Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

google redirecting


  • This topic is locked This topic is locked
12 replies to this topic

#1 mightbe

mightbe

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:25 AM

Posted 12 September 2012 - 08:38 AM

Hi, I am looking for help about the google redirecting. the searching results look normal, but will jump to 'ebay' sometimes when i click on the links. please help! many thanks in advance.

DDS log:



.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.7.2
Run by hm446 at 14:16:34 on 2012-09-12
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.3332.746 [GMT 1:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe
C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\Program Files\Lenovo\Access Connections\AcSvc.exe
C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\taskhost.exe
C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\rundll32.exe
C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE
C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
C:\Program Files\Dolby Advanced Audio v2\pcee4.exe
C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
C:\Windows\System32\TpShocks.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
E:\general\adobe\Acrobat\acrotray.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Users\hm446\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Lenovo\Access Connections\SvcGuiHlpr.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\SCHTASK.exe
C:\Windows\system32\SearchIndexer.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE
C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe
E:\general\tecent\Bin\QQ.exe
E:\general\tecent\Bin\TXPlatform.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = <local>
uURLSearchHooks: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\pc tools\pc tools security\bdt\PCTBrowserDefender.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\pc tools\pc tools security\bdt\PCTBrowserDefender.dll
BHO: {2EECD738-5844-4a99-B4B6-146BF802613B} - No File
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre7\bin\ssv.dll
BHO: {889D2FEB-5411-4565-8998-1DD2C5261283} - No File
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: {98889811-442D-49dd-99D7-DC866BE87DBC} - No File
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\pc tools\pc tools security\bdt\PCTBrowserDefender.dll
uRun: [Akamai NetSession Interface] "c:\users\hm446\appdata\local\akamai\netsession_win.exe"
uRun: [Adobe Acrobat Synchronizer] "e:\general\adobe\acrobat\AdobeCollabSync.exe"
uRun: [Google Update] "c:\users\hm446\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [USB3MON] "c:\program files\intel\intel® usb 3.0 extensible host controller driver\application\iusb3mon.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RTHDVCPL] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [RtHDVBg_Dolby] c:\program files\realtek\audio\hda\RtHDVBg.exe /FORPCEE4
mRun: [Dolby Advanced Audio v2] "c:\program files\dolby advanced audio v2\pcee4.exe" -autostart
mRun: [LENOVO.TPKNRRES] c:\program files\lenovo\communications utility\TPKNRRES.exe
mRun: [IMSS] "c:\program files\intel\intel® management engine components\imss\PIconStartup.exe"
mRun: [PSQLLauncher] "c:\program files\thinkvantage fingerprint software\launcher.exe" /startup
mRun: [<NO NAME>]
mRun: [TpShocks] TpShocks.exe
mRun: [ResetACGauge] c:\program files\lenovo\access connections\smbhlpr.exe /RESETACGAUGEREG
mRun: [AcWin7Hlpr] c:\program files\lenovo\access connections\AcTBenabler.exe
mRun: [PWMTRV] rundll32 c:\progra~1\thinkpad\utilit~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [Microsoft Pinyin IME Migration] c:\progra~1\common~1\micros~1\ime12\imesc\IMSCMIG.EXE /INSTALL
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Adobe Acrobat Speed Launcher] "e:\general\adobe\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "e:\general\adobe\acrobat\Acrotray.exe"
StartupFolder: c:\users\hm446\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\hm446\appdata\roaming\dropbox\bin\Dropbox.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: DisableCAD = 1 (0x1)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: ??????????? - c:\users\public\thunder network\xmp4\core\program\XmpIEMenu.htm
IE: ??? Microsoft Excel(&X) - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: ??????????????? - c:\users\public\thunder network\xmp4\core\program\XmpIEMenuAddStoreTab.htm
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: mswsock.dll
TCP: DhcpNameServer = 131.111.12.20 131.111.8.42
TCP: Interfaces\{784B0C84-BFC0-438A-B0CD-A4FEF219583D} : DhcpNameServer = 131.111.12.20 131.111.8.42
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
Notify: psfus - c:\program files\thinkvantage fingerprint software\psqlpwd.dll
LSA: Notification Packages = scecli c:\program files\thinkvantage fingerprint software\psqlpwd.dll acgina c:\program files\thinkpad\bluetooth software\BtwProximityCP.dll
.
============= SERVICES / DRIVERS ===============
.
R0 DozeHDD;DozeHDD;c:\windows\system32\drivers\DOZEHDD.SYS [2008-7-21 25416]
R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\drivers\iusb3hcs.sys [2008-7-21 15640]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2011-12-28 22344]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2012-9-6 242240]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-7-27 63960]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\pc tools\pc tools security\bdt\BDTUpdateService.exe [2012-9-12 575448]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\intel\icls client\HeciServer.exe [2012-2-2 458464]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files\intel\intel® management engine components\dal\Jhi_service.exe [2008-7-21 161560]
R2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\lenovo\communications utility\CamMute.exe [2008-7-21 58224]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\lenovo\hotkey\micmute.exe [2008-7-21 101736]
R2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\lenovo\communications utility\TPKNRSVC.exe [2008-7-21 61296]
R2 LENOVO.TVTVCAM;ThinkVantage Virtual Camera Controller;c:\program files\lenovo\communications utility\vcamsvc.exe [2008-7-21 179568]
R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\lenovo\virtscrl\lvvsst.exe [2008-7-21 127336]
R2 risdxc;risdxc;c:\windows\system32\drivers\risdxc86.sys [2008-7-21 75264]
R2 smihlp;SMI Helper Driver (smihlp);c:\program files\thinkvantage fingerprint software\smihlp.sys [2011-5-30 11976]
R2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\lenovo\hotkey\tphkload.exe [2008-7-21 131432]
R2 TPHKSVC;On Screen Display;c:\program files\lenovo\hotkey\TPHKSVC.exe [2008-7-21 144960]
R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files\intel\intel® management engine components\uns\UNS.exe [2008-7-21 363800]
R3 DozeSvc;Lenovo Doze Mode Service;c:\program files\thinkpad\utilities\DOZESVC.EXE [2008-7-21 280640]
R3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\drivers\e1c6232.sys [2008-7-21 282792]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2008-7-21 280576]
R3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\drivers\iusb3hub.sys [2008-7-21 349976]
R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\drivers\iusb3xhc.sys [2008-7-21 792856]
R3 MEI;Intel® Management Engine Interface ;c:\windows\system32\drivers\HECI.sys [2008-7-21 46080]
R3 NETwNs32;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\Netwsn00.sys [2008-7-21 10339840]
R3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\drivers\PCTBD.sys [2012-9-12 70768]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files\thinkpad\utilities\PWMDBSVC.exe [2008-7-21 1662560]
R3 tvtvcamd;ThinkVantage Virtual Camera;c:\windows\system32\drivers\tvtvcamd.sys [2008-7-21 24872]
R4 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\drivers\PCTSD.sys [2012-9-12 203120]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-9-6 250568]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys [2008-7-21 168232]
S3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys [2008-7-21 504360]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2008-7-21 33832]
S3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;e:\technical\solidworks\solidworks\swscheduler\DTSCoordinatorService.exe [2008-9-9 79144]
S3 cphs;Intel® Content Protection HECI Service;c:\windows\system32\IntelCpHeciSvc.exe [2008-7-21 276248]
S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 62464]
S3 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files\thinkpad\utilities\PWMEWSVC.exe [2008-7-21 1665120]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
S3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\Synth3dVsc.sys [2010-11-21 77184]
S3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 25600]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 112640]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\microsoft visual studio 8\common7\ide\remote debugger\x86\msvsmon.exe [2005-9-23 2799808]
.
=============== Created Last 30 ================
.
2012-09-12 12:25:02 767960 ----a-w- c:\windows\BDTSupport.dll
2012-09-12 12:25:02 70768 ----a-w- c:\windows\system32\drivers\PCTBD.sys
2012-09-12 12:25:01 2267096 ----a-w- c:\windows\PCTBDCore.dll
2012-09-12 12:25:01 1689560 ----a-w- c:\windows\PCTBDRes.dll
2012-09-12 12:25:01 149464 ----a-w- c:\windows\SGDetectionTool.dll
2012-09-12 12:24:03 -------- d-----w- c:\program files\PC Tools
2012-09-12 12:22:58 203120 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2012-09-12 12:22:58 -------- d-----w- c:\program files\common files\PC Tools
2012-09-12 12:22:45 -------- d-----w- c:\users\hm446\appdata\roaming\TestApp
2012-09-12 12:22:45 -------- d-----w- c:\programdata\PC Tools
2012-09-12 11:18:54 -------- d-----w- c:\program files\Enigma Software Group
2012-09-12 11:17:46 -------- d-----w- c:\windows\ADAFC0B4FC1545D9BAB3BC7A8829D0C4.TMP
2012-09-12 11:17:43 -------- d-----w- c:\program files\common files\Wise Installation Wizard
2012-09-12 11:12:00 -------- d-----w- c:\program files\ESET
2012-09-11 13:54:33 -------- d-----w- c:\users\hm446\appdata\roaming\Portable PuTTY
2012-09-11 13:22:02 -------- d-----w- c:\windows\system32\searchplugins
2012-09-11 13:22:02 -------- d-----w- c:\windows\system32\Extensions
2012-09-11 13:21:32 -------- d-----w- c:\users\hm446\appdata\roaming\Babylon
2012-09-11 13:21:32 -------- d-----w- c:\programdata\Babylon
2012-09-11 12:39:21 -------- d-----w- c:\program files\StarNet
2012-09-11 10:43:04 -------- d-----w- c:\users\hm446\appdata\roaming\TeamViewer
2012-09-09 21:26:43 -------- d-----r- c:\users\hm446\Dropbox
2012-09-09 21:22:59 -------- d-----w- c:\users\hm446\appdata\roaming\Dropbox
2012-09-09 11:07:46 61440 ----a-r- c:\users\hm446\appdata\roaming\microsoft\installer\{3ca54984-a14b-42fe-9ff1-7ea90151d725}\NewShortcut2_E88611396FF84AFCB2EE5C1594058E02.exe
2012-09-09 11:07:46 61440 ----a-r- c:\users\hm446\appdata\roaming\microsoft\installer\{3ca54984-a14b-42fe-9ff1-7ea90151d725}\ARPPRODUCTICON.exe
2012-09-09 11:07:46 106496 ----a-r- c:\users\hm446\appdata\roaming\microsoft\installer\{3ca54984-a14b-42fe-9ff1-7ea90151d725}\NewShortcut311_0951773981FA4AB2BC21B7DCEC95892A.exe
2012-09-09 11:07:46 106496 ----a-r- c:\users\hm446\appdata\roaming\microsoft\installer\{3ca54984-a14b-42fe-9ff1-7ea90151d725}\NewShortcut31_2F252077BA3F4362913955273A708467.exe
2012-09-09 11:07:46 106496 ----a-r- c:\users\hm446\appdata\roaming\microsoft\installer\{3ca54984-a14b-42fe-9ff1-7ea90151d725}\NewShortcut1_EDD4ABB1C1B34A9D84CE33FBFB5D3639.exe
2012-09-09 11:07:40 -------- d-----w- c:\program files\common files\Tencent
2012-09-09 11:06:57 -------- d-----w- c:\users\hm446\appdata\roaming\Tencent
2012-09-09 11:06:56 18760 ----a-w- c:\windows\system32\QQVistaHelper.dll
2012-09-08 19:38:52 -------- d-----w- c:\users\hm446\appdata\local\Sun
2012-09-08 19:38:20 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-09-08 19:38:20 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-08 19:38:15 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-09-06 22:55:54 -------- d-----r- c:\program files\Skype
2012-09-06 22:20:49 -------- d-----w- c:\users\hm446\appdata\local\Douban
2012-09-06 10:40:01 -------- d-----w- c:\users\hm446\appdata\roaming\SolidWorks 2009
2012-09-06 10:39:06 -------- d-----w- c:\users\hm446\appdata\roaming\SolidWorks
2012-09-06 10:33:06 -------- d-----w- c:\programdata\SolidWorks
2012-09-06 10:32:30 -------- d-----w- c:\program files\MSECache
2012-09-06 10:27:45 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-09-06 10:27:43 -------- d-----w- c:\users\hm446\appdata\roaming\DAEMON Tools Lite
2012-09-06 10:26:42 -------- d-----w- c:\programdata\DAEMON Tools Lite
2012-09-06 10:15:30 -------- d-----w- c:\users\hm446\appdata\roaming\DassaultSystemes
2012-09-06 10:15:30 -------- d-----w- c:\users\hm446\appdata\local\DassaultSystemes
2012-09-06 10:15:30 -------- d-----w- c:\programdata\DassaultSystemes
2012-09-06 00:03:29 -------- d-----w- c:\program files\common files\SolidWorks Shared
2012-09-05 23:53:45 -------- d-----w- c:\program files\common files\SolidWorks Installation Manager
2012-09-05 23:51:20 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-09-05 23:45:17 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-05 23:45:17 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-05 23:42:31 -------- d-----w- c:\windows\SolidWorks
2012-09-05 23:42:25 -------- d-----w- c:\users\hm446\appdata\roaming\IM
2012-09-05 23:33:16 -------- d-----w- c:\windows\PCHEALTH
2012-09-05 23:31:36 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2012-09-05 23:30:25 -------- d-----w- c:\users\hm446\appdata\local\Microsoft Help
2012-09-05 23:13:47 -------- d-----w- c:\users\hm446\appdata\roaming\PwrMgr
2012-09-05 23:11:34 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2012-09-05 23:07:38 -------- d-----w- c:\users\hm446\appdata\local\Adobe
2012-09-05 22:42:17 -------- d-----w- c:\programdata\Xunlei
2012-09-05 22:41:34 -------- d-----w- c:\program files\common files\Thunder Network
2012-09-05 22:41:32 -------- d-----w- c:\programdata\Thunder Network
2012-09-05 21:38:57 -------- d-----w- c:\windows\system32\appmgmt
2012-09-05 21:33:49 -------- d-----w- c:\users\hm446\appdata\roaming\StarNet
2012-09-05 21:33:48 -------- d-----w- c:\users\hm446\appdata\local\StarNet
2012-09-05 21:23:52 -------- d-----w- c:\users\hm446\appdata\roaming\MathWorks
2012-09-05 20:53:04 -------- d-----w- c:\users\hm446\appdata\roaming\benibela
2012-09-05 20:49:15 -------- d-----w- c:\users\hm446\appdata\roaming\MiKTeX
2012-09-05 20:49:15 -------- d-----w- c:\users\hm446\appdata\local\MiKTeX
2012-09-05 20:09:51 -------- d-----w- c:\users\hm446\appdata\local\Google
2012-09-05 20:09:45 -------- d-----w- c:\users\hm446\appdata\local\Deployment
2012-09-05 20:09:45 -------- d-----w- c:\users\hm446\appdata\local\Apps
2012-09-05 16:50:15 7022536 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{b84594da-6454-42a7-b943-fce62add54c7}\mpengine.dll
2012-09-05 16:50:15 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-09-03 07:37:00 2979512 ----a-w- c:\windows\system32\SogouPy.ime
.
==================== Find3M ====================
.
2012-07-27 20:51:40 47512 ----a-w- c:\windows\system32\AdobePDF.dll
2012-07-27 20:51:38 22936 ----a-w- c:\windows\system32\AdobePDFUI.dll
2012-07-04 09:06:22 79824 ----a-w- c:\windows\xinstaller.dll
2012-07-04 09:06:22 34768 ----a-w- c:\windows\xinstaller.exe
.
============= FINISH: 14:17:04.77 ===============





GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-09-12 14:37:54
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 HITACHI_HTS725050A7E630 rev.GH2ZB390
Running: cs1fcqvz.exe; Driver: C:\Users\hm446\AppData\Local\Temp\axryipog.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\drivers\PCTCore.sys ZwCreateProcess [0xD570337C]
SSDT \SystemRoot\system32\drivers\PCTCore.sys ZwCreateProcessEx [0xD5703644]
SSDT \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys ZwCreateSection [0x9D78F700]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwCreateThread [0x9D7707F0]
SSDT \SystemRoot\system32\drivers\PCTCore.sys ZwCreateUserProcess [0xD5703940]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwLoadDriver [0x9D7708B0]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwSetSystemInformation [0x9D770870]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys ZwSystemDebugControl [0x9D770830]
SSDT \SystemRoot\system32\drivers\PCTCore.sys ZwTerminateProcess [0xD5702F7A]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKey + 13C1 82C8D339 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82CC6D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11E3 82CCDED8 4 Bytes [7C, 33, 70, D5] {JL 0x35; JO 0xffffffffffffffd9}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11E8 82CCDEDD 3 Bytes [36, 70, D5]
.text ntkrnlpa.exe!KeRemoveQueueEx + 11F7 82CCDEEC 4 Bytes [00, F7, 78, 9D] {ADD BH, DH; JS 0xffffffffffffffa1}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1203 82CCDEF8 4 Bytes [F0, 07, 77, 9D]
.text ntkrnlpa.exe!KeRemoveQueueEx + 121B 82CCDF10 4 Bytes [40, 39, 70, D5] {INC EAX; CMP [EAX-0x2b], ESI}
.text ...
.text afd.sys 93C07000 81 Bytes [01, 00, 00, 8D, 4D, E8, FF, ...]
.text afd.sys 93C07052 192 Bytes [4F, 60, 50, 6A, 00, 89, 4D, ...]
.text afd.sys 93C07113 145 Bytes [55, FC, 89, 50, 18, 8B, 53, ...]
.text afd.sys 93C071A5 18 Bytes [8A, 15, 12, 60, C1, 93, 8B, ...]
.text afd.sys 93C071B8 45 Bytes [8B, 46, 40, 8B, 4E, 48, 3B, ...]
.text ...
.rsrc C:\Windows\system32\drivers\afd.sys section is executable [0x93C16000, 0x5F97, 0x68000020]
? C:\Windows\system32\drivers\afd.sys suspicious PE modification
? C:\Windows\system32\drivers\RKHit.sys The system cannot find the file specified. !
? system32\DRIVERS\ehdrv.sys The system cannot find the path specified. !
? C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys The system cannot find the file specified. !
? system32\drivers\pctDS.sys The system cannot find the path specified. !
? system32\drivers\pctEFA.sys The system cannot find the path specified. !
? system32\drivers\PCTCore.sys The system cannot find the path specified. !
? C:\Program Files\PC Tools\PC Tools Security\PCTSDInj32.sys The system cannot find the file specified. !
? C:\Users\hm446\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[1644] ntdll.dll!NtCreateFile + 6 776155CE 4 Bytes [28, 00, 24, 00] {SUB [EAX], AL; AND AL, 0x0}
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[1644] ntdll.dll!NtCreateFile + B 776155D3 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[1644] ntdll.dll!NtMapViewOfSection + 6 77615C2E 1 Byte [28]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[1644] ntdll.dll!NtMapViewOfSection + 6 77615C2E 4 Bytes [28, 03, 24, 00] {SUB [EBX], AL; AND AL, 0x0}
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[1644] ntdll.dll!NtMapViewOfSection + B 77615C33 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[1644] ntdll.dll!NtOpenFile + 6 77615CDE 4 Bytes [68, 00, 24, 00]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[1644] ntdll.dll!NtOpenFile + B 77615CE3 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[1644] ntdll.dll!NtOpenProcess + 6 77615D8E 4 Bytes [A8, 01, 24, 00] {TEST AL, 0x1; AND AL, 0x0}
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[1644] ntdll.dll!NtOpenProcess + B 77615D93 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[1644] ntdll.dll!NtOpenProcessToken + 6 77615D9E 4 Bytes CALL 766181A4 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[1644] ntdll.dll!NtOpenProcessToken + B 77615DA3 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[1644] ntdll.dll!NtOpenProcessTokenEx + 6 77615DAE 4 Bytes [A8, 02, 24, 00] {TEST AL, 0x2; AND AL, 0x0}
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[1644] ntdll.dll!NtOpenProcessTokenEx + B 77615DB3 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[1644] ntdll.dll!NtOpenThread + 6 77615E0E 4 Bytes [68, 01, 24, 00]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[1644] ntdll.dll!NtOpenThread + B 77615E13 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[1644] ntdll.dll!NtOpenThreadToken + 6 77615E1E 4 Bytes [68, 02, 24, 00]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[1644] ntdll.dll!NtOpenThreadToken + B 77615E23 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[1644] ntdll.dll!NtOpenThreadTokenEx + 6 77615E2E 4 Bytes CALL 76618235 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[1644] ntdll.dll!NtOpenThreadTokenEx + B 77615E33 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[1644] ntdll.dll!NtQueryAttributesFile + 6 77615F3E 4 Bytes [A8, 00, 24, 00] {TEST AL, 0x0; AND AL, 0x0}
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[1644] ntdll.dll!NtQueryAttributesFile + B 77615F43 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[1644] ntdll.dll!NtQueryFullAttributesFile + 6 77615FEE 4 Bytes CALL 766183F3 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[1644] ntdll.dll!NtQueryFullAttributesFile + B 77615FF3 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[1644] ntdll.dll!NtSetInformationFile + 6 7761663E 4 Bytes [28, 01, 24, 00] {SUB [ECX], AL; AND AL, 0x0}
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[1644] ntdll.dll!NtSetInformationFile + B 77616643 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[1644] ntdll.dll!NtSetInformationThread + 6 7761669E 4 Bytes [28, 02, 24, 00] {SUB [EDX], AL; AND AL, 0x0}
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[1644] ntdll.dll!NtSetInformationThread + B 776166A3 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[1644] ntdll.dll!NtUnmapViewOfSection + 6 776169BE 1 Byte [68]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[1644] ntdll.dll!NtUnmapViewOfSection + 6 776169BE 4 Bytes [68, 03, 24, 00]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[1644] ntdll.dll!NtUnmapViewOfSection + B 776169C3 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[2876] ntdll.dll!NtCreateFile + 6 776155CE 4 Bytes [28, 00, 2A, 00] {SUB [EAX], AL; SUB AL, [EAX]}
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[2876] ntdll.dll!NtCreateFile + B 776155D3 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[2876] ntdll.dll!NtMapViewOfSection + 6 77615C2E 1 Byte [28]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[2876] ntdll.dll!NtMapViewOfSection + 6 77615C2E 4 Bytes [28, 03, 2A, 00] {SUB [EBX], AL; SUB AL, [EAX]}
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[2876] ntdll.dll!NtMapViewOfSection + B 77615C33 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[2876] ntdll.dll!NtOpenFile + 6 77615CDE 4 Bytes [68, 00, 2A, 00]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[2876] ntdll.dll!NtOpenFile + B 77615CE3 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[2876] ntdll.dll!NtOpenProcess + 6 77615D8E 4 Bytes [A8, 01, 2A, 00] {TEST AL, 0x1; SUB AL, [EAX]}
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[2876] ntdll.dll!NtOpenProcess + B 77615D93 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[2876] ntdll.dll!NtOpenProcessToken + 6 77615D9E 4 Bytes CALL 766187A4 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[2876] ntdll.dll!NtOpenProcessToken + B 77615DA3 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[2876] ntdll.dll!NtOpenProcessTokenEx + 6 77615DAE 4 Bytes [A8, 02, 2A, 00] {TEST AL, 0x2; SUB AL, [EAX]}
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[2876] ntdll.dll!NtOpenProcessTokenEx + B 77615DB3 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[2876] ntdll.dll!NtOpenThread + 6 77615E0E 4 Bytes [68, 01, 2A, 00]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[2876] ntdll.dll!NtOpenThread + B 77615E13 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[2876] ntdll.dll!NtOpenThreadToken + 6 77615E1E 4 Bytes [68, 02, 2A, 00]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[2876] ntdll.dll!NtOpenThreadToken + B 77615E23 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[2876] ntdll.dll!NtOpenThreadTokenEx + 6 77615E2E 4 Bytes CALL 76618835 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[2876] ntdll.dll!NtOpenThreadTokenEx + B 77615E33 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[2876] ntdll.dll!NtQueryAttributesFile + 6 77615F3E 4 Bytes [A8, 00, 2A, 00] {TEST AL, 0x0; SUB AL, [EAX]}
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[2876] ntdll.dll!NtQueryAttributesFile + B 77615F43 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[2876] ntdll.dll!NtQueryFullAttributesFile + 6 77615FEE 4 Bytes CALL 766189F3 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[2876] ntdll.dll!NtQueryFullAttributesFile + B 77615FF3 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[2876] ntdll.dll!NtSetInformationFile + 6 7761663E 4 Bytes [28, 01, 2A, 00] {SUB [ECX], AL; SUB AL, [EAX]}
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[2876] ntdll.dll!NtSetInformationFile + B 77616643 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[2876] ntdll.dll!NtSetInformationThread + 6 7761669E 4 Bytes [28, 02, 2A, 00] {SUB [EDX], AL; SUB AL, [EAX]}
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[2876] ntdll.dll!NtSetInformationThread + B 776166A3 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[2876] ntdll.dll!NtUnmapViewOfSection + 6 776169BE 1 Byte [68]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[2876] ntdll.dll!NtUnmapViewOfSection + 6 776169BE 4 Bytes [68, 03, 2A, 00]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[2876] ntdll.dll!NtUnmapViewOfSection + B 776169C3 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[3088] ntdll.dll!NtCreateFile + 6 776155CE 4 Bytes [28, 00, 38, 00] {SUB [EAX], AL; CMP [EAX], AL}
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[3088] ntdll.dll!NtCreateFile + B 776155D3 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[3088] ntdll.dll!NtMapViewOfSection + 6 77615C2E 1 Byte [28]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[3088] ntdll.dll!NtMapViewOfSection + 6 77615C2E 4 Bytes [28, 03, 38, 00] {SUB [EBX], AL; CMP [EAX], AL}
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[3088] ntdll.dll!NtMapViewOfSection + B 77615C33 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[3088] ntdll.dll!NtOpenFile + 6 77615CDE 4 Bytes [68, 00, 38, 00]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[3088] ntdll.dll!NtOpenFile + B 77615CE3 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[3088] ntdll.dll!NtOpenProcess + 6 77615D8E 4 Bytes [A8, 01, 38, 00] {TEST AL, 0x1; CMP [EAX], AL}
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[3088] ntdll.dll!NtOpenProcess + B 77615D93 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[3088] ntdll.dll!NtOpenProcessToken + 6 77615D9E 4 Bytes CALL 766195A4 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[3088] ntdll.dll!NtOpenProcessToken + B 77615DA3 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[3088] ntdll.dll!NtOpenProcessTokenEx + 6 77615DAE 4 Bytes [A8, 02, 38, 00] {TEST AL, 0x2; CMP [EAX], AL}
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[3088] ntdll.dll!NtOpenProcessTokenEx + B 77615DB3 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[3088] ntdll.dll!NtOpenThread + 6 77615E0E 4 Bytes [68, 01, 38, 00]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[3088] ntdll.dll!NtOpenThread + B 77615E13 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[3088] ntdll.dll!NtOpenThreadToken + 6 77615E1E 4 Bytes [68, 02, 38, 00]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[3088] ntdll.dll!NtOpenThreadToken + B 77615E23 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[3088] ntdll.dll!NtOpenThreadTokenEx + 6 77615E2E 4 Bytes CALL 76619635 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[3088] ntdll.dll!NtOpenThreadTokenEx + B 77615E33 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[3088] ntdll.dll!NtQueryAttributesFile + 6 77615F3E 4 Bytes [A8, 00, 38, 00] {TEST AL, 0x0; CMP [EAX], AL}
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[3088] ntdll.dll!NtQueryAttributesFile + B 77615F43 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[3088] ntdll.dll!NtQueryFullAttributesFile + 6 77615FEE 4 Bytes CALL 766197F3 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[3088] ntdll.dll!NtQueryFullAttributesFile + B 77615FF3 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[3088] ntdll.dll!NtSetInformationFile + 6 7761663E 4 Bytes [28, 01, 38, 00] {SUB [ECX], AL; CMP [EAX], AL}
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[3088] ntdll.dll!NtSetInformationFile + B 77616643 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[3088] ntdll.dll!NtSetInformationThread + 6 7761669E 4 Bytes [28, 02, 38, 00] {SUB [EDX], AL; CMP [EAX], AL}
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[3088] ntdll.dll!NtSetInformationThread + B 776166A3 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[3088] ntdll.dll!NtUnmapViewOfSection + 6 776169BE 1 Byte [68]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[3088] ntdll.dll!NtUnmapViewOfSection + 6 776169BE 4 Bytes [68, 03, 38, 00]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[3088] ntdll.dll!NtUnmapViewOfSection + B 776169C3 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[3264] ntdll.dll!NtCreateFile + 6 776155CE 4 Bytes [28, 00, 3B, 00] {SUB [EAX], AL; CMP EAX, [EAX]}
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[3264] ntdll.dll!NtCreateFile + B 776155D3 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[3264] ntdll.dll!NtMapViewOfSection + 6 77615C2E 1 Byte [28]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[3264] ntdll.dll!NtMapViewOfSection + 6 77615C2E 4 Bytes [28, 03, 3B, 00] {SUB [EBX], AL; CMP EAX, [EAX]}
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[3264] ntdll.dll!NtMapViewOfSection + B 77615C33 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[3264] ntdll.dll!NtOpenFile + 6 77615CDE 4 Bytes [68, 00, 3B, 00]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[3264] ntdll.dll!NtOpenFile + B 77615CE3 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[3264] ntdll.dll!NtOpenProcess + 6 77615D8E 4 Bytes [A8, 01, 3B, 00] {TEST AL, 0x1; CMP EAX, [EAX]}
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[3264] ntdll.dll!NtOpenProcess + B 77615D93 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[3264] ntdll.dll!NtOpenProcessToken + 6 77615D9E 4 Bytes CALL 766198A4 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[3264] ntdll.dll!NtOpenProcessToken + B 77615DA3 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[3264] ntdll.dll!NtOpenProcessTokenEx + 6 77615DAE 4 Bytes [A8, 02, 3B, 00] {TEST AL, 0x2; CMP EAX, [EAX]}
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[3264] ntdll.dll!NtOpenProcessTokenEx + B 77615DB3 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[3264] ntdll.dll!NtOpenThread + 6 77615E0E 4 Bytes [68, 01, 3B, 00]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[3264] ntdll.dll!NtOpenThread + B 77615E13 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[3264] ntdll.dll!NtOpenThreadToken + 6 77615E1E 4 Bytes [68, 02, 3B, 00]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[3264] ntdll.dll!NtOpenThreadToken + B 77615E23 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[3264] ntdll.dll!NtOpenThreadTokenEx + 6 77615E2E 4 Bytes CALL 76619935 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[3264] ntdll.dll!NtOpenThreadTokenEx + B 77615E33 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[3264] ntdll.dll!NtQueryAttributesFile + 6 77615F3E 4 Bytes [A8, 00, 3B, 00] {TEST AL, 0x0; CMP EAX, [EAX]}
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[3264] ntdll.dll!NtQueryAttributesFile + B 77615F43 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[3264] ntdll.dll!NtQueryFullAttributesFile + 6 77615FEE 4 Bytes CALL 76619AF3 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[3264] ntdll.dll!NtQueryFullAttributesFile + B 77615FF3 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[3264] ntdll.dll!NtSetInformationFile + 6 7761663E 4 Bytes [28, 01, 3B, 00] {SUB [ECX], AL; CMP EAX, [EAX]}
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[3264] ntdll.dll!NtSetInformationFile + B 77616643 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[3264] ntdll.dll!NtSetInformationThread + 6 7761669E 4 Bytes [28, 02, 3B, 00] {SUB [EDX], AL; CMP EAX, [EAX]}
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[3264] ntdll.dll!NtSetInformationThread + B 776166A3 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[3264] ntdll.dll!NtUnmapViewOfSection + 6 776169BE 1 Byte [68]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[3264] ntdll.dll!NtUnmapViewOfSection + 6 776169BE 4 Bytes [68, 03, 3B, 00]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[3264] ntdll.dll!NtUnmapViewOfSection + B 776169C3 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[3492] ntdll.dll!NtCreateFile + 6 776155CE 4 Bytes [28, 00, 16, 00]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[3492] ntdll.dll!NtCreateFile + B 776155D3 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[3492] ntdll.dll!NtMapViewOfSection + 6 77615C2E 1 Byte [28]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[3492] ntdll.dll!NtMapViewOfSection + 6 77615C2E 4 Bytes [28, 03, 16, 00]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[3492] ntdll.dll!NtMapViewOfSection + B 77615C33 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[3492] ntdll.dll!NtOpenFile + 6 77615CDE 4 Bytes [68, 00, 16, 00]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[3492] ntdll.dll!NtOpenFile + B 77615CE3 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[3492] ntdll.dll!NtOpenProcess + 6 77615D8E 4 Bytes [A8, 01, 16, 00]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[3492] ntdll.dll!NtOpenProcess + B 77615D93 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[3492] ntdll.dll!NtOpenProcessToken + 6 77615D9E 4 Bytes CALL 766173A4 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[3492] ntdll.dll!NtOpenProcessToken + B 77615DA3 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[3492] ntdll.dll!NtOpenProcessTokenEx + 6 77615DAE 4 Bytes [A8, 02, 16, 00]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[3492] ntdll.dll!NtOpenProcessTokenEx + B 77615DB3 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[3492] ntdll.dll!NtOpenThread + 6 77615E0E 4 Bytes [68, 01, 16, 00]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[3492] ntdll.dll!NtOpenThread + B 77615E13 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[3492] ntdll.dll!NtOpenThreadToken + 6 77615E1E 4 Bytes [68, 02, 16, 00]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[3492] ntdll.dll!NtOpenThreadToken + B 77615E23 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[3492] ntdll.dll!NtOpenThreadTokenEx + 6 77615E2E 4 Bytes CALL 76617435 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[3492] ntdll.dll!NtOpenThreadTokenEx + B 77615E33 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[3492] ntdll.dll!NtQueryAttributesFile + 6 77615F3E 4 Bytes [A8, 00, 16, 00]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[3492] ntdll.dll!NtQueryAttributesFile + B 77615F43 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[3492] ntdll.dll!NtQueryFullAttributesFile + 6 77615FEE 4 Bytes CALL 766175F3 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[3492] ntdll.dll!NtQueryFullAttributesFile + B 77615FF3 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[3492] ntdll.dll!NtSetInformationFile + 6 7761663E 4 Bytes [28, 01, 16, 00]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[3492] ntdll.dll!NtSetInformationFile + B 77616643 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[3492] ntdll.dll!NtSetInformationThread + 6 7761669E 4 Bytes [28, 02, 16, 00]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[3492] ntdll.dll!NtSetInformationThread + B 776166A3 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[3492] ntdll.dll!NtUnmapViewOfSection + 6 776169BE 1 Byte [68]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[3492] ntdll.dll!NtUnmapViewOfSection + 6 776169BE 4 Bytes [68, 03, 16, 00]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[3492] ntdll.dll!NtUnmapViewOfSection + B 776169C3 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[4504] ntdll.dll!NtCreateFile + 6 776155CE 4 Bytes [28, 00, 19, 00] {SUB [EAX], AL; SBB [EAX], EAX}
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[4504] ntdll.dll!NtCreateFile + B 776155D3 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[4504] ntdll.dll!NtMapViewOfSection + 6 77615C2E 1 Byte [28]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[4504] ntdll.dll!NtMapViewOfSection + 6 77615C2E 4 Bytes [28, 03, 19, 00] {SUB [EBX], AL; SBB [EAX], EAX}
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[4504] ntdll.dll!NtMapViewOfSection + B 77615C33 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[4504] ntdll.dll!NtOpenFile + 6 77615CDE 4 Bytes [68, 00, 19, 00]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[4504] ntdll.dll!NtOpenFile + B 77615CE3 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[4504] ntdll.dll!NtOpenProcess + 6 77615D8E 4 Bytes [A8, 01, 19, 00] {TEST AL, 0x1; SBB [EAX], EAX}
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[4504] ntdll.dll!NtOpenProcess + B 77615D93 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[4504] ntdll.dll!NtOpenProcessToken + 6 77615D9E 4 Bytes CALL 766176A4 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[4504] ntdll.dll!NtOpenProcessToken + B 77615DA3 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[4504] ntdll.dll!NtOpenProcessTokenEx + 6 77615DAE 4 Bytes [A8, 02, 19, 00] {TEST AL, 0x2; SBB [EAX], EAX}
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[4504] ntdll.dll!NtOpenProcessTokenEx + B 77615DB3 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[4504] ntdll.dll!NtOpenThread + 6 77615E0E 4 Bytes [68, 01, 19, 00]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[4504] ntdll.dll!NtOpenThread + B 77615E13 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[4504] ntdll.dll!NtOpenThreadToken + 6 77615E1E 4 Bytes [68, 02, 19, 00]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[4504] ntdll.dll!NtOpenThreadToken + B 77615E23 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[4504] ntdll.dll!NtOpenThreadTokenEx + 6 77615E2E 4 Bytes CALL 76617735 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[4504] ntdll.dll!NtOpenThreadTokenEx + B 77615E33 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[4504] ntdll.dll!NtQueryAttributesFile + 6 77615F3E 4 Bytes [A8, 00, 19, 00] {TEST AL, 0x0; SBB [EAX], EAX}
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[4504] ntdll.dll!NtQueryAttributesFile + B 77615F43 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[4504] ntdll.dll!NtQueryFullAttributesFile + 6 77615FEE 4 Bytes CALL 766178F3 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[4504] ntdll.dll!NtQueryFullAttributesFile + B 77615FF3 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[4504] ntdll.dll!NtSetInformationFile + 6 7761663E 4 Bytes [28, 01, 19, 00] {SUB [ECX], AL; SBB [EAX], EAX}
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[4504] ntdll.dll!NtSetInformationFile + B 77616643 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[4504] ntdll.dll!NtSetInformationThread + 6 7761669E 4 Bytes [28, 02, 19, 00] {SUB [EDX], AL; SBB [EAX], EAX}
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[4504] ntdll.dll!NtSetInformationThread + B 776166A3 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[4504] ntdll.dll!NtUnmapViewOfSection + 6 776169BE 1 Byte [68]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[4504] ntdll.dll!NtUnmapViewOfSection + 6 776169BE 4 Bytes [68, 03, 19, 00]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[4504] ntdll.dll!NtUnmapViewOfSection + B 776169C3 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtCreateFile + 6 776155CE 4 Bytes [28, 00, 22, 00] {SUB [EAX], AL; AND AL, [EAX]}
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtCreateFile + B 776155D3 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtMapViewOfSection + 6 77615C2E 1 Byte [28]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtMapViewOfSection + 6 77615C2E 4 Bytes [28, 03, 22, 00] {SUB [EBX], AL; AND AL, [EAX]}
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtMapViewOfSection + B 77615C33 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtOpenFile + 6 77615CDE 4 Bytes [68, 00, 22, 00]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtOpenFile + B 77615CE3 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtOpenProcess + 6 77615D8E 4 Bytes [A8, 01, 22, 00] {TEST AL, 0x1; AND AL, [EAX]}
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtOpenProcess + B 77615D93 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtOpenProcessToken + 6 77615D9E 4 Bytes CALL 76617FA4 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtOpenProcessToken + B 77615DA3 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtOpenProcessTokenEx + 6 77615DAE 4 Bytes [A8, 02, 22, 00] {TEST AL, 0x2; AND AL, [EAX]}
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtOpenProcessTokenEx + B 77615DB3 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtOpenThread + 6 77615E0E 4 Bytes [68, 01, 22, 00]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtOpenThread + B 77615E13 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtOpenThreadToken + 6 77615E1E 4 Bytes [68, 02, 22, 00]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtOpenThreadToken + B 77615E23 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtOpenThreadTokenEx + 6 77615E2E 4 Bytes CALL 76618035 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtOpenThreadTokenEx + B 77615E33 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtQueryAttributesFile + 6 77615F3E 4 Bytes [A8, 00, 22, 00] {TEST AL, 0x0; AND AL, [EAX]}
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtQueryAttributesFile + B 77615F43 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtQueryFullAttributesFile + 6 77615FEE 4 Bytes CALL 766181F3 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtQueryFullAttributesFile + B 77615FF3 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtSetInformationFile + 6 7761663E 4 Bytes [28, 01, 22, 00] {SUB [ECX], AL; AND AL, [EAX]}
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtSetInformationFile + B 77616643 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtSetInformationThread + 6 7761669E 4 Bytes [28, 02, 22, 00] {SUB [EDX], AL; AND AL, [EAX]}
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtSetInformationThread + B 776166A3 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtUnmapViewOfSection + 6 776169BE 1 Byte [68]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtUnmapViewOfSection + 6 776169BE 4 Bytes [68, 03, 22, 00]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[4956] ntdll.dll!NtUnmapViewOfSection + B 776169C3 1 Byte [E2]
.text E:\general\tecent\Bin\QQ.exe[5216] ntdll.dll!LdrLoadDll 776322B8 5 Bytes JMP 100D0CC2 E:\general\tecent\Bin\Common.dll (Tencent)
.text E:\general\tecent\Bin\QQ.exe[5216] kernel32.dll!SetUnhandledExceptionFilter 77773D01 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
.text E:\general\tecent\Bin\QQ.exe[5216] GDI32.dll!CreateFontIndirectW 75C1ABFC 1 Byte [E9]
.text E:\general\tecent\Bin\QQ.exe[5216] GDI32.dll!CreateFontIndirectW 75C1ABFC 3 Bytes JMP 004D5E00 E:\general\tecent\Bin\GF.dll (Tencent)
.text E:\general\tecent\Bin\QQ.exe[5216] GDI32.dll!CreateFontIndirectW + 4 75C1AC00 1 Byte [8A]
.text E:\general\tecent\Bin\QQ.exe[5216] GDI32.dll!CreateFontW 75C1C204 3 Bytes JMP 004D5DE7 E:\general\tecent\Bin\GF.dll (Tencent)
.text E:\general\tecent\Bin\QQ.exe[5216] GDI32.dll!CreateFontW + 4 75C1C208 1 Byte [8A]
.text E:\general\tecent\Bin\QQ.exe[5216] USER32.dll!SetWindowPlacement 75E67F78 1 Byte [E9]
.text E:\general\tecent\Bin\QQ.exe[5216] USER32.dll!SetWindowPlacement 75E67F78 5 Bytes JMP 64BAE9C0 E:\general\tecent\Bin\ChatFrameApp.dll (Tencent)
.text E:\general\tecent\Bin\QQ.exe[5216] USER32.dll!InvalidateRgn 75E67FA5 5 Bytes JMP 00563A2D E:\general\tecent\Bin\GF.dll (Tencent)
.text E:\general\tecent\Bin\QQ.exe[5216] USER32.dll!SetParent 75E68314 5 Bytes JMP 0056299D E:\general\tecent\Bin\GF.dll (Tencent)
.text E:\general\tecent\Bin\QQ.exe[5216] USER32.dll!MoveWindow 75E68D29 5 Bytes JMP 64BAE920 E:\general\tecent\Bin\ChatFrameApp.dll (Tencent)
.text E:\general\tecent\Bin\QQ.exe[5216] USER32.dll!GetUpdateRect 75E6A575 5 Bytes JMP 00563739 E:\general\tecent\Bin\GF.dll (Tencent)
.text E:\general\tecent\Bin\QQ.exe[5216] USER32.dll!DestroyWindow 75E6B2F4 5 Bytes JMP 005637E0 E:\general\tecent\Bin\GF.dll (Tencent)
.text E:\general\tecent\Bin\QQ.exe[5216] USER32.dll!CreateWindowExW 75E6EC7C 5 Bytes JMP 00562954 E:\general\tecent\Bin\GF.dll (Tencent)
.text E:\general\tecent\Bin\QQ.exe[5216] USER32.dll!ShowWindow 75E6F2A9 5 Bytes JMP 00562852 E:\general\tecent\Bin\GF.dll (Tencent)
.text E:\general\tecent\Bin\QQ.exe[5216] USER32.dll!GetMessageA 75E71899 5 Bytes JMP 33D0C390 E:\general\tecent\Bin\IM.dll (Tencent)
.text E:\general\tecent\Bin\QQ.exe[5216] USER32.dll!PeekMessageA 75E719A5 5 Bytes JMP 33D0C060 E:\general\tecent\Bin\IM.dll (Tencent)
.text E:\general\tecent\Bin\QQ.exe[5216] USER32.dll!SetWindowPos 75E71BC4 5 Bytes JMP 005628A2 E:\general\tecent\Bin\GF.dll (Tencent)
.text E:\general\tecent\Bin\QQ.exe[5216] USER32.dll!SetWindowLongW 75E74449 5 Bytes JMP 00562901 E:\general\tecent\Bin\GF.dll (Tencent)
.text E:\general\tecent\Bin\QQ.exe[5216] USER32.dll!InvalidateRect 75E7566D 5 Bytes JMP 005639FE E:\general\tecent\Bin\GF.dll (Tencent)
.text E:\general\tecent\Bin\QQ.exe[5216] USER32.dll!BeginPaint 75E75D14 5 Bytes JMP 00563784 E:\general\tecent\Bin\GF.dll (Tencent)
.text E:\general\tecent\Bin\QQ.exe[5216] USER32.dll!PeekMessageW 75E7634A 5 Bytes JMP 33D0BEC0 E:\general\tecent\Bin\IM.dll (Tencent)
.text E:\general\tecent\Bin\QQ.exe[5216] USER32.dll!GetMessageW 75E7CDE8 5 Bytes JMP 33D0C200 E:\general\tecent\Bin\IM.dll (Tencent)
.text E:\general\tecent\Bin\QQ.exe[5216] USER32.dll!ValidateRect 75E8F089 5 Bytes JMP 00562BC0 E:\general\tecent\Bin\GF.dll (Tencent)
.text E:\general\tecent\Bin\QQ.exe[5216] USER32.dll!ValidateRgn 75E91A9E 5 Bytes JMP 00562BC9 E:\general\tecent\Bin\GF.dll (Tencent)
.text E:\general\tecent\Bin\QQ.exe[5216] ADVAPI32.dll!RegOpenKeyExW 7754468D 5 Bytes JMP 0051CCF2 E:\general\tecent\Bin\GF.dll (Tencent)
.text E:\general\tecent\Bin\QQ.exe[5216] ADVAPI32.dll!RegOpenKeyExA 77544907 5 Bytes JMP 0051CC87 E:\general\tecent\Bin\GF.dll (Tencent)
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[5300] CRYPT32.dll!CryptImportPublicKeyInfoEx + 98 757B6CCA 7 Bytes JMP 0052DCD0
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[5300] CRYPT32.dll!I_CryptEnumMatchingLruEntries + D5D 757BCADD 7 Bytes JMP 0052DD40
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[5420] ntdll.dll!NtCreateFile + 6 776155CE 4 Bytes [28, 00, 28, 00] {SUB [EAX], AL; SUB [EAX], AL}
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[5420] ntdll.dll!NtCreateFile + B 776155D3 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[5420] ntdll.dll!NtMapViewOfSection + 6 77615C2E 1 Byte [28]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[5420] ntdll.dll!NtMapViewOfSection + 6 77615C2E 4 Bytes [28, 03, 28, 00] {SUB [EBX], AL; SUB [EAX], AL}
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[5420] ntdll.dll!NtMapViewOfSection + B 77615C33 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[5420] ntdll.dll!NtOpenFile + 6 77615CDE 4 Bytes [68, 00, 28, 00]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[5420] ntdll.dll!NtOpenFile + B 77615CE3 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[5420] ntdll.dll!NtOpenProcess + 6 77615D8E 4 Bytes [A8, 01, 28, 00] {TEST AL, 0x1; SUB [EAX], AL}
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[5420] ntdll.dll!NtOpenProcess + B 77615D93 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[5420] ntdll.dll!NtOpenProcessToken + 6 77615D9E 4 Bytes CALL 766185A4 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[5420] ntdll.dll!NtOpenProcessToken + B 77615DA3 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[5420] ntdll.dll!NtOpenProcessTokenEx + 6 77615DAE 4 Bytes [A8, 02, 28, 00] {TEST AL, 0x2; SUB [EAX], AL}
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[5420] ntdll.dll!NtOpenProcessTokenEx + B 77615DB3 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[5420] ntdll.dll!NtOpenThread + 6 77615E0E 4 Bytes [68, 01, 28, 00]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[5420] ntdll.dll!NtOpenThread + B 77615E13 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[5420] ntdll.dll!NtOpenThreadToken + 6 77615E1E 4 Bytes [68, 02, 28, 00]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[5420] ntdll.dll!NtOpenThreadToken + B 77615E23 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[5420] ntdll.dll!NtOpenThreadTokenEx + 6 77615E2E 4 Bytes CALL 76618635 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[5420] ntdll.dll!NtOpenThreadTokenEx + B 77615E33 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[5420] ntdll.dll!NtQueryAttributesFile + 6 77615F3E 4 Bytes [A8, 00, 28, 00] {TEST AL, 0x0; SUB [EAX], AL}
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[5420] ntdll.dll!NtQueryAttributesFile + B 77615F43 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[5420] ntdll.dll!NtQueryFullAttributesFile + 6 77615FEE 4 Bytes CALL 766187F3 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[5420] ntdll.dll!NtQueryFullAttributesFile + B 77615FF3 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[5420] ntdll.dll!NtSetInformationFile + 6 7761663E 4 Bytes [28, 01, 28, 00] {SUB [ECX], AL; SUB [EAX], AL}
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[5420] ntdll.dll!NtSetInformationFile + B 77616643 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[5420] ntdll.dll!NtSetInformationThread + 6 7761669E 4 Bytes [28, 02, 28, 00] {SUB [EDX], AL; SUB [EAX], AL}
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[5420] ntdll.dll!NtSetInformationThread + B 776166A3 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[5420] ntdll.dll!NtUnmapViewOfSection + 6 776169BE 1 Byte [68]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[5420] ntdll.dll!NtUnmapViewOfSection + 6 776169BE 4 Bytes [68, 03, 28, 00]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[5420] ntdll.dll!NtUnmapViewOfSection + B 776169C3 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[5472] ntdll.dll!NtCreateFile + 6 776155CE 4 Bytes [28, 00, 46, 00]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[5472] ntdll.dll!NtCreateFile + B 776155D3 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[5472] ntdll.dll!NtMapViewOfSection + 6 77615C2E 1 Byte [28]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[5472] ntdll.dll!NtMapViewOfSection + 6 77615C2E 4 Bytes [28, 03, 46, 00]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[5472] ntdll.dll!NtMapViewOfSection + B 77615C33 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[5472] ntdll.dll!NtOpenFile + 6 77615CDE 4 Bytes [68, 00, 46, 00]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[5472] ntdll.dll!NtOpenFile + B 77615CE3 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[5472] ntdll.dll!NtOpenProcess + 6 77615D8E 4 Bytes [A8, 01, 46, 00]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[5472] ntdll.dll!NtOpenProcess + B 77615D93 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[5472] ntdll.dll!NtOpenProcessToken + 6 77615D9E 4 Bytes CALL 7661A3A4 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[5472] ntdll.dll!NtOpenProcessToken + B 77615DA3 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[5472] ntdll.dll!NtOpenProcessTokenEx + 6 77615DAE 4 Bytes [A8, 02, 46, 00]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[5472] ntdll.dll!NtOpenProcessTokenEx + B 77615DB3 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[5472] ntdll.dll!NtOpenThread + 6 77615E0E 4 Bytes [68, 01, 46, 00]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[5472] ntdll.dll!NtOpenThread + B 77615E13 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[5472] ntdll.dll!NtOpenThreadToken + 6 77615E1E 4 Bytes [68, 02, 46, 00]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[5472] ntdll.dll!NtOpenThreadToken + B 77615E23 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[5472] ntdll.dll!NtOpenThreadTokenEx + 6 77615E2E 4 Bytes CALL 7661A435 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[5472] ntdll.dll!NtOpenThreadTokenEx + B 77615E33 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[5472] ntdll.dll!NtQueryAttributesFile + 6 77615F3E 4 Bytes [A8, 00, 46, 00]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[5472] ntdll.dll!NtQueryAttributesFile + B 77615F43 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[5472] ntdll.dll!NtQueryFullAttributesFile + 6 77615FEE 4 Bytes CALL 7661A5F3 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[5472] ntdll.dll!NtQueryFullAttributesFile + B 77615FF3 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[5472] ntdll.dll!NtSetInformationFile + 6 7761663E 4 Bytes [28, 01, 46, 00]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[5472] ntdll.dll!NtSetInformationFile + B 77616643 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[5472] ntdll.dll!NtSetInformationThread + 6 7761669E 4 Bytes [28, 02, 46, 00]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[5472] ntdll.dll!NtSetInformationThread + B 776166A3 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[5472] ntdll.dll!NtUnmapViewOfSection + 6 776169BE 1 Byte [68]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[5472] ntdll.dll!NtUnmapViewOfSection + 6 776169BE 4 Bytes [68, 03, 46, 00]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[5472] ntdll.dll!NtUnmapViewOfSection + B 776169C3 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[6068] ntdll.dll!NtCreateFile + 6 776155CE 4 Bytes [28, 00, 39, 00] {SUB [EAX], AL; CMP [EAX], EAX}
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[6068] ntdll.dll!NtCreateFile + B 776155D3 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[6068] ntdll.dll!NtMapViewOfSection + 6 77615C2E 1 Byte [28]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[6068] ntdll.dll!NtMapViewOfSection + 6 77615C2E 4 Bytes [28, 03, 39, 00] {SUB [EBX], AL; CMP [EAX], EAX}
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[6068] ntdll.dll!NtMapViewOfSection + B 77615C33 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[6068] ntdll.dll!NtOpenFile + 6 77615CDE 4 Bytes [68, 00, 39, 00]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[6068] ntdll.dll!NtOpenFile + B 77615CE3 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[6068] ntdll.dll!NtOpenProcess + 6 77615D8E 4 Bytes [A8, 01, 39, 00] {TEST AL, 0x1; CMP [EAX], EAX}
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[6068] ntdll.dll!NtOpenProcess + B 77615D93 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[6068] ntdll.dll!NtOpenProcessToken + 6 77615D9E 4 Bytes CALL 766196A4 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[6068] ntdll.dll!NtOpenProcessToken + B 77615DA3 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[6068] ntdll.dll!NtOpenProcessTokenEx + 6 77615DAE 4 Bytes [A8, 02, 39, 00] {TEST AL, 0x2; CMP [EAX], EAX}
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[6068] ntdll.dll!NtOpenProcessTokenEx + B 77615DB3 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[6068] ntdll.dll!NtOpenThread + 6 77615E0E 4 Bytes [68, 01, 39, 00]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[6068] ntdll.dll!NtOpenThread + B 77615E13 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[6068] ntdll.dll!NtOpenThreadToken + 6 77615E1E 4 Bytes [68, 02, 39, 00]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[6068] ntdll.dll!NtOpenThreadToken + B 77615E23 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[6068] ntdll.dll!NtOpenThreadTokenEx + 6 77615E2E 4 Bytes CALL 76619735 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[6068] ntdll.dll!NtOpenThreadTokenEx + B 77615E33 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[6068] ntdll.dll!NtQueryAttributesFile + 6 77615F3E 4 Bytes [A8, 00, 39, 00] {TEST AL, 0x0; CMP [EAX], EAX}
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[6068] ntdll.dll!NtQueryAttributesFile + B 77615F43 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[6068] ntdll.dll!NtQueryFullAttributesFile + 6 77615FEE 4 Bytes CALL 766198F3 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[6068] ntdll.dll!NtQueryFullAttributesFile + B 77615FF3 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[6068] ntdll.dll!NtSetInformationFile + 6 7761663E 4 Bytes [28, 01, 39, 00] {SUB [ECX], AL; CMP [EAX], EAX}
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[6068] ntdll.dll!NtSetInformationFile + B 77616643 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[6068] ntdll.dll!NtSetInformationThread + 6 7761669E 4 Bytes [28, 02, 39, 00] {SUB [EDX], AL; CMP [EAX], EAX}
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[6068] ntdll.dll!NtSetInformationThread + B 776166A3 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[6068] ntdll.dll!NtUnmapViewOfSection + 6 776169BE 1 Byte [68]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[6068] ntdll.dll!NtUnmapViewOfSection + 6 776169BE 4 Bytes [68, 03, 39, 00]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[6068] ntdll.dll!NtUnmapViewOfSection + B 776169C3 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[6164] ntdll.dll!NtCreateFile + 6 776155CE 4 Bytes [28, 00, 26, 00]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[6164] ntdll.dll!NtCreateFile + B 776155D3 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[6164] ntdll.dll!NtMapViewOfSection + 6 77615C2E 1 Byte [28]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[6164] ntdll.dll!NtMapViewOfSection + 6 77615C2E 4 Bytes [28, 03, 26, 00]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[6164] ntdll.dll!NtMapViewOfSection + B 77615C33 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[6164] ntdll.dll!NtOpenFile + 6 77615CDE 4 Bytes [68, 00, 26, 00]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[6164] ntdll.dll!NtOpenFile + B 77615CE3 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[6164] ntdll.dll!NtOpenProcess + 6 77615D8E 4 Bytes [A8, 01, 26, 00]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[6164] ntdll.dll!NtOpenProcess + B 77615D93 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[6164] ntdll.dll!NtOpenProcessToken + 6 77615D9E 4 Bytes CALL 766183A4 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[6164] ntdll.dll!NtOpenProcessToken + B 77615DA3 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[6164] ntdll.dll!NtOpenProcessTokenEx + 6 77615DAE 4 Bytes [A8, 02, 26, 00]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[6164] ntdll.dll!NtOpenProcessTokenEx + B 77615DB3 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[6164] ntdll.dll!NtOpenThread + 6 77615E0E 4 Bytes [68, 01, 26, 00]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[6164] ntdll.dll!NtOpenThread + B 77615E13 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[6164] ntdll.dll!NtOpenThreadToken + 6 77615E1E 4 Bytes [68, 02, 26, 00]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[6164] ntdll.dll!NtOpenThreadToken + B 77615E23 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[6164] ntdll.dll!NtOpenThreadTokenEx + 6 77615E2E 4 Bytes CALL 76618435 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[6164] ntdll.dll!NtOpenThreadTokenEx + B 77615E33 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[6164] ntdll.dll!NtQueryAttributesFile + 6 77615F3E 4 Bytes [A8, 00, 26, 00]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[6164] ntdll.dll!NtQueryAttributesFile + B 77615F43 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[6164] ntdll.dll!NtQueryFullAttributesFile + 6 77615FEE 4 Bytes CALL 766185F3 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[6164] ntdll.dll!NtQueryFullAttributesFile + B 77615FF3 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[6164] ntdll.dll!NtSetInformationFile + 6 7761663E 4 Bytes [28, 01, 26, 00]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[6164] ntdll.dll!NtSetInformationFile + B 77616643 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[6164] ntdll.dll!NtSetInformationThread + 6 7761669E 4 Bytes [28, 02, 26, 00]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[6164] ntdll.dll!NtSetInformationThread + B 776166A3 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[6164] ntdll.dll!NtUnmapViewOfSection + 6 776169BE 1 Byte [68]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[6164] ntdll.dll!NtUnmapViewOfSection + 6 776169BE 4 Bytes [68, 03, 26, 00]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[6164] ntdll.dll!NtUnmapViewOfSection + B 776169C3 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[6444] ntdll.dll!NtCreateFile + 6 776155CE 4 Bytes [28, 00, 17, 00]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[6444] ntdll.dll!NtCreateFile + B 776155D3 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[6444] ntdll.dll!NtMapViewOfSection + 6 77615C2E 1 Byte [28]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[6444] ntdll.dll!NtMapViewOfSection + 6 77615C2E 4 Bytes [28, 03, 17, 00]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[6444] ntdll.dll!NtMapViewOfSection + B 77615C33 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[6444] ntdll.dll!NtOpenFile + 6 77615CDE 4 Bytes [68, 00, 17, 00]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[6444] ntdll.dll!NtOpenFile + B 77615CE3 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[6444] ntdll.dll!NtOpenProcess + 6 77615D8E 4 Bytes [A8, 01, 17, 00]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[6444] ntdll.dll!NtOpenProcess + B 77615D93 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[6444] ntdll.dll!NtOpenProcessToken + 6 77615D9E 4 Bytes CALL 766174A4 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[6444] ntdll.dll!NtOpenProcessToken + B 77615DA3 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[6444] ntdll.dll!NtOpenProcessTokenEx + 6 77615DAE 4 Bytes [A8, 02, 17, 00]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[6444] ntdll.dll!NtOpenProcessTokenEx + B 77615DB3 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[6444] ntdll.dll!NtOpenThread + 6 77615E0E 4 Bytes [68, 01, 17, 00]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[6444] ntdll.dll!NtOpenThread + B 77615E13 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[6444] ntdll.dll!NtOpenThreadToken + 6 77615E1E 4 Bytes [68, 02, 17, 00]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[6444] ntdll.dll!NtOpenThreadToken + B 77615E23 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[6444] ntdll.dll!NtOpenThreadTokenEx + 6 77615E2E 4 Bytes CALL 76617535 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[6444] ntdll.dll!NtOpenThreadTokenEx + B 77615E33 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[6444] ntdll.dll!NtQueryAttributesFile + 6 77615F3E 4 Bytes [A8, 00, 17, 00]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[6444] ntdll.dll!NtQueryAttributesFile + B 77615F43 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[6444] ntdll.dll!NtQueryFullAttributesFile + 6 77615FEE 4 Bytes CALL 766176F3 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[6444] ntdll.dll!NtQueryFullAttributesFile + B 77615FF3 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[6444] ntdll.dll!NtSetInformationFile + 6 7761663E 4 Bytes [28, 01, 17, 00]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[6444] ntdll.dll!NtSetInformationFile + B 77616643 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[6444] ntdll.dll!NtSetInformationThread + 6 7761669E 4 Bytes [28, 02, 17, 00]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[6444] ntdll.dll!NtSetInformationThread + B 776166A3 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[6444] ntdll.dll!NtUnmapViewOfSection + 6 776169BE 1 Byte [68]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[6444] ntdll.dll!NtUnmapViewOfSection + 6 776169BE 4 Bytes [68, 03, 17, 00]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[6444] ntdll.dll!NtUnmapViewOfSection + B 776169C3 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[7400] ntdll.dll!NtCreateFile + 6 776155CE 4 Bytes [28, 00, 32, 00] {SUB [EAX], AL; XOR AL, [EAX]}
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[7400] ntdll.dll!NtCreateFile + B 776155D3 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[7400] ntdll.dll!NtMapViewOfSection + 6 77615C2E 1 Byte [28]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[7400] ntdll.dll!NtMapViewOfSection + 6 77615C2E 4 Bytes [28, 03, 32, 00] {SUB [EBX], AL; XOR AL, [EAX]}
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[7400] ntdll.dll!NtMapViewOfSection + B 77615C33 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[7400] ntdll.dll!NtOpenFile + 6 77615CDE 4 Bytes [68, 00, 32, 00]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[7400] ntdll.dll!NtOpenFile + B 77615CE3 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[7400] ntdll.dll!NtOpenProcess + 6 77615D8E 4 Bytes [A8, 01, 32, 00] {TEST AL, 0x1; XOR AL, [EAX]}
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[7400] ntdll.dll!NtOpenProcess + B 77615D93 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[7400] ntdll.dll!NtOpenProcessToken + 6 77615D9E 4 Bytes CALL 76618FA4 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[7400] ntdll.dll!NtOpenProcessToken + B 77615DA3 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[7400] ntdll.dll!NtOpenProcessTokenEx + 6 77615DAE 4 Bytes [A8, 02, 32, 00] {TEST AL, 0x2; XOR AL, [EAX]}
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[7400] ntdll.dll!NtOpenProcessTokenEx + B 77615DB3 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[7400] ntdll.dll!NtOpenThread + 6 77615E0E 4 Bytes [68, 01, 32, 00]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[7400] ntdll.dll!NtOpenThread + B 77615E13 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[7400] ntdll.dll!NtOpenThreadToken + 6 77615E1E 4 Bytes [68, 02, 32, 00]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[7400] ntdll.dll!NtOpenThreadToken + B 77615E23 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[7400] ntdll.dll!NtOpenThreadTokenEx + 6 77615E2E 4 Bytes CALL 76619035 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[7400] ntdll.dll!NtOpenThreadTokenEx + B 77615E33 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[7400] ntdll.dll!NtQueryAttributesFile + 6 77615F3E 4 Bytes [A8, 00, 32, 00] {TEST AL, 0x0; XOR AL, [EAX]}
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[7400] ntdll.dll!NtQueryAttributesFile + B 77615F43 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[7400] ntdll.dll!NtQueryFullAttributesFile + 6 77615FEE 4 Bytes CALL 766191F3 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[7400] ntdll.dll!NtQueryFullAttributesFile + B 77615FF3 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[7400] ntdll.dll!NtSetInformationFile + 6 7761663E 4 Bytes [28, 01, 32, 00] {SUB [ECX], AL; XOR AL, [EAX]}
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[7400] ntdll.dll!NtSetInformationFile + B 77616643 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[7400] ntdll.dll!NtSetInformationThread + 6 7761669E 4 Bytes [28, 02, 32, 00] {SUB [EDX], AL; XOR AL, [EAX]}
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[7400] ntdll.dll!NtSetInformationThread + B 776166A3 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[7400] ntdll.dll!NtUnmapViewOfSection + 6 776169BE 1 Byte [68]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[7400] ntdll.dll!NtUnmapViewOfSection + 6 776169BE 4 Bytes [68, 03, 32, 00]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[7400] ntdll.dll!NtUnmapViewOfSection + B 776169C3 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[7508] ntdll.dll!NtCreateFile + 6 776155CE 4 Bytes [28, 00, 23, 00] {SUB [EAX], AL; AND EAX, [EAX]}
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[7508] ntdll.dll!NtCreateFile + B 776155D3 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[7508] ntdll.dll!NtMapViewOfSection + 6 77615C2E 1 Byte [28]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[7508] ntdll.dll!NtMapViewOfSection + 6 77615C2E 4 Bytes [28, 03, 23, 00] {SUB [EBX], AL; AND EAX, [EAX]}
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[7508] ntdll.dll!NtMapViewOfSection + B 77615C33 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[7508] ntdll.dll!NtOpenFile + 6 77615CDE 4 Bytes [68, 00, 23, 00]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[7508] ntdll.dll!NtOpenFile + B 77615CE3 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[7508] ntdll.dll!NtOpenProcess + 6 77615D8E 4 Bytes [A8, 01, 23, 00] {TEST AL, 0x1; AND EAX, [EAX]}
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[7508] ntdll.dll!NtOpenProcess + B 77615D93 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[7508] ntdll.dll!NtOpenProcessToken + 6 77615D9E 4 Bytes CALL 766180A4 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[7508] ntdll.dll!NtOpenProcessToken + B 77615DA3 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[7508] ntdll.dll!NtOpenProcessTokenEx + 6 77615DAE 4 Bytes [A8, 02, 23, 00] {TEST AL, 0x2; AND EAX, [EAX]}
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[7508] ntdll.dll!NtOpenProcessTokenEx + B 77615DB3 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[7508] ntdll.dll!NtOpenThread + 6 77615E0E 4 Bytes [68, 01, 23, 00]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[7508] ntdll.dll!NtOpenThread + B 77615E13 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[7508] ntdll.dll!NtOpenThreadToken + 6 77615E1E 4 Bytes [68, 02, 23, 00]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[7508] ntdll.dll!NtOpenThreadToken + B 77615E23 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[7508] ntdll.dll!NtOpenThreadTokenEx + 6 77615E2E 4 Bytes CALL 76618135 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[7508] ntdll.dll!NtOpenThreadTokenEx + B 77615E33 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[7508] ntdll.dll!NtQueryAttributesFile + 6 77615F3E 4 Bytes [A8, 00, 23, 00] {TEST AL, 0x0; AND EAX, [EAX]}
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[7508] ntdll.dll!NtQueryAttributesFile + B 77615F43 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[7508] ntdll.dll!NtQueryFullAttributesFile + 6 77615FEE 4 Bytes CALL 766182F3 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[7508] ntdll.dll!NtQueryFullAttributesFile + B 77615FF3 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[7508] ntdll.dll!NtSetInformationFile + 6 7761663E 4 Bytes [28, 01, 23, 00] {SUB [ECX], AL; AND EAX, [EAX]}
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[7508] ntdll.dll!NtSetInformationFile + B 77616643 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[7508] ntdll.dll!NtSetInformationThread + 6 7761669E 4 Bytes [28, 02, 23, 00] {SUB [EDX], AL; AND EAX, [EAX]}
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[7508] ntdll.dll!NtSetInformationThread + B 776166A3 1 Byte [E2]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[7508] ntdll.dll!NtUnmapViewOfSection + 6 776169BE 1 Byte [68]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[7508] ntdll.dll!NtUnmapViewOfSection + 6 776169BE 4 Bytes [68, 03, 23, 00]
.text C:\Users\hm446\AppData\Local\Google\Chrome\Application\chrome.exe[7508] ntdll.dll!NtUnmapViewOfSection + B 776169C3 1 Byte [E2]
.text C:\Windows\System32\svchost.exe[7864] user32.dll!GetCursorPos 75E6A4B3 5 Bytes JMP 008A000A
.text C:\Windows\System32\svchost.exe[7864] user32.dll!DialogBoxIndirectParamAorW 75E93B40 5 Bytes JMP 008B000A
.text C:\Windows\System32\svchost.exe[7864] ole32.dll!CoCreateInstance 77149D0B 5 Bytes JMP 0089000A

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Tppwr32v.sys (Power Manager/Lenovo Group Limited)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Tppwr32v.sys (Power Manager/Lenovo Group Limited)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device \Driver\SynTP \Device\00000071 Tppwr32v.sys (Power Manager/Lenovo Group Limited)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device \Driver\PCTSDInjDriver32 \Device\PCTSDInjDriver32 PCTSDInj32.sys
Device \Driver\ACPI_HAL \Device\0000004a halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

---- Modules - GMER 1.0.15 ----

Module (noname) (*** hidden *** ) 8C60C000-8C624000 (98304 bytes)
---- Processes - GMER 1.0.15 ----

Library C:\Program (*** hidden *** ) @ C:\Users\hm446\AppData\Roaming\Dropbox\bin\Dropbox.exe [1704] 0x051D0000
Library C:\Program (*** hidden *** ) @ C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [3252] 0x01020000
Library C:\Program (*** hidden *** ) @ E:\general\tecent\Bin\QQ.exe [5216] 0x077C0000
Library C:\Program (*** hidden *** ) @ C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe [6012] 0x10000000

Process C:\Windows\System32\svchost.exe (*** hidden *** ) 7864

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\e006e6b6d5ff (not active ControlSet)
Reg HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Servers@AliveServerCount 21

---- Files - GMER 1.0.15 ----

File C:\Windows\$NtUninstallKB61790$\1166423863 0 bytes
File C:\Windows\$NtUninstallKB61790$\1878826658 0 bytes
File C:\Windows\$NtUninstallKB61790$\1878826658\@ 2048 bytes
File C:\Windows\$NtUninstallKB61790$\1878826658\Desktop.ini 4608 bytes
File C:\Windows\$NtUninstallKB61790$\1878826658\L 0 bytes
File C:\Windows\$NtUninstallKB61790$\1878826658\L\00000004.@ 804 bytes
File C:\Windows\$NtUninstallKB61790$\1878826658\L\201d3dde 209 bytes
File C:\Windows\$NtUninstallKB61790$\1878826658\L\xadqgnnk 338944 bytes
File C:\Windows\$NtUninstallKB61790$\1878826658\U 0 bytes
File C:\Windows\$NtUninstallKB61790$\1878826658\U\00000004.@ 2048 bytes
File C:\Windows\$NtUninstallKB61790$\1878826658\U\00000008.@ 232960 bytes
File C:\Windows\$NtUninstallKB61790$\1878826658\U\000000cb.@ 1632 bytes
File C:\Windows\$NtUninstallKB61790$\1878826658\U\80000000.@ 13312 bytes
File C:\Windows\$NtUninstallKB61790$\1878826658\U\80000032.@ 90624 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DRV3FSCQ\shopping[1].txt 149901 bytes

---- EOF - GMER 1.0.15 ----



looking forward your reply
best

Attached Files



BC AdBot (Login to Remove)

 


#2 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:25 AM

Posted 12 September 2012 - 09:46 PM

Hello and welcome. Please follow these guidelines while we work on your PC:
  • Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I’ve given you the “All clear.” Absence of symptoms does not mean your machine is clean!
  • Please do not run any scans or install/uninstall any applications without being directed to do so.
  • Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed.
Posted Image Download Farbar Recovery Scan Tool and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#3 mightbe

mightbe
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:25 AM

Posted 15 September 2012 - 07:43 PM

Hello and welcome. Please follow these guidelines while we work on your PC:

  • Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I’ve given you the “All clear.” Absence of symptoms does not mean your machine is clean!
  • Please do not run any scans or install/uninstall any applications without being directed to do so.
  • Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed.
Posted Image Download Farbar Recovery Scan Tool and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]



thanks for your reply! the log is as attached. but there was one problem, that my memory stick could not be recognized under the 'recovery mode'. I have to copy the FRST.exe into one of my hard-drive to run... I hope this will not effect the result.. if it does, please let me know what should i do about this. many thanks


Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-09-2012 02
Ran by SYSTEM at 16-09-2012 01:24:49
Running from E:\
Windows 7 Ultimate Service Pack 1 (X86) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [USB3MON] "C:\Program Files\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [291608 2012-04-19] (Intel Corporation)
HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s [10975848 2012-04-17] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe /FORPCEE4 [879208 2012-03-09] (Realtek Semiconductor)
HKLM\...\Run: [Dolby Advanced Audio v2] "C:\Program Files\Dolby Advanced Audio v2\pcee4.exe" -autostart [507744 2011-12-20] (Dolby Laboratories Inc.)
HKLM\...\Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [290160 2012-06-01] (Lenovo Group Limited)
HKLM\...\Run: [IMSS] "C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" [133400 2012-02-28] (Intel Corporation)
HKLM\...\Run: [PSQLLauncher] "C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe" /startup [55624 2011-09-21] (Authentec Inc.)
HKLM\...\Run: [] [x]
HKLM\...\Run: [TpShocks] TpShocks.exe [x]
HKLM\...\Run: [ResetACGauge] C:\Program Files\Lenovo\Access Connections\smbhlpr.exe /RESETACGAUGEREG [154688 2012-04-20] (Lenovo)
HKLM\...\Run: [AcWin7Hlpr] C:\Program Files\Lenovo\Access Connections\AcTBenabler.exe [33344 2012-04-20] (Lenovo)
HKLM\...\Run: [PWMTRV] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor [4395104 2012-05-15] (Lenovo Group Limited)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2350352 2012-04-08] (Synaptics Incorporated)
HKLM\...\Run: [Microsoft Pinyin IME Migration] C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMESC\IMSCMIG.EXE /INSTALL [32560 2006-10-26] (Microsoft Corporation)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe Acrobat Speed Launcher] "E:\general\adobe\Acrobat\Acrobat_sl.exe" [x]
HKLM\...\Run: [Acrobat Assistant 8.0] "E:\general\adobe\Acrobat\Acrotray.exe" [x]
HKU\hm446\...\Run: [Akamai NetSession Interface] "C:\Users\hm446\AppData\Local\Akamai\netsession_win.exe" [x]
HKU\hm446\...\Run: [Adobe Acrobat Synchronizer] "E:\general\adobe\Acrobat\AdobeCollabSync.exe" [x]
HKU\hm446\...\Run: [Google Update] "C:\Users\hm446\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-09-12] (Google Inc.)
Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll [X]
Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100
Lsa: [Notification Packages] scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll ACGina C:\Program Files\ThinkPad\Bluetooth Software\BtwProximityCP.dll
Startup: C:\Users\hm446\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> (No File)

==================== Services (Whitelisted) ===================

2 AcPrfMgrSvc; C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe [134208 2012-04-20] (Lenovo)
2 AcSvc; C:\Program Files\Lenovo\Access Connections\AcSvc.exe [273472 2012-04-20] (Lenovo)
2 Browser Defender Update Service; "C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe" [575448 2012-06-22] (Threat Expert Ltd.)
3 cphs; C:\Windows\System32\IntelCpHeciSvc.exe [276248 2012-03-28] (Intel Corporation)
2 Intel® Capability Licensing Service Interface; "C:\Program Files\Intel\iCLS Client\HeciServer.exe" [458464 2012-02-02] (Intel® Corporation)
2 jhi_service; C:\Program Files\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-28] (Intel Corporation)
2 LENOVO.CAMMUTE; C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe [58224 2012-06-01] (Lenovo Group Limited)
2 LENOVO.MICMUTE; C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe [101736 2011-07-12] (Lenovo Group Limited)
2 LENOVO.TPKNRSVC; C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe [61296 2012-06-01] (Lenovo Group Limited)
2 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [179568 2012-06-01] (Lenovo Group Limited)
2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [127336 2011-07-12] (Lenovo Group Limited)
4 msvsmon80; "C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe" /service msvsmon80 [2799808 2005-09-22] (Microsoft Corporation)
3 PwmEWSvc; C:\Program Files\ThinkPad\Utilities\PWMEWSVC.EXE [1665120 2012-05-15] (Lenovo Group Limited)
3 SolidWorks Licensing Service; "C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe" [79360 2012-09-05] (SolidWorks)
2 TPHKLOAD; C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe [131432 2011-07-12] (Lenovo Group Limited)
3 CoordinatorServiceHost; C:\technical\solidworks\SolidWorks\swScheduler\DTSCoordinatorService.exe [x]

==================== Drivers (Whitelisted) ====================

1 AFD; C:\Windows\system32\drivers\afd.sys [338944 2010-11-20] ()
3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [168232 2012-04-01] (Broadcom Corporation.)
3 btwampfl; \??\C:\Windows\system32\drivers\btwampfl.sys [504360 2012-04-01] (Broadcom Corporation.)
1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2012-09-06] (DT Soft Ltd)
3 e1cexpress; C:\Windows\System32\DRIVERS\e1c6232.sys [282792 2012-01-11] (Intel Corporation)
0 iusb3hcs; C:\Windows\System32\DRIVERS\iusb3hcs.sys [15640 2012-04-19] (Intel Corporation)
3 iusb3hub; C:\Windows\System32\DRIVERS\iusb3hub.sys [349976 2012-04-19] (Intel Corporation)
3 iusb3xhc; C:\Windows\System32\DRIVERS\iusb3xhc.sys [792856 2012-04-19] (Intel Corporation)
3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [46080 2011-11-09] (Intel Corporation)
3 NETwNs32; C:\Windows\System32\DRIVERS\Netwsn00.sys [10339840 2012-02-20] (Intel Corporation)
3 PCTBD; C:\Windows\System32\Drivers\PCTBD.sys [70768 2012-06-22] (PC Tools)
2 risdxc; C:\Windows\System32\DRIVERS\risdxc86.sys [75264 2011-03-23] (REDC)
2 smihlp; \??\C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [11976 2011-05-30] (Authentec Inc.)
3 tvtvcamd; C:\Windows\System32\DRIVERS\tvtvcamd.sys [24872 2011-12-07] (ThinkVantage Communications Utility)
3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
3 RkHit; \??\C:\Windows\system32\drivers\RKHit.sys [x]
3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2012-09-16 01:24 - 2012-09-16 01:24 - 00000000 ____D C:\FRST
2012-09-12 05:37 - 2012-09-12 05:37 - 00102905 ____A C:\Users\hm446\Desktop\gmer.log
2012-09-12 05:31 - 2012-09-12 05:31 - 00005977 ____A C:\Users\hm446\Desktop\Attach.txt
2012-09-12 05:23 - 2012-09-12 05:23 - 00022325 ____A C:\Users\hm446\Desktop\DDS.txt
2012-09-12 05:21 - 2012-09-12 05:21 - 00302592 ____A C:\Users\hm446\Downloads\cs1fcqvz.exe
2012-09-12 05:16 - 2012-09-12 05:16 - 00607260 ____R (Swearware) C:\Users\hm446\Downloads\dds.com
2012-09-12 04:25 - 2012-06-22 02:39 - 02267096 ____A (Threat Expert Ltd.) C:\Windows\PCTBDCore.dll
2012-09-12 04:25 - 2012-06-22 02:39 - 01689560 ____A (Threat Expert Ltd.) C:\Windows\PCTBDRes.dll
2012-09-12 04:25 - 2012-06-22 02:39 - 00149464 ____A (PC Tools) C:\Windows\SGDetectionTool.dll
2012-09-12 04:25 - 2012-06-22 02:39 - 00070768 ____A (PC Tools) C:\Windows\System32\Drivers\PCTBD.sys
2012-09-12 04:25 - 2012-06-22 02:38 - 00767960 ____A C:\Windows\BDTSupport.dll
2012-09-12 04:25 - 2012-06-22 01:43 - 00003488 ____A C:\Windows\UDB.zip
2012-09-12 04:25 - 2012-06-22 01:43 - 00000882 ____A C:\Windows\RegSDImport.xml
2012-09-12 04:25 - 2012-06-22 01:43 - 00000879 ____A C:\Windows\RegISSImport.xml
2012-09-12 04:25 - 2012-06-22 01:43 - 00000131 ____A C:\Windows\IDB.zip
2012-09-12 04:24 - 2012-09-12 04:24 - 00000000 ____D C:\Program Files\PC Tools
2012-09-12 04:23 - 2012-09-12 04:23 - 01130655 ____A C:\Windows\System32\Drivers\Cat.DB
2012-09-12 04:22 - 2012-09-12 11:07 - 00000000 ____D C:\Program Files\Common Files\PC Tools
2012-09-12 04:22 - 2012-09-12 04:34 - 00000000 ____D C:\Users\All Users\PC Tools
2012-09-12 04:22 - 2012-09-12 04:22 - 04166136 ____A (PC Tools) C:\Users\hm446\Downloads\spdoc.exe
2012-09-12 04:22 - 2012-09-12 04:22 - 00000000 ____D C:\Users\hm446\AppData\Roaming\TestApp
2012-09-12 04:22 - 2012-06-22 06:34 - 00203120 ____A (PC Tools) C:\Windows\System32\Drivers\PCTSD.sys
2012-09-12 03:18 - 2012-09-12 03:18 - 00000000 ____D C:\Program Files\Enigma Software Group
2012-09-12 03:17 - 2012-09-12 03:32 - 00000000 ____D C:\Windows\ADAFC0B4FC1545D9BAB3BC7A8829D0C4.TMP
2012-09-12 03:17 - 2012-09-12 03:17 - 00000000 ____D C:\Program Files\Common Files\Wise Installation Wizard
2012-09-12 03:12 - 2012-09-12 03:12 - 00000000 ____D C:\Users\All Users\ESET
2012-09-12 03:12 - 2012-09-12 03:12 - 00000000 ____D C:\Program Files\ESET
2012-09-12 02:24 - 2012-09-12 02:24 - 00000022 ____A C:\Windows\tpcsd
2012-09-12 01:54 - 2012-09-12 01:54 - 00000000 ___AH C:\Users\hm446\Documents\Default.rdp
2012-09-12 00:53 - 2012-09-15 16:04 - 00000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-373437613-3958342532-2166396467-1004Core.job
2012-09-12 00:53 - 2012-09-15 15:58 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-373437613-3958342532-2166396467-1004UA.job
2012-09-12 00:53 - 2012-09-12 01:24 - 00002509 ____A C:\Users\hm446\Desktop\Google Chrome.lnk
2012-09-11 05:59 - 2012-09-11 06:02 - 00000398 ____A C:\Users\hm446\Desktop\hvm12.xlaunch
2012-09-11 05:54 - 2012-09-11 05:54 - 00000000 ____D C:\Users\hm446\AppData\Roaming\Portable PuTTY
2012-09-11 05:47 - 2012-09-11 05:47 - 00000397 ____A C:\Users\hm446\Desktop\gate.xlaunch
2012-09-11 05:22 - 2012-09-11 05:22 - 00000000 ____D C:\Windows\System32\searchplugins
2012-09-11 05:22 - 2012-09-11 05:22 - 00000000 ____D C:\Windows\System32\Extensions
2012-09-11 05:21 - 2012-09-11 05:21 - 00000304 ____A C:\user.js
2012-09-11 05:21 - 2012-09-11 05:21 - 00000000 ____D C:\Users\hm446\AppData\Roaming\Babylon
2012-09-11 05:21 - 2012-09-11 05:21 - 00000000 ____D C:\Users\All Users\Babylon
2012-09-11 05:21 - 2012-09-11 05:21 - 00000000 ____D C:\Program Files\Mozilla Firefox
2012-09-11 05:20 - 2012-09-11 05:20 - 00500136 ____A C:\Users\hm446\Downloads\installer_xming_x_server.exe
2012-09-11 04:39 - 2012-09-11 04:39 - 00000000 ____D C:\Program Files\StarNet
2012-09-11 02:43 - 2012-09-11 02:43 - 00000000 ____D C:\Users\hm446\AppData\Roaming\TeamViewer
2012-09-10 14:58 - 2012-09-10 14:58 - 00001631 ____A C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk
2012-09-10 14:23 - 2012-09-10 14:23 - 00041340 ____A C:\Users\hm446\Downloads\inverter#1@drive-idvg.opj
2012-09-09 15:14 - 2012-09-11 06:02 - 00000600 ____A C:\Users\hm446\AppData\Local\PUTTY.RND
2012-09-09 13:26 - 2012-09-15 16:19 - 00000000 ___RD C:\Users\hm446\Dropbox
2012-09-09 13:22 - 2012-09-15 16:20 - 00000000 ____D C:\Users\hm446\AppData\Roaming\Dropbox
2012-09-09 13:22 - 2012-09-09 13:22 - 17813784 ____A (Dropbox, Inc.) C:\Users\hm446\Downloads\Dropbox 1.4.17.exe
2012-09-09 03:08 - 2012-09-09 03:08 - 00000000 ____D C:\Users\Public\Documents\Tencent
2012-09-09 03:07 - 2012-09-12 04:29 - 00000000 ____D C:\Users\hm446\Documents\Tencent Files
2012-09-09 03:07 - 2012-09-09 03:07 - 00000000 ____D C:\Program Files\Common Files\Tencent
2012-09-09 03:06 - 2012-09-09 03:08 - 00000000 ____D C:\Users\hm446\AppData\Roaming\Tencent
2012-09-09 03:06 - 2012-09-09 03:06 - 00018760 ____A C:\Windows\System32\QQVistaHelper.dll
2012-09-08 11:38 - 2012-09-08 11:38 - 00821736 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2012-09-08 11:38 - 2012-09-08 11:38 - 00746984 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2012-09-08 11:38 - 2012-09-08 11:38 - 00246760 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2012-09-08 11:38 - 2012-09-08 11:38 - 00174056 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2012-09-08 11:38 - 2012-09-08 11:38 - 00174056 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2012-09-08 11:38 - 2012-09-08 11:38 - 00093672 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll
2012-09-08 11:38 - 2012-09-08 11:38 - 00000000 ____D C:\Users\hm446\AppData\Roaming\Sun
2012-09-08 11:38 - 2012-09-08 11:38 - 00000000 ____D C:\Users\hm446\AppData\Local\Sun
2012-09-08 11:38 - 2012-09-08 11:38 - 00000000 ____D C:\Users\All Users\Sun
2012-09-08 11:38 - 2012-09-08 11:38 - 00000000 ____D C:\Program Files\Java
2012-09-08 11:38 - 2012-09-08 11:38 - 00000000 ____D C:\Program Files\Common Files\Java
2012-09-08 11:35 - 2012-09-08 11:35 - 00894952 ____A (Oracle Corporation) C:\Users\hm446\Downloads\chromeinstall-7u7.exe
2012-09-06 15:09 - 2012-09-06 15:09 - 00000914 ____A C:\Users\hm446\Desktop\XWin Server.lnk
2012-09-06 14:56 - 2012-09-06 14:58 - 00000000 ____D C:\Users\hm446\AppData\Roaming\Skype
2012-09-06 14:55 - 2012-09-06 14:56 - 00000000 ____D C:\Users\All Users\Skype
2012-09-06 14:55 - 2012-09-06 14:55 - 00002503 ____A C:\Users\Public\Desktop\Skype.lnk
2012-09-06 14:55 - 2012-09-06 14:55 - 00000000 ___RD C:\Program Files\Skype
2012-09-06 14:55 - 2012-09-06 14:55 - 00000000 ____D C:\Program Files\Common Files\Skype
2012-09-06 14:20 - 2012-09-06 14:20 - 00002083 ____A C:\Users\hm446\Desktop\??FM.lnk
2012-09-06 14:20 - 2012-09-06 14:20 - 00000000 ____D C:\Users\hm446\AppData\Local\Douban
2012-09-06 14:17 - 2012-09-06 14:17 - 140764223 ____A C:\Users\hm446\Downloads\lp.cab
2012-09-06 02:56 - 2012-09-06 02:56 - 321088569 ____A C:\Windows\MEMORY.DMP
2012-09-06 02:56 - 2012-09-06 02:56 - 00155016 ____A C:\Windows\Minidump\090612-35022-01.dmp
2012-09-06 02:56 - 2012-09-06 02:56 - 00000000 ____D C:\Windows\Minidump
2012-09-06 02:53 - 2012-09-06 02:53 - 00000039 ____A C:\Windows\vbaddin.ini
2012-09-06 02:52 - 2012-09-06 02:52 - 00000162 ____A C:\Windows\ODBC.INI
2012-09-06 02:45 - 2012-09-06 02:45 - 00000000 ____D C:\Users\hm446\Documents\MATLAB
2012-09-06 02:40 - 2012-09-06 02:40 - 00000000 ____D C:\Users\hm446\AppData\Roaming\SolidWorks 2009
2012-09-06 02:39 - 2012-09-06 02:39 - 00000000 ____D C:\Users\hm446\AppData\Roaming\SolidWorks
2012-09-06 02:37 - 2012-09-06 02:37 - 00000000 ____D C:\Users\hm446\Documents\SolidWorks Visual Studio Tools for Applications
2012-09-06 02:36 - 2012-09-06 02:36 - 00001306 ____A C:\Windows\DIFx.log
2012-09-06 02:36 - 2012-09-06 02:36 - 00000023 ___AH C:\Windows\yacht.xws
2012-09-06 02:33 - 2012-09-06 02:33 - 00000000 ____D C:\Users\All Users\SolidWorks
2012-09-06 02:33 - 2012-09-06 02:33 - 00000000 ____D C:\Program Files\AGEIA Technologies
2012-09-06 02:32 - 2012-09-06 02:32 - 00000000 ____D C:\Users\hm446\Documents\Visual Studio 2005
2012-09-06 02:32 - 2012-09-06 02:32 - 00000000 ____D C:\Program Files\MSECache
2012-09-06 02:27 - 2012-09-06 02:28 - 00000000 ____D C:\Users\hm446\AppData\Roaming\DAEMON Tools Lite
2012-09-06 02:27 - 2012-09-06 02:27 - 00242240 ____A (DT Soft Ltd) C:\Windows\System32\Drivers\dtsoftbus01.sys
2012-09-06 02:26 - 2012-09-06 02:28 - 00000000 ____D C:\Users\All Users\DAEMON Tools Lite
2012-09-06 02:15 - 2012-09-06 02:15 - 00000000 ____D C:\Users\hm446\AppData\Roaming\DassaultSystemes
2012-09-06 02:15 - 2012-09-06 02:15 - 00000000 ____D C:\Users\hm446\AppData\Local\DassaultSystemes
2012-09-06 02:15 - 2012-09-06 02:15 - 00000000 ____D C:\Users\All Users\DassaultSystemes
2012-09-05 16:03 - 2012-09-06 02:33 - 00000000 ____D C:\Program Files\Common Files\SolidWorks Shared
2012-09-05 16:03 - 2012-09-05 16:03 - 00000000 ____A C:\Windows\eDrawingOfficeAutomator.INI
2012-09-05 15:53 - 2012-09-05 15:53 - 00000000 ____D C:\Program Files\Common Files\SolidWorks Installation Manager
2012-09-05 15:52 - 2012-09-05 15:52 - 00000000 ____D C:\Users\hm446\AppData\Roaming\Macromedia
2012-09-05 15:51 - 2012-09-05 15:51 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-09-05 15:45 - 2012-09-15 15:49 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-09-05 15:45 - 2012-09-05 15:45 - 00696520 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-09-05 15:45 - 2012-09-05 15:45 - 00073416 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-09-05 15:45 - 2012-09-05 15:45 - 00000000 ____D C:\Windows\System32\Macromed
2012-09-05 15:44 - 2012-09-05 15:44 - 00183095 ____A C:\Users\hm446\Downloads\Solidworks.2009.serial.keygen.by.ACME.zip
2012-09-05 15:42 - 2012-09-06 02:39 - 00000000 ____D C:\Users\hm446\AppData\Roaming\IM
2012-09-05 15:42 - 2012-09-05 16:02 - 00000000 ____D C:\Windows\SolidWorks
2012-09-05 15:33 - 2012-09-06 02:33 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2012-09-05 15:33 - 2012-09-05 15:33 - 00000000 ____D C:\Windows\PCHEALTH
2012-09-05 15:33 - 2012-09-05 15:33 - 00000000 ____D C:\Program Files\Microsoft.NET
2012-09-05 15:33 - 2012-09-05 15:33 - 00000000 ____D C:\Program Files\Microsoft Works
2012-09-05 15:33 - 2012-09-05 15:33 - 00000000 ____D C:\Program Files\Microsoft Visual Studio
2012-09-05 15:31 - 2012-09-06 02:32 - 00000000 ____D C:\Program Files\Microsoft Visual Studio 8
2012-09-05 15:30 - 2012-09-06 02:53 - 00000000 ____D C:\Users\All Users\Microsoft Help
2012-09-05 15:30 - 2012-09-06 02:33 - 00000000 ____D C:\Program Files\Microsoft Office
2012-09-05 15:30 - 2012-09-05 15:30 - 00000000 ____D C:\Users\hm446\AppData\Local\Microsoft Help
2012-09-05 15:29 - 2012-09-05 15:29 - 00000000 __RHD C:\MSOCache
2012-09-05 15:13 - 2012-09-05 15:13 - 00000000 ____D C:\Users\hm446\AppData\Roaming\PwrMgr
2012-09-05 15:11 - 2012-09-05 15:11 - 00000000 ____D C:\Users\All Users\regid.1986-12.com.adobe
2012-09-05 15:10 - 2012-09-05 15:10 - 00950712 ____A (Adobe Systems, Incorporated) C:\Users\hm446\Downloads\amtlib.dll
2012-09-05 15:07 - 2012-09-05 15:52 - 00000000 ____D C:\Users\hm446\AppData\Roaming\Adobe
2012-09-05 15:07 - 2012-09-05 15:11 - 00000000 ____D C:\Users\hm446\AppData\Local\Adobe
2012-09-05 15:05 - 2012-09-10 14:56 - 00000000 ____D C:\Program Files\Common Files\Adobe
2012-09-05 15:05 - 2012-09-05 15:12 - 00000000 ____D C:\Users\All Users\Adobe
2012-09-05 14:54 - 2012-09-05 14:55 - 10965664 ____A (Akamai Technologies, Inc.) C:\Users\hm446\Downloads\Adobe_Acrobat_X_Pro-AkamaiDLM.exe
2012-09-05 14:42 - 2012-09-05 14:42 - 00000102 ____A C:\Windows\desktop.ini
2012-09-05 14:42 - 2012-09-05 14:42 - 00000000 ____D C:\Users\All Users\Xunlei
2012-09-05 14:41 - 2012-09-05 15:00 - 00000000 ____D C:\Users\Public\Thunder Network
2012-09-05 14:41 - 2012-09-05 14:42 - 00000000 ____D C:\Users\All Users\Thunder Network
2012-09-05 14:41 - 2012-09-05 14:41 - 00000020 ____A C:\Windows\System32\pub_store.dat
2012-09-05 14:41 - 2012-09-05 14:41 - 00000000 ____D C:\Program Files\Common Files\Thunder Network
2012-09-05 14:40 - 2012-09-05 14:41 - 140782872 ____A (Microsoft Corporation) C:\Users\hm446\Downloads\windows6.1-kb972813-x86-zh-cn_ab024143b556395e6638e26712b1e0f3bc031fcf.exe
2012-09-05 13:38 - 2012-09-12 02:37 - 00000000 ____D C:\Windows\System32\appmgmt
2012-09-05 13:33 - 2012-09-05 13:33 - 00000000 ____D C:\Users\hm446\AppData\Roaming\StarNet
2012-09-05 13:33 - 2012-09-05 13:33 - 00000000 ____D C:\Users\hm446\AppData\Local\StarNet
2012-09-05 13:23 - 2012-09-05 13:23 - 00000000 ____D C:\Users\hm446\AppData\Roaming\MathWorks
2012-09-05 13:20 - 2012-09-15 16:19 - 00000502 ____A C:\Windows\Tasks\MATLAB R2011b Startup Accelerator.job
2012-09-05 13:20 - 2012-09-05 13:20 - 00000787 ____A C:\Users\hm446\Desktop\MATLAB R2011b.lnk
2012-09-05 12:53 - 2012-09-05 12:54 - 00000000 ____D C:\Users\hm446\AppData\Roaming\benibela
2012-09-05 12:49 - 2012-09-05 12:49 - 00000000 ____D C:\Users\hm446\AppData\Roaming\MiKTeX
2012-09-05 12:49 - 2012-09-05 12:49 - 00000000 ____D C:\Users\hm446\AppData\Local\MiKTeX
2012-09-05 12:48 - 2012-09-05 12:48 - 00000000 ____D C:\Users\hm446\AppData\Roaming\WinRAR
2012-09-05 12:41 - 2012-09-05 12:41 - 00000633 ____A C:\Users\Public\Desktop\TexMakerX.lnk
2012-09-05 12:09 - 2012-09-12 00:53 - 00000000 ____D C:\Users\hm446\AppData\Local\Google
2012-09-05 12:09 - 2012-09-12 00:53 - 00000000 ____D C:\Users\hm446\AppData\Local\Deployment
2012-09-05 12:09 - 2012-09-05 12:09 - 00000000 ____D C:\Users\hm446\AppData\Local\Apps\2.0
2012-09-05 12:04 - 2012-09-11 05:28 - 00126728 ____A C:\Users\hm446\AppData\Local\GDIPFONTCACHEV1.DAT
2012-09-05 12:04 - 2012-09-09 13:26 - 00000000 ____D C:\users\hm446
2012-09-05 12:04 - 2012-09-05 15:52 - 00000000 ____D C:\Users\hm446\AppData\Local\VirtualStore
2012-09-05 12:04 - 2012-09-05 12:04 - 00000020 ___SH C:\Users\hm446\ntuser.ini
2012-09-05 12:04 - 2012-09-05 12:04 - 00000000 ____D C:\Users\hm446\AppData\Local\Lenovo
2012-09-05 09:22 - 2012-09-05 09:22 - 00000000 ____D C:\Users\Hainan\AppData\Roaming\PwrMgr
2012-09-05 09:20 - 2012-09-05 09:20 - 00057560 ____A C:\Users\Hainan\AppData\Local\GDIPFONTCACHEV1.DAT
2012-09-05 09:20 - 2012-09-05 09:20 - 00000020 __ASH C:\Users\Hainan\ntuser.ini
2012-09-05 09:20 - 2012-09-05 09:20 - 00000000 ____D C:\Users\Hainan\Documents\Bluetooth Exchange Folder
2012-09-05 09:20 - 2012-09-05 09:20 - 00000000 ____D C:\Users\Hainan\AppData\Local\VirtualStore
2012-09-05 09:20 - 2012-09-05 09:20 - 00000000 ____D C:\Users\Hainan\AppData\Local\Lenovo
2012-09-05 09:20 - 2012-09-05 09:20 - 00000000 ____D C:\Users\Hainan\AppData\Local\Broadcom
2012-09-05 09:20 - 2012-09-05 09:20 - 00000000 ____D C:\users\Hainan
2012-09-05 08:52 - 2012-09-15 15:57 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-373437613-3958342532-2166396467-1000UA.job
2012-09-05 08:52 - 2012-09-15 15:49 - 00000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-373437613-3958342532-2166396467-1000Core.job
2012-09-05 08:50 - 2012-05-31 03:25 - 00237072 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-09-02 23:37 - 2012-09-02 23:37 - 02979512 ____A (Sogou.com Inc.) C:\Windows\System32\SogouPy.ime

==================== 3 Months Modified Files ==================

2012-09-15 16:21 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-09-15 16:21 - 2009-07-13 20:39 - 00029376 ____A C:\Windows\setupact.log
2012-09-15 16:19 - 2012-09-05 13:20 - 00000502 ____A C:\Windows\Tasks\MATLAB R2011b Startup Accelerator.job
2012-09-15 16:10 - 2011-01-23 15:39 - 00367780 ____A C:\Windows\System32\prfh0804.dat
2012-09-15 16:10 - 2011-01-23 15:39 - 00105652 ____A C:\Windows\System32\prfc0804.dat
2012-09-15 16:10 - 2010-11-20 13:01 - 01169122 ____A C:\Windows\System32\PerfStringBackup.INI
2012-09-15 16:04 - 2012-09-12 00:53 - 00000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-373437613-3958342532-2166396467-1004Core.job
2012-09-15 15:58 - 2012-09-12 00:53 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-373437613-3958342532-2166396467-1004UA.job
2012-09-15 15:57 - 2012-09-05 08:52 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-373437613-3958342532-2166396467-1000UA.job
2012-09-15 15:49 - 2012-09-05 15:45 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-09-15 15:49 - 2012-09-05 08:52 - 00000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-373437613-3958342532-2166396467-1000Core.job
2012-09-14 10:50 - 2009-07-13 20:34 - 00021072 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-09-14 10:50 - 2009-07-13 20:34 - 00021072 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-09-12 11:07 - 2010-11-20 13:48 - 00013994 ____A C:\Windows\PFRO.log
2012-09-12 05:37 - 2012-09-12 05:37 - 00102905 ____A C:\Users\hm446\Desktop\gmer.log
2012-09-12 05:31 - 2012-09-12 05:31 - 00005977 ____A C:\Users\hm446\Desktop\Attach.txt
2012-09-12 05:23 - 2012-09-12 05:23 - 00022325 ____A C:\Users\hm446\Desktop\DDS.txt
2012-09-12 05:21 - 2012-09-12 05:21 - 00302592 ____A C:\Users\hm446\Downloads\cs1fcqvz.exe
2012-09-12 05:16 - 2012-09-12 05:16 - 00607260 ____R (Swearware) C:\Users\hm446\Downloads\dds.com
2012-09-12 04:23 - 2012-09-12 04:23 - 01130655 ____A C:\Windows\System32\Drivers\Cat.DB
2012-09-12 04:22 - 2012-09-12 04:22 - 04166136 ____A (PC Tools) C:\Users\hm446\Downloads\spdoc.exe
2012-09-12 02:24 - 2012-09-12 02:24 - 00000022 ____A C:\Windows\tpcsd
2012-09-12 01:54 - 2012-09-12 01:54 - 00000000 ___AH C:\Users\hm446\Documents\Default.rdp
2012-09-12 01:24 - 2012-09-12 00:53 - 00002509 ____A C:\Users\hm446\Desktop\Google Chrome.lnk
2012-09-11 06:02 - 2012-09-11 05:59 - 00000398 ____A C:\Users\hm446\Desktop\hvm12.xlaunch
2012-09-11 06:02 - 2012-09-09 15:14 - 00000600 ____A C:\Users\hm446\AppData\Local\PUTTY.RND
2012-09-11 05:47 - 2012-09-11 05:47 - 00000397 ____A C:\Users\hm446\Desktop\gate.xlaunch
2012-09-11 05:28 - 2012-09-05 12:04 - 00126728 ____A C:\Users\hm446\AppData\Local\GDIPFONTCACHEV1.DAT
2012-09-11 05:27 - 2009-07-13 20:33 - 00470072 ____A C:\Windows\System32\FNTCACHE.DAT
2012-09-11 05:21 - 2012-09-11 05:21 - 00000304 ____A C:\user.js
2012-09-11 05:20 - 2012-09-11 05:20 - 00500136 ____A C:\Users\hm446\Downloads\installer_xming_x_server.exe
2012-09-10 14:58 - 2012-09-10 14:58 - 00001631 ____A C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk
2012-09-10 14:57 - 2008-07-21 09:47 - 00084430 ____A C:\Windows\WindowsUpdate.log
2012-09-10 14:23 - 2012-09-10 14:23 - 00041340 ____A C:\Users\hm446\Downloads\inverter#1@drive-idvg.opj
2012-09-09 13:22 - 2012-09-09 13:22 - 17813784 ____A (Dropbox, Inc.) C:\Users\hm446\Downloads\Dropbox 1.4.17.exe
2012-09-09 03:06 - 2012-09-09 03:06 - 00018760 ____A C:\Windows\System32\QQVistaHelper.dll
2012-09-08 11:38 - 2012-09-08 11:38 - 00821736 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2012-09-08 11:38 - 2012-09-08 11:38 - 00746984 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2012-09-08 11:38 - 2012-09-08 11:38 - 00246760 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2012-09-08 11:38 - 2012-09-08 11:38 - 00174056 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2012-09-08 11:38 - 2012-09-08 11:38 - 00174056 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2012-09-08 11:38 - 2012-09-08 11:38 - 00093672 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll
2012-09-08 11:35 - 2012-09-08 11:35 - 00894952 ____A (Oracle Corporation) C:\Users\hm446\Downloads\chromeinstall-7u7.exe
2012-09-06 15:09 - 2012-09-06 15:09 - 00000914 ____A C:\Users\hm446\Desktop\XWin Server.lnk
2012-09-06 14:55 - 2012-09-06 14:55 - 00002503 ____A C:\Users\Public\Desktop\Skype.lnk
2012-09-06 14:20 - 2012-09-06 14:20 - 00002083 ____A C:\Users\hm446\Desktop\??FM.lnk
2012-09-06 14:17 - 2012-09-06 14:17 - 140764223 ____A C:\Users\hm446\Downloads\lp.cab
2012-09-06 02:56 - 2012-09-06 02:56 - 321088569 ____A C:\Windows\MEMORY.DMP
2012-09-06 02:56 - 2012-09-06 02:56 - 00155016 ____A C:\Windows\Minidump\090612-35022-01.dmp
2012-09-06 02:53 - 2012-09-06 02:53 - 00000039 ____A C:\Windows\vbaddin.ini
2012-09-06 02:52 - 2012-09-06 02:52 - 00000162 ____A C:\Windows\ODBC.INI
2012-09-06 02:36 - 2012-09-06 02:36 - 00001306 ____A C:\Windows\DIFx.log
2012-09-06 02:36 - 2012-09-06 02:36 - 00000023 ___AH C:\Windows\yacht.xws
2012-09-06 02:27 - 2012-09-06 02:27 - 00242240 ____A (DT Soft Ltd) C:\Windows\System32\Drivers\dtsoftbus01.sys
2012-09-05 16:03 - 2012-09-05 16:03 - 00000000 ____A C:\Windows\eDrawingOfficeAutomator.INI
2012-09-05 15:45 - 2012-09-05 15:45 - 00696520 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-09-05 15:45 - 2012-09-05 15:45 - 00073416 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-09-05 15:44 - 2012-09-05 15:44 - 00183095 ____A C:\Users\hm446\Downloads\Solidworks.2009.serial.keygen.by.ACME.zip
2012-09-05 15:31 - 2009-07-13 18:04 - 00000478 ____A C:\Windows\win.ini
2012-09-05 15:10 - 2012-09-05 15:10 - 00950712 ____A (Adobe Systems, Incorporated) C:\Users\hm446\Downloads\amtlib.dll
2012-09-05 14:55 - 2012-09-05 14:54 - 10965664 ____A (Akamai Technologies, Inc.) C:\Users\hm446\Downloads\Adobe_Acrobat_X_Pro-AkamaiDLM.exe
2012-09-05 14:42 - 2012-09-05 14:42 - 00000102 ____A C:\Windows\desktop.ini
2012-09-05 14:41 - 2012-09-05 14:41 - 00000020 ____A C:\Windows\System32\pub_store.dat
2012-09-05 14:41 - 2012-09-05 14:40 - 140782872 ____A (Microsoft Corporation) C:\Users\hm446\Downloads\windows6.1-kb972813-x86-zh-cn_ab024143b556395e6638e26712b1e0f3bc031fcf.exe
2012-09-05 13:20 - 2012-09-05 13:20 - 00000787 ____A C:\Users\hm446\Desktop\MATLAB R2011b.lnk
2012-09-05 12:41 - 2012-09-05 12:41 - 00000633 ____A C:\Users\Public\Desktop\TexMakerX.lnk
2012-09-05 12:04 - 2012-09-05 12:04 - 00000020 ___SH C:\Users\hm446\ntuser.ini
2012-09-05 09:20 - 2012-09-05 09:20 - 00057560 ____A C:\Users\Hainan\AppData\Local\GDIPFONTCACHEV1.DAT
2012-09-05 09:20 - 2012-09-05 09:20 - 00000020 __ASH C:\Users\Hainan\ntuser.ini
2012-09-02 23:37 - 2012-09-02 23:37 - 02979512 ____A (Sogou.com Inc.) C:\Windows\System32\SogouPy.ime
2012-07-27 12:51 - 2012-07-27 12:51 - 00047512 ____A (Adobe Systems Inc) C:\Windows\System32\AdobePDF.dll
2012-07-27 12:51 - 2012-07-27 12:51 - 00022936 ____A (Adobe Systems Inc.) C:\Windows\System32\AdobePDFUI.dll
2012-07-04 01:06 - 2012-07-04 01:06 - 00079824 ____A (???????????) C:\Windows\xinstaller.dll
2012-07-04 01:06 - 2012-07-04 01:06 - 00034768 ____A (???????????) C:\Windows\xinstaller.exe
2012-06-22 06:34 - 2012-09-12 04:22 - 00203120 ____A (PC Tools) C:\Windows\System32\Drivers\PCTSD.sys
2012-06-22 02:39 - 2012-09-12 04:25 - 02267096 ____A (Threat Expert Ltd.) C:\Windows\PCTBDCore.dll
2012-06-22 02:39 - 2012-09-12 04:25 - 01689560 ____A (Threat Expert Ltd.) C:\Windows\PCTBDRes.dll
2012-06-22 02:39 - 2012-09-12 04:25 - 00149464 ____A (PC Tools) C:\Windows\SGDetectionTool.dll
2012-06-22 02:39 - 2012-09-12 04:25 - 00070768 ____A (PC Tools) C:\Windows\System32\Drivers\PCTBD.sys
2012-06-22 02:38 - 2012-09-12 04:25 - 00767960 ____A C:\Windows\BDTSupport.dll
2012-06-22 01:43 - 2012-09-12 04:25 - 00003488 ____A C:\Windows\UDB.zip
2012-06-22 01:43 - 2012-09-12 04:25 - 00000882 ____A C:\Windows\RegSDImport.xml
2012-06-22 01:43 - 2012-09-12 04:25 - 00000879 ____A C:\Windows\RegISSImport.xml
2012-06-22 01:43 - 2012-09-12 04:25 - 00000131 ____A C:\Windows\IDB.zip


==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-09-11 05:23:40
Restore point made on: 2012-09-11 05:25:10
Restore point made on: 2012-09-12 02:36:36
Restore point made on: 2012-09-12 03:18:36
Restore point made on: 2012-09-12 03:31:17

==================== Memory info ===========================

Percentage of memory in use: 12%
Total physical RAM: 3818.11 MB
Available physical RAM: 3358.97 MB
Total Pagefile: 3816.39 MB
Available Pagefile: 3359.53 MB
Total Virtual: 2047.88 MB
Available Virtual: 1960.68 MB

==================== Partitions =============================

1 Drive c: © (Fixed) (Total:50.01 GB) (Free:26.96 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (documents) (Fixed) (Total:100 GB) (Free:99.87 GB) NTFS
3 Drive e: (softwares) (Fixed) (Total:315.75 GB) (Free:297.43 GB) NTFS
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 1024 KB

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 50 GB 31 KB
Partition 2 Primary 100 GB 50 GB
Partition 3 Primary 315 GB 150 GB

=========================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 0 C C NTFS Partition 50 GB Healthy

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 D documents NTFS Partition 100 GB Healthy

=========================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 E softwares NTFS Partition 315 GB Healthy

=========================================================

Last Boot: 2012-09-09 14:26

==================== End Of Log ============================

#4 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:25 AM

Posted 15 September 2012 - 10:42 PM

Please do this next:

Posted Image Download TDSSKiller.zip and extract TDSSKiller.exe to your desktop
  • Execute TDSSKiller.exe by doubleclicking on it.
  • when the window opens, click on Change Parameters
  • under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
  • click OK
  • Press Start Scan
  • If Malicious objects are found then ensure Cure is selected. Important - If there is no option to "Cure" it is critical that you select "Skip"
  • Then click Continue > Reboot now
  • Once complete, a log will be produced in c:\. It will be named for example, TDSSKiller.2.7.1.0_19.01.2012_17.24.26_log.txt
  • Post that log, please.
Please include the following in your next post:
  • TDSSKiller log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#5 mightbe

mightbe
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:25 AM

Posted 18 September 2012 - 03:54 PM

Please have a look. one object had been found and cured.

TDSSKiller log

21:46:44.0869 0856 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
21:46:45.0081 0856 ============================================================
21:46:45.0081 0856 Current date / time: 2012/09/18 21:46:45.0081
21:46:45.0081 0856 SystemInfo:
21:46:45.0082 0856
21:46:45.0082 0856 OS Version: 6.1.7601 ServicePack: 1.0
21:46:45.0082 0856 Product type: Workstation
21:46:45.0082 0856 ComputerName: HANBINMA
21:46:45.0082 0856 UserName: hm446
21:46:45.0082 0856 Windows directory: C:\Windows
21:46:45.0082 0856 System windows directory: C:\Windows
21:46:45.0082 0856 Processor architecture: Intel x86
21:46:45.0082 0856 Number of processors: 4
21:46:45.0082 0856 Page size: 0x1000
21:46:45.0082 0856 Boot type: Normal boot
21:46:45.0082 0856 ============================================================
21:46:46.0772 0856 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:46:46.0773 0856 Drive \Device\Harddisk1\DR1 - Size: 0x7A000000 (1.91 Gb), SectorSize: 0x200, Cylinders: 0xF8, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:46:46.0773 0856 ============================================================
21:46:46.0773 0856 \Device\Harddisk0\DR0:
21:46:46.0773 0856 MBR partitions:
21:46:46.0773 0856 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x6403941
21:46:46.0773 0856 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x6404000, BlocksNum 0xC800000
21:46:46.0774 0856 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x12C04000, BlocksNum 0x27781000
21:46:46.0774 0856 \Device\Harddisk1\DR1:
21:46:46.0774 0856 MBR partitions:
21:46:46.0774 0856 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x6, StartLBA 0x50, BlocksNum 0x3CFFB0
21:46:46.0774 0856 ============================================================
21:46:46.0789 0856 C: <-> \Device\Harddisk0\DR0\Partition1
21:46:46.0825 0856 D: <-> \Device\Harddisk0\DR0\Partition2
21:46:46.0847 0856 E: <-> \Device\Harddisk0\DR0\Partition3
21:46:46.0847 0856 ============================================================
21:46:46.0847 0856 Initialize success
21:46:46.0847 0856 ============================================================
21:47:36.0311 4448 ============================================================
21:47:36.0311 4448 Scan started
21:47:36.0311 4448 Mode: Manual; TDLFS;
21:47:36.0311 4448 ============================================================
21:47:39.0291 4448 ================ Scan system memory ========================
21:47:39.0291 4448 System memory - ok
21:47:39.0292 4448 ================ Scan services =============================
21:47:39.0404 4448 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
21:47:39.0407 4448 1394ohci - ok
21:47:39.0415 4448 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
21:47:39.0419 4448 ACPI - ok
21:47:39.0425 4448 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
21:47:39.0426 4448 AcpiPmi - ok
21:47:39.0505 4448 [ 8398CF0EF0D21272D1786682A966F01A ] AcPrfMgrSvc C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe
21:47:39.0507 4448 AcPrfMgrSvc - ok
21:47:39.0524 4448 [ DA76DB4141000F4008A6474AF975264B ] AcSvc C:\Program Files\Lenovo\Access Connections\AcSvc.exe
21:47:39.0529 4448 AcSvc - ok
21:47:39.0606 4448 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
21:47:39.0608 4448 AdobeARMservice - ok
21:47:39.0645 4448 [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
21:47:39.0649 4448 AdobeFlashPlayerUpdateSvc - ok
21:47:39.0683 4448 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
21:47:39.0691 4448 adp94xx - ok
21:47:39.0699 4448 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\drivers\adpahci.sys
21:47:39.0702 4448 adpahci - ok
21:47:39.0708 4448 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
21:47:39.0710 4448 adpu320 - ok
21:47:39.0732 4448 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
21:47:39.0733 4448 AeLookupSvc - ok
21:47:39.0748 4448 [ DB5CD04E58AA70021164D7CDBB3EC7E4 ] AFD C:\Windows\system32\drivers\afd.sys
21:47:39.0750 4448 Suspicious file (Forged): C:\Windows\system32\drivers\afd.sys. Real md5: DB5CD04E58AA70021164D7CDBB3EC7E4, Fake md5: 1151FD4FB0216CFED887BFDE29EBD516
21:47:39.0752 4448 AFD ( Virus.Win32.ZAccess.aml ) - infected
21:47:39.0753 4448 AFD - detected Virus.Win32.ZAccess.aml (0)
21:47:39.0758 4448 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
21:47:39.0759 4448 agp440 - ok
21:47:39.0769 4448 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
21:47:39.0771 4448 aic78xx - ok
21:47:39.0796 4448 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
21:47:39.0797 4448 ALG - ok
21:47:39.0800 4448 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
21:47:39.0800 4448 aliide - ok
21:47:39.0804 4448 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
21:47:39.0805 4448 amdagp - ok
21:47:39.0809 4448 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
21:47:39.0810 4448 amdide - ok
21:47:39.0814 4448 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
21:47:39.0815 4448 AmdK8 - ok
21:47:39.0818 4448 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
21:47:39.0819 4448 AmdPPM - ok
21:47:39.0823 4448 [ E7F4D42D8076EC60E21715CD11743A0D ] amdsata C:\Windows\system32\drivers\amdsata.sys
21:47:39.0824 4448 amdsata - ok
21:47:39.0831 4448 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
21:47:39.0833 4448 amdsbs - ok
21:47:39.0839 4448 [ 146459D2B08BFDCBFA856D9947043C81 ] amdxata C:\Windows\system32\drivers\amdxata.sys
21:47:39.0839 4448 amdxata - ok
21:47:39.0842 4448 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
21:47:39.0843 4448 AppID - ok
21:47:39.0856 4448 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
21:47:39.0857 4448 AppIDSvc - ok
21:47:39.0870 4448 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
21:47:39.0871 4448 Appinfo - ok
21:47:39.0879 4448 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll
21:47:39.0881 4448 AppMgmt - ok
21:47:39.0884 4448 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\drivers\arc.sys
21:47:39.0886 4448 arc - ok
21:47:39.0894 4448 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\drivers\arcsas.sys
21:47:39.0904 4448 arcsas - ok
21:47:39.0916 4448 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
21:47:39.0917 4448 AsyncMac - ok
21:47:39.0921 4448 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
21:47:39.0922 4448 atapi - ok
21:47:39.0947 4448 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:47:39.0951 4448 AudioEndpointBuilder - ok
21:47:39.0957 4448 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
21:47:39.0959 4448 Audiosrv - ok
21:47:39.0972 4448 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
21:47:39.0973 4448 AxInstSV - ok
21:47:39.0991 4448 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\drivers\bxvbdx.sys
21:47:39.0995 4448 b06bdrv - ok
21:47:40.0010 4448 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
21:47:40.0012 4448 b57nd60x - ok
21:47:40.0034 4448 [ A74B3F041F293946CFB8D5D1F15D031E ] bcbtums C:\Windows\system32\drivers\bcbtums.sys
21:47:40.0036 4448 bcbtums - ok
21:47:40.0061 4448 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
21:47:40.0063 4448 BDESVC - ok
21:47:40.0066 4448 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
21:47:40.0066 4448 Beep - ok
21:47:40.0079 4448 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
21:47:40.0079 4448 blbdrive - ok
21:47:40.0082 4448 [ FCAFAEF6798D7B51FF029F99A9898961 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
21:47:40.0083 4448 bowser - ok
21:47:40.0086 4448 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
21:47:40.0087 4448 BrFiltLo - ok
21:47:40.0091 4448 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
21:47:40.0091 4448 BrFiltUp - ok
21:47:40.0121 4448 [ 6E11F33D14D020F58D5E02E4D67DFA19 ] Browser C:\Windows\System32\browser.dll
21:47:40.0122 4448 Browser - ok
21:47:40.0253 4448 [ 7EFFCCD7B6EA4D3428F5B3ACE8DE8F5A ] Browser Defender Update Service C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe
21:47:40.0261 4448 Browser Defender Update Service - ok
21:47:40.0270 4448 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
21:47:40.0274 4448 Brserid - ok
21:47:40.0291 4448 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
21:47:40.0292 4448 BrSerWdm - ok
21:47:40.0296 4448 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
21:47:40.0296 4448 BrUsbMdm - ok
21:47:40.0300 4448 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
21:47:40.0301 4448 BrUsbSer - ok
21:47:40.0331 4448 [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys
21:47:40.0332 4448 BthEnum - ok
21:47:40.0335 4448 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
21:47:40.0336 4448 BTHMODEM - ok
21:47:40.0345 4448 [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
21:47:40.0346 4448 BthPan - ok
21:47:40.0377 4448 [ 195C41CC67E9E1CEDD960CCB74925920 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
21:47:40.0381 4448 BTHPORT - ok
21:47:40.0411 4448 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
21:47:40.0412 4448 bthserv - ok
21:47:40.0432 4448 [ 43B3206DD654E783AA7E4EAD340A43B8 ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
21:47:40.0433 4448 BTHUSB - ok
21:47:40.0448 4448 [ 546DBC93A563F456A6233E1A1228998D ] btwampfl C:\Windows\system32\drivers\btwampfl.sys
21:47:40.0453 4448 btwampfl - ok
21:47:40.0470 4448 [ D382D0DE5A39B16A08D59B93A4CB2AFD ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
21:47:40.0472 4448 btwaudio - ok
21:47:40.0510 4448 [ C8D1ADEFD6D5FEAF95C6C7A2CC6B4B97 ] btwavdt C:\Windows\system32\DRIVERS\btwavdt.sys
21:47:40.0514 4448 btwavdt - ok
21:47:40.0582 4448 [ 9E0D116E588D503040C4099B1F2430B6 ] btwdins C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
21:47:40.0606 4448 btwdins - ok
21:47:40.0628 4448 [ E26610D44609574E13BAAD367AB34967 ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
21:47:40.0629 4448 btwl2cap - ok
21:47:40.0647 4448 [ C49CC9B5E06FBDC87137BA24018B6EDE ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
21:47:40.0648 4448 btwrchid - ok
21:47:40.0666 4448 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
21:47:40.0856 4448 cdfs - ok
21:47:40.0963 4448 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
21:47:40.0983 4448 cdrom - ok
21:47:41.0150 4448 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
21:47:41.0196 4448 CertPropSvc - ok
21:47:41.0201 4448 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\drivers\circlass.sys
21:47:41.0202 4448 circlass - ok
21:47:41.0220 4448 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
21:47:41.0224 4448 CLFS - ok
21:47:41.0289 4448 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:47:41.0292 4448 clr_optimization_v2.0.50727_32 - ok
21:47:41.0304 4448 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
21:47:41.0305 4448 CmBatt - ok
21:47:41.0310 4448 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
21:47:41.0311 4448 cmdide - ok
21:47:41.0321 4448 [ 1B675691ED940766149C93E8F4488D68 ] CNG C:\Windows\system32\Drivers\cng.sys
21:47:41.0325 4448 CNG - ok
21:47:41.0334 4448 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
21:47:41.0335 4448 Compbatt - ok
21:47:41.0354 4448 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
21:47:41.0355 4448 CompositeBus - ok
21:47:41.0357 4448 COMSysApp - ok
21:47:41.0552 4448 [ C72DDF7E7C7B13298CFC6787D3797020 ] CoordinatorServiceHost E:\technical\solidworks\SolidWorks\swScheduler\DTSCoordinatorService.exe
21:47:41.0554 4448 CoordinatorServiceHost - ok
21:47:41.0602 4448 [ 4B8AA3105AF650EE4CC2C7B17F71CC1C ] cphs C:\Windows\system32\IntelCpHeciSvc.exe
21:47:41.0608 4448 cphs - ok
21:47:41.0617 4448 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
21:47:41.0619 4448 crcdisk - ok
21:47:41.0644 4448 [ A585BEBF7D054BD9618EDA0922D5484A ] CryptSvc C:\Windows\system32\cryptsvc.dll
21:47:41.0647 4448 CryptSvc - ok
21:47:41.0666 4448 [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC C:\Windows\system32\drivers\csc.sys
21:47:41.0670 4448 CSC - ok
21:47:41.0687 4448 [ 15F93B37F6801943360D9EB42485D5D3 ] CscService C:\Windows\System32\cscsvc.dll
21:47:41.0694 4448 CscService - ok
21:47:41.0726 4448 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
21:47:41.0731 4448 DcomLaunch - ok
21:47:41.0764 4448 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
21:47:41.0768 4448 defragsvc - ok
21:47:41.0772 4448 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
21:47:41.0774 4448 DfsC - ok
21:47:41.0795 4448 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
21:47:41.0799 4448 Dhcp - ok
21:47:41.0812 4448 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
21:47:41.0813 4448 discache - ok
21:47:41.0823 4448 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\drivers\disk.sys
21:47:41.0824 4448 Disk - ok
21:47:41.0828 4448 [ 2A958EF85DB1B61FFCA65044FA4BCE9E ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
21:47:41.0830 4448 dmvsc - ok
21:47:41.0841 4448 [ 2FE30D71919C51131405797620E0A714 ] Dnscache C:\Windows\System32\dnsrslvr.dll
21:47:41.0843 4448 Dnscache - ok
21:47:41.0851 4448 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
21:47:41.0854 4448 dot3svc - ok
21:47:41.0884 4448 [ 3C2FEC38D9D825C69C29FE5EB7339CB5 ] DozeHDD C:\Windows\system32\DRIVERS\DozeHDD.sys
21:47:41.0884 4448 DozeHDD - ok
21:47:41.0908 4448 [ A318DF063DF2BC2C5F81644997068631 ] DozeSvc C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE
21:47:41.0910 4448 DozeSvc - ok
21:47:41.0923 4448 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
21:47:41.0924 4448 DPS - ok
21:47:41.0952 4448 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
21:47:41.0952 4448 drmkaud - ok
21:47:41.0976 4448 [ 687AF6BB383885FF6A64071B189A7F3E ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
21:47:41.0977 4448 dtsoftbus01 - ok
21:47:41.0997 4448 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
21:47:42.0000 4448 DXGKrnl - ok
21:47:42.0033 4448 [ 1BD726A72DF3EAB9CB0FD396304EC1FB ] e1cexpress C:\Windows\system32\DRIVERS\e1c6232.sys
21:47:42.0034 4448 e1cexpress - ok
21:47:42.0059 4448 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
21:47:42.0061 4448 EapHost - ok
21:47:42.0124 4448 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\drivers\evbdx.sys
21:47:42.0150 4448 ebdrv - ok
21:47:42.0166 4448 [ F42309C4191C506B71DB5D1126D26318 ] EFS C:\Windows\System32\lsass.exe
21:47:42.0167 4448 EFS - ok
21:47:42.0218 4448 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
21:47:42.0226 4448 ehRecvr - ok
21:47:42.0239 4448 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
21:47:42.0242 4448 ehSched - ok
21:47:42.0263 4448 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\drivers\elxstor.sys
21:47:42.0270 4448 elxstor - ok
21:47:42.0277 4448 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
21:47:42.0278 4448 ErrDev - ok
21:47:42.0335 4448 esgiguard - ok
21:47:42.0357 4448 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
21:47:42.0360 4448 EventSystem - ok
21:47:42.0373 4448 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
21:47:42.0375 4448 exfat - ok
21:47:42.0380 4448 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
21:47:42.0382 4448 fastfat - ok
21:47:42.0413 4448 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
21:47:42.0418 4448 Fax - ok
21:47:42.0429 4448 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\drivers\fdc.sys
21:47:42.0430 4448 fdc - ok
21:47:42.0447 4448 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
21:47:42.0448 4448 fdPHost - ok
21:47:42.0451 4448 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
21:47:42.0452 4448 FDResPub - ok
21:47:42.0456 4448 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
21:47:42.0457 4448 FileInfo - ok
21:47:42.0460 4448 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
21:47:42.0461 4448 Filetrace - ok
21:47:42.0465 4448 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
21:47:42.0466 4448 flpydisk - ok
21:47:42.0472 4448 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
21:47:42.0474 4448 FltMgr - ok
21:47:42.0493 4448 [ FA6C66E4364D7DA57AADE5DCC03BB999 ] FontCache C:\Windows\system32\FntCache.dll
21:47:42.0500 4448 FontCache - ok
21:47:42.0536 4448 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
21:47:42.0537 4448 FontCache3.0.0.0 - ok
21:47:42.0540 4448 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
21:47:42.0541 4448 FsDepends - ok
21:47:42.0545 4448 [ A574B4360E438977038AAE4BF60D79A2 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
21:47:42.0545 4448 Fs_Rec - ok
21:47:42.0550 4448 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
21:47:42.0551 4448 fvevol - ok
21:47:42.0570 4448 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
21:47:42.0571 4448 gagp30kx - ok
21:47:42.0610 4448 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
21:47:42.0616 4448 gpsvc - ok
21:47:42.0628 4448 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
21:47:42.0629 4448 hcw85cir - ok
21:47:42.0652 4448 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:47:42.0654 4448 HdAudAddService - ok
21:47:42.0671 4448 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
21:47:42.0672 4448 HDAudBus - ok
21:47:42.0676 4448 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
21:47:42.0677 4448 HidBatt - ok
21:47:42.0691 4448 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\drivers\hidbth.sys
21:47:42.0692 4448 HidBth - ok
21:47:42.0696 4448 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\drivers\hidir.sys
21:47:42.0697 4448 HidIr - ok
21:47:42.0710 4448 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll
21:47:42.0712 4448 hidserv - ok
21:47:42.0733 4448 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
21:47:42.0734 4448 HidUsb - ok
21:47:42.0754 4448 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
21:47:42.0755 4448 hkmsvc - ok
21:47:42.0765 4448 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
21:47:42.0768 4448 HomeGroupListener - ok
21:47:42.0792 4448 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
21:47:42.0794 4448 HomeGroupProvider - ok
21:47:42.0798 4448 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
21:47:42.0800 4448 HpSAMD - ok
21:47:42.0808 4448 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
21:47:42.0812 4448 HTTP - ok
21:47:42.0815 4448 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
21:47:42.0816 4448 hwpolicy - ok
21:47:42.0835 4448 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
21:47:42.0836 4448 i8042prt - ok
21:47:42.0865 4448 [ 72B8A1BBE981F3AD7186E7C79FFF3E81 ] iastor C:\Windows\system32\Drivers\iaStor.sys
21:47:42.0869 4448 iastor - ok
21:47:42.0880 4448 [ A3CAE5D281DB4CFF7CFF8233507EE5AD ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
21:47:42.0883 4448 iaStorV - ok
21:47:42.0905 4448 [ 4817B7C1B4530AE23EABF6B759D766A5 ] IBMPMDRV C:\Windows\system32\DRIVERS\ibmpmdrv.sys
21:47:42.0906 4448 IBMPMDRV - ok
21:47:42.0917 4448 [ B1EA8FF2601A72BC6A177463FA70B8B3 ] IBMPMSVC C:\Windows\system32\ibmpmsvc.exe
21:47:42.0918 4448 IBMPMSVC - ok
21:47:42.0962 4448 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:47:42.0970 4448 idsvc - ok
21:47:43.0175 4448 [ 0FEB90F92A8AB77A7E5E6BA052138351 ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
21:47:43.0362 4448 igfx - ok
21:47:43.0387 4448 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\drivers\iirsp.sys
21:47:43.0388 4448 iirsp - ok
21:47:43.0450 4448 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
21:47:43.0458 4448 IKEEXT - ok
21:47:43.0537 4448 [ EE77B63D70B37035EED9876A4C82037B ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
21:47:43.0559 4448 IntcAzAudAddService - ok
21:47:43.0584 4448 [ 7081EFE4EBF9CBBFF4EB5A3AC478DDC5 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
21:47:43.0587 4448 IntcDAud - ok
21:47:43.0647 4448 [ C86A9AA1CBC4C3C2C5C9DD0F6D939926 ] Intel® Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
21:47:43.0654 4448 Intel® Capability Licensing Service Interface - ok
21:47:43.0679 4448 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
21:47:43.0681 4448 intelide - ok
21:47:43.0690 4448 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
21:47:43.0691 4448 intelppm - ok
21:47:43.0711 4448 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
21:47:43.0713 4448 IPBusEnum - ok
21:47:43.0725 4448 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:47:43.0727 4448 IpFilterDriver - ok
21:47:43.0731 4448 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
21:47:43.0734 4448 IPMIDRV - ok
21:47:43.0739 4448 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
21:47:43.0741 4448 IPNAT - ok
21:47:43.0746 4448 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
21:47:43.0747 4448 IRENUM - ok
21:47:43.0751 4448 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
21:47:43.0752 4448 isapnp - ok
21:47:43.0761 4448 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
21:47:43.0764 4448 iScsiPrt - ok
21:47:43.0772 4448 [ 1E6403EC6B1143F66DB08C7C811AF718 ] iusb3hcs C:\Windows\system32\DRIVERS\iusb3hcs.sys
21:47:43.0773 4448 iusb3hcs - ok
21:47:43.0792 4448 [ 762D729942D3DF15364FD858827DC53B ] iusb3hub C:\Windows\system32\DRIVERS\iusb3hub.sys
21:47:43.0794 4448 iusb3hub - ok
21:47:43.0831 4448 [ 531967D3CB82747B6980EA7A8E2A2671 ] iusb3xhc C:\Windows\system32\DRIVERS\iusb3xhc.sys
21:47:43.0835 4448 iusb3xhc - ok
21:47:43.0877 4448 [ 0043D9FB61C35F90886B1E93DD556FAF ] jhi_service C:\Program Files\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
21:47:43.0879 4448 jhi_service - ok
21:47:43.0883 4448 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
21:47:43.0883 4448 kbdclass - ok
21:47:43.0902 4448 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
21:47:43.0903 4448 kbdhid - ok
21:47:43.0916 4448 [ F42309C4191C506B71DB5D1126D26318 ] KeyIso C:\Windows\system32\lsass.exe
21:47:43.0916 4448 KeyIso - ok
21:47:43.0920 4448 [ 412CEA1AA78CC02A447F5C9E62B32FF1 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
21:47:43.0922 4448 KSecDD - ok
21:47:43.0932 4448 [ 26C046977E85B95036453D7B88BA1820 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
21:47:43.0933 4448 KSecPkg - ok
21:47:43.0956 4448 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
21:47:43.0960 4448 KtmRm - ok
21:47:43.0993 4448 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\system32\srvsvc.dll
21:47:43.0995 4448 LanmanServer - ok
21:47:44.0021 4448 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:47:44.0024 4448 LanmanWorkstation - ok
21:47:44.0056 4448 [ 4A0235E9822B220339E34D8C122BB6D1 ] LENOVO.CAMMUTE C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
21:47:44.0057 4448 LENOVO.CAMMUTE - ok
21:47:44.0080 4448 [ 340288B3B2EDC8AFD5FF127DF85142A7 ] LENOVO.MICMUTE C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
21:47:44.0081 4448 LENOVO.MICMUTE - ok
21:47:44.0085 4448 [ 93921A19D885755B9751C3744DBCB8FD ] LENOVO.TPKNRSVC C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
21:47:44.0086 4448 LENOVO.TPKNRSVC - ok
21:47:44.0094 4448 [ 79F99A4D59825839B7E563B4BCF52C5E ] LENOVO.TVTVCAM C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe
21:47:44.0096 4448 LENOVO.TVTVCAM - ok
21:47:44.0113 4448 [ 158B67696EC8602CE71F9AA4F14AA96F ] Lenovo.VIRTSCRLSVC C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
21:47:44.0113 4448 Lenovo.VIRTSCRLSVC - ok
21:47:44.0124 4448 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
21:47:44.0125 4448 lltdio - ok
21:47:44.0134 4448 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
21:47:44.0137 4448 lltdsvc - ok
21:47:44.0140 4448 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
21:47:44.0141 4448 lmhosts - ok
21:47:44.0168 4448 [ 2FB262276D1C689C6886B1C0710342FA ] LMS C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
21:47:44.0171 4448 LMS - ok
21:47:44.0184 4448 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
21:47:44.0185 4448 LSI_FC - ok
21:47:44.0189 4448 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
21:47:44.0190 4448 LSI_SAS - ok
21:47:44.0193 4448 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
21:47:44.0195 4448 LSI_SAS2 - ok
21:47:44.0198 4448 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
21:47:44.0199 4448 LSI_SCSI - ok
21:47:44.0212 4448 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
21:47:44.0213 4448 luafv - ok
21:47:44.0237 4448 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
21:47:44.0239 4448 Mcx2Svc - ok
21:47:44.0243 4448 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\drivers\megasas.sys
21:47:44.0244 4448 megasas - ok
21:47:44.0256 4448 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
21:47:44.0259 4448 MegaSR - ok
21:47:44.0273 4448 [ 240D715CFE4FB8F4CDA76F6863E62334 ] MEI C:\Windows\system32\DRIVERS\HECI.sys
21:47:44.0274 4448 MEI - ok
21:47:44.0300 4448 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
21:47:44.0301 4448 MMCSS - ok
21:47:44.0306 4448 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
21:47:44.0307 4448 Modem - ok
21:47:44.0316 4448 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
21:47:44.0316 4448 monitor - ok
21:47:44.0319 4448 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
21:47:44.0320 4448 mouclass - ok
21:47:44.0323 4448 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
21:47:44.0323 4448 mouhid - ok
21:47:44.0328 4448 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
21:47:44.0329 4448 mountmgr - ok
21:47:44.0332 4448 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
21:47:44.0334 4448 mpio - ok
21:47:44.0356 4448 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
21:47:44.0357 4448 mpsdrv - ok
21:47:44.0361 4448 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
21:47:44.0362 4448 MRxDAV - ok
21:47:44.0376 4448 [ B272B4C3E085EA860C12F2E4FAF2FFA2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
21:47:44.0378 4448 mrxsmb - ok
21:47:44.0389 4448 [ 9AC33EF26C8A3AD0F117D00EB7301D03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:47:44.0391 4448 mrxsmb10 - ok
21:47:44.0395 4448 [ E0ABDB5ED7E199E242A7D028E76C1D3A ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:47:44.0396 4448 mrxsmb20 - ok
21:47:44.0399 4448 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
21:47:44.0400 4448 msahci - ok
21:47:44.0416 4448 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
21:47:44.0417 4448 msdsm - ok
21:47:44.0429 4448 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
21:47:44.0431 4448 MSDTC - ok
21:47:44.0435 4448 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
21:47:44.0436 4448 Msfs - ok
21:47:44.0438 4448 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
21:47:44.0439 4448 mshidkmdf - ok
21:47:44.0441 4448 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
21:47:44.0442 4448 msisadrv - ok
21:47:44.0459 4448 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
21:47:44.0461 4448 MSiSCSI - ok
21:47:44.0463 4448 msiserver - ok
21:47:44.0474 4448 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
21:47:44.0475 4448 MSKSSRV - ok
21:47:44.0478 4448 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
21:47:44.0479 4448 MSPCLOCK - ok
21:47:44.0481 4448 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
21:47:44.0482 4448 MSPQM - ok
21:47:44.0486 4448 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
21:47:44.0488 4448 MsRPC - ok
21:47:44.0497 4448 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
21:47:44.0497 4448 mssmbios - ok
21:47:44.0500 4448 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
21:47:44.0501 4448 MSTEE - ok
21:47:44.0608 4448 [ 73FA09B84B23A1897809A84F976D5D99 ] msvsmon80 C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe
21:47:44.0633 4448 msvsmon80 - ok
21:47:44.0636 4448 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
21:47:44.0637 4448 MTConfig - ok
21:47:44.0655 4448 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
21:47:44.0655 4448 Mup - ok
21:47:44.0677 4448 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
21:47:44.0681 4448 napagent - ok
21:47:44.0738 4448 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
21:47:44.0741 4448 NativeWifiP - ok
21:47:44.0800 4448 [ E7C54812A2AAF43316EB6930C1FFA108 ] NDIS C:\Windows\system32\drivers\ndis.sys
21:47:44.0808 4448 NDIS - ok
21:47:44.0812 4448 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
21:47:44.0813 4448 NdisCap - ok
21:47:44.0822 4448 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
21:47:44.0822 4448 NdisTapi - ok
21:47:44.0827 4448 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
21:47:44.0828 4448 Ndisuio - ok
21:47:44.0832 4448 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
21:47:44.0833 4448 NdisWan - ok
21:47:44.0840 4448 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
21:47:44.0841 4448 NDProxy - ok
21:47:44.0845 4448 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
21:47:44.0846 4448 NetBIOS - ok
21:47:44.0850 4448 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
21:47:44.0851 4448 NetBT - ok
21:47:44.0866 4448 [ F42309C4191C506B71DB5D1126D26318 ] Netlogon C:\Windows\system32\lsass.exe
21:47:44.0866 4448 Netlogon - ok
21:47:44.0887 4448 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
21:47:44.0890 4448 Netman - ok
21:47:44.0896 4448 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
21:47:44.0900 4448 netprofm - ok
21:47:44.0917 4448 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:47:44.0919 4448 NetTcpPortSharing - ok
21:47:45.0083 4448 [ 3B33804D73DB00138544E30594D11733 ] NETwNs32 C:\Windows\system32\DRIVERS\Netwsn00.sys
21:47:45.0183 4448 NETwNs32 - ok
21:47:45.0210 4448 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
21:47:45.0211 4448 nfrd960 - ok
21:47:45.0238 4448 [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc C:\Windows\System32\nlasvc.dll
21:47:45.0241 4448 NlaSvc - ok
21:47:45.0244 4448 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
21:47:45.0244 4448 Npfs - ok
21:47:45.0258 4448 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
21:47:45.0260 4448 nsi - ok
21:47:45.0262 4448 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
21:47:45.0263 4448 nsiproxy - ok
21:47:45.0291 4448 [ 33C3093D09017CFE2E219F2472BFF6EB ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
21:47:45.0301 4448 Ntfs - ok
21:47:45.0304 4448 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
21:47:45.0305 4448 Null - ok
21:47:45.0309 4448 [ AF2EEC9580C1D32FB7EAF105D9784061 ] nvraid C:\Windows\system32\drivers\nvraid.sys
21:47:45.0310 4448 nvraid - ok
21:47:45.0314 4448 [ 9283C58EBAA2618F93482EB5DABCEC82 ] nvstor C:\Windows\system32\drivers\nvstor.sys
21:47:45.0316 4448 nvstor - ok
21:47:45.0319 4448 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
21:47:45.0320 4448 nv_agp - ok
21:47:45.0370 4448 [ 84DE1DD996B48B05ACE31AD015FA108A ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:47:45.0374 4448 odserv - ok
21:47:45.0378 4448 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
21:47:45.0379 4448 ohci1394 - ok
21:47:45.0394 4448 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:47:45.0402 4448 ose - ok
21:47:45.0417 4448 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
21:47:45.0420 4448 p2pimsvc - ok
21:47:45.0443 4448 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
21:47:45.0447 4448 p2psvc - ok
21:47:45.0464 4448 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\drivers\parport.sys
21:47:45.0465 4448 Parport - ok
21:47:45.0468 4448 [ BF8F6AF06DA75B336F07E23AEF97D93B ] partmgr C:\Windows\system32\drivers\partmgr.sys
21:47:45.0469 4448 partmgr - ok
21:47:45.0476 4448 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\drivers\parvdm.sys
21:47:45.0477 4448 Parvdm - ok
21:47:45.0481 4448 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
21:47:45.0483 4448 PcaSvc - ok
21:47:45.0489 4448 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
21:47:45.0490 4448 pci - ok
21:47:45.0494 4448 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
21:47:45.0495 4448 pciide - ok
21:47:45.0499 4448 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
21:47:45.0501 4448 pcmcia - ok
21:47:45.0525 4448 [ 6C9E2F69D99C025FD5CAB2228E495FA1 ] PCTBD C:\Windows\system32\Drivers\PCTBD.sys
21:47:45.0526 4448 PCTBD - ok
21:47:45.0530 4448 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
21:47:45.0531 4448 pcw - ok
21:47:45.0538 4448 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
21:47:45.0543 4448 PEAUTH - ok
21:47:45.0567 4448 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
21:47:45.0576 4448 PeerDistSvc - ok
21:47:45.0625 4448 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
21:47:45.0639 4448 pla - ok
21:47:45.0665 4448 [ 92DC6E68D2C856C5C2F21AE9E22112B8 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
21:47:45.0668 4448 PlugPlay - ok
21:47:45.0680 4448 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
21:47:45.0682 4448 PNRPAutoReg - ok
21:47:45.0687 4448 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
21:47:45.0689 4448 PNRPsvc - ok
21:47:45.0711 4448 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
21:47:45.0715 4448 PolicyAgent - ok
21:47:45.0720 4448 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
21:47:45.0722 4448 Power - ok
21:47:45.0778 4448 [ DEED60F99C5B8E386D507860F600D509 ] Power Manager DBC Service C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
21:47:45.0803 4448 Power Manager DBC Service - ok
21:47:45.0829 4448 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
21:47:45.0830 4448 PptpMiniport - ok
21:47:45.0838 4448 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\drivers\processr.sys
21:47:45.0839 4448 Processor - ok
21:47:45.0863 4448 [ 43CA4CCC22D52FB58E8988F0198851D0 ] ProfSvc C:\Windows\system32\profsvc.dll
21:47:45.0866 4448 ProfSvc - ok
21:47:45.0882 4448 [ F42309C4191C506B71DB5D1126D26318 ] ProtectedStorage C:\Windows\system32\lsass.exe
21:47:45.0884 4448 ProtectedStorage - ok
21:47:45.0906 4448 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
21:47:45.0907 4448 Psched - ok
21:47:45.0949 4448 [ 68DCE950DCD2ABBB82362D383EC5836E ] PwmEWSvc C:\Program Files\ThinkPad\Utilities\PWMEWSVC.EXE
21:47:45.0968 4448 PwmEWSvc - ok
21:47:45.0996 4448 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
21:47:46.0008 4448 ql2300 - ok
21:47:46.0022 4448 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
21:47:46.0024 4448 ql40xx - ok
21:47:46.0048 4448 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
21:47:46.0051 4448 QWAVE - ok
21:47:46.0054 4448 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
21:47:46.0055 4448 QWAVEdrv - ok
21:47:46.0059 4448 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
21:47:46.0059 4448 RasAcd - ok
21:47:46.0074 4448 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
21:47:46.0075 4448 RasAgileVpn - ok
21:47:46.0088 4448 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
21:47:46.0091 4448 RasAuto - ok
21:47:46.0095 4448 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
21:47:46.0096 4448 Rasl2tp - ok
21:47:46.0121 4448 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
21:47:46.0124 4448 RasMan - ok
21:47:46.0127 4448 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
21:47:46.0129 4448 RasPppoe - ok
21:47:46.0132 4448 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
21:47:46.0133 4448 RasSstp - ok
21:47:46.0138 4448 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
21:47:46.0140 4448 rdbss - ok
21:47:46.0143 4448 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
21:47:46.0144 4448 rdpbus - ok
21:47:46.0147 4448 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
21:47:46.0147 4448 RDPCDD - ok
21:47:46.0153 4448 [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
21:47:46.0155 4448 RDPDR - ok
21:47:46.0163 4448 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
21:47:46.0164 4448 RDPENCDD - ok
21:47:46.0169 4448 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
21:47:46.0169 4448 RDPREFMP - ok
21:47:46.0174 4448 [ 68A0387F58E226DEEE23D9715955572A ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
21:47:46.0175 4448 RdpVideoMiniport - ok
21:47:46.0180 4448 [ 288B06960D78428FF89E811632684E20 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
21:47:46.0182 4448 RDPWD - ok
21:47:46.0196 4448 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
21:47:46.0299 4448 rdyboost - ok
21:47:46.0394 4448 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
21:47:46.0456 4448 RemoteAccess - ok
21:47:46.0527 4448 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
21:47:46.0531 4448 RemoteRegistry - ok
21:47:46.0558 4448 [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
21:47:46.0561 4448 RFCOMM - ok
21:47:46.0590 4448 [ 9EBC0F4B55EC20E91FE40AC83825836C ] risdxc C:\Windows\system32\DRIVERS\risdxc86.sys
21:47:46.0592 4448 risdxc - ok
21:47:46.0614 4448 RkHit - ok
21:47:46.0640 4448 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
21:47:46.0644 4448 RpcEptMapper - ok
21:47:46.0659 4448 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
21:47:46.0661 4448 RpcLocator - ok
21:47:46.0685 4448 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
21:47:46.0690 4448 RpcSs - ok
21:47:46.0723 4448 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
21:47:46.0724 4448 rspndr - ok
21:47:46.0738 4448 [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
21:47:46.0739 4448 s3cap - ok
21:47:46.0749 4448 [ F42309C4191C506B71DB5D1126D26318 ] SamSs C:\Windows\system32\lsass.exe
21:47:46.0750 4448 SamSs - ok
21:47:46.0765 4448 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
21:47:46.0767 4448 sbp2port - ok
21:47:46.0823 4448 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
21:47:46.0829 4448 SCardSvr - ok
21:47:46.0835 4448 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
21:47:46.0837 4448 scfilter - ok
21:47:46.0847 4448 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
21:47:46.0855 4448 Schedule - ok
21:47:46.0866 4448 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
21:47:46.0866 4448 SCPolicySvc - ok
21:47:46.0884 4448 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
21:47:46.0886 4448 SDRSVC - ok
21:47:46.0903 4448 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
21:47:46.0904 4448 secdrv - ok
21:47:46.0915 4448 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
21:47:46.0917 4448 seclogon - ok
21:47:46.0943 4448 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
21:47:46.0945 4448 SENS - ok
21:47:46.0955 4448 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
21:47:46.0957 4448 SensrSvc - ok
21:47:46.0959 4448 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\drivers\serenum.sys
21:47:46.0960 4448 Serenum - ok
21:47:46.0972 4448 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\drivers\serial.sys
21:47:46.0974 4448 Serial - ok
21:47:46.0977 4448 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\drivers\sermouse.sys
21:47:46.0978 4448 sermouse - ok
21:47:46.0994 4448 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
21:47:46.0996 4448 SessionEnv - ok
21:47:47.0005 4448 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
21:47:47.0006 4448 sffdisk - ok
21:47:47.0008 4448 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
21:47:47.0009 4448 sffp_mmc - ok
21:47:47.0013 4448 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
21:47:47.0014 4448 sffp_sd - ok
21:47:47.0016 4448 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
21:47:47.0017 4448 sfloppy - ok
21:47:47.0030 4448 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:47:47.0034 4448 ShellHWDetection - ok
21:47:47.0070 4448 [ E91FA3B0F15FADB90B1346A0FAABFFFB ] Shockprf C:\Windows\system32\DRIVERS\Apsx86.sys
21:47:47.0071 4448 Shockprf - ok
21:47:47.0075 4448 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
21:47:47.0076 4448 sisagp - ok
21:47:47.0089 4448 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
21:47:47.0090 4448 SiSRaid2 - ok
21:47:47.0095 4448 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
21:47:47.0096 4448 SiSRaid4 - ok
21:47:47.0113 4448 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
21:47:47.0115 4448 SkypeUpdate - ok
21:47:47.0125 4448 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
21:47:47.0126 4448 Smb - ok
21:47:47.0156 4448 [ 3C4A61CCB2CF32ED6E09F559B4ADB6CF ] smihlp C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys
21:47:47.0156 4448 smihlp - ok
21:47:47.0184 4448 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
21:47:47.0188 4448 SNMPTRAP - ok
21:47:47.0213 4448 [ 4945020BC094C322571184A6E8056B3A ] SolidWorks Licensing Service C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
21:47:47.0216 4448 SolidWorks Licensing Service - ok
21:47:47.0230 4448 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
21:47:47.0231 4448 spldr - ok
21:47:47.0260 4448 [ 866A43013535DC8587C258E43579C764 ] Spooler C:\Windows\System32\spoolsv.exe
21:47:47.0266 4448 Spooler - ok
21:47:47.0330 4448 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
21:47:47.0361 4448 sppsvc - ok
21:47:47.0364 4448 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
21:47:47.0366 4448 sppuinotify - ok
21:47:47.0402 4448 [ 112127C3B2E64D7680CC39CD0A39DD7E ] srv C:\Windows\system32\DRIVERS\srv.sys
21:47:47.0405 4448 srv - ok
21:47:47.0411 4448 [ E5DD784A4EE5EBC72A86C677C988FCDB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
21:47:47.0415 4448 srv2 - ok
21:47:47.0421 4448 [ CDBE627E16CC9E98F343D73F8E81D258 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
21:47:47.0423 4448 srvnet - ok
21:47:47.0444 4448 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
21:47:47.0446 4448 SSDPSRV - ok
21:47:47.0450 4448 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
21:47:47.0452 4448 SstpSvc - ok
21:47:47.0464 4448 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\drivers\stexstor.sys
21:47:47.0464 4448 stexstor - ok
21:47:47.0497 4448 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
21:47:47.0502 4448 StiSvc - ok
21:47:47.0514 4448 [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
21:47:47.0514 4448 storflt - ok
21:47:47.0523 4448 [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc C:\Windows\system32\drivers\storvsc.sys
21:47:47.0524 4448 storvsc - ok
21:47:47.0527 4448 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
21:47:47.0528 4448 swenum - ok
21:47:47.0539 4448 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
21:47:47.0542 4448 swprv - ok
21:47:47.0548 4448 [ F2AD8960812FD111E20E84659EF19D43 ] Synth3dVsc C:\Windows\system32\drivers\synth3dvsc.sys
21:47:47.0549 4448 Synth3dVsc - ok
21:47:47.0574 4448 [ 1643A0985AEBE8DFD539C751BCCC2C55 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
21:47:47.0576 4448 SynTP - ok
21:47:47.0605 4448 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
21:47:47.0617 4448 SysMain - ok
21:47:47.0638 4448 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:47:47.0640 4448 TabletInputService - ok
21:47:47.0650 4448 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
21:47:47.0654 4448 TapiSrv - ok
21:47:47.0666 4448 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
21:47:47.0668 4448 TBS - ok
21:47:47.0706 4448 [ 37E8FA3779668837CA9E2C36D2415949 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
21:47:47.0717 4448 Tcpip - ok
21:47:47.0730 4448 [ 37E8FA3779668837CA9E2C36D2415949 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
21:47:47.0737 4448 TCPIP6 - ok
21:47:47.0741 4448 [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
21:47:47.0742 4448 tcpipreg - ok
21:47:47.0750 4448 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
21:47:47.0751 4448 TDPIPE - ok
21:47:47.0755 4448 [ 2C10395BAA4847F83042813C515CC289 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
21:47:47.0756 4448 TDTCP - ok
21:47:47.0761 4448 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
21:47:47.0763 4448 tdx - ok
21:47:47.0766 4448 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
21:47:47.0766 4448 TermDD - ok
21:47:47.0769 4448 [ 052306FD76793D5D5AB5D9891FD1ADBB ] terminpt C:\Windows\system32\drivers\terminpt.sys
21:47:47.0770 4448 terminpt - ok
21:47:47.0784 4448 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
21:47:47.0789 4448 TermService - ok
21:47:47.0809 4448 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
21:47:47.0811 4448 Themes - ok
21:47:47.0824 4448 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
21:47:47.0825 4448 THREADORDER - ok
21:47:47.0834 4448 [ 8F58C4FBF3F6E5B816C47201EDE90DCE ] TPDIGIMN C:\Windows\system32\DRIVERS\ApsHM86.sys
21:47:47.0834 4448 TPDIGIMN - ok
21:47:47.0862 4448 [ 116156A5835224407A6DC8C44B6EF4EE ] TPHDEXLGSVC C:\Windows\system32\TPHDEXLG.exe
21:47:47.0864 4448 TPHDEXLGSVC - ok
21:47:47.0898 4448 [ 9CD364ECB3A10B24C7CAC8FF89993A67 ] TPHKLOAD C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
21:47:47.0898 4448 TPHKLOAD - ok
21:47:47.0922 4448 [ 046A7B412E4E6C4A7B426441E143F0F2 ] TPHKSVC C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
21:47:47.0924 4448 TPHKSVC - ok
21:47:47.0944 4448 [ 5AD05191DC8B444A7BA4D79B76C42A30 ] TPM C:\Windows\system32\drivers\tpm.sys
21:47:47.0946 4448 TPM - ok
21:47:47.0970 4448 [ C9DA1FEF94EF44D7BD0CA0CBDAD5C44C ] TPPWRIF C:\Windows\system32\drivers\Tppwr32v.sys
21:47:47.0971 4448 TPPWRIF - ok
21:47:47.0981 4448 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
21:47:47.0983 4448 TrkWks - ok
21:47:48.0026 4448 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:47:48.0029 4448 TrustedInstaller - ok
21:47:48.0048 4448 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
21:47:48.0050 4448 tssecsrv - ok
21:47:48.0053 4448 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
21:47:48.0054 4448 TsUsbFlt - ok
21:47:48.0064 4448 [ 01246F0BAAD7B68EC0F472AA41E33282 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
21:47:48.0065 4448 TsUsbGD - ok
21:47:48.0069 4448 [ 045ACB987C650D8186C6B4A692223860 ] tsusbhub C:\Windows\system32\drivers\tsusbhub.sys
21:47:48.0070 4448 tsusbhub - ok
21:47:48.0092 4448 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
21:47:48.0094 4448 tunnel - ok
21:47:48.0119 4448 [ 24B8EBF85A4C22BA1B9459C6203F0A50 ] tvtvcamd C:\Windows\system32\DRIVERS\tvtvcamd.sys
21:47:48.0119 4448 tvtvcamd - ok
21:47:48.0122 4448 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\drivers\uagp35.sys
21:47:48.0124 4448 uagp35 - ok
21:47:48.0129 4448 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
21:47:48.0132 4448 udfs - ok
21:47:48.0161 4448 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
21:47:48.0163 4448 UI0Detect - ok
21:47:48.0186 4448 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
21:47:48.0187 4448 uliagpkx - ok
21:47:48.0197 4448 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\DRIVERS\umbus.sys
21:47:48.0198 4448 umbus - ok
21:47:48.0201 4448 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\drivers\umpass.sys
21:47:48.0202 4448 UmPass - ok
21:47:48.0210 4448 [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService C:\Windows\System32\umrdp.dll
21:47:48.0214 4448 UmRdpService - ok
21:47:48.0248 4448 [ CABEC311CEA77EAEA3DC04A1ADFC0459 ] UNS C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
21:47:48.0253 4448 UNS - ok
21:47:48.0275 4448 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
21:47:48.0282 4448 upnphost - ok
21:47:48.0288 4448 [ 7E72E7D7E0757D59481D530FD2B0BFAE ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
21:47:48.0290 4448 usbccgp - ok
21:47:48.0298 4448 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
21:47:48.0301 4448 usbcir - ok
21:47:48.0322 4448 [ CFBCE999C057D78979A181C9C60F208E ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
21:47:48.0323 4448 usbehci - ok
21:47:48.0338 4448 [ 9D22AAD9AC6A07C691A1113E5F860868 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
21:47:48.0341 4448 usbhub - ok
21:47:48.0344 4448 [ A6FB7957EA7AFB1165991E54CE934B74 ] usbohci C:\Windows\system32\drivers\usbohci.sys
21:47:48.0345 4448 usbohci - ok
21:47:48.0348 4448 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\drivers\usbprint.sys
21:47:48.0349 4448 usbprint - ok
21:47:48.0354 4448 [ BF63EBFC6979FEFB2BC03DF7989A0C1A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:47:48.0355 4448 USBSTOR - ok
21:47:48.0358 4448 [ 78780C3EBCE17405B1CCD07A3A8A7D72 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
21:47:48.0359 4448 usbuhci - ok
21:47:48.0391 4448 [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
21:47:48.0393 4448 usbvideo - ok
21:47:48.0411 4448 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
21:47:48.0413 4448 UxSms - ok
21:47:48.0424 4448 [ F42309C4191C506B71DB5D1126D26318 ] VaultSvc C:\Windows\system32\lsass.exe
21:47:48.0425 4448 VaultSvc - ok
21:47:48.0439 4448 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
21:47:48.0439 4448 vdrvroot - ok
21:47:48.0457 4448 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
21:47:48.0462 4448 vds - ok
21:47:48.0466 4448 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
21:47:48.0467 4448 vga - ok
21:47:48.0470 4448 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
21:47:48.0471 4448 VgaSave - ok
21:47:48.0473 4448 VGPU - ok
21:47:48.0479 4448 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
21:47:48.0481 4448 vhdmp - ok
21:47:48.0509 4448 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
21:47:48.0510 4448 viaagp - ok
21:47:48.0513 4448 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
21:47:48.0514 4448 ViaC7 - ok
21:47:48.0517 4448 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
21:47:48.0519 4448 viaide - ok
21:47:48.0523 4448 [ C2F2911156FDC7817C52829C86DA494E ] vmbus C:\Windows\system32\drivers\vmbus.sys
21:47:48.0525 4448 vmbus - ok
21:47:48.0528 4448 [ D4D77455211E204F370D08F4963063CE ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
21:47:48.0529 4448 VMBusHID - ok
21:47:48.0532 4448 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
21:47:48.0532 4448 volmgr - ok
21:47:48.0538 4448 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
21:47:48.0540 4448 volmgrx - ok
21:47:48.0548 4448 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
21:47:48.0550 4448 volsnap - ok
21:47:48.0557 4448 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
21:47:48.0559 4448 vsmraid - ok
21:47:48.0581 4448 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
21:47:48.0592 4448 VSS - ok
21:47:48.0596 4448 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
21:47:48.0597 4448 vwifibus - ok
21:47:48.0605 4448 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
21:47:48.0605 4448 vwififlt - ok
21:47:48.0612 4448 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
21:47:48.0615 4448 W32Time - ok
21:47:48.0620 4448 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
21:47:48.0621 4448 WacomPen - ok
21:47:48.0624 4448 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
21:47:48.0625 4448 WANARP - ok
21:47:48.0627 4448 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
21:47:48.0628 4448 Wanarpv6 - ok
21:47:48.0658 4448 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
21:47:48.0670 4448 wbengine - ok
21:47:48.0681 4448 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
21:47:48.0683 4448 WbioSrvc - ok
21:47:48.0688 4448 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
21:47:48.0691 4448 wcncsvc - ok
21:47:48.0694 4448 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:47:48.0696 4448 WcsPlugInService - ok
21:47:48.0703 4448 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\drivers\wd.sys
21:47:48.0704 4448 Wd - ok
21:47:48.0710 4448 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
21:47:48.0713 4448 Wdf01000 - ok
21:47:48.0727 4448 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
21:47:48.0729 4448 WdiServiceHost - ok
21:47:48.0731 4448 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
21:47:48.0733 4448 WdiSystemHost - ok
21:47:48.0737 4448 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
21:47:48.0740 4448 WebClient - ok
21:47:48.0750 4448 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
21:47:48.0753 4448 Wecsvc - ok
21:47:48.0765 4448 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
21:47:48.0767 4448 wercplsupport - ok
21:47:48.0786 4448 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
21:47:48.0788 4448 WerSvc - ok
21:47:48.0798 4448 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
21:47:48.0799 4448 WfpLwf - ok
21:47:48.0801 4448 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
21:47:48.0802 4448 WIMMount - ok
21:47:48.0806 4448 WinHttpAutoProxySvc - ok
21:47:48.0848 4448 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
21:47:48.0851 4448 Winmgmt - ok
21:47:48.0887 4448 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
21:47:48.0905 4448 WinRM - ok
21:47:48.0943 4448 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUSB.sys
21:47:48.0944 4448 WinUsb - ok
21:47:48.0978 4448 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
21:47:48.0986 4448 Wlansvc - ok
21:47:49.0007 4448 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
21:47:49.0007 4448 WmiAcpi - ok
21:47:49.0034 4448 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
21:47:49.0035 4448 wmiApSrv - ok
21:47:49.0086 4448 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
21:47:49.0096 4448 WMPNetworkSvc - ok
21:47:49.0119 4448 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
21:47:49.0121 4448 WPCSvc - ok
21:47:49.0124 4448 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
21:47:49.0127 4448 WPDBusEnum - ok
21:47:49.0129 4448 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
21:47:49.0130 4448 ws2ifsl - ok
21:47:49.0133 4448 WSearch - ok
21:47:49.0137 4448 [ E714A1C0354636837E20CCBF00888EE7 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
21:47:49.0139 4448 WudfPf - ok
21:47:49.0143 4448 [ 1023EE888C9B47178C5293ED5336AB69 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
21:47:49.0144 4448 WUDFRd - ok
21:47:49.0184 4448 [ 8D1E1E529A2C9E9B6A85B55A345F7629 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
21:47:49.0186 4448 wudfsvc - ok
21:47:49.0195 4448 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
21:47:49.0198 4448 WwanSvc - ok
21:47:49.0214 4448 ================ Scan global ===============================
21:47:49.0233 4448 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
21:47:49.0254 4448 [ A9F564F254E9DDDE120A7135767EC24B ] C:\Windows\system32\winsrv.dll
21:47:49.0260 4448 [ A9F564F254E9DDDE120A7135767EC24B ] C:\Windows\system32\winsrv.dll
21:47:49.0276 4448 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
21:47:49.0299 4448 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
21:47:49.0303 4448 [Global] - ok
21:47:49.0303 4448 ================ Scan MBR ==================================
21:47:49.0314 4448 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
21:47:49.0502 4448 \Device\Harddisk0\DR0 - ok
21:47:49.0505 4448 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
21:47:51.0160 4448 \Device\Harddisk1\DR1 - ok
21:47:51.0160 4448 ================ Scan VBR ==================================
21:47:51.0222 4448 [ 8DEAC69C4FB62DCA6F0FDBF0F233E4D6 ] \Device\Harddisk0\DR0\Partition1
21:47:51.0224 4448 \Device\Harddisk0\DR0\Partition1 - ok
21:47:51.0240 4448 [ F2180A42DCF712A4A8B731CDCA5D17AD ] \Device\Harddisk0\DR0\Partition2
21:47:51.0241 4448 \Device\Harddisk0\DR0\Partition2 - ok
21:47:51.0257 4448 [ 232AE69AE8F85DB244B1F1712F5BA91F ] \Device\Harddisk0\DR0\Partition3
21:47:51.0258 4448 \Device\Harddisk0\DR0\Partition3 - ok
21:47:51.0262 4448 [ 4CB53EA084A3A62E8E8C47DA6C02583F ] \Device\Harddisk1\DR1\Partition1
21:47:51.0265 4448 \Device\Harddisk1\DR1\Partition1 - ok
21:47:51.0266 4448 ============================================================
21:47:51.0266 4448 Scan finished
21:47:51.0266 4448 ============================================================
21:47:51.0277 4848 Detected object count: 1
21:47:51.0277 4848 Actual detected object count: 1
21:48:20.0918 4848 C:\Windows\system32\drivers\afd.sys - copied to quarantine
21:48:21.0126 4848 C:\Windows\$NtUninstallKB61790$\1878826658\@ - copied to quarantine
21:48:21.0126 4848 C:\Windows\$NtUninstallKB61790$\1878826658\Desktop.ini - copied to quarantine
21:48:21.0127 4848 C:\Windows\$NtUninstallKB61790$\1878826658\L\00000004.@ - copied to quarantine
21:48:21.0128 4848 C:\Windows\$NtUninstallKB61790$\1878826658\L\201d3dde - copied to quarantine
21:48:21.0139 4848 C:\Windows\$NtUninstallKB61790$\1878826658\L\xadqgnnk - copied to quarantine
21:48:21.0144 4848 C:\Windows\$NtUninstallKB61790$\1878826658\U\00000004.@ - copied to quarantine
21:48:21.0162 4848 C:\Windows\$NtUninstallKB61790$\1878826658\U\00000008.@ - copied to quarantine
21:48:21.0172 4848 C:\Windows\$NtUninstallKB61790$\1878826658\U\000000cb.@ - copied to quarantine
21:48:21.0212 4848 C:\Windows\$NtUninstallKB61790$\1878826658\U\80000000.@ - copied to quarantine
21:48:21.0228 4848 C:\Windows\$NtUninstallKB61790$\1878826658\U\80000032.@ - copied to quarantine
21:48:21.0351 4848 Backup copy found, using it..
21:48:21.0357 4848 C:\Windows\system32\drivers\afd.sys - will be cured on reboot
21:48:21.0387 4848 C:\Windows\$NtUninstallKB61790$\1166423863 - will be deleted on reboot
21:48:21.0387 4848 C:\Windows\$NtUninstallKB61790$\1878826658\@ - will be deleted on reboot
21:48:21.0388 4848 C:\Windows\$NtUninstallKB61790$\1878826658\Desktop.ini - will be deleted on reboot
21:48:21.0388 4848 C:\Windows\$NtUninstallKB61790$\1878826658\U\00000004.@ - will be deleted on reboot
21:48:21.0389 4848 C:\Windows\$NtUninstallKB61790$\1878826658\U\00000008.@ - will be deleted on reboot
21:48:21.0389 4848 C:\Windows\$NtUninstallKB61790$\1878826658\U\000000cb.@ - will be deleted on reboot
21:48:21.0389 4848 C:\Windows\$NtUninstallKB61790$\1878826658\U\80000000.@ - will be deleted on reboot
21:48:21.0389 4848 C:\Windows\$NtUninstallKB61790$\1878826658\U\80000032.@ - will be deleted on reboot
21:48:21.0391 4848 AFD ( Virus.Win32.ZAccess.aml ) - User select action: Cure
21:48:45.0473 2364 Deinitialize success





21:49:48.0804 3768 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
21:49:49.0163 3768 ============================================================
21:49:49.0163 3768 Current date / time: 2012/09/18 21:49:49.0163
21:49:49.0163 3768 SystemInfo:
21:49:49.0163 3768
21:49:49.0163 3768 OS Version: 6.1.7601 ServicePack: 1.0
21:49:49.0163 3768 Product type: Workstation
21:49:49.0163 3768 ComputerName: HANBINMA
21:49:49.0163 3768 UserName: hm446
21:49:49.0163 3768 Windows directory: C:\Windows
21:49:49.0163 3768 System windows directory: C:\Windows
21:49:49.0163 3768 Processor architecture: Intel x86
21:49:49.0163 3768 Number of processors: 4
21:49:49.0163 3768 Page size: 0x1000
21:49:49.0163 3768 Boot type: Normal boot
21:49:49.0163 3768 ============================================================
21:49:53.0515 3768 BG loaded
21:49:54.0046 3768 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:49:54.0061 3768 Drive \Device\Harddisk1\DR1 - Size: 0x7A000000 (1.91 Gb), SectorSize: 0x200, Cylinders: 0xF8, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:49:54.0061 3768 ============================================================
21:49:54.0061 3768 \Device\Harddisk0\DR0:
21:49:54.0077 3768 MBR partitions:
21:49:54.0077 3768 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x6403941
21:49:54.0077 3768 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x6404000, BlocksNum 0xC800000
21:49:54.0077 3768 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x12C04000, BlocksNum 0x27781000
21:49:54.0077 3768 \Device\Harddisk1\DR1:
21:49:54.0077 3768 MBR partitions:
21:49:54.0077 3768 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x6, StartLBA 0x50, BlocksNum 0x3CFFB0
21:49:54.0077 3768 ============================================================
21:49:54.0170 3768 C: <-> \Device\Harddisk0\DR0\Partition1
21:49:54.0264 3768 D: <-> \Device\Harddisk0\DR0\Partition2
21:49:54.0326 3768 E: <-> \Device\Harddisk0\DR0\Partition3
21:49:54.0326 3768 ============================================================
21:49:54.0326 3768 Initialize success
21:49:54.0326 3768 ============================================================

#6 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:25 AM

Posted 19 September 2012 - 07:50 PM

Please do this next:

Posted Image Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full Scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Uncheck any entries from C:\System Volume Information or C:\Qoobox
  • Be sure that everything else is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please post the results.
Please include the following in your next post:
  • MBAM log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#7 mightbe

mightbe
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:25 AM

Posted 23 September 2012 - 09:55 AM

MBAM log


Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.09.23.02

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
hm446 :: HANBINMA [administrator]

23/09/2012 14:54:25
mbam-log-2012-09-23 (14-54-25).txt

Scan type: Full scan (C:\|D:\|E:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 517615
Time elapsed: 37 minute(s), 22 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKCR\thunder (Trojan.Agent) -> Quarantined and deleted successfully.
HKCU\Software\SogouExplorer (Adware.Sogou) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 7
C:\TDSSKiller_Quarantine\18.09.2012_21.46.45\rtkt0000\svc0000\tsk0000.dta (Trojan.Agent.MRGGen) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\18.09.2012_21.46.45\rtkt0000\zafs0000\tsk0001.dta (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\18.09.2012_21.46.45\rtkt0000\zafs0000\tsk0005.dta (Rootkit.Zaccess) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\18.09.2012_21.46.45\rtkt0000\zafs0000\tsk0006.dta (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\18.09.2012_21.46.45\rtkt0000\zafs0000\tsk0007.dta (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\18.09.2012_21.46.45\rtkt0000\zafs0000\tsk0008.dta (Trojan.Small) -> Quarantined and deleted successfully.
C:\Users\hm446\AppData\Local\Temp\SEInstaller.exe (Adware.Sogou) -> Quarantined and deleted successfully.

(end)

#8 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:25 AM

Posted 23 September 2012 - 03:12 PM

How is your computer running now? Please do this next:

Posted Image Go to thisLINK to run an online scannner from ESET.
  • Note: For browsers other than Internet Explorer, you will need to download and install esetsmartinstaller_enu.exe. Click on it and save the file to a convenient location. Double click on it to install and a new window will open.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • If you are using Internet Explorer, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic.
Please include the following in your next post:
  • How is the computer running now?
  • ESET log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#9 mightbe

mightbe
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:25 AM

Posted 24 September 2012 - 04:12 PM

My computer is running normal since I have done the 'TDSSKiller' by your instruction. I think you've already helped me solved the problem. what do you think?
many thanks for your help! really appreciated!

ESET log


ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=e92fc9fe8154d642b1811468d5672b47
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-09-24 09:07:45
# local_time=2012-09-24 10:07:45 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 66 94 1566307 100982982 0 0
# compatibility_mode=8192 67108863 100 0 119 119 0 0
# scanned=300337
# found=3
# cleaned=0
# scan_time=4274
C:\TDSSKiller_Quarantine\18.09.2012_21.46.45\rtkt0000\zafs0000\tsk0009.dta a variant of Win32/Sirefef.FD trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\hm446\Downloads\installer_xming_x_server.exe Win32/Toggle application (unable to clean) 00000000000000000000000000000000 I
C:\Users\hm446\Downloads\Solidworks.2009.serial.keygen.by.ACME.zip a variant of Win32/Kryptik.ALLU trojan (unable to clean) 00000000000000000000000000000000 I

#10 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:25 AM

Posted 24 September 2012 - 07:54 PM

Your logs look good with the exception of that keygen for SolidWorks. Files like that are a major source of malware and it's very likely that is how you got infected. Please remove that from your system.

All I have left for you is some very important cleanup:

Posted Image Download TFC to your desktop
  • Close any open windows.
  • Double click the TFC icon to run the program
  • TFC will close all open programs itself in order to run,
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted.
  • The program should not take long to finish it's job
  • Once its finished it should automatically reboot your machine,
  • if it doesn't, manually reboot to ensure a complete clean
Posted Image Download OTC to your desktop and run it
  • Click Yes to begin the cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the cleanup process. If you are asked to reboot the machine choose Yes.
  • Manually delete any remaining logs or tools from our fixes
Posted Image Finally, I'd like to make a couple of suggestions to help you stay clean in the future:
  • Restart any anti-malware programs that we disabled while we were cleaning your machine.
  • Install an antivirus application and keep it and MBAM current and updated. Scan with them at least weekly.
  • Please read this post for some helpful information.
Please post once more so I know you are all set and I can mark this thread resolved. Good luck and stay safe!

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#11 mightbe

mightbe
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:25 AM

Posted 25 September 2012 - 04:17 PM

hi, I have done all the clean up. thanks for your instructions! really appreciated!

#12 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:25 AM

Posted 25 September 2012 - 08:46 PM

You're welcome, mightbe. Take care.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#13 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:25 AM

Posted 26 September 2012 - 08:18 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users