Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Spyware, Malware - Mplayer & Whitesmoke


  • Please log in to reply
23 replies to this topic

#1 jayman2

jayman2

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:43 PM

Posted 30 September 2012 - 11:42 PM

I am an intermediate computer user. Understand a little more than the basics. I can usually get rid of this stuff fairly easily so I did try to remove these by myself before I found this site. Anyway here are my day events and my problems. We are experimenting with internet TV. In order to stream the video a site was telling us we did not have the right plug-in and we needed to down load the mplayer plug in. I made sure to decline all the extra things with it but it installed a whitesmoke toolbar. I went to Mozilla Firefox Plug-ins & control panel to delete it (using Windows Vista Business Edition) but the program was not installed. Searched the internet for an uninstall but was not able to find much about the toolbar. At that time I did not expect the plugin to be malicious.
A couple days earlier I downloaded another plugin and got a Yahoo toolbar that did not appear in the listed plugins or control panel just as the Whitesmoke one I got today. I did a search on it and Firefox had the fix (Running fire fox 15.0.1). Go to the troubleshooting information in help go to the profile folder and delete a folder. Since I was running into a wall I decided to try that. I deleted all the folders in the folder and reset firefox to the default state. This got rid of the toolbar but still had some weird things happening. Sound on all my flash players would not work and got a no permission to change ATI display settings (I am the administrator and even when I tried explicitly open it as admin I still got the same error). So then I figured I got a nasty virus not just a spy or spam program so thought the best way to get rid of it would be to use system restore. Tried three different dates and they all failed.
I then got a trial version of Malwarebytes and ran a full scan. Selected everything it found and deleted it. Still having the same problems with flash players and ATI counsel. Did some more searching and found this site. If I have already ruined any chance of removing these viruses I can reload windows but hoping this site might save me some heart ache. Below are the logs the site asks for as well as the initial Malware Byte log.
Malware Bytes:
Malwarebytes Anti-Malware (Trial) 1.65.0.1400
www.malwarebytes.org

Database version: v2012.09.30.06

Windows Vista Service Pack 2 x86 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
Jay :: JAYS-LAPTOP [administrator]

Protection: Disabled

9/30/2012 6:56:13 PM
mbam-log-2012-09-30 (18-56-13).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 323265
Time elapsed: 53 minute(s), 45 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 7
HKCR\CLSID\{DFAD8664-2413-7204-63DD-9ED52D43B91B} (PUP.DownloadnSave) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DFAD8664-2413-7204-63DD-9ED52D43B91B} (PUP.DownloadnSave) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{DFAD8664-2413-7204-63DD-9ED52D43B91B} (PUP.DownloadnSave) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{DFAD8664-2413-7204-63DD-9ED52D43B91B} (PUP.DownloadnSave) -> Quarantined and deleted successfully.
HKCR\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC} (PUP.DownloadnSave) -> Quarantined and deleted successfully.
HKCR\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB} (PUP.DownloadnSave) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CodecUpdater (Trojan.Dropper.H) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 7
C:\ProgramData\Codecv\bhoclass.dll (PUP.DownloadnSave) -> Quarantined and deleted successfully.
C:\ProgramData\CodecUpdate\ix_updater.exe (Trojan.Dropper.H) -> Quarantined and deleted successfully.
C:\Users\Public\Downloads\Codec-V.exe (Affiliate.Downloader) -> Quarantined and deleted successfully.
C:\Users\Public\Downloads\instacodecs.exe (PUP.BundleOffers.IIQ) -> Quarantined and deleted successfully.
C:\Users\Public\Downloads\MediaPlayerSetup.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Users\Public\Downloads\mplayer_Setup.exe (PUP.Bundle.Installer.OI) -> Quarantined and deleted successfully.
C:\Users\Public\Downloads\mplayer_tuguu_1271.exe (PUP.BundleOffers.IIQ) -> Quarantined and deleted successfully.

(end)
DDS log:
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_35
Run by Jay at 20:52:50 on 2012-09-30
.
============== Running Processes ===============
.
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://home.mywebsearch.com/index.jhtml?n=77DE8857&p2=^HJ^xdm153^S03104^us&ptb=F4B96C29-32CF-4F37-8F7E-F98BD4F2C674
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: IePasswordManagerHelper Class: {bf468356-bb7e-42d7-9f15-4f3b9bcfced2} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [Xvid] c:\program files\xvid\CheckUpdate.exe
uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe"
uRun: [Akamai NetSession Interface] "c:\users\jay\appdata\local\akamai\netsession_win.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [PWMTRV] rundll32 c:\progra~1\thinkpad\utilit~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe
mRun: [StartCCC] c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe
mRun: [TpShocks] TpShocks.exe
mRun: [LPManager] c:\progra~1\thinkv~1\prdctr\LPMGR.exe
mRun: [LPMailChecker] c:\progra~1\thinkv~1\prdctr\LPMLCHK.exe
mRun: [AMSG] c:\program files\thinkvantage\amsg\Amsg.exe /startup
mRun: [cssauth] "c:\program files\lenovo\client security solution\cssauth.exe" silent
mRun: [AwaySch] c:\program files\lenovo\awaytask\AwaySch.EXE
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\users\jay\appdata\roaming\micros~1\windows\startm~1\programs\startup\ccc.lnk - c:\program files\ati technologies\ati.ace\core-static\CCC.exe
StartupFolder: c:\users\jay\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77} - hxxp://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{681705DA-F7C3-4696-B392-F3ABF95DE609} : DhcpNameServer = 192.168.1.1
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\jay\appdata\roaming\mozilla\firefox\profiles\vo69fjf5.default-1349039941838\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_278.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
.
=============== Created Last 30 ================
.
2012-10-01 01:48:00 29904 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{95836627-d099-4b65-a2c2-ea86cdcf5c52}\MpKsl41a0462f.sys
2012-10-01 01:41:55 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{95836627-d099-4b65-a2c2-ea86cdcf5c52}\offreg.dll
2012-10-01 00:56:53 6980552 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{95836627-d099-4b65-a2c2-ea86cdcf5c52}\mpengine.dll
2012-09-30 23:52:02 -------- d-----w- c:\users\jay\appdata\roaming\Malwarebytes
2012-09-30 23:51:46 -------- d-----w- c:\programdata\Malwarebytes
2012-09-30 23:51:45 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-30 23:51:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-09-30 21:11:05 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-09-30 21:02:24 6980552 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-09-30 20:59:34 -------- d-----w- c:\users\jay\.smplayer
2012-09-26 02:35:47 -------- d-----w- c:\users\jay\appdata\local\TrafficSpaceLLC
2012-09-24 04:29:50 -------- d-----w- c:\users\jay\appdata\local\MPlayer
2012-09-23 19:34:34 -------- d-----w- c:\users\jay\appdata\roaming\StreamTorrent
2012-09-23 19:34:33 -------- d-----w- c:\program files\StreamTorrent 1.0
2012-09-22 01:37:46 -------- d-----w- c:\programdata\WeCareReminder
2012-09-12 03:04:55 -------- d-----w- c:\users\jay\appdata\local\Ilivid Player
2012-09-12 03:04:18 -------- d-----w- c:\program files\iLivid
.
==================== Find3M ====================
.
2012-09-23 00:15:29 696240 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-23 00:15:28 73136 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-29 01:24:56 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-08-29 01:24:53 473072 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-24 06:59:17 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-08-24 06:51:27 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 06:51:02 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-24 06:47:26 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-08-24 06:47:12 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-08-24 06:43:58 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-07-04 14:02:46 2047488 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 20:53:06.14 ===============

GMERE LOG:
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-09-30 22:24:20
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 FUJITSU_ rev.0084
Running: gmer.exe; Driver: C:\Users\Jay\AppData\Local\Temp\kwliypoc.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
I thank you for your time, and look forward in learning more.

BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:43 PM

Posted 01 October 2012 - 08:04 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

===

Please post the logs for my review.

#3 nasdaq

nasdaq

  • Malware Response Team
  • 40,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:43 PM

Posted 07 October 2012 - 07:38 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:43 PM

Posted 07 October 2012 - 10:35 AM

Topic reopened.

nasdaq

#5 jayman2

jayman2
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:43 PM

Posted 07 October 2012 - 05:14 PM

Here are my logs. The MBR.dat file did not show up anywhere. Did a search on my c drive and no such file? Ran MBR twice to be sure.

11:42:03.0816 4312 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
11:42:04.0229 4312 ============================================================
11:42:04.0229 4312 Current date / time: 2012/10/07 11:42:04.0229
11:42:04.0229 4312 SystemInfo:
11:42:04.0229 4312
11:42:04.0229 4312 OS Version: 6.0.6002 ServicePack: 2.0
11:42:04.0229 4312 Product type: Workstation
11:42:04.0229 4312 ComputerName: JAYS-LAPTOP
11:42:04.0230 4312 UserName: Jay
11:42:04.0230 4312 Windows directory: C:\Windows
11:42:04.0230 4312 System windows directory: C:\Windows
11:42:04.0230 4312 Processor architecture: Intel x86
11:42:04.0230 4312 Number of processors: 2
11:42:04.0230 4312 Page size: 0x1000
11:42:04.0230 4312 Boot type: Normal boot
11:42:04.0230 4312 ============================================================
11:42:05.0960 4312 Drive \Device\Harddisk0\DR0 - Size: 0xDF8F90000 (55.89 Gb), SectorSize: 0x200, Cylinders: 0x1E48, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050
11:42:08.0035 4312 Drive \Device\Harddisk1\DR1 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
11:42:08.0036 4312 ============================================================
11:42:08.0036 4312 \Device\Harddisk0\DR0:
11:42:08.0082 4312 MBR partitions:
11:42:08.0082 4312 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x6FC6800
11:42:08.0082 4312 \Device\Harddisk1\DR1:
11:42:08.0082 4312 MBR partitions:
11:42:08.0082 4312 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C4542
11:42:08.0082 4312 ============================================================
11:42:08.0105 4312 C: <-> \Device\Harddisk0\DR0\Partition1
11:42:08.0175 4312 E: <-> \Device\Harddisk1\DR1\Partition1
11:42:08.0175 4312 ============================================================
11:42:08.0176 4312 Initialize success
11:42:08.0176 4312 ============================================================
11:42:10.0470 4660 ============================================================
11:42:10.0470 4660 Scan started
11:42:10.0470 4660 Mode: Manual;
11:42:10.0470 4660 ============================================================
11:42:10.0755 4660 ================ Scan system memory ========================
11:42:10.0755 4660 System memory - ok
11:42:10.0755 4660 ================ Scan services =============================
11:42:11.0039 4660 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
11:42:11.0045 4660 ACPI - ok
11:42:11.0120 4660 [ A51EA92451897824C5C7474A160AF773 ] ADIHdAudAddService C:\Windows\system32\drivers\ADIHdAud.sys
11:42:11.0127 4660 ADIHdAudAddService - ok
11:42:11.0266 4660 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
11:42:11.0278 4660 AdobeARMservice - ok
11:42:11.0382 4660 [ E12CFCF1DDBFC50948A75E6E38793225 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
11:42:11.0387 4660 AdobeFlashPlayerUpdateSvc - ok
11:42:11.0456 4660 [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
11:42:11.0479 4660 adp94xx - ok
11:42:11.0528 4660 [ B84088CA3CDCA97DA44A984C6CE1CCAD ] adpahci C:\Windows\system32\drivers\adpahci.sys
11:42:11.0535 4660 adpahci - ok
11:42:11.0570 4660 [ 7880C67BCCC27C86FD05AA2AFB5EA469 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
11:42:11.0581 4660 adpu160m - ok
11:42:11.0609 4660 [ 9AE713F8E30EFC2ABCCD84904333DF4D ] adpu320 C:\Windows\system32\drivers\adpu320.sys
11:42:11.0613 4660 adpu320 - ok
11:42:11.0694 4660 [ 12D23758621B00B8D3134095EC3325FD ] AEADIFilters C:\Windows\system32\AEADISRV.EXE
11:42:11.0696 4660 AEADIFilters - ok
11:42:11.0731 4660 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
11:42:11.0732 4660 AeLookupSvc - ok
11:42:11.0834 4660 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
11:42:11.0841 4660 AFD - ok
11:42:11.0922 4660 [ EF23439CDD587F64C2C1B8825CEAD7D8 ] agp440 C:\Windows\system32\drivers\agp440.sys
11:42:11.0924 4660 agp440 - ok
11:42:11.0961 4660 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
11:42:11.0963 4660 aic78xx - ok
11:42:12.0182 4660 [ 0923671CF87CD511E46D4668B53F5E76 ] Akamai c:\program files\common files\akamai/netsession_win_5891ae0.dll
11:42:12.0182 4660 Suspicious file (Hidden): c:\program files\common files\akamai/netsession_win_5891ae0.dll. md5: 0923671CF87CD511E46D4668B53F5E76
11:42:12.0197 4660 Akamai ( HiddenFile.Multi.Generic ) - warning
11:42:12.0197 4660 Akamai - detected HiddenFile.Multi.Generic (1)
11:42:12.0242 4660 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
11:42:12.0243 4660 ALG - ok
11:42:12.0266 4660 [ 90395B64600EBB4552E26E178C94B2E4 ] aliide C:\Windows\system32\drivers\aliide.sys
11:42:12.0267 4660 aliide - ok
11:42:12.0292 4660 [ 2B13E304C9DFDFA5EB582F6A149FA2C7 ] amdagp C:\Windows\system32\drivers\amdagp.sys
11:42:12.0294 4660 amdagp - ok
11:42:12.0318 4660 [ 0577DF1D323FE75A739C787893D300EA ] amdide C:\Windows\system32\drivers\amdide.sys
11:42:12.0319 4660 amdide - ok
11:42:12.0356 4660 [ DC487885BCEF9F28EECE6FAC0E5DDFC5 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
11:42:12.0358 4660 AmdK7 - ok
11:42:12.0375 4660 [ 0CA0071DA4315B00FC1328CA86B425DA ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
11:42:12.0377 4660 AmdK8 - ok
11:42:12.0509 4660 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
11:42:12.0511 4660 Appinfo - ok
11:42:12.0580 4660 [ 0FE769CAE5855B53C90E23F85E7E89FF ] AppMgmt C:\Windows\System32\appmgmts.dll
11:42:12.0581 4660 AppMgmt - ok
11:42:12.0612 4660 [ 5F673180268BB1FDB69C99B6619FE379 ] arc C:\Windows\system32\drivers\arc.sys
11:42:12.0614 4660 arc - ok
11:42:12.0665 4660 [ 957F7540B5E7F602E44648C7DE5A1C05 ] arcsas C:\Windows\system32\drivers\arcsas.sys
11:42:12.0667 4660 arcsas - ok
11:42:12.0730 4660 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
11:42:12.0732 4660 AsyncMac - ok
11:42:12.0786 4660 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
11:42:12.0787 4660 atapi - ok
11:42:12.0898 4660 [ B0C272DEF210B149C0BFA0D85600CE4B ] athr C:\Windows\system32\DRIVERS\athr.sys
11:42:12.0932 4660 athr - ok
11:42:13.0001 4660 [ 1E28D3FB22FBD2D6B9D16ED20F23030D ] Ati External Event Utility C:\Windows\system32\Ati2evxx.exe
11:42:13.0006 4660 Ati External Event Utility - ok
11:42:13.0116 4660 [ 107D6792A9473B9BFB553B0465460564 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
11:42:13.0228 4660 atikmdag - ok
11:42:13.0278 4660 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
11:42:13.0281 4660 AudioEndpointBuilder - ok
11:42:13.0301 4660 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
11:42:13.0303 4660 Audiosrv - ok
11:42:13.0475 4660 [ 094A64BAE58BB1B03B6ED465E071D075 ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
11:42:13.0480 4660 b57nd60x - ok
11:42:13.0554 4660 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
11:42:13.0555 4660 Beep - ok
11:42:13.0622 4660 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
11:42:13.0625 4660 BFE - ok
11:42:13.0709 4660 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\System32\qmgr.dll
11:42:13.0718 4660 BITS - ok
11:42:13.0724 4660 blbdrive - ok
11:42:13.0791 4660 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
11:42:13.0793 4660 bowser - ok
11:42:13.0861 4660 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
11:42:13.0863 4660 BrFiltLo - ok
11:42:13.0885 4660 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
11:42:13.0886 4660 BrFiltUp - ok
11:42:13.0937 4660 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
11:42:13.0953 4660 Browser - ok
11:42:13.0967 4660 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
11:42:13.0970 4660 Brserid - ok
11:42:13.0987 4660 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
11:42:13.0989 4660 BrSerWdm - ok
11:42:14.0002 4660 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
11:42:14.0004 4660 BrUsbMdm - ok
11:42:14.0021 4660 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
11:42:14.0023 4660 BrUsbSer - ok
11:42:14.0066 4660 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
11:42:14.0068 4660 BTHMODEM - ok
11:42:14.0126 4660 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
11:42:14.0128 4660 cdfs - ok
11:42:14.0163 4660 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
11:42:14.0165 4660 cdrom - ok
11:42:14.0252 4660 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
11:42:14.0253 4660 CertPropSvc - ok
11:42:14.0339 4660 [ DA8E0AFC7BAA226C538EF53AC2F90897 ] circlass C:\Windows\system32\drivers\circlass.sys
11:42:14.0341 4660 circlass - ok
11:42:14.0391 4660 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
11:42:14.0396 4660 CLFS - ok
11:42:14.0478 4660 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:42:14.0481 4660 clr_optimization_v2.0.50727_32 - ok
11:42:14.0600 4660 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:42:14.0677 4660 clr_optimization_v4.0.30319_32 - ok
11:42:14.0712 4660 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
11:42:14.0714 4660 CmBatt - ok
11:42:14.0735 4660 [ 45201046C776FFDAF3FC8A0029C581C8 ] cmdide C:\Windows\system32\drivers\cmdide.sys
11:42:14.0737 4660 cmdide - ok
11:42:14.0775 4660 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
11:42:14.0776 4660 Compbatt - ok
11:42:14.0785 4660 COMSysApp - ok
11:42:14.0800 4660 [ 2A213AE086BBEC5E937553C7D9A2B22C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
11:42:14.0802 4660 crcdisk - ok
11:42:14.0828 4660 [ 22A7F883508176489F559EE745B5BF5D ] Crusoe C:\Windows\system32\drivers\crusoe.sys
11:42:14.0829 4660 Crusoe - ok
11:42:14.0889 4660 [ 75C6A297E364014840B48ECCD7525E30 ] CryptSvc C:\Windows\system32\cryptsvc.dll
11:42:14.0892 4660 CryptSvc - ok
11:42:14.0945 4660 [ 9BDB2E89BE8D0EF37B1F25C3D3FC192C ] CSC C:\Windows\system32\drivers\csc.sys
11:42:14.0953 4660 CSC - ok
11:42:15.0015 4660 [ 0A2095F92F6AE4FE6484D911B0C21E95 ] CscService C:\Windows\System32\cscsvc.dll
11:42:15.0038 4660 CscService - ok
11:42:15.0124 4660 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
11:42:15.0147 4660 DcomLaunch - ok
11:42:15.0209 4660 [ 9ED46F6F11A0FEA24AD95B71367F2473 ] DDNIService C:\Program Files\DDNI\DIBS\DDNIService.exe
11:42:15.0210 4660 DDNIService - ok
11:42:15.0252 4660 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
11:42:15.0254 4660 DfsC - ok
11:42:15.0346 4660 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
11:42:15.0375 4660 DFSR - ok
11:42:15.0437 4660 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
11:42:15.0440 4660 Dhcp - ok
11:42:15.0488 4660 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
11:42:15.0490 4660 disk - ok
11:42:15.0559 4660 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
11:42:15.0562 4660 Dnscache - ok
11:42:15.0623 4660 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
11:42:15.0640 4660 dot3svc - ok
11:42:15.0677 4660 [ 6D279BB0DE1D8E34F454E1B353F4D738 ] DozeHDD C:\Windows\system32\DRIVERS\DozeHDD.sys
11:42:15.0678 4660 DozeHDD - ok
11:42:15.0775 4660 [ 01E2180C3D72CB0ADCC43FB83D18942A ] DozeSvc C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE
11:42:15.0784 4660 DozeSvc - ok
11:42:15.0852 4660 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
11:42:15.0856 4660 DPS - ok
11:42:15.0911 4660 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
11:42:15.0913 4660 drmkaud - ok
11:42:16.0100 4660 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
11:42:16.0145 4660 DXGKrnl - ok
11:42:16.0184 4660 [ F88FB26547FD2CE6D0A5AF2985892C48 ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
11:42:16.0187 4660 E1G60 - ok
11:42:16.0219 4660 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
11:42:16.0243 4660 EapHost - ok
11:42:16.0301 4660 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
11:42:16.0305 4660 Ecache - ok
11:42:16.0341 4660 [ E8F3F21A71720C84BCF423B80028359F ] elxstor C:\Windows\system32\drivers\elxstor.sys
11:42:16.0362 4660 elxstor - ok
11:42:16.0409 4660 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
11:42:16.0431 4660 EMDMgmt - ok
11:42:16.0475 4660 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
11:42:16.0478 4660 EventSystem - ok
11:42:16.0565 4660 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
11:42:16.0568 4660 exfat - ok
11:42:16.0615 4660 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
11:42:16.0619 4660 fastfat - ok
11:42:16.0666 4660 [ DFBA0F60FA301E5B1BFB1403A93EE23E ] Fax C:\Windows\system32\fxssvc.exe
11:42:16.0688 4660 Fax - ok
11:42:16.0727 4660 [ 63BDADA84951B9C03E641800E176898A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
11:42:16.0743 4660 fdc - ok
11:42:16.0796 4660 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
11:42:16.0798 4660 fdPHost - ok
11:42:16.0821 4660 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
11:42:16.0823 4660 FDResPub - ok
11:42:16.0904 4660 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
11:42:16.0906 4660 FileInfo - ok
11:42:16.0952 4660 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
11:42:16.0954 4660 Filetrace - ok
11:42:16.0968 4660 [ 6603957EFF5EC62D25075EA8AC27DE68 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
11:42:16.0969 4660 flpydisk - ok
11:42:17.0005 4660 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
11:42:17.0006 4660 FltMgr - ok
11:42:17.0094 4660 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
11:42:17.0128 4660 FontCache - ok
11:42:17.0193 4660 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
11:42:17.0194 4660 FontCache3.0.0.0 - ok
11:42:17.0224 4660 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
11:42:17.0226 4660 Fs_Rec - ok
11:42:17.0258 4660 [ 4E1CD0A45C50A8882616CAE5BF82F3C5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
11:42:17.0260 4660 gagp30kx - ok
11:42:17.0357 4660 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
11:42:17.0379 4660 gpsvc - ok
11:42:17.0421 4660 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
11:42:17.0427 4660 HdAudAddService - ok
11:42:17.0481 4660 [ 4B6F641DE7D79F414B309B519C30F274 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
11:42:17.0504 4660 HDAudBus - ok
11:42:17.0531 4660 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
11:42:17.0533 4660 HidBth - ok
11:42:17.0555 4660 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
11:42:17.0556 4660 HidIr - ok
11:42:17.0601 4660 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\system32\hidserv.dll
11:42:17.0603 4660 hidserv - ok
11:42:17.0628 4660 [ C917F0C196AC0E4B6B9D3F0FA860AF53 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
11:42:17.0630 4660 HidUsb - ok
11:42:17.0674 4660 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
11:42:17.0677 4660 hkmsvc - ok
11:42:17.0720 4660 [ DF353B401001246853763C4B7AAA6F50 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
11:42:17.0722 4660 HpCISSs - ok
11:42:17.0785 4660 [ 46D67209550973257601A533E2AC5785 ] HSFHWAZL C:\Windows\system32\DRIVERS\VSTAZL3.SYS
11:42:17.0791 4660 HSFHWAZL - ok
11:42:17.0853 4660 [ CC267848CB3508E72762BE65734E764D ] HSF_DPV C:\Windows\system32\DRIVERS\HSX_DPV.sys
11:42:17.0898 4660 HSF_DPV - ok
11:42:17.0954 4660 [ A2882945CC4B6E3E4E9E825590438888 ] HSXHWAZL C:\Windows\system32\DRIVERS\HSXHWAZL.sys
11:42:17.0959 4660 HSXHWAZL - ok
11:42:18.0013 4660 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
11:42:18.0021 4660 HTTP - ok
11:42:18.0044 4660 [ 324C2152FF2C61ABAE92D09F3CCA4D63 ] i2omp C:\Windows\system32\drivers\i2omp.sys
11:42:18.0046 4660 i2omp - ok
11:42:18.0109 4660 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
11:42:18.0111 4660 i8042prt - ok
11:42:18.0163 4660 [ 01446278D4563B3013C92830AE6CBB26 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
11:42:18.0166 4660 iaStor - ok
11:42:18.0218 4660 [ C957BF4B5D80B46C5017BF0101E6C906 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
11:42:18.0224 4660 iaStorV - ok
11:42:18.0279 4660 [ E3FFC8CB45B3F55264EE10F084B2731B ] IBMPMDRV C:\Windows\system32\DRIVERS\ibmpmdrv.sys
11:42:18.0281 4660 IBMPMDRV - ok
11:42:18.0330 4660 [ 5565982522EE9D4E8921FEB304D4226F ] IBMPMSVC C:\Windows\system32\ibmpmsvc.exe
11:42:18.0332 4660 IBMPMSVC - ok
11:42:18.0443 4660 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
11:42:18.0447 4660 IDriverT - ok
11:42:18.0545 4660 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
11:42:18.0590 4660 idsvc - ok
11:42:18.0635 4660 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
11:42:18.0637 4660 iirsp - ok
11:42:18.0683 4660 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
11:42:18.0688 4660 IKEEXT - ok
11:42:18.0761 4660 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys
11:42:18.0763 4660 intelide - ok
11:42:18.0793 4660 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
11:42:18.0795 4660 intelppm - ok
11:42:18.0835 4660 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
11:42:18.0838 4660 IPBusEnum - ok
11:42:18.0873 4660 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:42:18.0875 4660 IpFilterDriver - ok
11:42:18.0919 4660 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
11:42:18.0922 4660 iphlpsvc - ok
11:42:18.0928 4660 IpInIp - ok
11:42:18.0959 4660 [ 40F34F8ABA2A015D780E4B09138B6C17 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
11:42:18.0961 4660 IPMIDRV - ok
11:42:18.0999 4660 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
11:42:19.0002 4660 IPNAT - ok
11:42:19.0054 4660 [ 00D8E9DAEBE72A5DF3986FD418A995EB ] IPSSVC C:\Windows\system32\IPSSVC.EXE
11:42:19.0056 4660 IPSSVC - ok
11:42:19.0096 4660 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
11:42:19.0097 4660 IRENUM - ok
11:42:19.0120 4660 [ 350FCA7E73CF65BCEF43FAE1E4E91293 ] isapnp C:\Windows\system32\drivers\isapnp.sys
11:42:19.0122 4660 isapnp - ok
11:42:19.0178 4660 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
11:42:19.0182 4660 iScsiPrt - ok
11:42:19.0207 4660 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
11:42:19.0209 4660 iteatapi - ok
11:42:19.0222 4660 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
11:42:19.0224 4660 iteraid - ok
11:42:19.0276 4660 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
11:42:19.0278 4660 kbdclass - ok
11:42:19.0322 4660 [ D2600CB17B7408B4A83F231DC9A11AC3 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
11:42:19.0323 4660 kbdhid - ok
11:42:19.0363 4660 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
11:42:19.0365 4660 KeyIso - ok
11:42:19.0417 4660 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
11:42:19.0427 4660 KSecDD - ok
11:42:19.0494 4660 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
11:42:19.0503 4660 KtmRm - ok
11:42:19.0553 4660 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\system32\srvsvc.dll
11:42:19.0557 4660 LanmanServer - ok
11:42:19.0656 4660 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
11:42:19.0660 4660 LanmanWorkstation - ok
11:42:19.0715 4660 [ 9AAC267A225F3CAEBB9E633F7EB16E4B ] lenovo.smi C:\Windows\system32\DRIVERS\smiif32.sys
11:42:19.0717 4660 lenovo.smi - ok
11:42:19.0767 4660 [ 158B67696EC8602CE71F9AA4F14AA96F ] Lenovo.VIRTSCRLSVC C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
11:42:19.0768 4660 Lenovo.VIRTSCRLSVC - ok
11:42:19.0820 4660 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
11:42:19.0822 4660 lltdio - ok
11:42:19.0863 4660 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
11:42:19.0869 4660 lltdsvc - ok
11:42:19.0901 4660 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
11:42:19.0903 4660 lmhosts - ok
11:42:19.0937 4660 [ A2262FB9F28935E862B4DB46438C80D2 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
11:42:19.0939 4660 LSI_FC - ok
11:42:19.0968 4660 [ 30D73327D390F72A62F32C103DAF1D6D ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
11:42:19.0970 4660 LSI_SAS - ok
11:42:20.0034 4660 [ E1E36FEFD45849A95F1AB81DE0159FE3 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
11:42:20.0036 4660 LSI_SCSI - ok
11:42:20.0075 4660 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
11:42:20.0078 4660 luafv - ok
11:42:20.0110 4660 [ 65E794E86468B61F2BC79ABC48BC4433 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
11:42:20.0111 4660 MBAMProtector - ok
11:42:20.0170 4660 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
11:42:20.0179 4660 MBAMScheduler - ok
11:42:20.0239 4660 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
11:42:20.0273 4660 MBAMService - ok
11:42:20.0317 4660 [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys
11:42:20.0318 4660 mdmxsdk - ok
11:42:20.0360 4660 [ D153B14FC6598EAE8422A2037553ADCE ] megasas C:\Windows\system32\drivers\megasas.sys
11:42:20.0361 4660 megasas - ok
11:42:20.0399 4660 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
11:42:20.0402 4660 MMCSS - ok
11:42:20.0424 4660 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
11:42:20.0425 4660 Modem - ok
11:42:20.0486 4660 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
11:42:20.0488 4660 monitor - ok
11:42:20.0532 4660 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
11:42:20.0533 4660 mouclass - ok
11:42:20.0548 4660 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
11:42:20.0550 4660 mouhid - ok
11:42:20.0586 4660 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
11:42:20.0588 4660 MountMgr - ok
11:42:20.0656 4660 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
11:42:20.0659 4660 MozillaMaintenance - ok
11:42:20.0705 4660 [ EE728AF83850DDAD9A3FCAC0AAB3AD97 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
11:42:20.0709 4660 MpFilter - ok
11:42:20.0758 4660 [ 583A41F26278D9E0EA548163D6139397 ] mpio C:\Windows\system32\drivers\mpio.sys
11:42:20.0760 4660 mpio - ok
11:42:20.0929 4660 [ A69630D039C38018689190234F866D77 ] MpKslc6f30fae c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{447AB8EC-F780-404B-B8DD-85702EF17DDE}\MpKslc6f30fae.sys
11:42:20.0930 4660 MpKslc6f30fae - ok
11:42:20.0969 4660 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
11:42:20.0971 4660 mpsdrv - ok
11:42:21.0028 4660 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
11:42:21.0033 4660 MpsSvc - ok
11:42:21.0071 4660 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
11:42:21.0073 4660 Mraid35x - ok
11:42:21.0120 4660 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
11:42:21.0123 4660 MRxDAV - ok
11:42:21.0169 4660 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
11:42:21.0172 4660 mrxsmb - ok
11:42:21.0183 4660 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:42:21.0189 4660 mrxsmb10 - ok
11:42:21.0239 4660 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:42:21.0242 4660 mrxsmb20 - ok
11:42:21.0280 4660 [ B2EFB263600314BABCF9DADB1CBBA994 ] msahci C:\Windows\system32\drivers\msahci.sys
11:42:21.0281 4660 msahci - ok
11:42:21.0328 4660 [ 3FC82A2AE4CC149165A94699183D3028 ] msdsm C:\Windows\system32\drivers\msdsm.sys
11:42:21.0331 4660 msdsm - ok
11:42:21.0377 4660 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
11:42:21.0381 4660 MSDTC - ok
11:42:21.0406 4660 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
11:42:21.0408 4660 Msfs - ok
11:42:21.0424 4660 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
11:42:21.0426 4660 msisadrv - ok
11:42:21.0446 4660 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
11:42:21.0450 4660 MSiSCSI - ok
11:42:21.0456 4660 msiserver - ok
11:42:21.0489 4660 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
11:42:21.0490 4660 MSKSSRV - ok
11:42:21.0580 4660 [ E077FCA2A7E79FB9BF67D3E30B5CE593 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
11:42:21.0581 4660 MsMpSvc - ok
11:42:21.0640 4660 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
11:42:21.0642 4660 MSPCLOCK - ok
11:42:21.0652 4660 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
11:42:21.0655 4660 MSPQM - ok
11:42:21.0700 4660 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
11:42:21.0704 4660 MsRPC - ok
11:42:21.0722 4660 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
11:42:21.0724 4660 mssmbios - ok
11:42:21.0743 4660 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
11:42:21.0745 4660 MSTEE - ok
11:42:21.0793 4660 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
11:42:21.0795 4660 Mup - ok
11:42:21.0848 4660 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
11:42:21.0856 4660 napagent - ok
11:42:21.0917 4660 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
11:42:21.0921 4660 NativeWifiP - ok
11:42:21.0974 4660 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
11:42:22.0030 4660 NDIS - ok
11:42:22.0068 4660 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
11:42:22.0069 4660 NdisTapi - ok
11:42:22.0110 4660 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
11:42:22.0111 4660 Ndisuio - ok
11:42:22.0135 4660 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
11:42:22.0139 4660 NdisWan - ok
11:42:22.0183 4660 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
11:42:22.0185 4660 NDProxy - ok
11:42:22.0200 4660 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
11:42:22.0202 4660 NetBIOS - ok
11:42:22.0251 4660 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
11:42:22.0255 4660 netbt - ok
11:42:22.0274 4660 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
11:42:22.0275 4660 Netlogon - ok
11:42:22.0333 4660 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
11:42:22.0340 4660 Netman - ok
11:42:22.0397 4660 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
11:42:22.0403 4660 netprofm - ok
11:42:22.0448 4660 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:42:22.0452 4660 NetTcpPortSharing - ok
11:42:22.0504 4660 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
11:42:22.0506 4660 nfrd960 - ok
11:42:22.0555 4660 [ 2CD24A6AF497D0E9B9BF3DA924ED05E6 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
11:42:22.0557 4660 NisDrv - ok
11:42:22.0626 4660 [ 3B846434055F80D9E89D0742F3ADAD34 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
11:42:22.0633 4660 NisSrv - ok
11:42:22.0671 4660 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
11:42:22.0674 4660 NlaSvc - ok
11:42:22.0725 4660 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
11:42:22.0726 4660 Npfs - ok
11:42:22.0768 4660 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
11:42:22.0771 4660 nsi - ok
11:42:22.0815 4660 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
11:42:22.0816 4660 nsiproxy - ok
11:42:22.0913 4660 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
11:42:22.0959 4660 Ntfs - ok
11:42:23.0002 4660 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
11:42:23.0004 4660 ntrigdigi - ok
11:42:23.0030 4660 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
11:42:23.0032 4660 Null - ok
11:42:23.0054 4660 [ E69E946F80C1C31C53003BFBF50CBB7C ] nvraid C:\Windows\system32\drivers\nvraid.sys
11:42:23.0057 4660 nvraid - ok
11:42:23.0075 4660 [ 9E0BA19A28C498A6D323D065DB76DFFC ] nvstor C:\Windows\system32\drivers\nvstor.sys
11:42:23.0077 4660 nvstor - ok
11:42:23.0099 4660 [ 07C186427EB8FCC3D8D7927187F260F7 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
11:42:23.0103 4660 nv_agp - ok
11:42:23.0109 4660 NwlnkFlt - ok
11:42:23.0118 4660 NwlnkFwd - ok
11:42:23.0227 4660 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
11:42:23.0250 4660 odserv - ok
11:42:23.0352 4660 [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
11:42:23.0365 4660 ohci1394 - ok
11:42:23.0419 4660 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:42:23.0420 4660 ose - ok
11:42:23.0504 4660 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
11:42:23.0537 4660 p2pimsvc - ok
11:42:23.0592 4660 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
11:42:23.0599 4660 p2psvc - ok
11:42:23.0632 4660 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
11:42:23.0635 4660 Parport - ok
11:42:23.0676 4660 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
11:42:23.0678 4660 partmgr - ok
11:42:23.0703 4660 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
11:42:23.0704 4660 Parvdm - ok
11:42:23.0752 4660 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
11:42:23.0755 4660 PcaSvc - ok
11:42:23.0816 4660 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
11:42:23.0820 4660 pci - ok
11:42:23.0841 4660 [ 3B1901E401473E03EB8C874271E50C26 ] pciide C:\Windows\system32\drivers\pciide.sys
11:42:23.0842 4660 pciide - ok
11:42:23.0871 4660 [ 3BB2244F343B610C29C98035504C9B75 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
11:42:23.0875 4660 pcmcia - ok
11:42:23.0936 4660 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
11:42:23.0970 4660 PEAUTH - ok
11:42:24.0078 4660 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
11:42:24.0133 4660 pla - ok
11:42:24.0184 4660 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
11:42:24.0191 4660 PlugPlay - ok
11:42:24.0225 4660 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
11:42:24.0233 4660 PNRPAutoReg - ok
11:42:24.0259 4660 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
11:42:24.0266 4660 PNRPsvc - ok
11:42:24.0377 4660 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
11:42:24.0381 4660 PolicyAgent - ok
11:42:24.0425 4660 [ 836FE79DE8767D77136B6491A3D61089 ] Power Manager DBC Service C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
11:42:24.0426 4660 Power Manager DBC Service - ok
11:42:24.0454 4660 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
11:42:24.0456 4660 PptpMiniport - ok
11:42:24.0502 4660 [ 1D80309FED4BABF8EA9E7B84A394348B ] PROCDD C:\Windows\system32\DRIVERS\PROCDD.SYS
11:42:24.0519 4660 PROCDD - ok
11:42:24.0555 4660 [ 0E3CEF5D28B40CF273281D620C50700A ] Processor C:\Windows\system32\drivers\processr.sys
11:42:24.0557 4660 Processor - ok
11:42:24.0601 4660 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
11:42:24.0607 4660 ProfSvc - ok
11:42:24.0629 4660 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
11:42:24.0631 4660 ProtectedStorage - ok
11:42:24.0693 4660 [ F8A25F1DD8B2C332CBC663E3579566E7 ] psadd C:\Windows\system32\DRIVERS\psadd.sys
11:42:24.0694 4660 psadd - ok
11:42:24.0744 4660 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
11:42:24.0747 4660 PSched - ok
11:42:24.0807 4660 [ 576444157F1CB25AE2057EED586D4889 ] PwmEWSvc C:\Program Files\ThinkPad\Utilities\PWMEWSVC.EXE
11:42:24.0809 4660 PwmEWSvc - ok
11:42:24.0882 4660 [ CCDAC889326317792480C0A67156A1EC ] ql2300 C:\Windows\system32\drivers\ql2300.sys
11:42:24.0927 4660 ql2300 - ok
11:42:24.0951 4660 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
11:42:24.0955 4660 ql40xx - ok
11:42:25.0024 4660 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
11:42:25.0028 4660 QWAVE - ok
11:42:25.0078 4660 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
11:42:25.0080 4660 QWAVEdrv - ok
11:42:25.0192 4660 [ 107D6792A9473B9BFB553B0465460564 ] R300 C:\Windows\system32\DRIVERS\atikmdag.sys
11:42:25.0212 4660 R300 - ok
11:42:25.0276 4660 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
11:42:25.0278 4660 RasAcd - ok
11:42:25.0316 4660 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
11:42:25.0319 4660 RasAuto - ok
11:42:25.0366 4660 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
11:42:25.0369 4660 Rasl2tp - ok
11:42:25.0418 4660 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
11:42:25.0422 4660 RasMan - ok
11:42:25.0462 4660 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
11:42:25.0464 4660 RasPppoe - ok
11:42:25.0512 4660 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
11:42:25.0515 4660 RasSstp - ok
11:42:25.0565 4660 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
11:42:25.0570 4660 rdbss - ok
11:42:25.0577 4660 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
11:42:25.0580 4660 RDPCDD - ok
11:42:25.0630 4660 [ 943B18305EAE3935598A9B4A3D560B4C ] rdpdr C:\Windows\system32\DRIVERS\rdpdr.sys
11:42:25.0636 4660 rdpdr - ok
11:42:25.0644 4660 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
11:42:25.0646 4660 RDPENCDD - ok
11:42:25.0719 4660 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
11:42:25.0723 4660 RDPWD - ok
11:42:25.0790 4660 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
11:42:25.0792 4660 RemoteAccess - ok
11:42:25.0835 4660 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
11:42:25.0838 4660 RemoteRegistry - ok
11:42:25.0855 4660 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
11:42:25.0857 4660 RpcLocator - ok
11:42:25.0889 4660 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
11:42:25.0896 4660 RpcSs - ok
11:42:25.0944 4660 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
11:42:25.0946 4660 rspndr - ok
11:42:25.0962 4660 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
11:42:25.0964 4660 SamSs - ok
11:42:26.0006 4660 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
11:42:26.0008 4660 sbp2port - ok
11:42:26.0071 4660 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
11:42:26.0074 4660 SCardSvr - ok
11:42:26.0143 4660 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
11:42:26.0166 4660 Schedule - ok
11:42:26.0184 4660 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
11:42:26.0185 4660 SCPolicySvc - ok
11:42:26.0235 4660 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
11:42:26.0240 4660 SDRSVC - ok
11:42:26.0317 4660 [ D358E077A0A05D9B12DA22D137EE8464 ] SeaPort C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
11:42:26.0323 4660 SeaPort - ok
11:42:26.0340 4660 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
11:42:26.0342 4660 secdrv - ok
11:42:26.0385 4660 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
11:42:26.0389 4660 seclogon - ok
11:42:26.0402 4660 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll
11:42:26.0405 4660 SENS - ok
11:42:26.0445 4660 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
11:42:26.0447 4660 Serenum - ok
11:42:26.0471 4660 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
11:42:26.0474 4660 Serial - ok
11:42:26.0512 4660 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
11:42:26.0515 4660 sermouse - ok
11:42:26.0583 4660 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
11:42:26.0587 4660 SessionEnv - ok
11:42:26.0653 4660 [ 103B79418DA647736EE95645F305F68A ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
11:42:26.0678 4660 sffdisk - ok
11:42:26.0712 4660 [ 8FD08A310645FE872EEEC6E08C6BF3EE ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
11:42:26.0737 4660 sffp_mmc - ok
11:42:26.0769 4660 [ 9CFA05FCFCB7124E69CFC812B72F9614 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
11:42:26.0771 4660 sffp_sd - ok
11:42:26.0795 4660 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
11:42:26.0796 4660 sfloppy - ok
11:42:26.0825 4660 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
11:42:26.0832 4660 SharedAccess - ok
11:42:26.0876 4660 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
11:42:26.0884 4660 ShellHWDetection - ok
11:42:26.0952 4660 [ 1624530D05155F4E5A4736531523BFF5 ] Shockprf C:\Windows\system32\DRIVERS\Apsx86.sys
11:42:26.0955 4660 Shockprf - ok
11:42:26.0995 4660 [ D2A595D6EEBEEAF4334F8E50EFBC9931 ] sisagp C:\Windows\system32\drivers\sisagp.sys
11:42:26.0997 4660 sisagp - ok
11:42:27.0022 4660 [ CEDD6F4E7D84E9F98B34B3FE988373AA ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
11:42:27.0024 4660 SiSRaid2 - ok
11:42:27.0049 4660 [ DF843C528C4F69D12CE41CE462E973A7 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
11:42:27.0052 4660 SiSRaid4 - ok
11:42:27.0200 4660 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
11:42:27.0311 4660 slsvc - ok
11:42:27.0355 4660 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
11:42:27.0359 4660 SLUINotify - ok
11:42:27.0412 4660 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
11:42:27.0414 4660 Smb - ok
11:42:27.0509 4660 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
11:42:27.0513 4660 SNMPTRAP - ok
11:42:27.0554 4660 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
11:42:27.0556 4660 spldr - ok
11:42:27.0610 4660 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
11:42:27.0658 4660 Spooler - ok
11:42:27.0708 4660 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
11:42:27.0714 4660 srv - ok
11:42:27.0757 4660 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
11:42:27.0782 4660 srv2 - ok
11:42:27.0831 4660 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
11:42:27.0834 4660 srvnet - ok
11:42:27.0851 4660 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
11:42:27.0855 4660 SSDPSRV - ok
11:42:27.0932 4660 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
11:42:27.0937 4660 SstpSvc - ok
11:42:27.0997 4660 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
11:42:28.0019 4660 stisvc - ok
11:42:28.0154 4660 [ 109CA8F9DB4886F9F14667ADC10A5065 ] SUService C:\Program Files\Lenovo\System Update\SUService.exe
11:42:28.0155 4660 SUService - ok
11:42:28.0201 4660 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
11:42:28.0202 4660 swenum - ok
11:42:28.0259 4660 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
11:42:28.0264 4660 swprv - ok
11:42:28.0307 4660 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
11:42:28.0308 4660 Symc8xx - ok
11:42:28.0342 4660 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
11:42:28.0344 4660 Sym_hi - ok
11:42:28.0367 4660 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
11:42:28.0370 4660 Sym_u3 - ok
11:42:28.0443 4660 [ 003358D830A76DFE3803FB353B8FD87B ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
11:42:28.0450 4660 SynTP - ok
11:42:28.0529 4660 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
11:42:28.0552 4660 SysMain - ok
11:42:28.0589 4660 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
11:42:28.0592 4660 TabletInputService - ok
11:42:28.0643 4660 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
11:42:28.0648 4660 TapiSrv - ok
11:42:28.0692 4660 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
11:42:28.0695 4660 TBS - ok
11:42:28.0773 4660 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
11:42:28.0807 4660 Tcpip - ok
11:42:28.0851 4660 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
11:42:28.0858 4660 Tcpip6 - ok
11:42:28.0896 4660 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
11:42:28.0898 4660 tcpipreg - ok
11:42:28.0939 4660 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
11:42:28.0940 4660 TDPIPE - ok
11:42:28.0984 4660 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
11:42:28.0986 4660 TDTCP - ok
11:42:29.0050 4660 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
11:42:29.0052 4660 tdx - ok
11:42:29.0072 4660 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
11:42:29.0074 4660 TermDD - ok
11:42:29.0127 4660 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
11:42:29.0138 4660 TermService - ok
11:42:29.0149 4660 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
11:42:29.0153 4660 Themes - ok
11:42:29.0269 4660 [ 1C7B8E69BF9557A17A17F2120892ACF9 ] ThinkVantage Registry Monitor Service C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
11:42:29.0275 4660 ThinkVantage Registry Monitor Service - ok
11:42:29.0287 4660 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
11:42:29.0289 4660 THREADORDER - ok
11:42:29.0302 4660 [ D2378FBBD668D9FE9B6B5E3139D506D3 ] TPDIGIMN C:\Windows\system32\DRIVERS\ApsHM86.sys
11:42:29.0304 4660 TPDIGIMN - ok
11:42:29.0363 4660 [ A34A1E6B5461273846D30F5898602A72 ] TPHDEXLGSVC C:\Windows\system32\TPHDEXLG.exe
11:42:29.0367 4660 TPHDEXLGSVC - ok
11:42:29.0455 4660 [ CB258C2F726F1BE73C507022BE33EBB3 ] TPM C:\Windows\system32\drivers\tpm.sys
11:42:29.0457 4660 TPM - ok
11:42:29.0468 4660 [ C16EC6A5390904D3971179553852025B ] TPPWRIF C:\Windows\system32\drivers\Tppwr32v.sys
11:42:29.0470 4660 TPPWRIF - ok
11:42:29.0510 4660 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
11:42:29.0514 4660 TrkWks - ok
11:42:29.0581 4660 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
11:42:29.0582 4660 TrustedInstaller - ok
11:42:29.0679 4660 [ DDD4A2C9A37B93C7D8A539F785572565 ] TSSCoreService C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
11:42:29.0713 4660 TSSCoreService - ok
11:42:29.0756 4660 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
11:42:29.0758 4660 tssecsrv - ok
11:42:29.0792 4660 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
11:42:29.0793 4660 tunmp - ok
11:42:29.0801 4660 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
11:42:29.0803 4660 tunnel - ok
11:42:29.0906 4660 [ 550EB190CB6444C9E5DCAB810D2057BD ] TVT Backup Protection Service C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
11:42:29.0910 4660 TVT Backup Protection Service - ok
11:42:29.0950 4660 [ 8FAAFB3994A45F39FB8E4F87A417D59E ] TVT Backup Service C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
11:42:29.0984 4660 TVT Backup Service - ok
11:42:30.0130 4660 [ 5D355B9077CBE87C8E8EB1EAFEFF9F38 ] TVT Scheduler C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
11:42:30.0841 4660 TVT Scheduler - ok
11:42:30.0905 4660 [ 49258A02A1E8D304ED88B0F1C56B1738 ] tvtfilter C:\Windows\system32\DRIVERS\tvtfilter.sys
11:42:30.0906 4660 tvtfilter - ok
11:42:30.0949 4660 [ 7E66DDA1EF146BFC3A6E36E08E036602 ] TVTI2C C:\Windows\system32\DRIVERS\Tvti2c.sys
11:42:30.0951 4660 TVTI2C - ok
11:42:30.0989 4660 [ 2D1EC233C89416BA8187C9D7D49A075A ] tvtumon C:\Windows\system32\DRIVERS\tvtumon.sys
11:42:30.0991 4660 tvtumon - ok
11:42:31.0009 4660 [ 3152355EA8E8274D4FDA092F454DA7C0 ] TVT_UpdateMonitor C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe
11:42:31.0014 4660 TVT_UpdateMonitor - ok
11:42:31.0060 4660 [ C3ADE15414120033A36C0F293D4A4121 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
11:42:31.0062 4660 uagp35 - ok
11:42:31.0104 4660 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
11:42:31.0110 4660 udfs - ok
11:42:31.0153 4660 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
11:42:31.0157 4660 UI0Detect - ok
11:42:31.0176 4660 [ 75E6890EBFCE0841D3291B02E7A8BDB0 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
11:42:31.0179 4660 uliagpkx - ok
11:42:31.0208 4660 [ 3CD4EA35A6221B85DCC25DAA46313F8D ] uliahci C:\Windows\system32\drivers\uliahci.sys
11:42:31.0213 4660 uliahci - ok
11:42:31.0241 4660 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
11:42:31.0244 4660 UlSata - ok
11:42:31.0284 4660 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
11:42:31.0288 4660 ulsata2 - ok
11:42:31.0323 4660 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
11:42:31.0325 4660 umbus - ok
11:42:31.0374 4660 [ 8A66360F38F81E960E2367B428CBD5D9 ] UmRdpService C:\Windows\System32\umrdp.dll
11:42:31.0379 4660 UmRdpService - ok
11:42:31.0439 4660 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
11:42:31.0446 4660 upnphost - ok
11:42:31.0491 4660 [ 922B2EBD5118B9AB120410807131A921 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
11:42:31.0494 4660 usbccgp - ok
11:42:31.0530 4660 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
11:42:31.0532 4660 usbcir - ok
11:42:31.0571 4660 [ 3D045EAA73414BE8F877F292A84ABBA2 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
11:42:31.0573 4660 usbehci - ok
11:42:31.0625 4660 [ 1AE77A4C4E4F526EF9759C31A123F2B0 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
11:42:31.0630 4660 usbhub - ok
11:42:31.0649 4660 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys
11:42:31.0650 4660 usbohci - ok
11:42:31.0671 4660 [ B51E52ACF758BE00EF3A58EA452FE360 ] usbprint C:\Windows\system32\drivers\usbprint.sys
11:42:31.0673 4660 usbprint - ok
11:42:31.0713 4660 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:42:31.0714 4660 USBSTOR - ok
11:42:31.0741 4660 [ F69C1AAD04F28415F3FBE99FBE56030B ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
11:42:31.0743 4660 usbuhci - ok
11:42:31.0783 4660 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
11:42:31.0786 4660 UxSms - ok
11:42:31.0850 4660 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
11:42:31.0855 4660 vds - ok
11:42:31.0879 4660 [ 7D92BE0028ECDEDEC74617009084B5EF ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
11:42:31.0880 4660 vga - ok
11:42:31.0928 4660 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
11:42:31.0929 4660 VgaSave - ok
11:42:31.0968 4660 [ 045D9961E591CF0674A920B6BA3BA5CB ] viaagp C:\Windows\system32\drivers\viaagp.sys
11:42:31.0970 4660 viaagp - ok
11:42:31.0988 4660 [ 56A4DE5F02F2E88182B0981119B4DD98 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
11:42:31.0990 4660 ViaC7 - ok
11:42:32.0017 4660 [ FD2E3175FCADA350C7AB4521DCA187EC ] viaide C:\Windows\system32\drivers\viaide.sys
11:42:32.0019 4660 viaide - ok
11:42:32.0041 4660 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
11:42:32.0043 4660 volmgr - ok
11:42:32.0106 4660 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
11:42:32.0112 4660 volmgrx - ok
11:42:32.0172 4660 [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap C:\Windows\system32\drivers\volsnap.sys
11:42:32.0177 4660 volsnap - ok
11:42:32.0216 4660 [ D984439746D42B30FC65A4C3546C6829 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
11:42:32.0219 4660 vsmraid - ok
11:42:32.0293 4660 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
11:42:32.0304 4660 VSS - ok
11:42:32.0359 4660 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
11:42:32.0367 4660 W32Time - ok
11:42:32.0398 4660 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
11:42:32.0401 4660 WacomPen - ok
11:42:32.0457 4660 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
11:42:32.0459 4660 Wanarp - ok
11:42:32.0464 4660 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
11:42:32.0465 4660 Wanarpv6 - ok
11:42:32.0542 4660 [ 20B23332885DFB93FE0185362EE811E9 ] wbengine C:\Windows\system32\wbengine.exe
11:42:32.0552 4660 wbengine - ok
11:42:32.0579 4660 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
11:42:32.0602 4660 wcncsvc - ok
11:42:32.0627 4660 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
11:42:32.0631 4660 WcsPlugInService - ok
11:42:32.0645 4660 [ AFC5AD65B991C1E205CF25CFDBF7A6F4 ] Wd C:\Windows\system32\drivers\wd.sys
11:42:32.0647 4660 Wd - ok
11:42:32.0705 4660 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
11:42:32.0715 4660 Wdf01000 - ok
11:42:32.0754 4660 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
11:42:32.0760 4660 WdiServiceHost - ok
11:42:32.0765 4660 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
11:42:32.0768 4660 WdiSystemHost - ok
11:42:32.0824 4660 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
11:42:32.0829 4660 WebClient - ok
11:42:32.0874 4660 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
11:42:32.0879 4660 Wecsvc - ok
11:42:32.0893 4660 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
11:42:32.0896 4660 wercplsupport - ok
11:42:32.0959 4660 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
11:42:32.0964 4660 WerSvc - ok
11:42:33.0037 4660 [ 0ACD399F5DB3DF1B58903CF4949AB5A8 ] winachsf C:\Windows\system32\DRIVERS\HSX_CNXT.sys
11:42:33.0071 4660 winachsf - ok
11:42:33.0139 4660 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
11:42:33.0145 4660 WinDefend - ok
11:42:33.0152 4660 WinHttpAutoProxySvc - ok
11:42:33.0213 4660 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
11:42:33.0217 4660 Winmgmt - ok
11:42:33.0279 4660 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
11:42:33.0324 4660 WinRM - ok
11:42:33.0392 4660 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
11:42:33.0400 4660 Wlansvc - ok
11:42:33.0468 4660 [ 701A9F884A294327E9141D73746EE279 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
11:42:33.0470 4660 WmiAcpi - ok
11:42:33.0516 4660 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
11:42:33.0517 4660 wmiApSrv - ok
11:42:33.0591 4660 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
11:42:33.0625 4660 WMPNetworkSvc - ok
11:42:33.0686 4660 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
11:42:33.0691 4660 WPDBusEnum - ok
11:42:33.0831 4660 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
11:42:33.0864 4660 WPFFontCache_v0400 - ok
11:42:33.0904 4660 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
11:42:33.0906 4660 ws2ifsl - ok
11:42:33.0957 4660 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\System32\wscsvc.dll
11:42:33.0960 4660 wscsvc - ok
11:42:33.0967 4660 WSearch - ok
11:42:34.0118 4660 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
11:42:34.0184 4660 wuauserv - ok
11:42:34.0229 4660 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
11:42:34.0232 4660 WUDFRd - ok
11:42:34.0281 4660 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll
11:42:34.0285 4660 wudfsvc - ok
11:42:34.0326 4660 [ DAB33CFA9DD24251AAA389FF36B64D4B ] XAudio C:\Windows\system32\DRIVERS\xaudio.sys
11:42:34.0327 4660 XAudio - ok
11:42:34.0356 4660 [ CD5F291A1161F15896D1A4D63DAFF5DF ] XAudioService C:\Windows\system32\DRIVERS\xaudio.exe
11:42:34.0364 4660 XAudioService - ok
11:42:34.0375 4660 ================ Scan global ===============================
11:42:34.0391 4660 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
11:42:34.0447 4660 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
11:42:34.0481 4660 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
11:42:34.0541 4660 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
11:42:34.0545 4660 [Global] - ok
11:42:34.0545 4660 ================ Scan MBR ==================================
11:42:34.0557 4660 [ 741CA2ED6A6F286DFD7E9A3F067C4C0C ] \Device\Harddisk0\DR0
11:42:34.0813 4660 \Device\Harddisk0\DR0 - ok
11:42:34.0819 4660 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
11:42:34.0825 4660 \Device\Harddisk1\DR1 - ok
11:42:34.0826 4660 ================ Scan VBR ==================================
11:42:34.0829 4660 [ A56D8291343E7FFFBACA6D3C41F37692 ] \Device\Harddisk0\DR0\Partition1
11:42:34.0836 4660 \Device\Harddisk0\DR0\Partition1 - ok
11:42:34.0842 4660 [ A2587AFABCB0D5392D2A9725E3B9508C ] \Device\Harddisk1\DR1\Partition1
11:42:34.0844 4660 \Device\Harddisk1\DR1\Partition1 - ok
11:42:34.0846 4660 ============================================================
11:42:34.0846 4660 Scan finished
11:42:34.0846 4660 ============================================================
11:42:34.0863 5052 Detected object count: 1
11:42:34.0863 5052 Actual detected object count: 1
11:43:04.0694 5052 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
11:43:04.0694 5052 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
11:44:57.0723 6084 Deinitialize success

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-07 11:50:48
-----------------------------
11:50:48.646 OS Version: Windows 6.0.6002 Service Pack 2
11:50:48.646 Number of processors: 2 586 0xF06
11:50:48.649 ComputerName: JAYS-LAPTOP UserName: Jay
11:50:49.626 Initialize success
11:52:36.224 AVAST engine defs: 12100701
11:52:57.549 The log file has been saved successfully to "C:\Users\Jay\Desktop\aswMBR.txt"
******************************************************************************************************************

I should mention that the sound did come back on Adobe flash. ATI Catalyst Center is still not letting me access it even though I am an administrator, even if I run it as administrator. Seems some of the Lenovo Thinkvantage software is not running properly.

I want to thank you for your time and want you to know I appreciate your help.

#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:43 PM

Posted 08 October 2012 - 09:19 AM

Please run these tools.

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html


Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

Third party programs if not up to date can be the cause infiltration of an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please download AdwCleaner by Xplode onto your Desktop.

  • Please close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with OK.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.

Please post the logs for my review let me know what problem persists.

#7 jayman2

jayman2
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:43 PM

Posted 08 October 2012 - 07:52 PM

Here you go!


ComboFix 12-10-08.03 - Jay 10/08/2012 19:07:34.1.2 - x86
Running from: c:\users\Jay\Desktop\ComboFix.exe
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Codecv
c:\programdata\Codecv\background.html
c:\programdata\Codecv\content.js
c:\programdata\Codecv\pnplkfajmmolhjlppgbdahphpjacklad.crx
c:\programdata\Codecv\settings.ini
c:\programdata\Codecv\uninstall.exe
c:\users\Public\vin .msg
.
.
((((((((((((((((((((((((( Files Created from 2012-09-09 to 2012-10-09 )))))))))))))))))))))))))))))))
.
.
2012-10-08 23:41 . 2012-08-30 08:17 6980552 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B6218D87-0FD4-4525-B96B-7FFB319841E1}\mpengine.dll
2012-10-07 14:25 . 2012-08-30 08:17 6980552 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-09-30 23:52 . 2012-09-30 23:52 -------- d-----w- c:\users\Jay\AppData\Roaming\Malwarebytes
2012-09-30 23:51 . 2012-09-30 23:51 -------- d-----w- c:\programdata\Malwarebytes
2012-09-30 23:51 . 2012-09-30 23:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-09-30 23:51 . 2012-09-07 22:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-30 21:11 . 2012-09-30 21:11 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-09-30 20:59 . 2012-09-30 20:59 -------- d-----w- c:\users\Jay\.smplayer
2012-09-26 02:35 . 2012-09-26 02:35 -------- d-----w- c:\users\Jay\AppData\Local\TrafficSpaceLLC
2012-09-24 04:29 . 2012-09-24 04:29 -------- d-----w- c:\users\Jay\AppData\Local\MPlayer
2012-09-23 19:34 . 2012-09-23 19:34 -------- d-----w- c:\users\Jay\AppData\Roaming\StreamTorrent
2012-09-23 19:34 . 2012-09-23 19:34 -------- d-----w- c:\program files\StreamTorrent 1.0
2012-09-22 01:37 . 2012-09-30 20:49 -------- d-----w- c:\programdata\WeCareReminder
2012-09-12 03:04 . 2012-09-12 03:04 -------- d-----w- c:\users\Jay\AppData\Local\Ilivid Player
2012-09-12 03:04 . 2012-09-12 03:04 -------- d-----w- c:\program files\iLivid
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-23 00:15 . 2012-04-04 00:58 696240 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-23 00:15 . 2011-08-31 04:03 73136 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-31 03:03 . 2012-08-31 03:03 193552 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-31 03:03 . 2012-03-21 01:44 99272 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-08-29 01:24 . 2012-07-11 03:14 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-08-29 01:24 . 2011-12-02 05:11 473072 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-06 01:27 . 2012-09-30 21:10 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Xvid"="c:\program files\Xvid\CheckUpdate.exe" [2011-01-17 8192]
"Akamai NetSession Interface"="c:\users\Jay\AppData\Local\Akamai\netsession_win.exe" [2012-08-10 4440896]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PWMTRV"="c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2011-10-04 1322048]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-10-01 2295080]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-06-06 487424]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"TpShocks"="TpShocks.exe" [2011-03-29 337256]
"LPManager"="c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe" [2009-07-23 185688]
"LPMailChecker"="c:\progra~1\THINKV~1\PrdCtr\LPMLCHK.exe" [2009-07-23 124248]
"AMSG"="c:\program files\ThinkVantage\AMSG\Amsg.exe" [2009-09-03 436800]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2009-03-05 3093816]
"AwaySch"="c:\program files\Lenovo\AwayTask\AwaySch.EXE" [2006-11-08 91688]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-07-10 1282048]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2009-12-01 256576]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\users\Jay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CCC.lnk - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-9-29 49152]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2011-9-1 50688]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
Akamai REG_MULTI_SZ Akamai
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 00:15]
.
2012-10-06 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 15:54]
.
2012-10-08 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 15:54]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://home.mywebsearch.com/index.jhtml?n=77DE8857&p2=^HJ^xdm153^S03104^us&ptb=F4B96C29-32CF-4F37-8F7E-F98BD4F2C674
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77} - hxxp://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect2.cab
FF - ProfilePath - c:\users\Jay\AppData\Roaming\Mozilla\Firefox\Profiles\vo69fjf5.default-1349039941838\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-DW6 - c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe
AddRemove-RealPlayer 15.0 - c:\program files\real\realplayer\Update\r1puninst.exe
AddRemove-{2EF17083-57D4-4D64-AE4F-55F32A2C4571} - c:\programdata\Codecv\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-08 19:18
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_5891ae0.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-10-08 19:22:13
ComboFix-quarantined-files.txt 2012-10-09 00:22
.
Pre-Run: 8,498,479,104 bytes free
Post-Run: 9,234,849,792 bytes free
.
- - End Of File - - 53A02AD21A5DE29215BAD9CACDAC6372
************************************************************************************************************

Results of screen317's Security Check version 0.99.51
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.65.0.1400
Java™ 6 Update 35
Java 7 Update 7
Adobe Flash Player 11.4.402.278
Adobe Reader X (10.1.4)
Mozilla Firefox (15.0.1)
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 2 % Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
***************************************************************************************************************
# AdwCleaner v2.004 - Logfile created 10/08/2012 at 19:28:30
# Updated 06/10/2012 by Xplode
# Operating system : Windows Vista ™ Business Service Pack 2 (32 bits)
# User : Jay - JAYS-LAPTOP
# Boot Mode : Normal
# Running from : C:\Users\Jay\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Program Files\Ilivid
Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Codecv
Folder Deleted : C:\ProgramData\Premium
Folder Deleted : C:\ProgramData\WeCareReminder
Folder Deleted : C:\Users\Jay\AppData\Local\Ilivid Player
Folder Deleted : C:\Users\Jay\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Jay\AppData\LocalLow\Codecv

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{2EF17083-57D4-4D64-AE4F-55F32A2C4571}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKCU\Software\wecarereminder
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://home.mywebsearch.com/index.jhtml?n=77DE8857&p2=^HJ^xdm153^S03104^us&ptb=F4B96C29-32CF-4F37-8F7E-F98BD4F2C674 --> hxxp://www.google.com

-\\ Mozilla Firefox v15.0.1 (en-US)

Profile name : default-1349039941838 [Profil par défaut]
File : C:\Users\Jay\AppData\Roaming\Mozilla\Firefox\Profiles\vo69fjf5.default-1349039941838\prefs.js

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [2241 octets] - [08/10/2012 19:28:30]

########## EOF - C:\AdwCleaner[S1].txt - [2301 octets] ##########
*************************************************************************************************************

Still do not have access to ATI Catalyst Control Center. Lenovo Thinkvantage System Update gives "A problem occurred while loading system update configuration settings Please wait while system update starts." I have to kill it in task manager processes in order to continue. It appears that MS Update works but I didn't install or update since I didn't know if I should at this point. Computer seems improved but I just ran this stuff I will let you know if I notice anything else.

Thanks Again for your Help!!

Jay

#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:43 PM

Posted 09 October 2012 - 07:41 AM

Thinkvantage System Update gives "A problem occurred while loading system update configuration settings Please wait while system update starts." I have to kill it in task manager processes in order to continue.


Install the latest version.

ThinkVantage System Update 5.00
http://support.lenovo.com/en_US/downloads/detail.page?&LegacyDocID=MIGR-73695
===

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Keep me posted.

#9 jayman2

jayman2
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:43 PM

Posted 09 October 2012 - 08:18 PM

Attached File  Task Manager after System Update was killed.pdf   120.26KB   1 downloads

OK. I uninstalled and reinstalled Lenovo System Update Version 3.15. Version 5.0 is only supported for Windows 7 and 8 and I have Vista. According to the support site this is the correct latest version. I uninstalled and reinstalled and still having the same issue. Still have the issue with ATI Catalyst Control Center. Another thing is that I have Malware Bytes and MS Security Essentials running. I know that having two running can cause issues so I kill Malware Bytes. I get a warning from Window Security that my malware is not running and I have to start it manually. Once it starts it seems to run OK. I dont know if this is because of a scrambled registry from the virus or because I kill Malware Bytes once it starts.

I have a question for you. I have looked at a lot of the forums here. It seems that most of the experts on this site want you to have more than one Antivirus Software on the computer. I have been told that having two installed on a computer can be problematic in that they will fight each other. Which is correct? How do you have two antivirus programs, use both to keep your computer clean and avoid conflicts? I also noticed something strange in task manager in the process page see the attached file.

Thanks again, let me know where I go from here.

*******************************************************************************

Farbar Service Scanner Version: 07-10-2012
Ran by Jay (administrator) on 09-10-2012 at 19:46:37
Running from "C:\Users\Jay\Desktop"
Windows Vista ™ Business Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:43 PM

Posted 10 October 2012 - 09:29 AM

Task Manager after System Update was killed. Notice two Akamia Netsessions. This program was put on here by our old Malware Provider. Computer Associates. Is it OK to uninstall this software? We do not use them anymore as we are using MS Essentials.


Yes remove the Akamia Netsessions.

Run the TDSSKiller tool and remove them with the tool.

If you are using the MS Essentials program this will automatically disable the Windows Defender.
You can run the tool on occasion but it will always be disable by MS Essentials at the end.

Post a fresh the TDSSKiller log and include a fresh DDS log for my review.

Let me know what problem persists.

#11 jayman2

jayman2
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:43 PM

Posted 10 October 2012 - 09:02 PM

19:34:07.0642 3656 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
19:34:08.0132 3656 ============================================================
19:34:08.0132 3656 Current date / time: 2012/10/10 19:34:08.0132
19:34:08.0133 3656 SystemInfo:
19:34:08.0133 3656
19:34:08.0133 3656 OS Version: 6.0.6002 ServicePack: 2.0
19:34:08.0133 3656 Product type: Workstation
19:34:08.0133 3656 ComputerName: JAYS-LAPTOP
19:34:08.0133 3656 UserName: Jay
19:34:08.0133 3656 Windows directory: C:\Windows
19:34:08.0133 3656 System windows directory: C:\Windows
19:34:08.0133 3656 Processor architecture: Intel x86
19:34:08.0133 3656 Number of processors: 2
19:34:08.0133 3656 Page size: 0x1000
19:34:08.0133 3656 Boot type: Normal boot
19:34:08.0133 3656 ============================================================
19:34:11.0130 3656 Drive \Device\Harddisk0\DR0 - Size: 0xDF8F90000 (55.89 Gb), SectorSize: 0x200, Cylinders: 0x1E48, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050
19:34:11.0168 3656 ============================================================
19:34:11.0168 3656 \Device\Harddisk0\DR0:
19:34:11.0172 3656 MBR partitions:
19:34:11.0172 3656 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x6FC6800
19:34:11.0172 3656 ============================================================
19:34:11.0337 3656 C: <-> \Device\Harddisk0\DR0\Partition1
19:34:11.0338 3656 ============================================================
19:34:11.0338 3656 Initialize success
19:34:11.0338 3656 ============================================================
19:34:29.0657 2292 ============================================================
19:34:29.0658 2292 Scan started
19:34:29.0658 2292 Mode: Manual;
19:34:29.0658 2292 ============================================================
19:34:30.0446 2292 ================ Scan system memory ========================
19:34:30.0446 2292 System memory - ok
19:34:30.0446 2292 ================ Scan services =============================
19:34:32.0397 2292 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
19:34:32.0402 2292 ACPI - ok
19:34:32.0455 2292 [ A51EA92451897824C5C7474A160AF773 ] ADIHdAudAddService C:\Windows\system32\drivers\ADIHdAud.sys
19:34:32.0462 2292 ADIHdAudAddService - ok
19:34:32.0768 2292 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
19:34:32.0771 2292 AdobeARMservice - ok
19:34:32.0942 2292 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
19:34:33.0336 2292 AdobeFlashPlayerUpdateSvc - ok
19:34:33.0443 2292 [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
19:34:33.0492 2292 adp94xx - ok
19:34:33.0519 2292 [ B84088CA3CDCA97DA44A984C6CE1CCAD ] adpahci C:\Windows\system32\drivers\adpahci.sys
19:34:33.0525 2292 adpahci - ok
19:34:33.0549 2292 [ 7880C67BCCC27C86FD05AA2AFB5EA469 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
19:34:33.0552 2292 adpu160m - ok
19:34:33.0578 2292 [ 9AE713F8E30EFC2ABCCD84904333DF4D ] adpu320 C:\Windows\system32\drivers\adpu320.sys
19:34:33.0582 2292 adpu320 - ok
19:34:33.0651 2292 [ 12D23758621B00B8D3134095EC3325FD ] AEADIFilters C:\Windows\system32\AEADISRV.EXE
19:34:33.0690 2292 AEADIFilters - ok
19:34:33.0732 2292 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
19:34:33.0756 2292 AeLookupSvc - ok
19:34:33.0846 2292 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
19:34:33.0852 2292 AFD - ok
19:34:33.0901 2292 [ EF23439CDD587F64C2C1B8825CEAD7D8 ] agp440 C:\Windows\system32\drivers\agp440.sys
19:34:33.0904 2292 agp440 - ok
19:34:33.0940 2292 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
19:34:33.0943 2292 aic78xx - ok
19:34:36.0228 2292 [ 0923671CF87CD511E46D4668B53F5E76 ] Akamai c:\program files\common files\akamai/netsession_win_5891ae0.dll
19:34:36.0228 2292 Suspicious file (Hidden): c:\program files\common files\akamai/netsession_win_5891ae0.dll. md5: 0923671CF87CD511E46D4668B53F5E76
19:34:36.0239 2292 Akamai ( HiddenFile.Multi.Generic ) - warning
19:34:36.0239 2292 Akamai - detected HiddenFile.Multi.Generic (1)
19:34:36.0410 2292 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
19:34:36.0458 2292 ALG - ok
19:34:36.0501 2292 [ 90395B64600EBB4552E26E178C94B2E4 ] aliide C:\Windows\system32\drivers\aliide.sys
19:34:36.0503 2292 aliide - ok
19:34:36.0538 2292 [ 2B13E304C9DFDFA5EB582F6A149FA2C7 ] amdagp C:\Windows\system32\drivers\amdagp.sys
19:34:36.0540 2292 amdagp - ok
19:34:36.0564 2292 [ 0577DF1D323FE75A739C787893D300EA ] amdide C:\Windows\system32\drivers\amdide.sys
19:34:36.0566 2292 amdide - ok
19:34:36.0602 2292 [ DC487885BCEF9F28EECE6FAC0E5DDFC5 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
19:34:36.0604 2292 AmdK7 - ok
19:34:36.0621 2292 [ 0CA0071DA4315B00FC1328CA86B425DA ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
19:34:36.0623 2292 AmdK8 - ok
19:34:36.0688 2292 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
19:34:36.0710 2292 Appinfo - ok
19:34:36.0792 2292 [ 0FE769CAE5855B53C90E23F85E7E89FF ] AppMgmt C:\Windows\System32\appmgmts.dll
19:34:36.0796 2292 AppMgmt - ok
19:34:36.0824 2292 [ 5F673180268BB1FDB69C99B6619FE379 ] arc C:\Windows\system32\drivers\arc.sys
19:34:36.0826 2292 arc - ok
19:34:36.0845 2292 [ 957F7540B5E7F602E44648C7DE5A1C05 ] arcsas C:\Windows\system32\drivers\arcsas.sys
19:34:36.0847 2292 arcsas - ok
19:34:36.0910 2292 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
19:34:36.0932 2292 AsyncMac - ok
19:34:37.0021 2292 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
19:34:37.0049 2292 atapi - ok
19:34:37.0177 2292 [ B0C272DEF210B149C0BFA0D85600CE4B ] athr C:\Windows\system32\DRIVERS\athr.sys
19:34:37.0233 2292 athr - ok
19:34:37.0380 2292 [ 1E28D3FB22FBD2D6B9D16ED20F23030D ] Ati External Event Utility C:\Windows\system32\Ati2evxx.exe
19:34:37.0449 2292 Ati External Event Utility - ok
19:34:37.0907 2292 [ 107D6792A9473B9BFB553B0465460564 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
19:34:37.0996 2292 atikmdag - ok
19:34:38.0119 2292 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:34:38.0132 2292 AudioEndpointBuilder - ok
19:34:38.0142 2292 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
19:34:38.0146 2292 Audiosrv - ok
19:34:38.0221 2292 [ 094A64BAE58BB1B03B6ED465E071D075 ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
19:34:38.0225 2292 b57nd60x - ok
19:34:38.0300 2292 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
19:34:38.0332 2292 Beep - ok
19:34:38.0461 2292 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
19:34:38.0463 2292 BFE - ok
19:34:38.0655 2292 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\system32\qmgr.dll
19:34:38.0819 2292 BITS - ok
19:34:38.0825 2292 blbdrive - ok
19:34:38.0892 2292 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
19:34:38.0915 2292 bowser - ok
19:34:39.0007 2292 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
19:34:39.0009 2292 BrFiltLo - ok
19:34:39.0075 2292 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
19:34:39.0169 2292 BrFiltUp - ok
19:34:39.0227 2292 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
19:34:39.0230 2292 Browser - ok
19:34:39.0291 2292 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
19:34:39.0315 2292 Brserid - ok
19:34:39.0355 2292 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
19:34:39.0357 2292 BrSerWdm - ok
19:34:39.0393 2292 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
19:34:39.0446 2292 BrUsbMdm - ok
19:34:39.0489 2292 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
19:34:39.0516 2292 BrUsbSer - ok
19:34:39.0557 2292 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
19:34:39.0559 2292 BTHMODEM - ok
19:34:39.0762 2292 catchme - ok
19:34:39.0860 2292 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
19:34:39.0891 2292 cdfs - ok
19:34:39.0954 2292 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
19:34:39.0956 2292 cdrom - ok
19:34:40.0053 2292 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
19:34:40.0059 2292 CertPropSvc - ok
19:34:40.0174 2292 [ DA8E0AFC7BAA226C538EF53AC2F90897 ] circlass C:\Windows\system32\drivers\circlass.sys
19:34:40.0201 2292 circlass - ok
19:34:40.0303 2292 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
19:34:40.0310 2292 CLFS - ok
19:34:40.0513 2292 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:34:40.0542 2292 clr_optimization_v2.0.50727_32 - ok
19:34:40.0879 2292 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:34:40.0967 2292 clr_optimization_v4.0.30319_32 - ok
19:34:41.0036 2292 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
19:34:41.0037 2292 CmBatt - ok
19:34:41.0070 2292 [ 45201046C776FFDAF3FC8A0029C581C8 ] cmdide C:\Windows\system32\drivers\cmdide.sys
19:34:41.0071 2292 cmdide - ok
19:34:41.0165 2292 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
19:34:41.0167 2292 Compbatt - ok
19:34:41.0174 2292 COMSysApp - ok
19:34:41.0515 2292 [ 2A213AE086BBEC5E937553C7D9A2B22C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
19:34:41.0516 2292 crcdisk - ok
19:34:41.0540 2292 [ 22A7F883508176489F559EE745B5BF5D ] Crusoe C:\Windows\system32\drivers\crusoe.sys
19:34:41.0542 2292 Crusoe - ok
19:34:41.0592 2292 [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc C:\Windows\system32\cryptsvc.dll
19:34:41.0620 2292 CryptSvc - ok
19:34:41.0669 2292 [ 9BDB2E89BE8D0EF37B1F25C3D3FC192C ] CSC C:\Windows\system32\drivers\csc.sys
19:34:41.0676 2292 CSC - ok
19:34:41.0780 2292 [ 0A2095F92F6AE4FE6484D911B0C21E95 ] CscService C:\Windows\System32\cscsvc.dll
19:34:41.0795 2292 CscService - ok
19:34:41.0881 2292 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
19:34:41.0903 2292 DcomLaunch - ok
19:34:42.0023 2292 [ 9ED46F6F11A0FEA24AD95B71367F2473 ] DDNIService C:\Program Files\DDNI\DIBS\DDNIService.exe
19:34:42.0036 2292 DDNIService - ok
19:34:42.0086 2292 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
19:34:42.0109 2292 DfsC - ok
19:34:42.0225 2292 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
19:34:42.0379 2292 DFSR - ok
19:34:42.0438 2292 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
19:34:42.0443 2292 Dhcp - ok
19:34:42.0490 2292 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
19:34:42.0518 2292 disk - ok
19:34:42.0583 2292 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
19:34:42.0584 2292 Dnscache - ok
19:34:42.0755 2292 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
19:34:42.0833 2292 dot3svc - ok
19:34:42.0878 2292 [ 6D279BB0DE1D8E34F454E1B353F4D738 ] DozeHDD C:\Windows\system32\DRIVERS\DozeHDD.sys
19:34:42.0879 2292 DozeHDD - ok
19:34:42.0995 2292 [ 01E2180C3D72CB0ADCC43FB83D18942A ] DozeSvc C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE
19:34:43.0001 2292 DozeSvc - ok
19:34:43.0100 2292 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
19:34:43.0109 2292 DPS - ok
19:34:43.0179 2292 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
19:34:43.0181 2292 drmkaud - ok
19:34:43.0409 2292 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
19:34:43.0579 2292 DXGKrnl - ok
19:34:43.0640 2292 [ F88FB26547FD2CE6D0A5AF2985892C48 ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
19:34:43.0644 2292 E1G60 - ok
19:34:43.0676 2292 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
19:34:43.0698 2292 EapHost - ok
19:34:43.0758 2292 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
19:34:43.0762 2292 Ecache - ok
19:34:43.0889 2292 [ E8F3F21A71720C84BCF423B80028359F ] elxstor C:\Windows\system32\drivers\elxstor.sys
19:34:43.0957 2292 elxstor - ok
19:34:44.0161 2292 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
19:34:44.0210 2292 EMDMgmt - ok
19:34:44.0383 2292 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
19:34:44.0386 2292 EventSystem - ok
19:34:44.0592 2292 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
19:34:44.0619 2292 exfat - ok
19:34:44.0684 2292 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
19:34:44.0689 2292 fastfat - ok
19:34:44.0801 2292 [ DFBA0F60FA301E5B1BFB1403A93EE23E ] Fax C:\Windows\system32\fxssvc.exe
19:34:44.0834 2292 Fax - ok
19:34:44.0928 2292 [ 63BDADA84951B9C03E641800E176898A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
19:34:44.0931 2292 fdc - ok
19:34:44.0986 2292 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
19:34:44.0989 2292 fdPHost - ok
19:34:45.0406 2292 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
19:34:45.0408 2292 FDResPub - ok
19:34:45.0483 2292 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
19:34:45.0496 2292 FileInfo - ok
19:34:45.0542 2292 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
19:34:45.0544 2292 Filetrace - ok
19:34:45.0569 2292 [ 6603957EFF5EC62D25075EA8AC27DE68 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
19:34:45.0616 2292 flpydisk - ok
19:34:45.0673 2292 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
19:34:45.0677 2292 FltMgr - ok
19:34:46.0228 2292 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
19:34:46.0262 2292 FontCache - ok
19:34:46.0394 2292 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
19:34:46.0395 2292 FontCache3.0.0.0 - ok
19:34:46.0425 2292 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
19:34:46.0427 2292 Fs_Rec - ok
19:34:46.0458 2292 [ 4E1CD0A45C50A8882616CAE5BF82F3C5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
19:34:46.0499 2292 gagp30kx - ok
19:34:46.0824 2292 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
19:34:46.0847 2292 gpsvc - ok
19:34:46.0907 2292 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:34:46.0924 2292 HdAudAddService - ok
19:34:47.0079 2292 [ 4B6F641DE7D79F414B309B519C30F274 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
19:34:47.0416 2292 HDAudBus - ok
19:34:47.0576 2292 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
19:34:47.0651 2292 HidBth - ok
19:34:47.0700 2292 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
19:34:47.0753 2292 HidIr - ok
19:34:47.0879 2292 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\System32\hidserv.dll
19:34:48.0095 2292 hidserv - ok
19:34:48.0341 2292 [ C917F0C196AC0E4B6B9D3F0FA860AF53 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
19:34:48.0406 2292 HidUsb - ok
19:34:48.0541 2292 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
19:34:48.0590 2292 hkmsvc - ok
19:34:48.0710 2292 [ DF353B401001246853763C4B7AAA6F50 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
19:34:48.0799 2292 HpCISSs - ok
19:34:49.0097 2292 [ 46D67209550973257601A533E2AC5785 ] HSFHWAZL C:\Windows\system32\DRIVERS\VSTAZL3.SYS
19:34:49.0244 2292 HSFHWAZL - ok
19:34:49.0665 2292 [ CC267848CB3508E72762BE65734E764D ] HSF_DPV C:\Windows\system32\DRIVERS\HSX_DPV.sys
19:34:50.0265 2292 HSF_DPV - ok
19:34:50.0900 2292 [ A2882945CC4B6E3E4E9E825590438888 ] HSXHWAZL C:\Windows\system32\DRIVERS\HSXHWAZL.sys
19:34:50.0970 2292 HSXHWAZL - ok
19:34:51.0491 2292 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
19:34:51.0525 2292 HTTP - ok
19:34:51.0600 2292 [ 324C2152FF2C61ABAE92D09F3CCA4D63 ] i2omp C:\Windows\system32\drivers\i2omp.sys
19:34:51.0602 2292 i2omp - ok
19:34:51.0665 2292 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
19:34:51.0682 2292 i8042prt - ok
19:34:51.0730 2292 [ 01446278D4563B3013C92830AE6CBB26 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
19:34:51.0733 2292 iaStor - ok
19:34:51.0908 2292 [ C957BF4B5D80B46C5017BF0101E6C906 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
19:34:51.0963 2292 iaStorV - ok
19:34:52.0002 2292 [ E3FFC8CB45B3F55264EE10F084B2731B ] IBMPMDRV C:\Windows\system32\DRIVERS\ibmpmdrv.sys
19:34:52.0003 2292 IBMPMDRV - ok
19:34:52.0019 2292 [ 5565982522EE9D4E8921FEB304D4226F ] IBMPMSVC C:\Windows\system32\ibmpmsvc.exe
19:34:52.0023 2292 IBMPMSVC - ok
19:34:52.0188 2292 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
19:34:52.0261 2292 IDriverT - ok
19:34:52.0612 2292 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:34:52.0645 2292 idsvc - ok
19:34:52.0680 2292 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
19:34:52.0710 2292 iirsp - ok
19:34:52.0806 2292 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
19:34:52.0816 2292 IKEEXT - ok
19:34:52.0895 2292 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys
19:34:52.0897 2292 intelide - ok
19:34:52.0927 2292 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
19:34:52.0929 2292 intelppm - ok
19:34:52.0970 2292 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
19:34:53.0000 2292 IPBusEnum - ok
19:34:53.0040 2292 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:34:53.0042 2292 IpFilterDriver - ok
19:34:53.0131 2292 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
19:34:53.0176 2292 iphlpsvc - ok
19:34:53.0182 2292 IpInIp - ok
19:34:53.0237 2292 [ 40F34F8ABA2A015D780E4B09138B6C17 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
19:34:53.0256 2292 IPMIDRV - ok
19:34:53.0322 2292 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
19:34:53.0364 2292 IPNAT - ok
19:34:53.0499 2292 [ 00D8E9DAEBE72A5DF3986FD418A995EB ] IPSSVC C:\Windows\system32\IPSSVC.EXE
19:34:53.0518 2292 IPSSVC - ok
19:34:53.0552 2292 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
19:34:53.0554 2292 IRENUM - ok
19:34:53.0576 2292 [ 350FCA7E73CF65BCEF43FAE1E4E91293 ] isapnp C:\Windows\system32\drivers\isapnp.sys
19:34:53.0578 2292 isapnp - ok
19:34:53.0638 2292 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
19:34:53.0658 2292 iScsiPrt - ok
19:34:53.0685 2292 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
19:34:53.0687 2292 iteatapi - ok
19:34:53.0711 2292 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
19:34:53.0713 2292 iteraid - ok
19:34:53.0754 2292 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
19:34:53.0771 2292 kbdclass - ok
19:34:53.0811 2292 [ D2600CB17B7408B4A83F231DC9A11AC3 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
19:34:53.0812 2292 kbdhid - ok
19:34:53.0852 2292 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
19:34:53.0854 2292 KeyIso - ok
19:34:53.0907 2292 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
19:34:53.0937 2292 KSecDD - ok
19:34:54.0016 2292 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
19:34:54.0027 2292 KtmRm - ok
19:34:54.0076 2292 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\System32\srvsvc.dll
19:34:54.0087 2292 LanmanServer - ok
19:34:54.0197 2292 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:34:54.0234 2292 LanmanWorkstation - ok
19:34:54.0316 2292 [ 9AAC267A225F3CAEBB9E633F7EB16E4B ] lenovo.smi C:\Windows\system32\DRIVERS\smiif32.sys
19:34:54.0337 2292 lenovo.smi - ok
19:34:54.0468 2292 [ 158B67696EC8602CE71F9AA4F14AA96F ] Lenovo.VIRTSCRLSVC C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
19:34:54.0482 2292 Lenovo.VIRTSCRLSVC - ok
19:34:54.0521 2292 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
19:34:54.0522 2292 lltdio - ok
19:34:54.0563 2292 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
19:34:54.0582 2292 lltdsvc - ok
19:34:54.0612 2292 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
19:34:54.0634 2292 lmhosts - ok
19:34:54.0726 2292 [ A2262FB9F28935E862B4DB46438C80D2 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
19:34:54.0771 2292 LSI_FC - ok
19:34:54.0801 2292 [ 30D73327D390F72A62F32C103DAF1D6D ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
19:34:54.0823 2292 LSI_SAS - ok
19:34:54.0868 2292 [ E1E36FEFD45849A95F1AB81DE0159FE3 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
19:34:54.0870 2292 LSI_SCSI - ok
19:34:54.0953 2292 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
19:34:54.0974 2292 luafv - ok
19:34:54.0999 2292 [ 65E794E86468B61F2BC79ABC48BC4433 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
19:34:55.0000 2292 MBAMProtector - ok
19:34:55.0119 2292 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
19:34:55.0138 2292 MBAMScheduler - ok
19:34:55.0261 2292 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
19:34:55.0328 2292 MBAMService - ok
19:34:55.0373 2292 [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys
19:34:55.0392 2292 mdmxsdk - ok
19:34:55.0449 2292 [ D153B14FC6598EAE8422A2037553ADCE ] megasas C:\Windows\system32\drivers\megasas.sys
19:34:55.0473 2292 megasas - ok
19:34:55.0522 2292 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
19:34:55.0524 2292 MMCSS - ok
19:34:55.0570 2292 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
19:34:55.0593 2292 Modem - ok
19:34:55.0875 2292 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
19:34:55.0899 2292 monitor - ok
19:34:55.0965 2292 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
19:34:55.0967 2292 mouclass - ok
19:34:56.0026 2292 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
19:34:56.0033 2292 mouhid - ok
19:34:56.0097 2292 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
19:34:56.0113 2292 MountMgr - ok
19:34:56.0290 2292 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
19:34:56.0332 2292 MozillaMaintenance - ok
19:34:56.0463 2292 [ EE728AF83850DDAD9A3FCAC0AAB3AD97 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
19:34:56.0475 2292 MpFilter - ok
19:34:56.0647 2292 [ 583A41F26278D9E0EA548163D6139397 ] mpio C:\Windows\system32\drivers\mpio.sys
19:34:56.0683 2292 mpio - ok
19:34:57.0349 2292 [ A69630D039C38018689190234F866D77 ] MpKsl260c4048 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FE8D5564-F1C0-4725-B1C0-25187A6CB486}\MpKsl260c4048.sys
19:34:57.0350 2292 MpKsl260c4048 - ok
19:34:57.0436 2292 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
19:34:57.0462 2292 mpsdrv - ok
19:34:57.0707 2292 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
19:34:57.0741 2292 MpsSvc - ok
19:34:57.0871 2292 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
19:34:57.0909 2292 Mraid35x - ok
19:34:57.0965 2292 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
19:34:57.0994 2292 MRxDAV - ok
19:34:58.0069 2292 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
19:34:58.0125 2292 mrxsmb - ok
19:34:58.0137 2292 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:34:58.0144 2292 mrxsmb10 - ok
19:34:58.0195 2292 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:34:58.0220 2292 mrxsmb20 - ok
19:34:58.0280 2292 [ B2EFB263600314BABCF9DADB1CBBA994 ] msahci C:\Windows\system32\drivers\msahci.sys
19:34:58.0315 2292 msahci - ok
19:34:58.0350 2292 [ 3FC82A2AE4CC149165A94699183D3028 ] msdsm C:\Windows\system32\drivers\msdsm.sys
19:34:58.0398 2292 msdsm - ok
19:34:58.0477 2292 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
19:34:58.0534 2292 MSDTC - ok
19:34:58.0573 2292 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
19:34:58.0575 2292 Msfs - ok
19:34:58.0702 2292 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
19:34:58.0727 2292 msisadrv - ok
19:34:58.0768 2292 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
19:34:58.0815 2292 MSiSCSI - ok
19:34:58.0892 2292 msiserver - ok
19:34:58.0955 2292 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
19:34:58.0983 2292 MSKSSRV - ok
19:34:59.0280 2292 [ E077FCA2A7E79FB9BF67D3E30B5CE593 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
19:34:59.0281 2292 MsMpSvc - ok
19:34:59.0429 2292 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
19:34:59.0453 2292 MSPCLOCK - ok
19:34:59.0485 2292 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
19:34:59.0507 2292 MSPQM - ok
19:34:59.0578 2292 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
19:34:59.0628 2292 MsRPC - ok
19:34:59.0700 2292 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
19:34:59.0729 2292 mssmbios - ok
19:34:59.0765 2292 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
19:34:59.0814 2292 MSTEE - ok
19:34:59.0860 2292 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
19:34:59.0888 2292 Mup - ok
19:35:00.0038 2292 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
19:35:00.0231 2292 napagent - ok
19:35:00.0351 2292 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
19:35:00.0375 2292 NativeWifiP - ok
19:35:00.0560 2292 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
19:35:00.0658 2292 NDIS - ok
19:35:00.0757 2292 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
19:35:00.0781 2292 NdisTapi - ok
19:35:00.0843 2292 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
19:35:00.0845 2292 Ndisuio - ok
19:35:00.0902 2292 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
19:35:00.0905 2292 NdisWan - ok
19:35:00.0994 2292 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
19:35:01.0018 2292 NDProxy - ok
19:35:01.0056 2292 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
19:35:01.0085 2292 NetBIOS - ok
19:35:01.0151 2292 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
19:35:01.0190 2292 netbt - ok
19:35:01.0229 2292 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
19:35:01.0231 2292 Netlogon - ok
19:35:01.0352 2292 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
19:35:01.0365 2292 Netman - ok
19:35:01.0442 2292 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
19:35:01.0485 2292 netprofm - ok
19:35:01.0548 2292 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:35:01.0578 2292 NetTcpPortSharing - ok
19:35:01.0648 2292 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
19:35:01.0671 2292 nfrd960 - ok
19:35:01.0744 2292 [ 2CD24A6AF497D0E9B9BF3DA924ED05E6 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
19:35:01.0760 2292 NisDrv - ok
19:35:01.0902 2292 [ 3B846434055F80D9E89D0742F3ADAD34 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
19:35:01.0910 2292 NisSrv - ok
19:35:02.0010 2292 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
19:35:02.0062 2292 NlaSvc - ok
19:35:02.0125 2292 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
19:35:02.0126 2292 Npfs - ok
19:35:02.0168 2292 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
19:35:02.0199 2292 nsi - ok
19:35:02.0281 2292 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
19:35:02.0283 2292 nsiproxy - ok
19:35:02.0625 2292 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
19:35:02.0769 2292 Ntfs - ok
19:35:02.0924 2292 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
19:35:02.0984 2292 ntrigdigi - ok
19:35:03.0097 2292 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
19:35:03.0133 2292 Null - ok
19:35:03.0243 2292 [ E69E946F80C1C31C53003BFBF50CBB7C ] nvraid C:\Windows\system32\drivers\nvraid.sys
19:35:03.0314 2292 nvraid - ok
19:35:03.0386 2292 [ 9E0BA19A28C498A6D323D065DB76DFFC ] nvstor C:\Windows\system32\drivers\nvstor.sys
19:35:03.0410 2292 nvstor - ok
19:35:03.0455 2292 [ 07C186427EB8FCC3D8D7927187F260F7 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
19:35:03.0490 2292 nv_agp - ok
19:35:03.0496 2292 NwlnkFlt - ok
19:35:03.0504 2292 NwlnkFwd - ok
19:35:03.0694 2292 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
19:35:03.0721 2292 odserv - ok
19:35:03.0852 2292 [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
19:35:03.0876 2292 ohci1394 - ok
19:35:03.0964 2292 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:35:04.0044 2292 ose - ok
19:35:04.0377 2292 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
19:35:04.0734 2292 p2pimsvc - ok
19:35:04.0815 2292 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
19:35:04.0822 2292 p2psvc - ok
19:35:04.0887 2292 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
19:35:04.0890 2292 Parport - ok
19:35:04.0953 2292 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
19:35:04.0956 2292 partmgr - ok
19:35:05.0014 2292 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
19:35:05.0016 2292 Parvdm - ok
19:35:05.0107 2292 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
19:35:05.0130 2292 PcaSvc - ok
19:35:05.0183 2292 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
19:35:05.0186 2292 pci - ok
19:35:05.0207 2292 [ 3B1901E401473E03EB8C874271E50C26 ] pciide C:\Windows\system32\drivers\pciide.sys
19:35:05.0232 2292 pciide - ok
19:35:05.0471 2292 [ 3BB2244F343B610C29C98035504C9B75 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
19:35:05.0528 2292 pcmcia - ok
19:35:05.0993 2292 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
19:35:06.0224 2292 PEAUTH - ok
19:35:06.0423 2292 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
19:35:06.0554 2292 pla - ok
19:35:06.0650 2292 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
19:35:06.0706 2292 PlugPlay - ok
19:35:06.0781 2292 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
19:35:06.0787 2292 PNRPAutoReg - ok
19:35:06.0806 2292 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
19:35:06.0813 2292 PNRPsvc - ok
19:35:06.0899 2292 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
19:35:07.0064 2292 PolicyAgent - ok
19:35:07.0136 2292 [ 836FE79DE8767D77136B6491A3D61089 ] Power Manager DBC Service C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
19:35:07.0157 2292 Power Manager DBC Service - ok
19:35:07.0253 2292 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
19:35:07.0280 2292 PptpMiniport - ok
19:35:07.0479 2292 [ 1D80309FED4BABF8EA9E7B84A394348B ] PROCDD C:\Windows\system32\DRIVERS\PROCDD.SYS
19:35:07.0508 2292 PROCDD - ok
19:35:07.0599 2292 [ 0E3CEF5D28B40CF273281D620C50700A ] Processor C:\Windows\system32\drivers\processr.sys
19:35:07.0679 2292 Processor - ok
19:35:07.0779 2292 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
19:35:07.0804 2292 ProfSvc - ok
19:35:07.0851 2292 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
19:35:07.0853 2292 ProtectedStorage - ok
19:35:07.0948 2292 [ F8A25F1DD8B2C332CBC663E3579566E7 ] psadd C:\Windows\system32\DRIVERS\psadd.sys
19:35:07.0950 2292 psadd - ok
19:35:08.0022 2292 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
19:35:08.0024 2292 PSched - ok
19:35:08.0085 2292 [ 576444157F1CB25AE2057EED586D4889 ] PwmEWSvc C:\Program Files\ThinkPad\Utilities\PWMEWSVC.EXE
19:35:08.0089 2292 PwmEWSvc - ok
19:35:08.0227 2292 [ CCDAC889326317792480C0A67156A1EC ] ql2300 C:\Windows\system32\drivers\ql2300.sys
19:35:08.0404 2292 ql2300 - ok
19:35:08.0473 2292 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
19:35:08.0524 2292 ql40xx - ok
19:35:08.0832 2292 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
19:35:08.0870 2292 QWAVE - ok
19:35:08.0933 2292 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
19:35:08.0935 2292 QWAVEdrv - ok
19:35:09.0281 2292 [ 107D6792A9473B9BFB553B0465460564 ] R300 C:\Windows\system32\DRIVERS\atikmdag.sys
19:35:09.0298 2292 R300 - ok
19:35:09.0376 2292 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
19:35:09.0377 2292 RasAcd - ok
19:35:09.0449 2292 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
19:35:09.0479 2292 RasAuto - ok
19:35:09.0566 2292 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
19:35:09.0569 2292 Rasl2tp - ok
19:35:09.0695 2292 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
19:35:09.0754 2292 RasMan - ok
19:35:09.0851 2292 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
19:35:09.0852 2292 RasPppoe - ok
19:35:10.0073 2292 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
19:35:10.0117 2292 RasSstp - ok
19:35:10.0231 2292 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
19:35:10.0267 2292 rdbss - ok
19:35:10.0320 2292 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
19:35:10.0321 2292 RDPCDD - ok
19:35:10.0461 2292 [ 943B18305EAE3935598A9B4A3D560B4C ] rdpdr C:\Windows\system32\DRIVERS\rdpdr.sys
19:35:10.0469 2292 rdpdr - ok
19:35:10.0476 2292 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
19:35:10.0479 2292 RDPENCDD - ok
19:35:10.0663 2292 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
19:35:10.0719 2292 RDPWD - ok
19:35:10.0823 2292 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
19:35:10.0862 2292 RemoteAccess - ok
19:35:10.0923 2292 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
19:35:10.0951 2292 RemoteRegistry - ok
19:35:10.0996 2292 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
19:35:11.0057 2292 RpcLocator - ok
19:35:11.0135 2292 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
19:35:11.0141 2292 RpcSs - ok
19:35:11.0188 2292 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
19:35:11.0191 2292 rspndr - ok
19:35:11.0250 2292 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
19:35:11.0252 2292 SamSs - ok
19:35:11.0339 2292 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
19:35:11.0342 2292 sbp2port - ok
19:35:11.0515 2292 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
19:35:11.0541 2292 SCardSvr - ok
19:35:11.0643 2292 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
19:35:11.0749 2292 Schedule - ok
19:35:11.0794 2292 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
19:35:11.0796 2292 SCPolicySvc - ok
19:35:11.0890 2292 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
19:35:11.0895 2292 SDRSVC - ok
19:35:12.0039 2292 [ D358E077A0A05D9B12DA22D137EE8464 ] SeaPort C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
19:35:12.0045 2292 SeaPort - ok
19:35:12.0062 2292 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
19:35:12.0086 2292 secdrv - ok
19:35:12.0185 2292 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
19:35:12.0211 2292 seclogon - ok
19:35:12.0257 2292 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\system32\sens.dll
19:35:12.0260 2292 SENS - ok
19:35:12.0345 2292 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
19:35:12.0347 2292 Serenum - ok
19:35:12.0404 2292 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
19:35:12.0423 2292 Serial - ok
19:35:12.0467 2292 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
19:35:12.0468 2292 sermouse - ok
19:35:12.0560 2292 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
19:35:12.0565 2292 SessionEnv - ok
19:35:12.0631 2292 [ 103B79418DA647736EE95645F305F68A ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
19:35:12.0652 2292 sffdisk - ok
19:35:12.0678 2292 [ 8FD08A310645FE872EEEC6E08C6BF3EE ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
19:35:12.0679 2292 sffp_mmc - ok
19:35:12.0724 2292 [ 9CFA05FCFCB7124E69CFC812B72F9614 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
19:35:12.0752 2292 sffp_sd - ok
19:35:12.0783 2292 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
19:35:12.0785 2292 sfloppy - ok
19:35:12.0847 2292 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
19:35:12.0881 2292 SharedAccess - ok
19:35:12.0953 2292 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:35:13.0006 2292 ShellHWDetection - ok
19:35:13.0085 2292 [ 1624530D05155F4E5A4736531523BFF5 ] Shockprf C:\Windows\system32\DRIVERS\Apsx86.sys
19:35:13.0089 2292 Shockprf - ok
19:35:13.0172 2292 [ D2A595D6EEBEEAF4334F8E50EFBC9931 ] sisagp C:\Windows\system32\drivers\sisagp.sys
19:35:13.0204 2292 sisagp - ok
19:35:13.0232 2292 [ CEDD6F4E7D84E9F98B34B3FE988373AA ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
19:35:13.0244 2292 SiSRaid2 - ok
19:35:13.0282 2292 [ DF843C528C4F69D12CE41CE462E973A7 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
19:35:13.0306 2292 SiSRaid4 - ok
19:35:13.0666 2292 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
19:35:13.0908 2292 slsvc - ok
19:35:13.0988 2292 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
19:35:14.0014 2292 SLUINotify - ok
19:35:14.0078 2292 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
19:35:14.0173 2292 Smb - ok
19:35:14.0264 2292 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
19:35:14.0268 2292 SNMPTRAP - ok
19:35:14.0342 2292 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
19:35:14.0344 2292 spldr - ok
19:35:14.0432 2292 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
19:35:14.0464 2292 Spooler - ok
19:35:14.0565 2292 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
19:35:14.0674 2292 srv - ok
19:35:14.0769 2292 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
19:35:14.0792 2292 srv2 - ok
19:35:14.0874 2292 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
19:35:14.0907 2292 srvnet - ok
19:35:14.0995 2292 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
19:35:15.0034 2292 SSDPSRV - ok
19:35:15.0198 2292 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
19:35:15.0247 2292 SstpSvc - ok
19:35:15.0474 2292 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
19:35:15.0585 2292 stisvc - ok
19:35:15.0806 2292 [ C2191C1A5DFED0795E3D3B68905B195B ] SUService C:\Program Files\Lenovo\System Update\SUService.exe
19:35:15.0807 2292 SUService - ok
19:35:15.0878 2292 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
19:35:15.0964 2292 swenum - ok
19:35:16.0194 2292 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
19:35:16.0280 2292 swprv - ok
19:35:16.0339 2292 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
19:35:16.0342 2292 Symc8xx - ok
19:35:16.0386 2292 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
19:35:16.0413 2292 Sym_hi - ok
19:35:16.0444 2292 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
19:35:16.0584 2292 Sym_u3 - ok
19:35:16.0965 2292 [ 003358D830A76DFE3803FB353B8FD87B ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
19:35:17.0154 2292 SynTP - ok
19:35:17.0573 2292 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
19:35:17.0973 2292 SysMain - ok
19:35:18.0111 2292 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:35:18.0190 2292 TabletInputService - ok
19:35:18.0343 2292 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
19:35:18.0386 2292 TapiSrv - ok
19:35:18.0524 2292 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
19:35:18.0527 2292 TBS - ok
19:35:18.0806 2292 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
19:35:18.0984 2292 Tcpip - ok
19:35:19.0211 2292 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
19:35:19.0218 2292 Tcpip6 - ok
19:35:19.0284 2292 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
19:35:19.0341 2292 tcpipreg - ok
19:35:19.0449 2292 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
19:35:19.0514 2292 TDPIPE - ok
19:35:19.0572 2292 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
19:35:19.0629 2292 TDTCP - ok
19:35:19.0771 2292 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
19:35:19.0772 2292 tdx - ok
19:35:19.0848 2292 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
19:35:19.0920 2292 TermDD - ok
19:35:20.0071 2292 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
19:35:20.0193 2292 TermService - ok
19:35:20.0253 2292 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
19:35:20.0257 2292 Themes - ok
19:35:20.0600 2292 [ 1C7B8E69BF9557A17A17F2120892ACF9 ] ThinkVantage Registry Monitor Service C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
19:35:20.0774 2292 ThinkVantage Registry Monitor Service - ok
19:35:20.0808 2292 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
19:35:20.0811 2292 THREADORDER - ok
19:35:20.0868 2292 [ D2378FBBD668D9FE9B6B5E3139D506D3 ] TPDIGIMN C:\Windows\system32\DRIVERS\ApsHM86.sys
19:35:20.0897 2292 TPDIGIMN - ok
19:35:21.0072 2292 [ A34A1E6B5461273846D30F5898602A72 ] TPHDEXLGSVC C:\Windows\system32\TPHDEXLG.exe
19:35:21.0117 2292 TPHDEXLGSVC - ok
19:35:21.0232 2292 [ CB258C2F726F1BE73C507022BE33EBB3 ] TPM C:\Windows\system32\drivers\tpm.sys
19:35:21.0234 2292 TPM - ok
19:35:21.0278 2292 [ C16EC6A5390904D3971179553852025B ] TPPWRIF C:\Windows\system32\drivers\Tppwr32v.sys
19:35:21.0305 2292 TPPWRIF - ok
19:35:21.0342 2292 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
19:35:21.0372 2292 TrkWks - ok
19:35:21.0491 2292 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:35:21.0516 2292 TrustedInstaller - ok
19:35:21.0733 2292 [ DDD4A2C9A37B93C7D8A539F785572565 ] TSSCoreService C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
19:35:21.0867 2292 TSSCoreService - ok
19:35:21.0933 2292 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
19:35:21.0963 2292 tssecsrv - ok
19:35:22.0046 2292 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
19:35:22.0048 2292 tunmp - ok
19:35:22.0104 2292 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
19:35:22.0127 2292 tunnel - ok
19:35:22.0328 2292 [ 550EB190CB6444C9E5DCAB810D2057BD ] TVT Backup Protection Service C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
19:35:22.0406 2292 TVT Backup Protection Service - ok
19:35:22.0660 2292 [ 8FAAFB3994A45F39FB8E4F87A417D59E ] TVT Backup Service C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
19:35:22.0875 2292 TVT Backup Service - ok
19:35:23.0462 2292 [ 5D355B9077CBE87C8E8EB1EAFEFF9F38 ] TVT Scheduler C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
19:35:23.0723 2292 TVT Scheduler - ok
19:35:23.0981 2292 [ 49258A02A1E8D304ED88B0F1C56B1738 ] tvtfilter C:\Windows\system32\DRIVERS\tvtfilter.sys
19:35:24.0264 2292 tvtfilter - ok
19:35:24.0325 2292 [ 7E66DDA1EF146BFC3A6E36E08E036602 ] TVTI2C C:\Windows\system32\DRIVERS\Tvti2c.sys
19:35:24.0369 2292 TVTI2C - ok
19:35:24.0466 2292 [ 2D1EC233C89416BA8187C9D7D49A075A ] tvtumon C:\Windows\system32\DRIVERS\tvtumon.sys
19:35:24.0599 2292 tvtumon - ok
19:35:24.0774 2292 [ 3152355EA8E8274D4FDA092F454DA7C0 ] TVT_UpdateMonitor C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe
19:35:24.0953 2292 TVT_UpdateMonitor - ok
19:35:25.0003 2292 [ C3ADE15414120033A36C0F293D4A4121 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
19:35:25.0006 2292 uagp35 - ok
19:35:25.0148 2292 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
19:35:25.0223 2292 udfs - ok
19:35:25.0396 2292 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
19:35:25.0446 2292 UI0Detect - ok
19:35:25.0486 2292 [ 75E6890EBFCE0841D3291B02E7A8BDB0 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
19:35:25.0533 2292 uliagpkx - ok
19:35:25.0653 2292 [ 3CD4EA35A6221B85DCC25DAA46313F8D ] uliahci C:\Windows\system32\drivers\uliahci.sys
19:35:25.0666 2292 uliahci - ok
19:35:25.0840 2292 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
19:35:26.0028 2292 UlSata - ok
19:35:26.0083 2292 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
19:35:26.0159 2292 ulsata2 - ok
19:35:26.0244 2292 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
19:35:26.0245 2292 umbus - ok
19:35:26.0408 2292 [ 8A66360F38F81E960E2367B428CBD5D9 ] UmRdpService C:\Windows\System32\umrdp.dll
19:35:26.0470 2292 UmRdpService - ok
19:35:26.0640 2292 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
19:35:26.0679 2292 upnphost - ok
19:35:26.0801 2292 [ 922B2EBD5118B9AB120410807131A921 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
19:35:26.0894 2292 usbccgp - ok
19:35:26.0973 2292 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
19:35:26.0997 2292 usbcir - ok
19:35:27.0081 2292 [ 3D045EAA73414BE8F877F292A84ABBA2 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
19:35:27.0126 2292 usbehci - ok
19:35:27.0168 2292 [ 1AE77A4C4E4F526EF9759C31A123F2B0 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
19:35:27.0202 2292 usbhub - ok
19:35:27.0236 2292 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys
19:35:27.0264 2292 usbohci - ok
19:35:27.0303 2292 [ B51E52ACF758BE00EF3A58EA452FE360 ] usbprint C:\Windows\system32\drivers\usbprint.sys
19:35:27.0336 2292 usbprint - ok
19:35:27.0389 2292 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:35:27.0453 2292 USBSTOR - ok
19:35:27.0540 2292 [ F69C1AAD04F28415F3FBE99FBE56030B ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
19:35:27.0569 2292 usbuhci - ok
19:35:27.0648 2292 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
19:35:27.0677 2292 UxSms - ok
19:35:27.0793 2292 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
19:35:27.0883 2292 vds - ok
19:35:27.0977 2292 [ 7D92BE0028ECDEDEC74617009084B5EF ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
19:35:28.0001 2292 vga - ok
19:35:28.0059 2292 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
19:35:28.0061 2292 VgaSave - ok
19:35:28.0100 2292 [ 045D9961E591CF0674A920B6BA3BA5CB ] viaagp C:\Windows\system32\drivers\viaagp.sys
19:35:28.0138 2292 viaagp - ok
19:35:28.0165 2292 [ 56A4DE5F02F2E88182B0981119B4DD98 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
19:35:28.0167 2292 ViaC7 - ok
19:35:28.0215 2292 [ FD2E3175FCADA350C7AB4521DCA187EC ] viaide C:\Windows\system32\drivers\viaide.sys
19:35:28.0217 2292 viaide - ok
19:35:28.0228 2292 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
19:35:28.0230 2292 volmgr - ok
19:35:28.0338 2292 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
19:35:28.0368 2292 volmgrx - ok
19:35:28.0426 2292 [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap C:\Windows\system32\drivers\volsnap.sys
19:35:28.0455 2292 volsnap - ok
19:35:28.0615 2292 [ D984439746D42B30FC65A4C3546C6829 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
19:35:28.0662 2292 vsmraid - ok
19:35:28.0814 2292 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
19:35:28.0981 2292 VSS - ok
19:35:29.0046 2292 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
19:35:29.0086 2292 W32Time - ok
19:35:29.0163 2292 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
19:35:29.0185 2292 WacomPen - ok
19:35:29.0500 2292 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
19:35:29.0552 2292 Wanarp - ok
19:35:29.0653 2292 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
19:35:29.0654 2292 Wanarpv6 - ok
19:35:29.0774 2292 [ 20B23332885DFB93FE0185362EE811E9 ] wbengine C:\Windows\system32\wbengine.exe
19:35:29.0869 2292 wbengine - ok
19:35:29.0955 2292 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
19:35:29.0984 2292 wcncsvc - ok
19:35:30.0070 2292 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:35:30.0126 2292 WcsPlugInService - ok
19:35:30.0188 2292 [ AFC5AD65B991C1E205CF25CFDBF7A6F4 ] Wd C:\Windows\system32\drivers\wd.sys
19:35:30.0210 2292 Wd - ok
19:35:30.0470 2292 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
19:35:30.0904 2292 Wdf01000 - ok
19:35:31.0008 2292 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
19:35:31.0068 2292 WdiServiceHost - ok
19:35:31.0270 2292 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
19:35:31.0273 2292 WdiSystemHost - ok
19:35:31.0345 2292 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
19:35:31.0375 2292 WebClient - ok
19:35:31.0428 2292 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
19:35:31.0435 2292 Wecsvc - ok
19:35:31.0502 2292 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
19:35:31.0531 2292 wercplsupport - ok
19:35:31.0579 2292 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
19:35:31.0585 2292 WerSvc - ok
19:35:31.0680 2292 [ 0ACD399F5DB3DF1B58903CF4949AB5A8 ] winachsf C:\Windows\system32\DRIVERS\HSX_CNXT.sys
19:35:31.0802 2292 winachsf - ok
19:35:31.0970 2292 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
19:35:31.0996 2292 WinDefend - ok
19:35:32.0004 2292 WinHttpAutoProxySvc - ok
19:35:32.0116 2292 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
19:35:32.0152 2292 Winmgmt - ok
19:35:32.0278 2292 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
19:35:32.0570 2292 WinRM - ok
19:35:32.0802 2292 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
19:35:32.0924 2292 Wlansvc - ok
19:35:32.0989 2292 [ 701A9F884A294327E9141D73746EE279 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
19:35:32.0991 2292 WmiAcpi - ok
19:35:33.0129 2292 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
19:35:33.0149 2292 wmiApSrv - ok
19:35:33.0256 2292 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
19:35:33.0367 2292 WMPNetworkSvc - ok
19:35:33.0418 2292 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
19:35:33.0440 2292 WPDBusEnum - ok
19:35:33.0662 2292 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
19:35:33.0730 2292 WPFFontCache_v0400 - ok
19:35:33.0791 2292 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
19:35:33.0792 2292 ws2ifsl - ok
19:35:33.0855 2292 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\system32\wscsvc.dll
19:35:33.0881 2292 wscsvc - ok
19:35:33.0887 2292 WSearch - ok
19:35:34.0073 2292 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
19:35:34.0207 2292 wuauserv - ok
19:35:34.0538 2292 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
19:35:34.0566 2292 WUDFRd - ok
19:35:34.0635 2292 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll
19:35:34.0647 2292 wudfsvc - ok
19:35:34.0713 2292 [ DAB33CFA9DD24251AAA389FF36B64D4B ] XAudio C:\Windows\system32\DRIVERS\xaudio.sys
19:35:34.0734 2292 XAudio - ok
19:35:34.0797 2292 [ CD5F291A1161F15896D1A4D63DAFF5DF ] XAudioService C:\Windows\system32\DRIVERS\xaudio.exe
19:35:34.0825 2292 XAudioService - ok
19:35:34.0857 2292 ================ Scan global ===============================
19:35:34.0923 2292 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
19:35:35.0046 2292 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
19:35:35.0131 2292 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
19:35:35.0228 2292 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
19:35:35.0322 2292 [Global] - ok
19:35:35.0322 2292 ================ Scan MBR ==================================
19:35:35.0355 2292 [ 741CA2ED6A6F286DFD7E9A3F067C4C0C ] \Device\Harddisk0\DR0
19:35:39.0087 2292 \Device\Harddisk0\DR0 - ok
19:35:39.0087 2292 ================ Scan VBR ==================================
19:35:39.0145 2292 [ A56D8291343E7FFFBACA6D3C41F37692 ] \Device\Harddisk0\DR0\Partition1
19:35:39.0179 2292 \Device\Harddisk0\DR0\Partition1 - ok
19:35:39.0179 2292 ============================================================
19:35:39.0179 2292 Scan finished
19:35:39.0179 2292 ============================================================
19:35:39.0196 4868 Detected object count: 1
19:35:39.0196 4868 Actual detected object count: 1
19:37:08.0797 4868 c:\program files\common files\akamai/netsession_win_5891ae0.dll - copied to quarantine
19:37:16.0624 4868 HKLM\SYSTEM\ControlSet001\services\Akamai - will be deleted on reboot
19:37:16.0961 4868 HKLM\SYSTEM\ControlSet003\services\Akamai - will be deleted on reboot
19:37:17.0165 4868 c:\program files\common files\akamai/netsession_win_5891ae0.dll - will be deleted on reboot
19:37:17.0165 4868 Akamai ( HiddenFile.Multi.Generic ) - User select action: Delete
19:37:40.0835 3224 Deinitialize success

*****************************************************************************************************************

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_35
Run by Jay at 20:13:48 on 2012-10-10
.
============== Running Processes ===============
.
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: IePasswordManagerHelper Class: {bf468356-bb7e-42d7-9f15-4f3b9bcfced2} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [Xvid] c:\program files\xvid\CheckUpdate.exe
uRun: [Akamai NetSession Interface] "c:\users\jay\appdata\local\akamai\netsession_win.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [PWMTRV] rundll32 c:\progra~1\thinkpad\utilit~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe
mRun: [StartCCC] c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe
mRun: [TpShocks] TpShocks.exe
mRun: [LPManager] c:\progra~1\thinkv~1\prdctr\LPMGR.exe
mRun: [LPMailChecker] c:\progra~1\thinkv~1\prdctr\LPMLCHK.exe
mRun: [AMSG] c:\program files\thinkvantage\amsg\Amsg.exe /startup
mRun: [cssauth] "c:\program files\lenovo\client security solution\cssauth.exe" silent
mRun: [AwaySch] c:\program files\lenovo\awaytask\AwaySch.EXE
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\users\jay\appdata\roaming\micros~1\windows\startm~1\programs\startup\ccc.lnk - c:\program files\ati technologies\ati.ace\core-static\CCC.exe
StartupFolder: c:\users\jay\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77} - hxxp://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{681705DA-F7C3-4696-B392-F3ABF95DE609} : DhcpNameServer = 192.168.1.1
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\jay\appdata\roaming\mozilla\firefox\profiles\vo69fjf5.default-1349039941838\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_287.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
.
=============== Created Last 30 ================
.
2012-10-11 01:11:06 29904 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{cda43e81-9159-48d1-a610-bae78ccd3948}\MpKslb03e8eb2.sys
2012-10-11 00:48:23 6980552 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{cda43e81-9159-48d1-a610-bae78ccd3948}\mpengine.dll
2012-10-11 00:37:04 -------- d-----w- C:\TDSSKiller_Quarantine
2012-10-09 23:48:24 6980552 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-10-09 23:46:42 985088 ----a-w- c:\windows\system32\crypt32.dll
2012-10-09 23:46:41 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-10-09 23:46:41 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2012-10-09 23:46:35 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-10-09 23:46:27 2048 ----a-w- c:\windows\system32\tzres.dll
2012-10-09 23:46:02 3604352 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-10-09 23:46:02 3553152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-10-09 00:22:19 -------- d-sh--w- C:\$RECYCLE.BIN
2012-10-09 00:22:15 -------- d-----w- c:\users\jay\appdata\local\temp
2012-10-09 00:03:34 98816 ----a-w- c:\windows\sed.exe
2012-10-09 00:03:34 518144 ----a-w- c:\windows\SWREG.exe
2012-10-09 00:03:34 256000 ----a-w- c:\windows\PEV.exe
2012-10-09 00:03:34 208896 ----a-w- c:\windows\MBR.exe
2012-09-30 23:52:02 -------- d-----w- c:\users\jay\appdata\roaming\Malwarebytes
2012-09-30 23:51:46 -------- d-----w- c:\programdata\Malwarebytes
2012-09-30 23:51:45 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-30 23:51:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-09-30 21:11:05 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-09-30 20:59:34 -------- d-----w- c:\users\jay\.smplayer
2012-09-26 02:35:47 -------- d-----w- c:\users\jay\appdata\local\TrafficSpaceLLC
2012-09-24 04:29:50 -------- d-----w- c:\users\jay\appdata\local\MPlayer
2012-09-23 19:34:34 -------- d-----w- c:\users\jay\appdata\roaming\StreamTorrent
2012-09-23 19:34:33 -------- d-----w- c:\program files\StreamTorrent 1.0
.
==================== Find3M ====================
.
2012-10-10 01:13:34 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-10 01:13:34 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-31 03:03:50 99272 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-08-31 03:03:50 193552 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-29 01:24:56 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-08-29 01:24:53 473072 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-24 06:59:17 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-08-24 06:51:27 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 06:51:02 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-24 06:47:26 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-08-24 06:47:12 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-08-24 06:43:58 2382848 ----a-w- c:\windows\system32\mshtml.tlb
.
============= FINISH: 20:15:47.21 ===============

Attached File  Attach10-10-2012.zip   2.19KB   1 downloads

***************************************************************************************************************
My MS Security Essentials is not updating I have this error for each day since this happened below is the error report for today: FROM EVENT VIEWER

Log Name: System
Source: Microsoft-Windows-WindowsUpdateClient
Date: 10/10/2012 7:52:07 PM
Event ID: 20
Task Category: Windows Update Agent
Level: Error
Keywords: Failure,Installation
User: SYSTEM
Computer: Jays-Laptop
Description:
Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.137.1538.0).
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-WindowsUpdateClient" Guid="{945a8954-c147-4acd-923f-40c45405a658}" />
<EventID>20</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>1</Task>
<Opcode>13</Opcode>
<Keywords>0x8000000000000028</Keywords>
<TimeCreated SystemTime="2012-10-11T00:52:07.546Z" />
<EventRecordID>318989</EventRecordID>
<Correlation />
<Execution ProcessID="1200" ThreadID="5312" />
<Channel>System</Channel>
<Computer>Jays-Laptop</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="errorCode">0x80070643</Data>
<Data Name="updateTitle">Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.137.1538.0)</Data>
<Data Name="updateGuid">{54A26E19-FF84-41F0-A831-CA4A8415308E}</Data>
<Data Name="updateRevisionNumber">101</Data>
</EventData>
</Event>
**************************************************************************************************************

I also had a blue screen system crash while running dds.com The system said it wrote a system dump file but I cant find it. Do you know where to look? ATI Catalyst Center I still do not have access to. I removed the akamai using TDSSKiller. It still shows up in uninstall programs and two instances of the program still show up in task manager processes tab. Didn't know if I should run the killer again, run unistall through windows so I left well enough alone. Same problem with Lenovo System Update service needs to restart I have to kill it in task manager to stop the error. At least TDSSKiller found and isolated some things. Let me know what I should do next. Thanks so much!!

#12 jayman2

jayman2
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:43 PM

Posted 10 October 2012 - 09:42 PM

I was just going to shut down my computer when I decided to look at MS Security Essentials. It has been saying it was up to date and it still does. But that is not why I came back in here there were several thing in quarantine.
I tried to find the log file but I was unsuccessful. All were and Exploit:Java/CVE-2012.XX Where XX are letters there were a total of 13 of them. I Removed All from quarantine.

#13 nasdaq

nasdaq

  • Malware Response Team
  • 40,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:43 PM

Posted 11 October 2012 - 09:18 AM

We have to check further.
Your DDS log is not showing any processes or Services.
You may still have an hidden infection.

Download this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a flash drive.

Plug the flash drive into the infected PC.

Restart your computer and tap F8 to bring up the Advanced Menu, then click Repair your computer

Follow the prompt to enter keyboard input method, and then the prompt to enter a password. If the machine does not have a password, simply click Enter.

In the next menu, use the arrow keys on the keyboard to highlight Command Prompt and press Enter.
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst64.exe and press Enter. Or FRST.exe if 32 bit system.

    Note: Replace letter e with the drive letter of your flash drive.

  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.


#14 jayman2

jayman2
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:43 PM

Posted 11 October 2012 - 10:53 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-10-2012
Ran by SYSTEM at 11-10-2012 22:36:46
Running from E:\
Windows Vista ™ Business (X86) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [PWMTRV] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor [1322048 2011-10-04] (Lenovo Group Limited)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2295080 2011-09-30] (Synaptics Incorporated)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM\...\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe [487424 2008-06-06] (Lenovo Group Limited)
HKLM\...\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [90112 2006-11-10] ()
HKLM\...\Run: [TpShocks] TpShocks.exe [x]
HKLM\...\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe [185688 2009-07-23] (Lenovo Group Limited)
HKLM\...\Run: [LPMailChecker] C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe [124248 2009-07-23] (Lenovo Group Limited)
HKLM\...\Run: [AMSG] C:\Program Files\ThinkVantage\AMSG\Amsg.exe /startup [436800 2009-09-03] (LENOVO)
HKLM\...\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent [3093816 2009-03-04] (Lenovo Group Limited)
HKLM\...\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE [91688 2006-11-07] (Lenovo Group Limited)
HKLM\...\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe [1282048 2007-07-10] (Analog Devices, Inc.)
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-09-27] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
HKLM\...\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe [256576 2009-12-01] (Lenovo Group Ltd.)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [947176 2012-09-12] (Microsoft Corporation)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKU\Jay\...\Run: [Xvid] C:\Program Files\Xvid\CheckUpdate.exe [8192 2011-01-17] ()
HKU\Jay\...\Run: [Akamai NetSession Interface] "C:\Users\Jay\AppData\Local\Akamai\netsession_win.exe" [4440896 2012-08-10] (Akamai Technologies, Inc.)
HKU\Jay\...\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-18] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )
Startup: C:\Users\Jay\Start Menu\Programs\Startup\CCC.lnk
ShortcutTarget: CCC.lnk -> C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (ATI Technologies Inc.)
Startup: C:\Users\Jay\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Services (Whitelisted) ===================

2 DDNIService; C:\Program Files\DDNI\DIBS\DDNIService.exe [166376 2008-04-07] (Digital Delivery Networks, Inc.)
2 IPSSVC; C:\Windows\System32\IPSSVC.EXE [108080 2007-01-30] (Lenovo Group Limited)
2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [127336 2011-07-12] (Lenovo Group Limited)
2 MBAMScheduler; "C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe" [399432 2012-09-07] (Malwarebytes Corporation)
2 MBAMService; "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe" [676936 2012-09-07] (Malwarebytes Corporation)
3 MozillaMaintenance; "C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe" [114144 2012-09-05] (Mozilla Foundation)
2 PwmEWSvc; C:\Program Files\ThinkPad\Utilities\PWMEWSVC.EXE [175168 2011-10-04] (Lenovo Group Limited)
2 SUService; "C:\Program Files\Lenovo\System Update\SUService.exe" [28672 2011-07-25] (Lenovo Group Limited)
2 TSSCoreService; "C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe" [779576 2009-03-04] (Lenovo)
2 TVT Backup Protection Service; "C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe" [520192 2008-06-06] ()
2 TVT Scheduler; "C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe" [1155072 2008-06-06] (Lenovo Group Limited)
2 MsMpSvc; "c:\Program Files\Microsoft Security Client\MsMpEng.exe" [x]
3 NisSrv; "c:\Program Files\Microsoft Security Client\NisSrv.exe" [x]

==================== Drivers (Whitelisted) ====================

3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [22856 2012-09-07] (Malwarebytes Corporation)
0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [193552 2012-08-30] (Microsoft Corporation)
1 MpKsl52dd6524; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CDA43E81-9159-48D1-A610-BAE78CCD3948}\MpKsl52dd6524.sys [29904 2012-10-11] ()
2 PROCDD; C:\Windows\System32\DRIVERS\PROCDD.SYS [12080 2006-11-06] (Lenovo Group Limited)
4 blbdrive; C:\Windows\system32\drivers\blbdrive.sys [x]
3 catchme; \??\C:\Users\Jay\AppData\Local\Temp\catchme.sys [x]
3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2012-10-11 15:04 - 2012-10-11 15:04 - 00905954 ____A (Farbar) C:\Users\Jay\Downloads\FRST.exe
2012-10-10 17:26 - 2012-10-10 17:26 - 00002246 ____A C:\Users\Jay\Desktop\Attach10-10-2012.zip
2012-10-10 17:19 - 2012-10-10 17:19 - 00007829 ____A C:\Users\Jay\Desktop\Attach10-10-2012.txt
2012-10-10 17:10 - 2012-10-10 17:10 - 00152528 ____A C:\Windows\Minidump\Mini101012-01.dmp
2012-10-10 16:37 - 2012-10-10 16:37 - 00000000 ____D C:\TDSSKiller_Quarantine
2012-10-09 16:46 - 2012-10-09 16:46 - 00002396 ____A C:\Users\Jay\Desktop\FSS.txt
2012-10-09 16:44 - 2012-10-09 16:45 - 00694287 ____A (Farbar) C:\Users\Jay\Desktop\FSS.exe
2012-10-09 15:53 - 2012-10-09 15:54 - 16377832 ____A (Lenovo ) C:\Users\Jay\Downloads\systemupdate315-2011-07-25.exe
2012-10-09 15:46 - 2012-09-13 05:28 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2012-10-09 15:46 - 2012-08-29 03:27 - 03604352 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2012-10-09 15:46 - 2012-08-29 03:27 - 03553152 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-10-09 15:46 - 2012-08-24 07:53 - 00172544 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-10-09 15:46 - 2012-06-01 16:02 - 00985088 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-10-09 15:46 - 2012-06-01 16:02 - 00133120 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-10-09 15:46 - 2012-06-01 16:02 - 00098304 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-10-08 16:28 - 2012-10-08 16:28 - 00002370 ____A C:\AdwCleaner[S1].txt
2012-10-08 16:27 - 2012-10-08 16:27 - 00000910 ____A C:\Users\Jay\Desktop\checkup.txt
2012-10-08 16:22 - 2012-10-08 16:22 - 00009769 ____A C:\ComboFix.txt
2012-10-08 16:03 - 2012-10-08 16:22 - 00000000 ____D C:\Qoobox
2012-10-08 16:03 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
2012-10-08 16:03 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
2012-10-08 16:03 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-10-08 16:03 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-10-08 16:03 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-10-08 16:03 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
2012-10-08 16:03 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
2012-10-08 16:03 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
2012-10-08 16:02 - 2012-10-08 16:20 - 00000000 ____D C:\Windows\erdnt
2012-10-08 15:48 - 2012-10-08 15:48 - 00538327 ____A C:\Users\Jay\Desktop\adwcleaner.exe
2012-10-08 15:47 - 2012-10-08 15:47 - 00881724 ____A C:\Users\Jay\Desktop\SecurityCheck.exe
2012-10-08 15:46 - 2012-10-08 15:46 - 04764063 ____R (Swearware) C:\Users\Jay\Desktop\ComboFix.exe
2012-10-07 08:52 - 2012-10-07 08:52 - 00000471 ____A C:\Users\Jay\Desktop\aswMBR.txt
2012-10-07 07:26 - 2012-10-07 07:26 - 04731392 ____A (AVAST Software) C:\Users\Jay\Desktop\aswMBR.exe
2012-10-06 15:13 - 2012-10-06 15:14 - 16350936 ____A (Lenovo ) C:\Users\Jay\Downloads\systemupdate314-2010-10-29.exe
2012-09-30 19:24 - 2012-09-30 19:24 - 00000581 ____A C:\Users\Jay\Desktop\gmer.log
2012-09-30 18:47 - 2012-09-30 18:47 - 00001732 ____A C:\tvtpktfilter.dat
2012-09-30 18:06 - 2012-09-30 18:06 - 00144304 ____A C:\Windows\Minidump\Mini093012-01.dmp
2012-09-30 18:05 - 2012-10-10 17:10 - 186028100 ____A C:\Windows\MEMORY.DMP
2012-09-30 18:01 - 2012-09-30 19:24 - 00000000 ____D C:\Users\Jay\Desktop\gmer
2012-09-30 17:58 - 2012-09-30 17:58 - 00294216 ____A C:\Users\Jay\Desktop\gmer.zip
2012-09-30 17:54 - 2012-09-30 17:54 - 00007849 ____A C:\Users\Jay\Desktop\Attach.txt
2012-09-30 17:53 - 2012-09-30 17:53 - 00008019 ____A C:\Users\Jay\Desktop\DDS.txt
2012-09-30 17:46 - 2012-09-30 17:46 - 00607260 ____R (Swearware) C:\Users\Jay\Desktop\dds.com
2012-09-30 17:43 - 2012-09-30 17:45 - 00000442 ____A C:\Users\Jay\Downloads\defogger_disable.log
2012-09-30 17:43 - 2012-09-30 17:43 - 00000000 ____A C:\Users\Jay\defogger_reenable
2012-09-30 17:41 - 2012-09-30 17:42 - 00050477 ____A C:\Users\Jay\Downloads\Defogger.exe
2012-09-30 15:52 - 2012-09-30 15:52 - 00000000 ____D C:\Users\Jay\AppData\Roaming\Malwarebytes
2012-09-30 15:51 - 2012-09-30 15:51 - 00000906 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-09-30 15:51 - 2012-09-30 15:51 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-09-30 15:51 - 2012-09-30 15:51 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2012-09-30 15:51 - 2012-09-07 14:04 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-09-30 15:43 - 2012-09-30 15:44 - 10524080 ____A (Malwarebytes Corporation ) C:\Users\Jay\Desktop\mbam-setup-1.65.0.1400.exe
2012-09-30 14:50 - 2012-09-30 14:51 - 00894952 ____A (Oracle Corporation) C:\Users\Jay\Downloads\jre-7u7-windows-i586-iftw(1).exe
2012-09-30 14:47 - 2012-09-30 14:47 - 00894952 ____A (Oracle Corporation) C:\Users\Jay\Downloads\jre-7u7-windows-i586-iftw.exe
2012-09-30 13:19 - 2012-09-30 13:19 - 00000000 ____D C:\Users\Jay\Desktop\Old Firefox Data
2012-09-30 13:11 - 2012-09-30 13:11 - 00000846 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2012-09-30 13:11 - 2012-09-30 13:11 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2012-09-30 12:59 - 2012-09-30 12:59 - 00000000 ____D C:\Users\Jay\.smplayer
2012-09-30 12:13 - 2012-09-30 12:13 - 00000009 ____A C:\END
2012-09-30 10:41 - 2012-09-30 10:41 - 00318904 ____A (Microsoft Corporation) C:\Users\Public\Downloads\wmpfirefoxplugin.exe
2012-09-25 18:35 - 2012-09-25 18:35 - 00000000 ____D C:\Users\Jay\Documents\Video Download Converter
2012-09-25 18:35 - 2012-09-25 18:35 - 00000000 ____D C:\Users\Jay\AppData\Local\TrafficSpaceLLC
2012-09-23 20:29 - 2012-09-23 20:29 - 00000000 ____D C:\Users\Jay\AppData\Local\MPlayer
2012-09-23 11:34 - 2012-09-23 11:34 - 01562688 ____A C:\Users\Public\Downloads\StreamTorrent10Build0078.zip
2012-09-23 11:34 - 2012-09-23 11:34 - 00000914 ____A C:\Users\Jay\Desktop\StreamTorrent 1.0.lnk
2012-09-23 11:34 - 2012-09-23 11:34 - 00000000 ____D C:\Users\Jay\AppData\Roaming\StreamTorrent
2012-09-23 11:34 - 2012-09-23 11:34 - 00000000 ____D C:\Program Files\StreamTorrent 1.0
2012-09-21 13:33 - 2012-08-23 23:27 - 12319744 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-09-21 13:33 - 2012-08-23 23:03 - 09738240 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-09-21 13:33 - 2012-08-23 22:59 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-09-21 13:33 - 2012-08-23 22:51 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-09-21 13:33 - 2012-08-23 22:51 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-09-21 13:33 - 2012-08-23 22:51 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-09-21 13:33 - 2012-08-23 22:49 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-09-21 13:33 - 2012-08-23 22:48 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-09-21 13:33 - 2012-08-23 22:47 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-09-21 13:33 - 2012-08-23 22:47 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-09-21 13:33 - 2012-08-23 22:47 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-09-21 13:33 - 2012-08-23 22:45 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-09-21 13:33 - 2012-08-23 22:44 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-09-21 13:33 - 2012-08-23 22:44 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-09-21 13:33 - 2012-08-23 22:43 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-09-21 13:33 - 2012-08-23 22:40 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-09-19 18:50 - 2012-09-19 18:50 - 00507325 ____A C:\Users\Public\Downloads\mediaplayer.zip
2012-09-17 16:25 - 2012-10-07 08:41 - 02212440 ____A (Kaspersky Lab ZAO) C:\Users\Jay\Desktop\TDSSKiller.exe


==================== 3 Months Modified Files ==================

2012-10-11 19:30 - 2006-11-02 05:01 - 00032634 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-10-11 19:30 - 2006-11-02 05:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-10-11 19:30 - 2006-11-02 04:52 - 01801125 ____A C:\Windows\WindowsUpdate.log
2012-10-11 19:27 - 2007-06-19 11:13 - 00000380 ____A C:\Windows\System32\IPSCtrl.INI
2012-10-11 19:27 - 2007-01-29 08:36 - 00025269 ____A C:\Windows\System32\PROCDB.INI
2012-10-11 19:27 - 2006-11-02 04:47 - 00004176 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2012-10-11 19:27 - 2006-11-02 04:47 - 00004176 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2012-10-11 19:13 - 2012-04-03 16:58 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-10-11 15:36 - 2006-11-02 04:47 - 00036864 _____ C:\Windows\System32\umstartup.etl
2012-10-11 15:22 - 2011-09-01 06:09 - 00000466 ____A C:\Windows\Tasks\SystemToolsDailyTest.job
2012-10-11 15:04 - 2012-10-11 15:04 - 00905954 ____A (Farbar) C:\Users\Jay\Downloads\FRST.exe
2012-10-10 17:26 - 2012-10-10 17:26 - 00002246 ____A C:\Users\Jay\Desktop\Attach10-10-2012.zip
2012-10-10 17:19 - 2012-10-10 17:19 - 00007829 ____A C:\Users\Jay\Desktop\Attach10-10-2012.txt
2012-10-10 17:10 - 2012-10-10 17:10 - 00152528 ____A C:\Windows\Minidump\Mini101012-01.dmp
2012-10-10 17:10 - 2012-09-30 18:05 - 186028100 ____A C:\Windows\MEMORY.DMP
2012-10-09 19:14 - 2006-11-02 02:24 - 62968832 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2012-10-09 17:13 - 2012-04-03 16:58 - 00696760 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-10-09 17:13 - 2011-08-30 20:03 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-10-09 16:46 - 2012-10-09 16:46 - 00002396 ____A C:\Users\Jay\Desktop\FSS.txt
2012-10-09 16:45 - 2012-10-09 16:44 - 00694287 ____A (Farbar) C:\Users\Jay\Desktop\FSS.exe
2012-10-09 15:54 - 2012-10-09 15:53 - 16377832 ____A (Lenovo ) C:\Users\Jay\Downloads\systemupdate315-2011-07-25.exe
2012-10-08 16:30 - 2006-11-02 05:00 - 00022404 ____A C:\Windows\PFRO.log
2012-10-08 16:28 - 2012-10-08 16:28 - 00002370 ____A C:\AdwCleaner[S1].txt
2012-10-08 16:27 - 2012-10-08 16:27 - 00000910 ____A C:\Users\Jay\Desktop\checkup.txt
2012-10-08 16:22 - 2012-10-08 16:22 - 00009769 ____A C:\ComboFix.txt
2012-10-08 16:18 - 2006-11-02 02:23 - 00000215 ____A C:\Windows\system.ini
2012-10-08 15:48 - 2012-10-08 15:48 - 00538327 ____A C:\Users\Jay\Desktop\adwcleaner.exe
2012-10-08 15:47 - 2012-10-08 15:47 - 00881724 ____A C:\Users\Jay\Desktop\SecurityCheck.exe
2012-10-08 15:46 - 2012-10-08 15:46 - 04764063 ____R (Swearware) C:\Users\Jay\Desktop\ComboFix.exe
2012-10-07 08:52 - 2012-10-07 08:52 - 00000471 ____A C:\Users\Jay\Desktop\aswMBR.txt
2012-10-07 08:41 - 2012-09-17 16:25 - 02212440 ____A (Kaspersky Lab ZAO) C:\Users\Jay\Desktop\TDSSKiller.exe
2012-10-07 07:26 - 2012-10-07 07:26 - 04731392 ____A (AVAST Software) C:\Users\Jay\Desktop\aswMBR.exe
2012-10-06 15:14 - 2012-10-06 15:13 - 16350936 ____A (Lenovo ) C:\Users\Jay\Downloads\systemupdate314-2010-10-29.exe
2012-10-05 16:34 - 2011-09-01 06:09 - 00000528 ____A C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2012-10-01 16:51 - 2011-08-30 14:13 - 00001945 ____A C:\Windows\epplauncher.mif
2012-09-30 19:24 - 2012-09-30 19:24 - 00000581 ____A C:\Users\Jay\Desktop\gmer.log
2012-09-30 18:47 - 2012-09-30 18:47 - 00001732 ____A C:\tvtpktfilter.dat
2012-09-30 18:07 - 2006-11-02 04:47 - 00270568 ____A C:\Windows\System32\FNTCACHE.DAT
2012-09-30 18:06 - 2012-09-30 18:06 - 00144304 ____A C:\Windows\Minidump\Mini093012-01.dmp
2012-09-30 17:58 - 2012-09-30 17:58 - 00294216 ____A C:\Users\Jay\Desktop\gmer.zip
2012-09-30 17:54 - 2012-09-30 17:54 - 00007849 ____A C:\Users\Jay\Desktop\Attach.txt
2012-09-30 17:53 - 2012-09-30 17:53 - 00008019 ____A C:\Users\Jay\Desktop\DDS.txt
2012-09-30 17:46 - 2012-09-30 17:46 - 00607260 ____R (Swearware) C:\Users\Jay\Desktop\dds.com
2012-09-30 17:45 - 2012-09-30 17:43 - 00000442 ____A C:\Users\Jay\Downloads\defogger_disable.log
2012-09-30 17:43 - 2012-09-30 17:43 - 00000000 ____A C:\Users\Jay\defogger_reenable
2012-09-30 17:42 - 2012-09-30 17:41 - 00050477 ____A C:\Users\Jay\Downloads\Defogger.exe
2012-09-30 15:51 - 2012-09-30 15:51 - 00000906 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-09-30 15:44 - 2012-09-30 15:43 - 10524080 ____A (Malwarebytes Corporation ) C:\Users\Jay\Desktop\mbam-setup-1.65.0.1400.exe
2012-09-30 14:51 - 2012-09-30 14:50 - 00894952 ____A (Oracle Corporation) C:\Users\Jay\Downloads\jre-7u7-windows-i586-iftw(1).exe
2012-09-30 14:47 - 2012-09-30 14:47 - 00894952 ____A (Oracle Corporation) C:\Users\Jay\Downloads\jre-7u7-windows-i586-iftw.exe
2012-09-30 13:11 - 2012-09-30 13:11 - 00000846 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2012-09-30 12:45 - 2006-11-02 02:33 - 00706760 ____A C:\Windows\System32\PerfStringBackup.INI
2012-09-30 12:13 - 2012-09-30 12:13 - 00000009 ____A C:\END
2012-09-30 10:41 - 2012-09-30 10:41 - 00318904 ____A (Microsoft Corporation) C:\Users\Public\Downloads\wmpfirefoxplugin.exe
2012-09-23 11:34 - 2012-09-23 11:34 - 01562688 ____A C:\Users\Public\Downloads\StreamTorrent10Build0078.zip
2012-09-23 11:34 - 2012-09-23 11:34 - 00000914 ____A C:\Users\Jay\Desktop\StreamTorrent 1.0.lnk
2012-09-19 18:50 - 2012-09-19 18:50 - 00507325 ____A C:\Users\Public\Downloads\mediaplayer.zip
2012-09-13 05:28 - 2012-10-09 15:46 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2012-09-11 19:26 - 2006-11-02 02:22 - 40370176 ____A C:\Windows\System32\config\software_previous
2012-09-11 19:26 - 2006-11-02 02:22 - 19922944 ____A C:\Windows\System32\config\system_previous
2012-09-11 19:26 - 2006-11-02 02:22 - 00262144 ____A C:\Windows\System32\config\security_previous
2012-09-11 19:26 - 2006-11-02 02:22 - 00262144 ____A C:\Windows\System32\config\sam_previous
2012-09-11 19:19 - 2012-02-09 14:02 - 00001356 ____A C:\Users\Jay\AppData\Local\d3d9caps.dat
2012-09-11 16:31 - 2006-11-02 02:22 - 00262144 ____A C:\Windows\System32\config\default_previous
2012-09-11 15:48 - 2006-11-02 02:22 - 44302336 ____A C:\Windows\System32\config\components_previous
2012-09-07 14:04 - 2012-09-30 15:51 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-09-02 20:08 - 2011-08-30 18:21 - 00031744 ____A C:\Users\Jay\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-08-30 19:03 - 2012-08-30 19:03 - 00193552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\MpFilter.sys
2012-08-30 19:03 - 2012-03-20 17:44 - 00099272 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\NisDrvWFP.sys
2012-08-29 03:27 - 2012-10-09 15:46 - 03604352 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2012-08-29 03:27 - 2012-10-09 15:46 - 03553152 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-08-28 17:24 - 2012-07-10 19:14 - 00477168 ____A (Sun Microsystems, Inc.) C:\Windows\System32\npdeployJava1.dll
2012-08-28 17:24 - 2011-12-01 21:11 - 00473072 ____A (Sun Microsystems, Inc.) C:\Windows\System32\deployJava1.dll
2012-08-24 07:53 - 2012-10-09 15:46 - 00172544 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-08-23 23:27 - 2012-09-21 13:33 - 12319744 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-08-23 23:03 - 2012-09-21 13:33 - 09738240 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-08-23 22:59 - 2012-09-21 13:33 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-08-23 22:51 - 2012-09-21 13:33 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-08-23 22:51 - 2012-09-21 13:33 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-08-23 22:51 - 2012-09-21 13:33 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-08-23 22:49 - 2012-09-21 13:33 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-08-23 22:48 - 2012-09-21 13:33 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-08-23 22:47 - 2012-09-21 13:33 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-08-23 22:47 - 2012-09-21 13:33 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-08-23 22:47 - 2012-09-21 13:33 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-08-23 22:45 - 2012-09-21 13:33 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-08-23 22:44 - 2012-09-21 13:33 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-08-23 22:44 - 2012-09-21 13:33 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-08-23 22:43 - 2012-09-21 13:33 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-08-23 22:40 - 2012-09-21 13:33 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-08-16 16:39 - 2012-08-16 16:39 - 00000000 ____A C:\Windows\setuperr.log
2012-08-16 16:39 - 2012-08-16 16:39 - 00000000 ____A C:\Windows\setupact.log
2012-07-14 20:15 - 2012-07-14 20:15 - 00823576 ____A (Bandoo Media Inc) C:\Users\Public\Downloads\iLividSetupV1.exe


==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-10-06 15:16:07
Restore point made on: 2012-10-06 15:17:55
Restore point made on: 2012-10-06 15:51:14
Restore point made on: 2012-10-07 09:39:38
Restore point made on: 2012-10-09 15:47:21
Restore point made on: 2012-10-09 15:57:59
Restore point made on: 2012-10-09 16:12:54
Restore point made on: 2012-10-09 19:10:54
Restore point made on: 2012-10-10 19:15:54
Restore point made on: 2012-10-10 19:18:23
Restore point made on: 2012-10-11 16:18:35

==================== Memory info ===========================

Percentage of memory in use: 24%
Total physical RAM: 1533.81 MB
Available physical RAM: 1163.05 MB
Total Pagefile: 1366.67 MB
Available Pagefile: 1219.95 MB
Total Virtual: 2047.88 MB
Available Virtual: 1982.35 MB

==================== Partitions =============================

1 Drive c: () (Fixed) (Total:55.89 GB) (Free:10.22 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (LRMCFRE_EN_DVD) (CDROM) (Total:2.49 GB) (Free:0 GB) UDF
3 Drive e: (SimpleDrive) (Fixed) (Total:232.88 GB) (Free:193.07 GB) NTFS
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 56 GB 1569 KB
Disk 1 Online 233 GB 1528 KB

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 56 GB 1024 KB

=========================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 56 GB Healthy

=========================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 233 GB 32 KB

=========================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 0 E SimpleDrive NTFS Partition 233 GB Healthy

=========================================================

Last Boot: 2012-10-11 15:57

==================== End Of Log ============================

Simple drive is a portable hard drive I use instead of a flash. I hope that works ok. Dont have a flash drive. I can get one if you need me to. I think that this was just a scan so you can see if anything looks out of place, is that correct? Because of this, I didn't test the machine after the scan. I did get the don't have permission to adjust the screen settings for my ATI software as soon as I rebooted. If you need more feedback let me know. Thanks!

#15 nasdaq

nasdaq

  • Malware Response Team
  • 40,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:43 PM

Posted 12 October 2012 - 07:41 AM

I did get the don't have permission to adjust the screen settings for my ATI software as soon as I rebooted.


I suggest you disable this process

mRun: [StartCCC] c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe

and Remove this ccc.lnk from your Startup Folder.
StartupFolder: c:\users\jay\appdata\roaming\micros~1\windows\startm~1\programs\startup\ccc.lnk - c:\program files\ati technologies\ati.ace\core-static\CCC.exe

Restart the computer normally and let me know if you still get the error at startup.
===

The scan you just did has not shown any infection.

Let see what this will report.

  • Download OTL to your Desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Under the Custom Scan box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    %systemroot%\system32\drivers\*.sys /90
    %systemroot%\*. /mp /s
    c:\$recycle.bin\*.* /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    explorer.exe
    svchost.exe
    userinit.exe
    qmgr.dll
    proquota.exe
    kernel32.dll
    ndis.sys
    autochk.exe
    spoolsv.exe
    xmlprov.dll
    ntmssvc.dll
    mswsock.dll
    Beep.SYS
    ntfs.sys
    termsrv.dll
    sfcfiles.dll
    st3shark.sys
    ahcix86.sys
    srsvc.dll
    /md5stop
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.
===

Please let me know if you have any difficulties other than the Screen resolution problem with this computer.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users