manager Service" "Lenovo" "c:\program files (x86)\lenovo\access connections\acprfmgrsvc.exe"
+ "AcSvc" "ThinkVantage Access Connections Main Service" "Lenovo" "c:\program files (x86)\lenovo\access connections\acsvc.exe"
+ "AMD External Events Utility" "AMD External Events Service Module" "AMD" "c:\windows\system32\atiesrxx.exe"
+ "btwdins" "Handles installation and removal of Bluetooth devices." "Broadcom Corporation." "c:\program files\thinkpad\bluetooth software\btwdins.exe"
+ "ccEvtMgr" "Event propagation and logging service" "Symantec Corporation" "c:\program files (x86)\common files\symantec shared\ccsvchst.exe"
+ "ccSetMgr" "Settings storage and management service" "Symantec Corporation" "c:\program files (x86)\common files\symantec shared\ccsvchst.exe"
+ "CxAudMsg" "Monitors audio device events and forward them to subscribing application. If this service is stop. the aduio effects will not function properly." "Conexant Systems Inc." "c:\windows\system32\cxaudmsg64.exe"
+ "gupdate" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files (x86)\google\update\googleupdate.exe"
+ "gupdatem" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files (x86)\google\update\googleupdate.exe"
+ "gusvc" "Google Updater keeps your Google software up to date. If Google Updater Service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work." "Google" "c:\program files (x86)\google\common\google updater\googleupdaterservice.exe"
+ "IBMPMSVC" "ThinkPad Power Management Service" "Lenovo." "c:\windows\system32\ibmpmsvc.exe"
+ "LENOVO.CAMMUTE" "Camera Mute Control Service for ThinkPad" "Lenovo Group Limited" "c:\program files\lenovo\communications utility\cammute.exe"
+ "LENOVO.MICMUTE" "Microphone Mute Controll Service for ThinkPad" "Lenovo Group Limited" "c:\program files\lenovo\hotkey\micmute.exe"
+ "LENOVO.TPKNRSVC" "Microphone volume control service" "Lenovo Group Limited" "c:\program files\lenovo\communications utility\tpknrsvc.exe"
+ "Lenovo.VIRTSCRLSVC" "Auto Scroll Start Service" "Lenovo Group Limited" "c:\program files\lenovo\virtscrl\lvvsst.exe"
+ "LiveUpdate" "LiveUpdate Core Engine" "Symantec Corporation" "c:\program files (x86)\symantec\liveupdate\lucomserver_3_3.exe"
+ "Microsoft SharePoint Workspace Audit Service" "Microsoft SharePoint Workspace" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\groove.exe"
+ "ose" "Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports." "Microsoft Corporation" "c:\program files (x86)\common files\microsoft shared\source engine\ose.exe"
+ "osppsvc" "Office Software Protection Platform Service (unlocalized description)" "Microsoft Corporation" "c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\osppsvc.exe"
+ "Power Manager DBC Service" "Power Manager Dynamic Brightness Control Service" "Lenovo" "c:\program files (x86)\thinkpad\utilities\pwmdbsvc.exe"
+ "PwmEWSvc" "Power Manager Cisco EnergyWise Enabler" "Lenovo Group Limited" "c:\program files (x86)\thinkpad\utilities\pwmewsvc.exe"
+ "SAS PC Files Server" "Enables SAS/ACCESS interface to PC files, such as Excel and MS Access." "" "c:\program files\sas\pcfilesserver\9.2\pcfservice.exe"
+ "SAService" "SmartAudio Helper service" "Conexant Systems, Inc." "c:\windows\syswow64\sasrv.exe"
+ "SmcService" "Provides communication with the Symantec Endpoint Protection Manager. It also provides network threat protection and application and device control for the client." "Symantec Corporation" "c:\program files (x86)\symantec\symantec endpoint protection\smc.exe"
+ "SROSVC" "Lenovo Screen Reading Optimizer Service" "Lenovo Group Limited" "c:\program files (x86)\lenovo\screen reading optimizer\srosvc.exe"
+ "SUService" "ThinkVantage System Update" "Lenovo Group Limited" "c:\program files (x86)\lenovo\system update\suservice.exe"
+ "Symantec AntiVirus" "Provides virus-scanning for Symantec Endpoint Protection." "Symantec Corporation" "c:\program files (x86)\symantec\symantec endpoint protection\rtvscan.exe"
+ "TPHDEXLGSVC" "ThinkVantage Active Protection System - HDD Logger Module" "Lenovo." "c:\windows\system32\tphdexlg64.exe"
+ "TPHKLOAD" "ThinkPad Message Client Loader" "Lenovo Group Limited" "c:\program files\lenovo\hotkey\tphkload.exe"
+ "TPHKSVC" "On screen display Fn+Fx handler" "Lenovo Group Limited" "c:\program files\lenovo\hotkey\tphksvc.exe"
+ "vpnagent" "Cisco AnyConnect VPN Agent for Windows" "Cisco Systems, Inc." "c:\program files (x86)\cisco\cisco anyconnect vpn client\vpnagent.exe"
+ "WinDefend" "Protection against spyware and potentially unwanted software" "Microsoft Corporation" "c:\program files\windows defender\mpsvc.dll"
+ "wlidsvc" "Enables Windows Live ID authentication." "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidsvc.exe"
+ "WMPNetworkSvc" "Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play" "Microsoft Corporation" "c:\program files\windows media player\wmpnetwk.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "adp94xx" "Adaptec Windows SAS/SATA Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adp94xx.sys"
+ "adpahci" "Adaptec Windows SATA Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adpahci.sys"
+ "adpu320" "Adaptec StorPort Ultra320 SCSI Driver (X64)" "Adaptec, Inc." "c:\windows\system32\drivers\adpu320.sys"
+ "aliide" "ALi mini IDE Driver" "Acer Laboratories Inc." "c:\windows\system32\drivers\aliide.sys"
+ "amdkmdag" "ATI Radeon Kernel Mode Driver" "ATI Technologies Inc." "c:\windows\system32\drivers\atikmdag.sys"
+ "amdkmdap" "AMD multi-vendor Miniport Driver" "Advanced Micro Devices, Inc." "c:\windows\system32\drivers\atikmpag.sys"
+ "amdsata" "AHCI 1.2 Device Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdsata.sys"
+ "amdsbs" "AMD Technology AHCI Compatible Controller Driver for Windows - AMD64 platform" "AMD Technologies Inc." "c:\windows\system32\drivers\amdsbs.sys"
+ "amdxata" "Stor Filter Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdxata.sys"
+ "arc" "Adaptec RAID Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\arc.sys"
+ "arcsas" "Adaptec SAS RAID WS03 Driver" "Adaptec, Inc." "c:\windows\system32\drivers\arcsas.sys"
+ "AtiHDAudioService" "AMD High Definition Audio Function Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\atihdw76.sys"
+ "b06bdrv" "Broadcom NetXtreme II GigE VBD" "Broadcom Corporation" "c:\windows\system32\drivers\bxvbda.sys"
+ "b57nd60a" "Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver." "Broadcom Corporation" "c:\windows\system32\drivers\b57nd60a.sys"
+ "BrFiltLo" "Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltlo.sys"
+ "BrFiltUp" "Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltup.sys"
+ "Brserid" "Brotehr Serial I/F Driver (WDM)" "Brother Industries Ltd." "c:\windows\system32\drivers\brserid.sys"
+ "BrSerWdm" "Brother Serial driver (WDM version)" "Brother Industries Ltd." "c:\windows\system32\drivers\brserwdm.sys"
+ "BrUsbMdm" "Brother USB MDM Driver " "Brother Industries Ltd." "c:\windows\system32\drivers\brusbmdm.sys"
+ "BrUsbSer" "Brother USB Serial Driver" "Brother Industries Ltd." "c:\windows\system32\drivers\brusbser.sys"
+ "btusbflt" "Widcomm Bluetooth USB Filter for Windows XP" "Broadcom Corporation." "c:\windows\system32\drivers\btusbflt.sys"
+ "btwaudio" "Bluetooth Audio Device" "Broadcom Corporation." "c:\windows\system32\drivers\btwaudio.sys"
+ "btwavdt" "Broadcom Bluetooth AVDT Service" "Broadcom Corporation." "c:\windows\system32\drivers\btwavdt.sys"
+ "btwl2cap" "Broadcom Bluetooth L2CAP Service" "Broadcom Corporation." "c:\windows\system32\drivers\btwl2cap.sys"
+ "btwrchid" "Bluetooth Remote Control HID Minidriver" "Broadcom Corporation." "c:\windows\system32\drivers\btwrchid.sys"
+ "cmdide" "CMD PCI IDE Bus Driver" "CMD Technology, Inc." "c:\windows\system32\drivers\cmdide.sys"
+ "CnxtHdAudService" "64-bit High Definition Audio Function Driver" "Conexant Systems Inc." "c:\windows\system32\drivers\chdrt64.sys"
+ "ebdrv" "Broadcom NetXtreme II 10 GigE VBD" "Broadcom Corporation" "c:\windows\system32\drivers\evbda.sys"
+ "eeCtrl" "Symantec Eraser Control Driver" "Symantec Corporation" "c:\program files (x86)\common files\symantec shared\eengine\eectrl64.sys"
+ "elxstor" "Storport Miniport Driver for LightPulse HBAs" "Emulex" "c:\windows\system32\drivers\elxstor.sys"
+ "EraserUtilRebootDrv" "Symantec Eraser Utility Driver" "Symantec Corporation" "c:\program files (x86)\common files\symantec shared\eengine\eraserutilrebootdrv.sys"
+ "hcw85cir" "Hauppauge WinTV 885 Consumer IR Driver for eHome" "Hauppauge Computer Works, Inc." "c:\windows\system32\drivers\hcw85cir.sys"
+ "HpSAMD" "Smart Array SAS/SATA Controller Media Driver" "Hewlett-Packard Company" "c:\windows\system32\drivers\hpsamd.sys"
+ "iaStorV" "Intel Matrix Storage Manager driver - x64" "Intel Corporation" "c:\windows\system32\drivers\iastorv.sys"
+ "IBMPMDRV" "ThinkPad Power Management Driver" "Lenovo." "c:\windows\system32\drivers\ibmpmdrv.sys"
+ "iirsp" "Intel/ICP Raid Storport Driver" "Intel Corp./ICP vortex GmbH" "c:\windows\system32\drivers\iirsp.sys"
+ "lenovo.smi" "SMI Driver for Lenovo system" "Lenovo Group Limited" "c:\windows\system32\drivers\smiifx64.sys"
+ "LSI_FC" "LSI Fusion-MPT FC Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_fc.sys"
+ "LSI_SAS" "LSI Fusion-MPT SAS Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas.sys"
+ "LSI_SAS2" "LSI SAS Gen2 Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas2.sys"
+ "LSI_SCSI" "LSI Fusion-MPT SCSI Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_scsi.sys"
+ "megasas" "MEGASAS RAID Controller Driver for Windows 7\Server 2008 R2 for x64" "LSI Corporation" "c:\windows\system32\drivers\megasas.sys"
+ "MegaSR" "LSI MegaRAID Software RAID Driver" "LSI Corporation, Inc." "c:\windows\system32\drivers\megasr.sys"
+ "NAVENG" "AV Engine" "Symantec Corporation" "c:\programdata\symantec\definitions\virusdefs\20120911.002\eng64.sys"
+ "NAVEX15" "AV Engine" "Symantec Corporation" "c:\programdata\symantec\definitions\virusdefs\20120911.002\ex64.sys"
+ "nfrd960" "IBM ServeRAID Controller Driver" "IBM Corporation" "c:\windows\system32\drivers\nfrd960.sys"
+ "nvraid" "NVIDIA® nForce™ RAID Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvraid.sys"
+ "nvstor" "NVIDIA® nForce™ Sata Performance Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvstor.sys"
+ "PCDSRVC{127174DC-C366ED8B-06020200}_0" "Kernel Driver" "PC-Doctor, Inc." "c:\program files\pc-doctor\pcdsrvc_x64.pkms"
+ "psadd" "SMBIOS Driver" "Lenovo Information Product(ShenZhen China) Inc." "c:\windows\system32\drivers\psadd.sys"
+ "ql2300" "QLogic Fibre Channel Stor Miniport Driver" "QLogic Corporation" "c:\windows\system32\drivers\ql2300.sys"
+ "ql40xx" "QLogic iSCSI Storport Miniport Driver" "QLogic Corporation" "c:\windows\system32\drivers\ql40xx.sys"
+ "RSUSBSTOR" "Realtek USB Mass Storage Driver for 2K/XP/Vista/Win7" "Realtek Semiconductor Corp." "c:\windows\system32\drivers\rtsustor.sys"
+ "RTL8167" "Realtek 8136/8168/8169 NDIS 6.20 64-bit Driver " "Realtek " "c:\windows\system32\drivers\rt64win7.sys"
+ "RTL8192Ce" "Realtek RTL81892CE NDIS Driverr" "Realtek Semiconductor Corporation " "c:\windows\system32\drivers\rtl8192ce.sys"
+ "secdrv" "Macrovision SECURITY Driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys"
+ "Shockprf" "Shockproof Disk Driver" "Lenovo." "c:\windows\system32\drivers\apsx64.sys"
+ "SiSRaid2" "SiS RAID Stor Miniport Driver" "Silicon Integrated Systems Corp." "c:\windows\system32\drivers\sisraid2.sys"
+ "SiSRaid4" "SiS AHCI Stor-Miniport Driver" "Silicon Integrated Systems" "c:\windows\system32\drivers\sisraid4.sys"
+ "SRTSP" "Symantec AutoProtect" "Symantec Corporation" "c:\windows\system32\drivers\srtsp64.sys"
+ "SRTSPL" "Symantec AutoProtect" "Symantec Corporation" "c:\windows\system32\drivers\srtspl64.sys"
+ "SRTSPX" "Symantec AutoProtect" "Symantec Corporation" "c:\windows\system32\drivers\srtspx64.sys"
+ "stexstor" "Promise SuperTrak EX Series Driver for Windows " "Promise Technology" "c:\windows\system32\drivers\stexstor.sys"
+ "SymEvent" "Symantec Event Library" "Symantec Corporation" "c:\windows\system32\drivers\symevent64x86.sys"
+ "SynTP" "Synaptics Touchpad Driver" "Synaptics Incorporated" "c:\windows\system32\drivers\syntp.sys"
+ "Teefer2" "Symantec CMC Firewall Teefer2" "Symantec Corporation" "c:\windows\system32\drivers\teefer2.sys"
+ "TPDIGIMN" "APS Digitizer Activity Monitor" "Lenovo." "c:\windows\system32\drivers\apshm64.sys"
+ "TPPWRIF" "Power Manager" "Lenovo Group Limited" "c:\windows\system32\drivers\tppwr64v.sys"
+ "TVTI2C" "SMBUS Driver" "Lenovo (United States) Inc." "c:\windows\system32\drivers\tvti2c.sys"
+ "usbfilter" "AMD USB Filter Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\usbfilter.sys"
+ "usbsmi" "SMI AVStream Camera Driver" "SMI" "c:\windows\system32\drivers\smiksdrv.sys"
+ "viaide" "VIA Generic PCI IDE Bus Driver" "VIA Technologies, Inc." "c:\windows\system32\drivers\viaide.sys"
+ "vpnva" "Cisco AnyConnect VPN Client Virtual Miniport Adapter for Windows" "Cisco Systems, Inc." "c:\windows\system32\drivers\vpnva64.sys"
+ "vsmraid" "VIA RAID DRIVER FOR AMD-X86-64" "VIA Technologies Inc.,Ltd" "c:\windows\system32\drivers\vsmraid.sys"
+ "WDC_SAM" "Manages WD external storage products." "Western Digital Technologies" "c:\windows\system32\drivers\wdcsam64.sys"
+ "WPS" "Symantec CMC Firewall WPS" "Symantec Corporation" "c:\windows\system32\drivers\wpsdrvnt.sys"
+ "WpsHelper" "Symantec Intrusion Detection - WpsHelper" "Symantec Corporation" "c:\windows\system32\drivers\wpshelper.sys"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm"
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\syswow64\l3codeca.acm"
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\syswow64\iccvid.dll"
"HKLM\Software\Wow6432Node\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "ATI Ticker" "" "" "c:\program files (x86)\ati technologies\ati.ace\graphics-previews-common\ticker.ax"
+ "Capture File Writer" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "MMACE Deinterlace" "" "" "c:\program files (x86)\ati technologies\ati.ace\graphics-previews-common\mmacefilters.dll"
+ "MMACE ProcAmp" "" "" "c:\program files (x86)\ati technologies\ati.ace\graphics-previews-common\mmacefilters.dll"
+ "MMACE SoftEmu" "" "" "c:\program files (x86)\ati technologies\ati.ace\graphics-previews-common\mmacefilters.dll"
+ "Record Queue" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WM VIH2 Fix" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT DV Extract Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Sample Info Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Switch Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Virtual Renderer" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Virtual Source" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers" "" "" ""
+ "BtwCredentialProvider" "BtwCP DLL" "Broadcom Corporation." "c:\program files\thinkpad\bluetooth software\btwcp.dll"
+ "WLIDCredentialProvider" "Microsoft® Windows Live ID Credential Provider" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidcredprov.dll"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries" "" "" ""
+ "WindowsLive Local NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corp." "c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll"
+ "WindowsLive NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corp." "c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64" "" "" ""
+ "WindowsLive Local NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidnsp.dll"
+ "WindowsLive NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidnsp.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Notification Packages" "" "" ""
+ "ACGina" "" "" "File not found: ACGina"
"HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order" "" "" ""
+ "PnSson" "Citrix Single Sign-on" "Citrix Systems, Inc." "c:\program files (x86)\citrix\ica client\pnsson.dll"
+ "SnacNp" "Symantec SNAC Network Provider" "Symantec Corporation" "c:\program files (x86)\symantec\symantec endpoint protection\snacnp64.dll"

#9 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:14 AM

Posted 12 September 2012 - 10:14 PM

Launch Autoruns and uncheck this entry
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Sun" "MotionWavelets Video Codec" "Aware Inc." "c:\users\ansingla\appdata\local\symantec\sun\gyhjoybfe.dll"

Restart the PC and delete this file

c:\users\ansingla\appdata\local\symantec\sun\gyhjoybfe.dll

Let me know if you have any issues before we wrap up

#10 DexMax

DexMax
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:08:14 AM

Posted 13 September 2012 - 02:04 PM

I did what you asked. Redirect does not seem to be happening anymore, which is great.

Thank you so much!

A few things, just out of curiosity:

-What was that virus and is there any ongoing threat to my computer?
-Recall that there was one "infected" file marked in aswMBR. I did not do anything with that and did not click "fix". Do I still need to do that?
-I noticed other similar threads with the same problem, and those users were being told to run things like combofix, etc. At no point did they reach a point where deleting a single file did the trick. I take it there's more than one way to skin a cat and this may just be your way, which is totally fine.

I'm very happy that this is all set. Just wondering if there's anything else. Also recently, i started getting a pop up with the redirect thing pointing to bt.scour.com or something, but that also seems to have stopped with the last action.

Thanks again!

-DexMax

#11 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:14 AM

Posted 13 September 2012 - 09:34 PM

-What was that virus and is there any ongoing threat to my computer?
-Recall that there was one "infected" file marked in aswMBR. I did not do anything with that and did not click "fix". Do I still need to do that?
-I noticed other similar threads with the same problem, and those users were being told to run things like combofix, etc. At no point did they reach a point where deleting a single file did the trick. I take it there's more than one way to skin a cat and this may just be your way, which is totally fine.


This infection from Trojan Tracur family.Your log looks clean now

Do not click on FIX.We have already removed them.

Combofix is not needed when we are able to remove infections easily.

Download

TFC

Launch it,it will close all running programs

click on START,it should ask for reboot.If TFC locks up the system,run it in safemode

Turn off your system restore,restart the PC,create a new restore point

http://windows.microsoft.com/en-US/windows7/Turn-System-Restore-on-or-off

Update your JAVA from here

http://java.com/en/download/inc/windows_upgrade_xpi.jsp

update your flash player

Update your antivirus frequently,do not click on suspicious links

Safe surfing :)

Edited by narenxp, 13 September 2012 - 09:35 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users