Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unknown rootkit


  • This topic is locked This topic is locked
35 replies to this topic

#1 homedoc

homedoc

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:12:19 AM

Posted 08 December 2012 - 01:38 PM

Hi all,

I'm a total noob to this site. I am pretty sure I am infected due to aberrant behaindows 7 Ultimate system. The rebooting in the middle of the night happened once before. But I heard it beep in the middle of the night last night, and this AM Windows was all weird, bad graphics, only two windows open, task bar empty. Then a Windows message came up suggesting I re-install RegRun. Yeah right!

So I ran a gmer scan and the entire Security tree of the registry was highlighted in red!

So here I am in computer hell LOL. I hope you guys can help me restore the system. I am running antimalwarebytes, RegRun and KIS 2013.

Thanks, Dave

BC AdBot (Login to Remove)

 


#2 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,577 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:19 PM

Posted 09 December 2012 - 08:58 PM

Hello,Please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button.If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Please note that I am not a member of the Malware Removal Team and will not be assisting you in removing the infection. I'm simply helping you to post the information they need in order to assist you.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#3 homedoc

homedoc
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:12:19 AM

Posted 10 December 2012 - 02:30 PM

@Budapest: Many thanks for jumping in here and priming the pump. I have attached the two log files from DDS. I look forward to finding a way to swat this bug!!

Dave

Attached Files



#4 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,633 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:19 AM

Posted 13 December 2012 - 01:40 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/477822 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#5 homedoc

homedoc
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:12:19 AM

Posted 14 December 2012 - 12:34 AM

OK Helpbot, I indicated that I still need help and have attached new scan logs as requested. I described the behaviour pretty well in my first post, I think. What I have been noticing lately is that something is trying to insert a new entry in the Run Once section of the registry. RegRun blocks it, and tells me that the file that initiated the request for a new entry cannot be found and that it is probably a rootkit.

So I disallow the change, of course.

Thanks for your help,
Dave

Attached Files



#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:19 PM

Posted 15 December 2012 - 04:45 PM

Greetings Dave and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.


===================================================


Ground Rules:

  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me about it.
  • When you post your reply, do not use the Posted Image button but use the Posted Image button instead.
  • In the upper right hand corner of the topic you will see the Posted Image button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:

===================================================


Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far and I do apologize for the dealy. Please allow me some time to review the information you have provided. I will post back as soon as possible.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:19 PM

Posted 15 December 2012 - 09:22 PM

Log contents posted by Oh My


DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.9.2
Run by Dave at 0:12:04 on 2012-12-14
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.6078.4133 [GMT -5:00]
.
AV: Kaspersky Internet Security *Enabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
SP: Kaspersky Internet Security *Enabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security *Enabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k WbioSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\AEADISRV.EXE
C:\Program Files (x86)\Advanced System Optimizer 3\ASO3DefragSrv64.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
C:\Program Files (x86)\Symantec\pcAnywhere\awhost32.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files (x86)\Symantec\pcAnywhere\AWHPROBE.EXE
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\SysWOW64\nlssrv32.exe
C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Lenovo\Client Security Solution\tvttcsd.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\DRIVERS\xaudio64.exe
C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskhost.exe
C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\CleanMem\mini_monitor.exe
C:\Program Files\Greatis\RegRunSuite\watchdog.exe
C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\Windows\System32\TpShocks.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\Copernic Desktop Search - Corporate\DesktopSearchService.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files (x86)\Mobile Stream\EasyTether\easytthr.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files (x86)\MP3 Skype Recorder\MP3 Skype Recorder.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\Jabra\Jabra PC Suite\JabraDeviceService.exe
C:\Program Files (x86)\Chaos32\Chaos32.exe
C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
C:\Windows\system32\rundll32.exe
C:\Program Files (x86)\Lenovo\System Update\SUService.exe
C:\Program Files (x86)\Jabra\Jabra PC Suite\JabraSkypeDriver.exe
C:\Program Files (x86)\Jabra\Jabra PC Suite\JabraAvayaIPDriver.exe
C:\Program Files (x86)\Jabra\Jabra PC Suite\JabraSametimeV85Driver.exe
C:\Program Files (x86)\Jabra\Jabra PC Suite\JabraAvayaOneXDriver.exe
C:\Program Files (x86)\Jabra\Jabra PC Suite\JabraCiscoWebExConnectDriver.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Jabra\Jabra PC Suite\JabraSametimeDriver.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wuauclt.exe
C:\Users\Dave\Desktop\procexp64.exe
C:\totalcmd\TOTALCMD64.EXE
C:\Program Files (x86)\SRWare Iron\iron.exe
C:\Program Files (x86)\SRWare Iron\iron.exe
C:\Program Files (x86)\SRWare Iron\iron.exe
C:\Program Files (x86)\SRWare Iron\iron.exe
C:\Program Files (x86)\SRWare Iron\iron.exe
C:\Program Files (x86)\SRWare Iron\iron.exe
C:\Program Files (x86)\SRWare Iron\iron.exe
C:\Program Files (x86)\SRWare Iron\iron.exe
C:\Program Files (x86)\SRWare Iron\iron.exe
C:\Program Files (x86)\SRWare Iron\iron.exe
C:\Program Files (x86)\SRWare Iron\iron.exe
C:\Program Files (x86)\SRWare Iron\iron.exe
C:\Program Files (x86)\SRWare Iron\iron.exe
C:\Program Files (x86)\SRWare Iron\iron.exe
C:\Program Files (x86)\SRWare Iron\iron.exe
C:\Program Files (x86)\SRWare Iron\iron.exe
C:\Program Files (x86)\SRWare Iron\iron.exe
C:\Program Files (x86)\SRWare Iron\iron.exe
C:\Program Files (x86)\SRWare Iron\iron.exe
C:\Program Files (x86)\SRWare Iron\iron.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\klwtblfs.exe
C:\Program Files (x86)\SRWare Iron\iron.exe
C:\Program Files (x86)\SRWare Iron\iron.exe
C:\Program Files (x86)\SRWare Iron\iron.exe
C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\Foxit PhantomPDF.exe
C:\Program Files (x86)\SRWare Iron\iron.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 9\SnagitBHO.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
BHO: dtSearch PDF Search Highlighter BHO: {5B51B86E-6A75-451B-9F35-C2403FC7CF00} - C:\Program Files (x86)\dtSearch\Plugins\dtswebhits_bho.dll
BHO: Do Not Track Plus: {6E45F3E8-2683-4824-A6BE-08108022FB36} - C:\Program Files (x86)\DoNotTrackPlus\IE\DNTPAddon.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: IePasswordManagerHelper Class: {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files (x86)\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
BHO: SpeedBit Link Verification Helper: {D5974A72-C81C-4DC3-BE77-A8A7BBC8864E} - C:\Program Files (x86)\DAP\LinkVerifier.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Snagit: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 9\SnagitIEAddin.dll
uRun: [Copernic Desktop Search - Corporate] "C:\Program Files (x86)\Copernic Desktop Search - Corporate\DesktopSearchService.exe" /tray
uRun: [EasyTether] "C:\Program Files (x86)\Mobile Stream\EasyTether\easytthr.exe"
uRun: [MP3 Skype Recorder] C:\Program Files (x86)\MP3 Skype Recorder\MP3 Skype Recorder.exe
uRun: [NetMeter] C:\Program Files (x86)\HooTech Net Meter\HooNetMeter.exe
uRun: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
uRun: [thebat_startup] C:\Program Files (x86)\The Bat!\thebat.exe /minimize
uRun: [Total Commander Extended x64] C:\totalcmd\Totalcmd64.exe
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
mRun: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [bdinstaller] "C:\Program Files\Common Files\Bitdefender\SetupInformation\downloader\setuplauncher.exe" /run:"C:\Program Files\Common Files\Bitdefender\SetupInformation\downloader\setupdownloader.exe" /args:"/after_restart"
mRun: [RegRun WinBait] C:\Windows\winbait.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun: [@RegRunOnSecure] C:\PROGRA~1\Greatis\REGRUN~1\OnSecure.exe
mRun: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe"
StartupFolder: C:\Users\Dave\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\CHAOS3~1.LNK - C:\Program Files (x86)\Chaos32\Chaos32.exe
StartupFolder: C:\Users\Dave\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\GLINTE~1.LNK - C:\Program Files (x86)\glint.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\JABRAD~1.LNK - C:\Program Files (x86)\Jabra\Jabra PC Suite\JabraDeviceService.exe
uPolicies-Explorer: MaxRecentDocs = dword:100
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDriveAutoRun- = dword:0
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDriveTypeAutoRun- = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveAutoRun- = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:253
mPolicies-Explorer: NoDriveTypeAutoRun- = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: DisableCAD = dword:1
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: &Clean Traces - C:\ProgramData\SpeedBit\DAP\Plugins\3806D774-DD78-41be-BC1E-52766C50A70F\1.0.0.6_0\dapcleanerie.htm
IE: &Download with &DAP - C:\Program Files (x86)\DAP\dapextie.htm
IE: &Verify with DAP - C:\Program Files (x86)\DAP\dapverify.htm
IE: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Download &all with DAP - C:\Program Files (x86)\DAP\dapextie2.htm
IE: Download with Xilisoft YouTube Video Converter - C:\Program Files (x86)\Xilisoft\YouTube Video Converter\upod_link.HTM
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Закачать ВСЕ при помощи Download Master - <no file>
IE: Закачать при помощи Download Master - <no file>
IE: Передать на удаленную закачку DM - <no file>
IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {6E45F3E8-2683-4824-A6BE-08108022FB36} - {23249465-AA46-4DED-BD4B-8EFB20F968FE} - C:\Program Files (x86)\DoNotTrackPlus\IE\DNTPAddon.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll
IE: {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files (x86)\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{58F481CA-A708-438A-BDE9-7E833235AEC1} : DHCPNameServer = 8.8.8.8 8.8.4.4
TCP: Interfaces\{8B7D19BF-9F1F-45B2-956D-E8F196D27834} : DHCPNameServer = 192.168.2.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - LocalServer32 - <no file>
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
SEH: ShellObj Class - {F552DDE6-2090-4bf4-B924-6141E87789A5} - C:\Program Files\Greatis\RegRunSuite\RRShell.dll
LSA: Notification Packages = scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
x64-mStart Page = about:blank
x64-BHO: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 9\DLLx64\SnagitBHO64.dll
x64-BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll
x64-TB: Snagit: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 9\DLLx64\SnagitIEAddin64.dll
x64-Run: [AcWin7Hlpr] C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent
x64-Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet
x64-Run: [PSQLLauncher] "C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe" /startup
x64-Run: [TpShocks] TpShocks.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 DzHDD64;DzHDD64;C:\Windows\System32\drivers\DZHDD64.SYS [2012-6-24 29512]
R0 TPDIGIMN;TPDIGIMN;C:\Windows\System32\drivers\ApsHM64.sys [2011-12-28 25416]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2012-8-2 28504]
R1 kltdi;kltdi;C:\Windows\System32\drivers\kltdi.sys [2012-6-8 54104]
R1 kneps;kneps;C:\Windows\System32\drivers\kneps.sys [2012-8-13 178008]
R1 lenovo.smi;Lenovo System Interface Driver;C:\Windows\System32\drivers\smiifx64.sys [2012-6-24 15472]
R2 ASO3DiskOptimizer;ASO3DiskOptimizer;C:\Program Files (x86)\Advanced System Optimizer 3\ASO3DefragSrv64.exe [2012-12-6 263520]
R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [2012-8-17 356376]
R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe [2012-6-24 133992]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-10-18 399432]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-10-18 676936]
R2 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\SysWOW64\nlssrv32.exe [2012-9-4 66560]
R2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [2009-7-19 4908576]
R2 smihlp;SMI Helper Driver (smihlp);C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [2011-5-30 13128]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-5-31 382312]
R2 TPHKLOAD;Lenovo Hotkey Client Loader;C:\Program Files\Lenovo\HOTKEY\tphkload.exe [2012-6-24 145256]
R2 TPHKSVC;On Screen Display;C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe [2012-6-24 142696]
R3 CAXHWAZL;CAXHWAZL;C:\Windows\System32\drivers\CAXHWAZL.sys [2006-12-21 300032]
R3 debutfilter;Debut Filter Driver v6.10.01;C:\Windows\System32\drivers\debutfilterx64.sys [2012-12-5 32024]
R3 easytether;easytether;C:\Windows\System32\drivers\easytthr.sys [2012-9-16 20784]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;C:\Windows\System32\drivers\klkbdflt.sys [2012-5-25 29016]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2012-7-25 29528]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-9-1 25928]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2012-8-25 202632]
S2 BootlogService;BootlogService;C:\Program Files\Greatis\RegRunSuite\BootLogService.exe [2012-9-2 65296]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;C:\Program Files\Lenovo\HOTKEY\micmute.exe [2012-6-24 101736]
S2 NetMeterService;Net Meter Service;C:\Program Files (x86)\HooTech Net Meter\NetMeterService.exe [2012-6-28 192512]
S2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-11-22 3290304]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\System32\drivers\ssadadb.sys [2011-5-13 36328]
S3 DKRtWrt;DKRtWrt;C:\Windows\System32\drivers\DKRtWrt.sys [2012-8-30 44624]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]
S3 DozeSvc;Lenovo Doze Mode Service;C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2012-6-24 320576]
S3 Power Manager DBC Service;Power Manager DBC Service;C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe [2012-6-24 1662560]
S3 PwmEWSvc;Cisco EnergyWise Enabler;C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.exe [2012-6-24 1665120]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-20 20992]
S3 Revoflt;Revoflt;C:\Windows\System32\drivers\revoflt.sys [2012-10-24 31800]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\System32\drivers\ssadbus.sys [2011-5-13 157672]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\System32\drivers\ssadmdfl.sys [2011-5-13 16872]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\System32\drivers\ssadmdm.sys [2011-5-13 177640]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\System32\drivers\Synth3dVsc.sys [2011-4-12 88960]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2011-4-12 34816]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 tsusbhub;tsusbhub;C:\Windows\System32\drivers\tsusbhub.sys [2011-4-12 117248]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-6-24 1255736]
.
=============== File Associations ===============
.
ShellExec: SnagItEditor.exe: open="C:\PROGRA~2\TECHSM~1\SNAGIT~1\SNAGIT~1.EXE" "%1"
.
=============== Created Last 30 ================
.
2012-12-14 05:12:17 -------- d-sh--w- C:\$RECYCLE.BIN
2012-12-14 02:02:02 -------- d-----w- C:\bleepcomp
2012-12-13 18:04:41 -------- d-----w- C:\Program Files\DAPx64
2012-12-11 13:20:21 9125352 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D1139F55-C85E-4F90-8EE3-2E36D35F654D}\mpengine.dll
2012-12-11 10:23:09 -------- d-----w- C:\Program Files\PhotoZoom Pro 5
2012-12-11 00:37:00 -------- d-----w- C:\Users\Dave\AppData\Roaming\HDRsoft
2012-12-11 00:37:00 -------- d-----w- C:\Program Files\PhotomatixPro4
2012-12-08 16:52:25 98816 ----a-w- C:\Windows\sed.exe
2012-12-08 16:52:25 256000 ----a-w- C:\Windows\PEV.exe
2012-12-08 16:52:25 208896 ----a-w- C:\Windows\MBR.exe
2012-12-07 19:42:19 2475352 ----a-w- C:\Windows\System32\D3DX9_42.dll
2012-12-07 19:42:19 1892184 ----a-w- C:\Windows\SysWow64\D3DX9_42.dll
2012-12-06 20:11:18 18784 ----a-w- C:\Windows\System32\roboot64.exe
2012-12-06 20:11:17 16896 ----a-w- C:\Windows\System32\sasnative64.exe
2012-12-06 20:11:06 -------- d-----w- C:\Program Files (x86)\Advanced System Optimizer 3
2012-12-06 20:01:41 -------- d-----w- C:\Program Files\Registrar Registry Manager (64-bit)
2012-12-06 20:01:28 -------- d-----w- C:\Users\Dave\AppData\Local\Programs
2012-12-06 03:39:17 32024 ----a-w- C:\Windows\System32\drivers\debutfilterx64.sys
2012-12-06 03:39:17 -------- d-----w- C:\Program Files (x86)\NCH Software
2012-12-06 03:39:11 -------- d-----w- C:\Users\Dave\AppData\Roaming\NCH Software
2012-12-05 19:01:50 2712200 ----a-w- C:\Program Files (x86)\procexp.exe
2012-12-05 18:42:42 -------- d-----w- C:\Program Files (x86)\R-Studio
2012-12-05 18:16:08 -------- d-----w- C:\Users\Dave\AppData\Roaming\R-TT
2012-11-30 05:28:55 902656 ----a-w- C:\Windows\System32\d2d1.dll
2012-11-30 05:28:55 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2012-11-30 05:28:55 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-11-30 05:28:55 1139200 ----a-w- C:\Windows\System32\FntCache.dll
2012-11-30 05:28:55 1076736 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-11-30 02:06:16 77312 ----a-w- C:\Windows\System32\packager.dll
2012-11-30 02:06:16 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2012-11-30 02:04:00 142336 ----a-w- C:\Windows\System32\poqexec.exe
2012-11-30 02:04:00 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe
2012-11-30 01:59:04 9125352 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2012-11-30 01:35:59 64856 ----a-w- C:\Windows\System32\klfphc.dll
2012-11-30 01:35:23 -------- d-----w- C:\Windows\ELAMBKUP
2012-11-30 01:35:18 -------- d-----w- C:\ProgramData\Kaspersky Lab
2012-11-30 01:35:18 -------- d-----w- C:\Program Files (x86)\Kaspersky Lab
2012-11-30 01:34:55 89432 ----a-w- C:\Windows\System32\drivers\klflt.sys
2012-11-30 01:04:16 -------- d-----w- C:\Windows\Panther
2012-11-30 00:49:33 -------- d-----w- C:\$WINDOWS.~Q
2012-11-30 00:39:07 -------- d-----w- C:\$INPLACE.~TR
2012-11-30 00:13:47 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-11-30 00:13:38 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-11-30 00:13:22 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-11-30 00:13:22 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-11-29 22:09:48 -------- d-----w- C:\Program Files\Protector Suite
2012-11-29 22:09:35 -------- d-----w- C:\Program Files\Synaptics
2012-11-29 22:09:21 890216 ----a-w- C:\Windows\System32\nvvsvc.exe
2012-11-29 22:09:21 851816 ----a-w- C:\Windows\System32\nv3dappshext.dll
2012-11-29 22:09:21 63336 ----a-w- C:\Windows\System32\nvshext.dll
2012-11-29 22:09:21 6105960 ----a-w- C:\Windows\System32\nvcpl.dll
2012-11-29 22:09:21 55656 ----a-w- C:\Windows\System32\nv3dappshextr.dll
2012-11-29 22:09:21 3106152 ----a-w- C:\Windows\System32\nvsvc64.dll
2012-11-29 22:09:21 2561896 ----a-w- C:\Windows\System32\nvsvcr.dll
2012-11-29 22:09:21 118120 ----a-w- C:\Windows\System32\nvmctray.dll
2012-11-29 22:09:20 427880 ----a-w- C:\Windows\SysWow64\oemdspif.dll
2012-11-29 22:08:53 -------- d-----w- C:\ProgramData\NVIDIA Corporation
2012-11-29 22:08:46 -------- d-----w- C:\Program Files\NVIDIA Corporation
2012-11-29 22:08:27 -------- d-----w- C:\Program Files\CONEXANT
2012-11-29 22:07:14 -------- d-----w- C:\Program Files (x86)\Analog Devices
2012-11-26 20:18:53 -------- d-----w- C:\Windows\SysWow64\Adobe
2012-11-23 22:30:02 9728 ------w- C:\Windows\System32\Wdfres.dll
2012-11-23 19:26:33 2312704 ------w- C:\Windows\System32\jscript9.dll
2012-11-23 19:26:33 1346048 ------w- C:\Windows\System32\urlmon(128).dll
2012-11-23 19:26:33 1103872 ------w- C:\Windows\SysWow64\urlmon(134).dll
2012-11-23 19:26:32 1392128 ------w- C:\Windows\System32\wininet(130).dll
2012-11-23 19:26:32 1129472 ------w- C:\Windows\SysWow64\wininet(135).dll
2012-11-23 19:26:31 1800704 ------w- C:\Windows\SysWow64\jscript9.dll
2012-11-23 19:26:30 2144768 ------w- C:\Windows\System32\iertutil(124).dll
2012-11-23 19:26:30 1793024 ------w- C:\Windows\SysWow64\iertutil(133).dll
.
==================== Find3M ====================
.
2012-12-06 20:32:38 1652 ----a-w- C:\Windows\System32\ASOROSet.bin
2012-11-30 02:02:15 54104 ----a-w- C:\Windows\System32\drivers\kltdi.sys
2012-11-30 02:02:15 29528 ----a-w- C:\Windows\System32\drivers\klmouflt.sys
2012-11-30 02:02:15 29016 ----a-w- C:\Windows\System32\drivers\klkbdflt.sys
2012-11-07 19:56:46 158805 ----a-w- C:\Windows\01 Transaction Pro Importer 5.0 Uninstaller.exe
2012-10-25 13:09:28 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-25 13:09:28 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-10-23 15:09:06 332288 ----a-w- C:\Windows\System32\uxtheme.new
2012-10-18 20:33:12 0 ----a-w- C:\Windows\SysWow64\REN3C89.tmp
2012-10-18 20:33:12 0 ----a-w- C:\Windows\SysWow64\REN3C88.tmp
2012-10-09 18:47:17 31 ----a-w- C:\Users\Dave\AERO.bat
2012-09-29 23:54:26 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-09-26 22:18:41 39184 ----a-w- C:\Windows\SysWow64\Partizan.exe
2012-09-25 03:16:33 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-20 22:27:57 61440 ----a-w- C:\Windows\SysWow64\CleanMem.exe
2012-09-16 19:02:36 5513216 ----a-w- C:\Windows\SysWow64\CoreObjX62.dll
2012-09-10 13:16:28 649864 ----a-w- C:\Program Files (x86)\autoruns.exe
2012-09-10 13:16:28 567944 ----a-w- C:\Program Files (x86)\autorunsc.exe
2010-05-05 04:50:00 434176 ----a-w- C:\Program Files (x86)\glint.exe
.
============= FINISH: 0:13:10.38 ===============



.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 11/29/2012 7:14:15 PM
System Uptime: 12/13/2012 8:38:38 PM (4 hours ago)
.
Motherboard: LENOVO | | 6459CTO
Processor: Intel® Core™2 Duo CPU T7500 @ 2.20GHz | None | 2201/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 458 GiB total, 101.308 GiB free.
D: is FIXED (FAT) - 1 GiB total, 0.726 GiB free.
E: is FIXED (NTFS) - 455 GiB total, 213.296 GiB free.
F: is FIXED (FAT) - 2 GiB total, 0.943 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Base System Device
Device ID: PCI\VEN_1180&DEV_0592&SUBSYS_20CA17AA&REV_11\4&DED4CEB&0&04F0
Manufacturer:
Name: Base System Device
PNP Device ID: PCI\VEN_1180&DEV_0592&SUBSYS_20CA17AA&REV_11\4&DED4CEB&0&04F0
Service:
.
Class GUID:
Description: Base System Device
Device ID: PCI\VEN_1180&DEV_0843&SUBSYS_20C917AA&REV_11\4&DED4CEB&0&03F0
Manufacturer:
Name: Base System Device
PNP Device ID: PCI\VEN_1180&DEV_0843&SUBSYS_20C917AA&REV_11\4&DED4CEB&0&03F0
Service:
.
==== System Restore Points ===================
.
RP37: 12/8/2012 1:41:44 PM - checking update
RP38: 12/11/2012 8:10:15 AM - Windows Update
RP39: 12/13/2012 11:26:13 AM - Windows Update
RP40: 12/13/2012 12:37:16 PM - Device Driver Package Install: Mobile Stream
.
==== Installed Programs ======================
.
'PTC Places' Namespace Shell Extension
Acronis Disk Director 11 Advanced Agent
Adobe Acrobat X Pro - English, Franзais, Deutsch
Adobe AIR
Adobe Download Assistant
Adobe Flash Player 11 Plugin
Adobe Photoshop Lightroom 4.1 64-bit
Adobe Presenter 7
Adobe Reader X (10.1.4)
Adobe Shockwave Player 11.6
Advanced System Optimizer
Auslogics BoostSpeed
BenVista PhotoZoom Pro 5.0.2
CanoScan Toolbox Ver4.6
Casino Riva
CleanMem
Client Security - Password Manager
COMSOL 4.2a
Copernic Desktop Search - Corporate
Corel DESIGNER Technical Suite X5
Corel DESIGNER Technical Suite X5 - EN
Corel DESIGNER Technical Suite X5 - IPM
Corel DESIGNER Technical Suite X5 - Setup Files
Corel Graphics - Windows Shell Extension
Corel Graphics - Windows Shell Extension 64 Bit
CorelDRAW Graphics Suite X5 - Capture
CorelDRAW Graphics Suite X5 - Common
CorelDRAW Graphics Suite X5 - Connect
CorelDRAW Graphics Suite X5 - Custom Data
CorelDRAW Graphics Suite X5 - Designer
CorelDRAW Graphics Suite X5 - Draw
CorelDRAW Graphics Suite X5 - EN
CorelDRAW Graphics Suite X5 - Filters
CorelDRAW Graphics Suite X5 - FontNav
CorelDRAW Graphics Suite X5 - PHOTO-PAINT
CorelDRAW Graphics Suite X5 - Photozoom Plugin
CorelDRAW Graphics Suite X5 - Redist
CorelDRAW Graphics Suite X5 - VBA
CorelDRAW Graphics Suite X5 - VideoBrowser
CorelDRAW Graphics Suite X5 - VSTA
CorelDRAW Graphics Suite X5 - WT
DAP Plug-in for 64 Bit IE
Debut Video Capture Software
Deep Exploration 6 CE
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Diskeeper 2011
Do Not Track Plus Add-on 2.2.0.514
Download Accelerator Plus (DAP)
dtSearch Developer
dtSearch PDF Search Highlighter
DxO Optics Pro 7
DxO Optics Pro 8
Dynamic Auto-Painter x64 PRO version 3.1
EasyTether
Foxit PhantomPDF
Foxit Reader
Ghostscript GPL 8.64 (Msi Setup)
HDR Efex Pro 2
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)
IDA Pro Demo v5.5
Intel PROSet Wireless
Intel® PROSet/Wireless WiFi Software
Intuit Entitlement Client
Jabra PC Suite 2.8.1972
Java 7 Update 9
Java Auto Updater
Java™ 6 Update 32
Java™ 7 Update 5 (64-bit)
JavaFX 2.1.1
Jing
Kaspersky Internet Security 2013
Lenovo Auto Scroll Utility
Lenovo Patch Utility
Lenovo Patch Utility 64 bit
Lenovo System Interface Driver
LockHunter 2.0 beta 2, 64 bit
Magic ISO Maker v5.5 (build 0273)
Malwarebytes Anti-Malware version 1.65.1.1000
Mathcad 15 M010
Micro Logic Info Select 8
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Camera Codec Pack
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Save as PDF Add-in for 2007 Microsoft Office programs
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual Studio Tools for Applications 2.0 - ENU
Microsoft Visual Studio Tools for Applications 2.0 Runtime
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
Moonlight21 - Skype Redial Plugin version 1.3
MP3 Skype Recorder
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MuseScore 1.2 MuseScore score typesetter
Net Meter v3.6 build 437
NVIDIA 3D Vision Driver 296.88
NVIDIA Control Panel 296.88
NVIDIA Graphics Driver 296.88
NVIDIA Install Application
NVIDIA nView 136.28
NVIDIA Performance Drivers
NVIDIA Stereoscopic 3D Driver
On Screen Display
PDF Settings CS6
PDFCreator
Photo Mechanic 5
Photomatix Pro version 4.2
Picasa 3
Power Manager
ProFile
PVSonyDll
R-Studio 6.1
Raw Therapee V4.0.9.15 x64
REFPROP
Registrar Registry Manager 7.51
RegRun Security Suite Platinum
Rescue and Recovery
Revo Uninstaller Pro 2.5.9
Rosetta Stone Version 3
Roulette Bot Plus
Sandboxie 3.74 (64-bit)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687436) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553260) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589322) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2553488) 32-Bit Edition
SkyMonk 2
Skype Click to Call
Skype™ 6.0
SleepyHead version 0.9.1 beta
Snagit 9.1.2
Softany CHM to PDF converter 2.6
SoundMAX
SRWare Iron version SRWare Iron 22.0.1250.0
SupportSoft Assisted Service
swMSM
Symantec pcAnywhere
System Migration Assistant
System Update
The Bat! Professional v5.0.20
ThinkPad FullScreen Magnifier
ThinkPad Modem
ThinkPad Power Management Driver
ThinkPad UltraNav Driver
ThinkPad UltraNav Utility
ThinkVantage Access Connections
ThinkVantage Active Protection System
ThinkVantage Fingerprint Software
Time and Chaos
Total Commander (Remove or Repair)
Total Commander 64-bit (Remove or Repair)
Total Commander Extended
Total Uninstall 5.9.1
UltraEdit
UltraISO Premium V9.53
Unlocker 1.9.1-x64
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
Usenet.nl
VirtualCloneDrive
Visual Basic for Applications ® Core
Visual Basic for Applications ® Core - English
VLC media player 2.0.3
WIDCOMM Bluetooth Software
Windows 7 Upgrade Advisor
Windows Driver Package - Broadcom Bluetooth (05/30/2009 6.2.0.9001)
Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
Windows XP Mode
WinRAR 4.20 (64-bit)
Xilisoft YouTube Video Converter
.
==== Event Viewer Messages From Past Week ========
.
12/8/2012 8:40:36 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR2.
12/8/2012 2:50:33 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer D4E8087C71C348C that believes that it is the master browser for the domain on transport NetBT_Tcpip_{8B7D19BF-9F1F-45B2-956D-E8F196D27834}. The master browser is stopping or an election is being forced.
12/8/2012 12:22:00 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
12/8/2012 12:09:38 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
12/8/2012 12:02:15 PM, Error: Application Popup [1060] - \??\C:\bleepcomp\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
12/8/2012 11:52:29 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
12/8/2012 11:48:43 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
12/8/2012 11:48:43 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
12/8/2012 11:46:36 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
12/8/2012 11:46:35 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
12/8/2012 11:46:28 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
12/8/2012 11:46:17 AM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\IWMSSvc.dll Error Code: 21
12/8/2012 11:46:14 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
12/8/2012 11:45:59 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom discache ElbyCDIO KLIF kneps lenovo.smi spldr TPPWRIF Wanarpv6
12/8/2012 11:27:58 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
12/8/2012 11:27:50 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
12/8/2012 11:27:50 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
12/8/2012 11:26:11 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD cdrom CSC DfsC discache ElbyCDIO KLIF KLIM6 kltdi kneps lenovo.smi NetBIOS NetBT nsiproxy Psched rdbss spldr tdx TPPWRIF Wanarpv6 WfpLwf
12/8/2012 11:26:11 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
12/8/2012 11:26:11 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
12/8/2012 11:26:11 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
12/8/2012 11:26:11 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
12/8/2012 11:26:11 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
12/8/2012 11:26:11 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
12/8/2012 11:26:11 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
12/8/2012 11:26:11 AM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
12/8/2012 11:26:11 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
12/8/2012 11:26:11 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/8/2012 11:26:11 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
12/8/2012 1:21:14 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
12/7/2012 11:58:22 AM, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10.
12/13/2012 8:58:00 PM, Error: Service Control Manager [7034] - The Skype C2C Service service terminated unexpectedly. It has done this 1 time(s).
12/13/2012 8:42:49 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the ThinkVantage Registry Monitor Service service to connect.
12/13/2012 8:42:05 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Diskeeper service to connect.
12/13/2012 8:42:05 PM, Error: Service Control Manager [7000] - The Diskeeper service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/13/2012 8:39:14 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom
12/13/2012 7:50:38 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the TVT Backup Service service to connect.
12/13/2012 12:22:39 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.
12/13/2012 12:22:39 PM, Error: Service Control Manager [7000] - The Windows Media Player Network Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/13/2012 11:26:50 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Update for Windows 7 for x64-based Systems (KB2739159).
12/13/2012 11:26:50 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Update for Windows 7 for x64-based Systems (KB2563227).
12/13/2012 11:26:50 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Security Update for Windows 7 for x64-based Systems (KB2658846).
12/13/2012 11:26:50 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Security Update for Windows 7 for x64-based Systems (KB2560656).
12/13/2012 11:26:50 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2656356).
12/13/2012 11:26:49 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Update for Windows 7 for x64-based Systems (KB2763523).
12/13/2012 11:26:49 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Update for Windows 7 for x64-based Systems (KB2718704).
12/13/2012 11:26:49 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Update for Windows 7 for x64-based Systems (KB2552343).
12/13/2012 11:26:49 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Update for Windows 7 for x64-based Systems (KB2515325).
12/13/2012 11:26:49 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Security Update for Windows 7 for x64-based Systems (KB2620704).
12/13/2012 11:26:49 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Security Update for Windows 7 for x64-based Systems (KB2479943).
12/13/2012 11:26:48 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Update for Windows 7 for x64-based Systems (KB2640148).
12/13/2012 11:26:48 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Update for Windows 7 for x64-based Systems (KB2547666).
12/13/2012 11:26:48 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Security Update for Windows 7 for x64-based Systems (KB2631813).
12/13/2012 11:26:48 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Security Update for Windows 7 for x64-based Systems (KB2585542).
12/13/2012 11:26:48 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Security Update for Windows 7 for x64-based Systems (KB2536276).
12/13/2012 11:26:47 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Update for Windows 7 for x64-based Systems (KB2660075).
12/13/2012 11:26:47 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Update for Windows 7 for x64-based Systems (KB2511250).
12/13/2012 11:26:47 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Security Update for Windows 7 for x64-based Systems (KB2719985).
12/13/2012 11:26:47 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Security Update for Windows 7 for x64-based Systems (KB2620712).
12/13/2012 11:26:47 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Security Update for Windows 7 for x64-based Systems (KB2570947).
12/13/2012 11:26:47 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Cumulative Security Update for ActiveX Killbits for Windows 7 for x64-based Systems (KB2618451).
12/13/2012 11:26:46 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Update for Kernel-Mode Driver Framework version 1.11 for Windows 7 for x64-based Systems (KB2685811).
12/13/2012 11:26:45 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Update for Windows 7 for x64-based Systems (KB2719857).
12/13/2012 11:26:45 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Update for Windows 7 for x64-based Systems (KB2545698).
12/13/2012 11:26:45 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Update for Windows 7 for x64-based Systems (KB2522422).
12/13/2012 11:26:45 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Security Update for Windows 7 for x64-based Systems (KB2724197).
12/13/2012 11:26:45 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Security Update for Windows 7 for x64-based Systems (KB2691442).
12/13/2012 11:26:45 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Security Update for Windows 7 for x64-based Systems (KB2676562).
12/13/2012 11:26:45 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Security Update for Windows 7 for x64-based Systems (KB2506212).
12/13/2012 11:26:44 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Update Rollup for ActiveX Killbits for Windows 7 for x64-based Systems (KB2736233).
12/13/2012 11:26:44 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Update for Windows 7 for x64-based Systems (KB2750841).
12/13/2012 11:26:44 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Update for Windows 7 for x64-based Systems (KB2741355).
12/13/2012 11:26:44 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Update for Windows 7 for x64-based Systems (KB2735855).
12/13/2012 11:26:44 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Update for Windows 7 for x64-based Systems (KB2603229).
12/13/2012 11:26:44 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Update for Windows 7 for x64-based Systems (KB2484033).
12/13/2012 11:26:44 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Security Update for Windows 7 for x64-based Systems (KB2667402).
12/13/2012 11:26:44 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Security Update for Windows 7 for x64-based Systems (KB2655992).
12/13/2012 11:26:43 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Update for Windows 7 for x64-based Systems (KB971033).
12/13/2012 11:26:43 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Update for Windows 7 for x64-based Systems (KB2749655).
12/13/2012 11:26:43 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Update for Windows 7 for x64-based Systems (KB2732059).
12/13/2012 11:26:43 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Update for Windows 7 for x64-based Systems (KB2709630).
12/13/2012 11:26:43 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Update for Windows 7 for x64-based Systems (KB2541014).
12/13/2012 11:26:43 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Security Update for Windows 7 for x64-based Systems (KB2509553).
12/13/2012 11:26:43 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2686831).
12/13/2012 11:26:42 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Update for Windows 7 for x64-based Systems (KB2488113).
12/13/2012 11:26:42 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2604115).
12/13/2012 11:26:41 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Security Update for Windows 7 for x64-based Systems (KB2685939).
12/13/2012 11:26:41 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Security Update for Windows 7 for x64-based Systems (KB2579686).
12/13/2012 11:26:41 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Security Update for Windows 7 for x64-based Systems (KB2536275).
12/13/2012 11:26:40 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Update for User-Mode Driver Framework version 1.11 for Windows 7 for x64-based Systems (KB2685813).
12/13/2012 11:26:40 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Security Update for Windows 7 for x64-based Systems (KB2743555).
12/13/2012 11:26:40 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Security Update for Windows 7 for x64-based Systems (KB2690533).
12/13/2012 11:26:40 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Security Update for Windows 7 for x64-based Systems (KB2645640).
12/13/2012 11:26:40 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2729452).
12/13/2012 11:26:39 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Update for Windows 7 for x64-based Systems (KB2699779).
12/13/2012 11:26:39 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Update for Windows 7 for x64-based Systems (KB2506014).
12/13/2012 11:26:39 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Security Update for Windows 7 for x64-based Systems (KB2727528).
12/13/2012 11:26:39 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Security Update for Windows 7 for x64-based Systems (KB2706045).
12/13/2012 11:26:39 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Security Update for Windows 7 for x64-based Systems (KB2621440).
12/13/2012 11:26:38 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Update for Windows 7 for x64-based Systems (KB2762895).
12/13/2012 11:26:38 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Update for Windows 7 for x64-based Systems (KB2761217).
12/13/2012 11:26:38 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Update for Internet Explorer 8 Compatibility View List for Windows 7 for x64-based Systems (KB2598845).
12/13/2012 11:26:38 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Security Update for Windows 7 for x64-based Systems (KB2659262).
12/13/2012 11:26:38 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Security Update for Windows 7 for x64-based Systems (KB2532531).
12/13/2012 11:26:37 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Update for Windows 7 for x64-based Systems (KB2732500).
12/13/2012 11:26:37 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Update for Windows 7 for x64-based Systems (KB2506928).
12/13/2012 11:26:37 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Security Update for Windows 7 for x64-based Systems (KB2705219).
12/13/2012 11:26:37 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Security Update for Windows 7 for x64-based Systems (KB2653956).
12/13/2012 11:26:36 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Security Update for Windows 7 for x64-based Systems (KB2654428).
12/13/2012 11:26:36 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Security Update for Windows 7 for x64-based Systems (KB2544893).
12/13/2012 11:26:36 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Security Update for Windows 7 for x64-based Systems (KB2491683).
12/13/2012 11:26:36 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2656411).
12/13/2012 11:26:35 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Update for Windows 7 for x64-based Systems (KB2729094).
12/13/2012 11:26:35 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2656373).
12/13/2012 11:26:34 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Security Update for Windows 7 for x64-based Systems (KB2712808).
12/13/2012 11:26:34 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Security Update for Windows 7 for x64-based Systems (KB2619339).
12/13/2012 11:26:34 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Security Update for Windows 7 for x64-based Systems (KB2564958).
12/13/2012 11:26:34 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Security Update for Windows 7 for x64-based Systems (KB2511455).
12/13/2012 11:26:33 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Security Update for Windows 7 for x64-based Systems (KB2698365).
12/13/2012 11:26:33 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Security Update for Windows 7 for x64-based Systems (KB2688338).
12/13/2012 11:26:33 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Security Update for Windows 7 for x64-based Systems (KB2660649).
12/13/2012 11:26:33 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Security Update for Windows 7 for x64-based Systems (KB2644615).
12/13/2012 11:26:32 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Update for Windows 7 for x64-based Systems (KB2661254).
12/13/2012 11:26:32 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Update for Windows 7 for x64-based Systems (KB2647753).
12/13/2012 10:14:50 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
12/12/2012 5:39:06 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AcSvc service.
.
==== End Of File ===========================



`ComboFix 12-12-13.02 - Dave 12/13/2012 21:03:49.3.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.6078.4265 [GMT -5:00]
Running from: c:\!!win2kdownloads\bleepcomp.exe
AV: Kaspersky Internet Security *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
FW: Kaspersky Internet Security *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
SP: Kaspersky Internet Security *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-11-14 to 2012-12-14 )))))))))))))))))))))))))))))))
.
.
2012-12-14 03:14 . 2012-12-14 03:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-13 18:04 . 2012-12-13 18:05 -------- d-----w- c:\program files\DAPx64
2012-12-11 13:20 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D1139F55-C85E-4F90-8EE3-2E36D35F654D}\mpengine.dll
2012-12-11 10:23 . 2012-12-11 10:36 -------- d-----w- c:\program files\PhotoZoom Pro 5
2012-12-11 00:37 . 2012-12-11 06:27 -------- d-----w- c:\program files\PhotomatixPro4
2012-12-07 19:42 . 2009-09-04 22:29 1892184 ----a-w- c:\windows\SysWow64\D3DX9_42.dll
2012-12-07 19:42 . 2009-09-04 22:29 2475352 ----a-w- c:\windows\system32\D3DX9_42.dll
2012-12-06 20:11 . 2012-06-11 23:17 18784 ----a-w- c:\windows\system32\roboot64.exe
2012-12-06 20:11 . 2008-11-21 05:08 16896 ----a-w- c:\windows\system32\sasnative64.exe
2012-12-06 20:11 . 2012-12-07 00:17 -------- d-----w- c:\program files (x86)\Advanced System Optimizer 3
2012-12-06 20:01 . 2012-12-07 00:17 -------- d-----w- c:\program files\Registrar Registry Manager (64-bit)
2012-12-06 03:39 . 2012-12-06 03:39 -------- d-----w- c:\programdata\NCH Software
2012-12-06 03:39 . 2012-12-06 03:39 -------- d-----w- c:\program files (x86)\NCH Software
2012-12-06 03:39 . 2012-12-06 03:39 32024 ----a-w- c:\windows\system32\drivers\debutfilterx64.sys
2012-12-05 19:01 . 2012-10-02 19:03 2712200 ----a-w- c:\program files (x86)\procexp.exe
2012-12-05 18:42 . 2012-12-05 18:42 -------- d-----w- c:\program files (x86)\R-Studio
2012-12-03 18:45 . 2012-12-03 18:45 -------- d-----w- c:\programdata\McAfee
2012-11-30 05:28 . 2011-02-19 12:05 1139200 ----a-w- c:\windows\system32\FntCache.dll
2012-11-30 05:28 . 2011-02-19 12:04 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-11-30 05:28 . 2011-02-19 12:04 902656 ----a-w- c:\windows\system32\d2d1.dll
2012-11-30 05:28 . 2011-02-19 06:30 1076736 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-11-30 05:28 . 2011-02-19 06:30 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2012-11-30 02:47 . 2012-10-30 02:04 66395536 ----a-w- c:\windows\system32\MRT.exe
2012-11-30 02:06 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-11-30 02:06 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-11-30 02:04 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe
2012-11-30 02:04 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
2012-11-30 01:35 . 2012-07-11 22:09 64856 ----a-w- c:\windows\system32\klfphc.dll
2012-11-30 01:35 . 2012-11-30 01:35 -------- d-----w- c:\windows\ELAMBKUP
2012-11-30 01:35 . 2012-12-14 01:56 -------- d-----w- c:\programdata\Kaspersky Lab
2012-11-30 01:35 . 2012-11-30 01:35 -------- d-----w- c:\program files (x86)\Kaspersky Lab
2012-11-30 01:34 . 2012-11-30 02:02 613720 ----a-w- c:\windows\system32\drivers\klif.sys
2012-11-30 01:34 . 2012-08-13 23:24 89432 ----a-w- c:\windows\system32\drivers\klflt.sys
2012-11-30 01:04 . 2012-11-30 00:14 -------- d-----w- c:\windows\Panther
2012-11-30 00:49 . 2012-11-29 23:27 -------- d-----w- C:\$WINDOWS.~Q
2012-11-30 00:39 . 2012-11-30 00:45 -------- d-----w- C:\$INPLACE.~TR
2012-11-30 00:13 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-11-30 00:13 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-11-30 00:13 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-11-30 00:13 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-11-30 00:13 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-11-30 00:13 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-11-30 00:13 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-11-30 00:13 . 2012-06-02 20:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-11-30 00:13 . 2012-06-02 20:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-11-29 23:13 . 2012-11-29 23:13 -------- d-----w- c:\users\Default\Roaming
2012-11-29 23:13 . 2012-11-29 23:13 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2012-11-29 22:11 . 2012-12-07 00:17 -------- d-----w- c:\users\Dave
2012-11-29 22:11 . 2012-11-29 23:03 -------- d-----w- c:\users\Administrator
2012-11-29 22:09 . 2012-11-29 22:09 -------- d-----w- c:\program files\Protector Suite
2012-11-29 22:09 . 2012-11-29 22:09 -------- d-----w- c:\program files\Synaptics
2012-11-29 22:09 . 2012-12-14 01:38 -------- d-----w- c:\programdata\NVIDIA
2012-11-29 22:09 . 2012-05-31 18:31 3106152 ----a-w- c:\windows\system32\nvsvc64.dll
2012-11-29 22:09 . 2012-05-31 18:30 6105960 ----a-w- c:\windows\system32\nvcpl.dll
2012-11-29 22:09 . 2012-05-31 18:30 63336 ----a-w- c:\windows\system32\nvshext.dll
2012-11-29 22:09 . 2012-05-31 18:30 55656 ----a-w- c:\windows\system32\nv3dappshextr.dll
2012-11-29 22:09 . 2012-05-31 18:30 2561896 ----a-w- c:\windows\system32\nvsvcr.dll
2012-11-29 22:09 . 2012-05-31 18:30 118120 ----a-w- c:\windows\system32\nvmctray.dll
2012-11-29 22:09 . 2012-05-31 18:30 890216 ----a-w- c:\windows\system32\nvvsvc.exe
2012-11-29 22:09 . 2012-05-31 18:30 851816 ----a-w- c:\windows\system32\nv3dappshext.dll
2012-11-29 22:09 . 2012-05-31 18:30 427880 ----a-w- c:\windows\SysWow64\oemdspif.dll
2012-11-29 22:08 . 2012-11-29 22:43 -------- d-----w- c:\programdata\NVIDIA Corporation
2012-11-29 22:08 . 2012-11-29 22:30 -------- d-----w- c:\program files\NVIDIA Corporation
2012-11-29 22:08 . 2012-11-29 22:08 -------- d-----w- c:\program files\CONEXANT
2012-11-29 22:07 . 2012-11-29 22:32 -------- d-----w- c:\program files (x86)\Analog Devices
2012-11-26 20:18 . 2012-11-29 22:46 -------- d-----w- c:\windows\SysWow64\Adobe
2012-11-23 22:30 . 2012-07-26 02:36 9728 ------w- c:\windows\system32\Wdfres.dll
2012-11-23 19:26 . 2012-10-08 11:31 2312704 ------w- c:\windows\system32\jscript9.dll
2012-11-23 19:26 . 2012-10-08 11:24 1346048 ------w- c:\windows\system32\urlmon(128).dll
2012-11-23 19:26 . 2012-10-08 07:48 1103872 ------w- c:\windows\SysWow64\urlmon(134).dll
2012-11-23 19:26 . 2012-10-08 11:23 1392128 ------w- c:\windows\system32\wininet(130).dll
2012-11-23 19:26 . 2012-10-08 07:48 1129472 ------w- c:\windows\SysWow64\wininet(135).dll
2012-11-23 19:26 . 2012-10-08 07:56 1800704 ------w- c:\windows\SysWow64\jscript9.dll
2012-11-23 19:26 . 2012-10-08 11:15 2144768 ------w- c:\windows\system32\iertutil(124).dll
2012-11-23 19:26 . 2012-10-08 07:41 1793024 ------w- c:\windows\SysWow64\iertutil(133).dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-06 20:32 . 2012-07-17 16:43 1652 ----a-w- c:\windows\system32\ASOROSet.bin
2012-11-30 02:02 . 2012-07-25 19:53 29528 ----a-w- c:\windows\system32\drivers\klmouflt.sys
2012-11-30 02:02 . 2012-06-08 16:38 54104 ----a-w- c:\windows\system32\drivers\kltdi.sys
2012-11-30 02:02 . 2012-05-26 00:38 29016 ----a-w- c:\windows\system32\drivers\klkbdflt.sys
2012-11-07 19:56 . 2012-11-07 19:56 158805 ----a-w- c:\windows\01 Transaction Pro Importer 5.0 Uninstaller.exe
2012-10-25 13:09 . 2012-06-24 06:10 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-25 13:09 . 2012-06-24 06:10 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-23 15:09 . 2012-10-23 15:09 332288 ----a-w- c:\windows\system32\uxtheme.new
2012-10-18 20:33 . 2012-10-18 20:33 0 ----a-w- c:\windows\SysWow64\REN3C89.tmp
2012-10-18 20:33 . 2012-10-18 20:33 0 ----a-w- c:\windows\SysWow64\REN3C88.tmp
2012-10-09 18:47 . 2012-10-09 18:47 31 ----a-w- c:\users\Dave\AERO.bat
2012-09-29 23:54 . 2012-09-02 01:29 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-26 22:18 . 2012-09-26 22:18 39184 ----a-w- c:\windows\SysWow64\Partizan.exe
2012-09-25 03:16 . 2012-10-18 20:34 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-20 22:27 . 2009-04-01 06:19 61440 ----a-w- c:\windows\SysWow64\CleanMem.exe
2012-09-16 19:02 . 2011-09-12 16:04 5513216 ----a-w- c:\windows\SysWow64\CoreObjX62.dll
2012-09-10 13:16 . 2012-10-31 18:37 649864 ----a-w- c:\program files (x86)\autoruns.exe
2012-09-10 13:16 . 2012-10-31 18:37 567944 ----a-w- c:\program files (x86)\autorunsc.exe
2010-05-05 04:50 . 2012-06-24 06:33 434176 ----a-w- c:\program files (x86)\glint.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{5B51B86E-6A75-451B-9F35-C2403FC7CF00}]
2011-06-20 19:33 191648 ----a-w- c:\program files (x86)\dtSearch\Plugins\dtswebhits_bho.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D5974A72-C81C-4DC3-BE77-A8A7BBC8864E}]
2012-08-26 05:04 443560 ----a-w- c:\program files (x86)\DAP\LinkVerifier.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Copernic Desktop Search - Corporate"="c:\program files (x86)\Copernic Desktop Search - Corporate\DesktopSearchService.exe" [2012-07-23 1788416]
"EasyTether"="c:\program files (x86)\Mobile Stream\EasyTether\easytthr.exe" [2012-06-06 48680]
"MP3 Skype Recorder"="c:\program files (x86)\MP3 Skype Recorder\MP3 Skype Recorder.exe" [2011-11-18 1975296]
"NetMeter"="c:\program files (x86)\HooTech Net Meter\HooNetMeter.exe" [2008-12-06 577536]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2012-08-25 765200]
"thebat_startup"="c:\program files (x86)\The Bat!\thebat.exe" [2011-07-26 13909936]
"Total Commander Extended x64"="c:\totalcmd\Totalcmd64.exe" [2012-08-03 7764632]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-11-09 17877168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2009-05-18 1314816]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-07-27 823224]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-07-27 36800]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"bdinstaller"="c:\program files\Common Files\Bitdefender\SetupInformation\downloader\setuplauncher.exe" [2012-06-18 676128]
"RegRun WinBait"="c:\windows\winbait.exe" [2012-06-27 20240]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"@RegRunOnSecure"="c:\progra~1\Greatis\REGRUN~1\OnSecure.exe" [2008-12-22 61664]
"PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2012-05-16 5941344]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe" [2012-11-30 356376]
.
c:\users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Chaos32.exe - Shortcut.lnk - c:\program files (x86)\Chaos32\Chaos32.exe [2012-7-10 1347584]
glint.exe - Shortcut.lnk - c:\program files (x86)\glint.exe [2012-6-24 434176]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-10-20 1082144]
Jabra Device Service.lnk - c:\program files (x86)\Jabra\Jabra PC Suite\JabraDeviceService.exe [2012-5-16 151552]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"DisableCAD"= 1 (0x1)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MaxRecentDocs"= 100 (0x64)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{F552DDE6-2090-4bf4-B924-6141E87789A5}"= "c:\progra~1\Greatis\REGRUN~1\RRShell.dll" [2009-04-06 335943]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0autocheck autocheck У\0autocheck \0autocheck \0autocheck \0autocheck autocheck ?\0autocheck \0autocheck autocheck n\Diske????к\0autocheck autocheck ??2\0autocheck \0autocheck \0autocheck \0autocheck \0autocheck \0autocheck \0autocheck \0autocheck \0autocheck autocheck 11E1-????и\0autocheck autocheck Defrag\0autocheck \0autocheck \0autocheck \0autocheck \0autocheck \0autocheck \0autocheck \0autocheck \0autocheck \0autocheck \0autocheck \0autocheck \0autocheck \0autocheck autocheck ф\0autocheck \0autocheck \0autocheck \0autocheck \0autocheck \0autocheck \0autocheck \0autocheck \0autocheck \0autocheck \0autocheck \0autocheck \0autocheck \0autocheck \0autocheck \0autocheck \0autocheck \0autocheck \0autocheck \0autocheck \0autocheck \0Partizan
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 BootlogService;BootlogService;c:\program files\Greatis\RegRunSuite\BootLogService.exe [2012-06-27 65296]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2011-07-12 101736]
R2 NetMeterService;Net Meter Service;c:\program files (x86)\HooTech Net Meter\NetMeterService.exe [2010-04-20 192512]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-11-22 3290304]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2011-05-13 36328]
R3 DKRtWrt;DKRtWrt;c:\windows\system32\DRIVERS\DKRtWrt.sys [2011-02-14 44624]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 DozeSvc;Lenovo Doze Mode Service;c:\program files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2012-05-16 320576]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2012-05-16 1662560]
R3 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE [2012-05-16 1665120]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 20992]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 31800]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-05-13 157672]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-05-13 16872]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-05-13 177640]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-21 88960]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 34816]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-08-30 1255736]
S0 DzHDD64;DzHDD64;c:\windows\System32\DRIVERS\DzHDD64.sys [2012-05-16 29512]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys [2011-12-29 25416]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2012-08-02 28504]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys [2012-11-30 54104]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys [2012-08-13 178008]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys [2010-09-07 15472]
S2 ASO3DiskOptimizer;ASO3DiskOptimizer;c:\program files (x86)\Advanced System Optimizer 3\ASO3DefragSrv64.exe [2012-06-11 263520]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2011-07-12 133992]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936]
S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\nlssrv32.exe [2012-09-05 66560]
S2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;c:\program files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [2009-07-20 4908576]
S2 smihlp;SMI Helper Driver (smihlp);c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [2011-05-30 13128]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-31 382312]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [2011-07-12 145256]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2011-07-12 142696]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [2006-12-21 300032]
S3 debutfilter;Debut Filter Driver v6.10.01;c:\windows\system32\DRIVERS\debutfilterx64.sys [2012-12-06 32024]
S3 easytether;easytether;c:\windows\system32\DRIVERS\easytthr.sys [2012-06-06 20784]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys [2012-11-30 29016]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2012-11-30 29528]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - PROCEXP151
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-24 13:09]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AcWin7Hlpr"="c:\program files (x86)\Lenovo\Access Connections\AcTBenabler.exe" [2011-10-20 33344]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2011-06-10 5990200]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-05-31 1694016]
"PSQLLauncher"="c:\program files\ThinkVantage Fingerprint Software\launcher.exe" [2011-07-14 85832]
"TpShocks"="TpShocks.exe" [2012-06-21 222720]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Clean Traces - c:\programdata\SpeedBit\DAP\Plugins\3806D774-DD78-41be-BC1E-52766C50A70F\1.0.0.6_0\dapcleanerie.htm
IE: &Download with &DAP - c:\program files (x86)\DAP\dapextie.htm
IE: &Verify with DAP - c:\program files (x86)\DAP\dapverify.htm
IE: Add to Anti-Banner - c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Download &all with DAP - c:\program files (x86)\DAP\dapextie2.htm
IE: Download with Xilisoft YouTube Video Converter - c:\program files (x86)\Xilisoft\YouTube Video Converter\upod_link.HTM
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Закачать ВСЕ при помощи Download Master
IE: Закачать при помощи Download Master
IE: Передать на удаленную закачку DM
TCP: DhcpNameServer = 192.168.2.1
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{00C6482D-C502-44C8-8409-FCE54AD9C208}"=hex:51,66,7a,6c,4c,1d,38,12,43,4b,d5,
04,30,8b,a6,01,fb,1f,bf,a5,4f,87,86,1c
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{381FFDE8-2394-4F90-B10D-FC6124A40F8C}"=hex:51,66,7a,6c,4c,1d,38,12,86,fe,0c,
3c,a6,6d,fe,0a,ce,1b,bf,21,21,fa,4b,98
"{6E45F3E8-2683-4824-A6BE-08108022FB36}"=hex:51,66,7a,6c,4c,1d,38,12,86,f0,56,
6a,b1,68,4a,0d,d9,a8,4b,50,85,7c,bf,22
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3}"=hex:51,66,7a,6c,4c,1d,38,12,ed,e2,e6,
8b,ec,e5,85,03,cf,88,91,ea,bc,02,ef,f7
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{BF468356-BB7E-42D7-9F15-4F3B9BCFCED2}"=hex:51,66,7a,6c,4c,1d,38,12,38,80,55,
bb,4c,f5,b9,07,e0,03,0c,7b,9e,91,8a,c6
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:37,62,4c,48,f5,5a,cd,01
.
[HKEY_USERS\S-1-5-21-1119690581-3265781577-448518777-1000_Classes\Wow6432Node\CLSID\{1fd0bcac-0532-4323-b71c-89962c97e3a4}]
@Denied: (Full) (Everyone)
"Model"=dword:000000df
"Therad"=dword:00000016
.
[HKEY_USERS\S-1-5-21-1119690581-3265781577-448518777-1000_Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):f8,1f,d2,ed,8d,14,2f,01,c2,7e,24,73,3e,a0,91,5f,d1,3b,c9,70,66,
f4,f5,e6,14,69,63,25,e2,35,95,68,8d,85,da,71,51,dd,98,eb,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0\Alias]
@=""
"0"="ActionsPane Schema for Add-Ins"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0\Solutions\http://schemas.microsoft.com/office/smartdocuments/2003\0]
"Key"="http://schemas.microsoft.com/office/smartdocuments/2003"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0\Solutions\http://schemas.microsoft.com/office/smartdocuments/2003\0\{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}\Alias]
"0"="Microsoft Actions Pane 3"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-12-13 22:17:35
ComboFix-quarantined-files.txt 2012-12-14 03:17
ComboFix2.txt 2012-12-08 17:05
.
Pre-Run: 109,477,986,304 bytes free
Post-Run: 109,160,312,832 bytes free
.
- - End Of File - - 49C158D49038331EB34E96B73692BE0F
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:19 PM

Posted 16 December 2012 - 01:56 PM

Hi Dave,

Are you able to narrow down a date when you first noticed symptoms with your computer?

Let's begin with this. Please perform the following for me.


===================================================


Run TDSSKiller by Kaspersky on Vista/7

--------------------

  • Please download Kaspersky's TDSSKiller and save it to your Desktop. <-Important!!!
  • If you desire you may print out and follow the instructions for performing a scan.
  • Right-click on TDSSKiller.exe and select Run As Administrator.
  • When the program opens, click the Start Scan button.


    Posted Image

  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • Any objects found will show in the Scan results - Select action for found objects and offer three options.
  • If an infected file is detected, the default action will be Cure...do not change it.


    Posted Image

  • Click Continue > Reboot now to finish the cleaning process.<- Important!!


    Posted Image

  • If 'Suspicious' objects are detected, you will be given the option to Skip or Quarantine. Skip will be the default selection. Leave it as such for now.
  • A log file named TDSSKiller_version_date_time_log.txt will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.
-- If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer or to perform the scan in "safe mode".


===================================================


aswMBR

--------------------

  • Download aswMBR and save it to your desktop.
  • Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily. They will interfere and may cause unexpected results.
  • If you need help to disable your protection programs see here and here.
  • Double click the aswMBR.exe file to run it. Please allow when you are asked to download AVAST antivirus engine defs.
  • Wait until the AV update is done, then click on the Scan button to start. The program will launch a scan.


    Posted Image
  • When done, you will see Scan finished successfully. Please click on Save log and save the file to your desktop.


    Posted Image
  • Please post the contents of the log in your next reply.
NOTE: aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.


===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • Date of first symptoms?
  • TDSSKiller log
  • aswMBR log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 homedoc

homedoc
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:12:19 AM

Posted 16 December 2012 - 08:56 PM

Hi Gary,

Nice to meet you - I'm Dave. I really appreciate your help.

So on a clean (as far as I know) machine I downloaded the TDD program and the amb program. I renamed them, copied them to a USB stick, transferred them over to the desktop of the infected machine running in Safe Mode. The TDD program ran, but the results were different from those you describe. I attach a screen shot of the TDD output screen and I have pasted the TDD log file below you requested.

I tried to run the amb program both in Safe Mode and in normal mode. In both cases, there is a download error : 0, and it appears nothing gets downloaded. Since this was unexpected, I did not run it without the preliminary update.

The problem started about three weeks ago. There have been numerous odd behaviors, as documented in my first post (Nov 26). Since then unknown programs try to change the registry. I am running Greatis Registry Watchdog, so I catch them and disallow them. Greatis states that the files trying to make the changes "cannot be found" and are most likely from a rootkit. Today, my Kasperrsky blew up and it now states "Some protection components are corrupted. We recommend you reinstall the application."

And the ship sails on ...... LOL

Dave

--------------------------------------------------------------------------------------------
20:20:05.0678 4440 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
20:20:05.0802 4440 ============================================================
20:20:05.0802 4440 Current date / time: 2012/12/16 20:20:05.0802
20:20:05.0802 4440 SystemInfo:
20:20:05.0802 4440
20:20:05.0802 4440 OS Version: 6.1.7601 ServicePack: 1.0
20:20:05.0802 4440 Product type: Workstation
20:20:05.0802 4440 ComputerName: LENOVODAVE
20:20:05.0802 4440 UserName: Dave
20:20:05.0802 4440 Windows directory: C:\Windows
20:20:05.0802 4440 System windows directory: C:\Windows
20:20:05.0802 4440 Running under WOW64
20:20:05.0802 4440 Processor architecture: Intel x64
20:20:05.0802 4440 Number of processors: 2
20:20:05.0802 4440 Page size: 0x1000
20:20:05.0802 4440 Boot type: Normal boot
20:20:05.0802 4440 ============================================================
20:20:08.0439 4440 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xFC59, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
20:20:08.0470 4440 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xFC59, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
20:20:08.0486 4440 ============================================================
20:20:08.0486 4440 \Device\Harddisk1\DR1:
20:20:08.0517 4440 MBR partitions:
20:20:08.0517 4440 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x39485751
20:20:08.0517 4440 \Device\Harddisk1\DR1\Partition2: MBR, Type 0xE, StartLBA 0x3A084B90, BlocksNum 0x2FFD00
20:20:08.0517 4440 \Device\Harddisk0\DR0:
20:20:08.0517 4440 MBR partitions:
20:20:08.0517 4440 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x38D62361
20:20:08.0517 4440 \Device\Harddisk0\DR0\Partition2: MBR, Type 0xE, StartLBA 0x39F91170, BlocksNum 0x3F3720
20:20:08.0517 4440 ============================================================
20:20:08.0626 4440 C: <-> \Device\Harddisk1\DR1\Partition1
20:20:08.0642 4440 D: <-> \Device\Harddisk1\DR1\Partition2
20:20:08.0704 4440 E: <-> \Device\Harddisk0\DR0\Partition1
20:20:08.0704 4440 F: <-> \Device\Harddisk0\DR0\Partition2
20:20:08.0704 4440 ============================================================
20:20:08.0704 4440 Initialize success
20:20:08.0704 4440 ============================================================
20:20:41.0131 6080 ============================================================
20:20:41.0131 6080 Scan started
20:20:41.0131 6080 Mode: Manual; SigCheck; TDLFS;
20:20:41.0131 6080 ============================================================
20:22:03.0093 4312 Deinitialize success

#10 homedoc

homedoc
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:12:19 AM

Posted 16 December 2012 - 08:58 PM

Gary,

Here is the TDD screenshot.

Dave

Attached Files



#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:19 PM

Posted 16 December 2012 - 10:13 PM

Hi Dave,

Only part of the TDSSKiller log is posted. Are you sure you posted the entire contents? If yes, then please run TDSSKiller again.

I would also like you to rerun Combofix but with a new download. Please do this, making sure you save the file to the desktop.


===================================================


Re-installing and Running ComboFix

--------------------

I would like you to delete Combofix and then re-install it. We will then run the program again with the new copy.

  • Right click on the ComboFix Icon Posted Image on your desktop and select Delete.
  • Please download ComboFix from one of these locations and save it to your desktop:

    Bleepingcomputer

    ForoSpyware

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe.
  • When finished, it will produce a log. Please include the C:\Combofix.txt log in your next reply.
Note #1: Often times it may appear as if ComboFix has stopped working. To verify it is still running please do one of the following below. If, based on the below, you have concluded ComboFix has stopped running please stop and advise me.

  • Check your computer clock. If it is still running then so is ComboFix
  • Open Task Manager and select the Applications Tab. If the status of AutoScan is Running, then ComboFix is running
  • Open Task Manager and select the Processes Tab. Under Image Name look for files ending in .3xe. If there are fluctuating numbers under CPU and Mem Usage then ComboFix is running
Note #2: If you receive the following error "Illegal operation attempted on a registery key that has been marked for deletion" please just restart your computer to resolve this issue[/list]
If Combofix fails to run properly using the above instructions please attempt the following:

  • Right click on the Combofix icon on your desktop and select Delete
  • Download a new copy but rename it to freshcopy.exe first, then save it to your desktop
  • Now download RKill.exe (or RKill renamed as iExplore.exe if the first one doesn't work properly) and save it to your desktop
  • Restart your computer in Safe Mode
  • Right click on RKill (or iExplore) and select Run as Administrator. If you are using Windows XP simply double click the icon
  • A black DOS screen should flash and disappear. If not, try to launch the program with the second file. If neither works please stop and let me know
  • When RKill is finished running you will be presented with a text file and a copy will be saved on your desktop. Copy and paste the contents of this report in your reply
  • Do not reboot your computer
  • Double click the freshcopy.exe icon (renamed Combofix file)
  • When finished, it will produce a log. Please copy and paste the C:\Combofix.txt log information in your next reply
  • If you disabled your antivirus please enable it again. If you uninstalled it please wait for instructions to reinstall it

===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • TDSSKiller log
  • Combofix log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 homedoc

homedoc
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:12:19 AM

Posted 17 December 2012 - 07:24 PM

Hi Gary,

Here is the latest info. I ran the Combofix both in Safe mode and regular mode. The results of the two scans are a bit different, so I am including both for your information. The character count is over the limit to be pasted directly into the post, so there are three posts.

Dave
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+++++++++++++++++++++++++++++++++ TDSSKILLER ++++++++++++++++++++++++++++++++++++++++
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

11:37:38.0583 1436 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
11:37:38.0599 1436 ============================================================
11:37:38.0599 1436 Current date / time: 2012/12/17 11:37:38.0599
11:37:38.0599 1436 SystemInfo:
11:37:38.0599 1436
11:37:38.0599 1436 OS Version: 6.1.7601 ServicePack: 1.0
11:37:38.0599 1436 Product type: Workstation
11:37:38.0599 1436 ComputerName: LENOVODAVE
11:37:38.0599 1436 UserName: Administrator
11:37:38.0599 1436 Windows directory: C:\Windows
11:37:38.0599 1436 System windows directory: C:\Windows
11:37:38.0599 1436 Running under WOW64
11:37:38.0599 1436 Processor architecture: Intel x64
11:37:38.0599 1436 Number of processors: 2
11:37:38.0599 1436 Page size: 0x1000
11:37:38.0599 1436 Boot type: Safe boot
11:37:38.0599 1436 ============================================================
11:37:39.0940 1436 BG loaded
11:37:40.0346 1436 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xFC59, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
11:37:40.0658 1436 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xFC59, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
11:37:40.0674 1436 ============================================================
11:37:40.0674 1436 \Device\Harddisk0\DR0:
11:37:40.0674 1436 MBR partitions:
11:37:40.0674 1436 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x39485751
11:37:40.0674 1436 \Device\Harddisk0\DR0\Partition2: MBR, Type 0xE, StartLBA 0x3A084B90, BlocksNum 0x2FFD00
11:37:40.0674 1436 \Device\Harddisk1\DR1:
11:37:40.0674 1436 MBR partitions:
11:37:40.0674 1436 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x38D62361
11:37:40.0674 1436 \Device\Harddisk1\DR1\Partition2: MBR, Type 0xE, StartLBA 0x39F91170, BlocksNum 0x3F3720
11:37:40.0674 1436 ============================================================
11:37:40.0720 1436 C: <-> \Device\Harddisk0\DR0\Partition1
11:37:40.0736 1436 D: <-> \Device\Harddisk0\DR0\Partition2
11:37:40.0767 1436 E: <-> \Device\Harddisk1\DR1\Partition1
11:37:40.0798 1436 F: <-> \Device\Harddisk1\DR1\Partition2
11:37:40.0798 1436 ============================================================
11:37:40.0798 1436 Initialize success
11:37:40.0798 1436 ============================================================
11:37:55.0759 1488 ============================================================
11:37:55.0759 1488 Scan started
11:37:55.0759 1488 Mode: Manual; SigCheck; TDLFS;
11:37:55.0759 1488 ============================================================
11:37:56.0648 1488 ================ Scan system memory ========================
11:37:56.0648 1488 System memory - ok
11:37:56.0648 1488 ================ Scan services =============================
11:37:56.0944 1488 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
11:37:57.0116 1488 1394ohci - ok
11:37:57.0147 1488 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
11:37:57.0163 1488 ACPI - ok
11:37:57.0178 1488 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
11:37:57.0256 1488 AcpiPmi - ok
11:37:57.0397 1488 [ 1933DB4808793F3BD7AB34A39A809425 ] AcPrfMgrSvc C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
11:37:57.0412 1488 AcPrfMgrSvc - ok
11:37:57.0428 1488 [ E7AF543334B21D84124709061A9AE4D7 ] AcSvc C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
11:37:57.0444 1488 AcSvc - ok
11:37:57.0490 1488 [ 560649E6A9C11F6124F97310EF387C45 ] ADIHdAudAddService C:\Windows\system32\drivers\ADIHdAud.sys
11:37:57.0522 1488 ADIHdAudAddService - ok
11:37:57.0631 1488 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
11:37:57.0646 1488 AdobeARMservice - ok
11:37:57.0662 1488 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
11:37:57.0693 1488 adp94xx - ok
11:37:57.0709 1488 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
11:37:57.0724 1488 adpahci - ok
11:37:57.0740 1488 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
11:37:57.0756 1488 adpu320 - ok
11:37:57.0771 1488 [ 3BDB13C79CC8C06E2F8182595903ED69 ] AEADIFilters C:\Windows\system32\AEADISRV.EXE
11:37:57.0787 1488 AEADIFilters - ok
11:37:57.0834 1488 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
11:37:57.0958 1488 AeLookupSvc - ok
11:37:57.0974 1488 [ D31DC7A16DEA4A9BAF179F3D6FBDB38C ] AFD C:\Windows\system32\drivers\afd.sys
11:37:58.0099 1488 AFD - ok
11:37:58.0114 1488 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
11:37:58.0130 1488 agp440 - ok
11:37:58.0146 1488 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
11:37:58.0192 1488 ALG - ok
11:37:58.0224 1488 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
11:37:58.0224 1488 aliide - ok
11:37:58.0239 1488 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
11:37:58.0239 1488 amdide - ok
11:37:58.0255 1488 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
11:37:58.0286 1488 AmdK8 - ok
11:37:58.0302 1488 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
11:37:58.0333 1488 AmdPPM - ok
11:37:58.0348 1488 [ 6EC6D772EAE38DC17C14AED9B178D24B ] amdsata C:\Windows\system32\drivers\amdsata.sys
11:37:58.0348 1488 amdsata - ok
11:37:58.0364 1488 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
11:37:58.0380 1488 amdsbs - ok
11:37:58.0380 1488 [ 1142A21DB581A84EA5597B03A26EBAA0 ] amdxata C:\Windows\system32\drivers\amdxata.sys
11:37:58.0395 1488 amdxata - ok
11:37:58.0442 1488 [ 4DE0D5D747A73797C95A97DCCE5018B5 ] androidusb C:\Windows\system32\Drivers\ssadadb.sys
11:37:58.0567 1488 androidusb - ok
11:37:58.0583 1488 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
11:37:58.0629 1488 AppID - ok
11:37:58.0676 1488 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
11:37:58.0723 1488 AppIDSvc - ok
11:37:58.0739 1488 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
11:37:58.0785 1488 Appinfo - ok
11:37:58.0832 1488 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
11:37:58.0863 1488 AppMgmt - ok
11:37:58.0910 1488 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
11:37:58.0910 1488 arc - ok
11:37:58.0926 1488 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
11:37:58.0941 1488 arcsas - ok
11:37:59.0019 1488 [ 00E7BC0D20B11BC11A5CB1A3EC6F140B ] ASO3DiskOptimizer C:\Program Files (x86)\Advanced System Optimizer 3\ASO3DefragSrv64.exe
11:37:59.0035 1488 ASO3DiskOptimizer - ok
11:37:59.0175 1488 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
11:37:59.0269 1488 aspnet_state - ok
11:37:59.0269 1488 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
11:37:59.0347 1488 AsyncMac - ok
11:37:59.0347 1488 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
11:37:59.0363 1488 atapi - ok
11:37:59.0378 1488 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
11:37:59.0425 1488 AudioEndpointBuilder - ok
11:37:59.0472 1488 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
11:37:59.0503 1488 AudioSrv - ok
11:37:59.0612 1488 [ 587EFD6A3A30A35A27904D21AE1FB882 ] AVP C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
11:37:59.0612 1488 AVP - ok
11:37:59.0690 1488 [ 64AE9C807B93BA08D63118D01D6FDF2F ] awhost32 C:\Program Files (x86)\Symantec\pcAnywhere\awhost32.exe
11:37:59.0690 1488 awhost32 - ok
11:37:59.0721 1488 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
11:37:59.0753 1488 AxInstSV - ok
11:37:59.0768 1488 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
11:37:59.0799 1488 b06bdrv - ok
11:37:59.0815 1488 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
11:37:59.0846 1488 b57nd60a - ok
11:37:59.0893 1488 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
11:37:59.0924 1488 BDESVC - ok
11:37:59.0940 1488 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
11:37:59.0987 1488 Beep - ok
11:38:00.0018 1488 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
11:38:00.0065 1488 BFE - ok
11:38:00.0111 1488 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
11:38:00.0189 1488 BITS - ok
11:38:00.0189 1488 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
11:38:00.0221 1488 blbdrive - ok
11:38:00.0345 1488 [ AAA667886D0A4DAB2F9BBD06816FE483 ] BootlogService C:\Program Files\Greatis\RegRunSuite\BootLogService.exe
11:38:00.0345 1488 BootlogService - ok
11:38:00.0361 1488 [ 91CE0D3DC57DD377E690A2D324022B08 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
11:38:00.0392 1488 bowser - ok
11:38:00.0408 1488 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
11:38:00.0423 1488 BrFiltLo - ok
11:38:00.0439 1488 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
11:38:00.0455 1488 BrFiltUp - ok
11:38:00.0486 1488 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
11:38:00.0517 1488 BridgeMP - ok
11:38:00.0533 1488 [ 8EF0D5C41EC907751B8429162B1239ED ] Browser C:\Windows\System32\browser.dll
11:38:00.0579 1488 Browser - ok
11:38:00.0579 1488 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
11:38:00.0611 1488 Brserid - ok
11:38:00.0626 1488 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
11:38:00.0657 1488 BrSerWdm - ok
11:38:00.0689 1488 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
11:38:00.0720 1488 BrUsbMdm - ok
11:38:00.0735 1488 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
11:38:00.0751 1488 BrUsbSer - ok
11:38:00.0767 1488 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
11:38:00.0798 1488 BTHMODEM - ok
11:38:00.0813 1488 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
11:38:00.0845 1488 bthserv - ok
11:38:00.0954 1488 [ 8318678C71B12D6663D76473F5EC28B1 ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
11:38:00.0985 1488 btwdins - ok
11:38:01.0032 1488 [ FDB53A8D3BC52DC29884587E768E3388 ] CAXHWAZL C:\Windows\system32\DRIVERS\CAXHWAZL.sys
11:38:01.0079 1488 CAXHWAZL - ok
11:38:01.0079 1488 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
11:38:01.0125 1488 cdfs - ok
11:38:01.0141 1488 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
11:38:01.0157 1488 cdrom - ok
11:38:01.0188 1488 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
11:38:01.0235 1488 CertPropSvc - ok
11:38:01.0235 1488 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
11:38:01.0250 1488 circlass - ok
11:38:01.0266 1488 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
11:38:01.0281 1488 CLFS - ok
11:38:01.0375 1488 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:38:01.0391 1488 clr_optimization_v2.0.50727_32 - ok
11:38:01.0453 1488 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
11:38:01.0453 1488 clr_optimization_v2.0.50727_64 - ok
11:38:01.0547 1488 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:38:01.0671 1488 clr_optimization_v4.0.30319_32 - ok
11:38:01.0703 1488 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
11:38:01.0734 1488 clr_optimization_v4.0.30319_64 - ok
11:38:01.0734 1488 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
11:38:01.0765 1488 CmBatt - ok
11:38:01.0781 1488 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
11:38:01.0781 1488 cmdide - ok
11:38:01.0812 1488 [ D5FEA92400F12412B3922087C09DA6A5 ] CNG C:\Windows\system32\Drivers\cng.sys
11:38:01.0827 1488 CNG - ok
11:38:01.0827 1488 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
11:38:01.0843 1488 Compbatt - ok
11:38:01.0859 1488 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
11:38:01.0874 1488 CompositeBus - ok
11:38:01.0874 1488 COMSysApp - ok
11:38:01.0890 1488 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
11:38:01.0890 1488 crcdisk - ok
11:38:01.0952 1488 [ 15597883FBE9B056F276ADA3AD87D9AF ] CryptSvc C:\Windows\system32\cryptsvc.dll
11:38:01.0983 1488 CryptSvc - ok
11:38:02.0046 1488 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
11:38:02.0093 1488 CSC - ok
11:38:02.0108 1488 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
11:38:02.0139 1488 CscService - ok
11:38:02.0186 1488 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
11:38:02.0233 1488 DcomLaunch - ok
11:38:02.0280 1488 [ 7934566D35082C1F80CC032CDEAE56A6 ] debutfilter C:\Windows\system32\DRIVERS\debutfilterx64.sys
11:38:02.0295 1488 debutfilter - ok
11:38:02.0342 1488 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
11:38:02.0373 1488 defragsvc - ok
11:38:02.0389 1488 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
11:38:02.0420 1488 DfsC - ok
11:38:02.0451 1488 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
11:38:02.0483 1488 Dhcp - ok
11:38:02.0498 1488 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
11:38:02.0529 1488 discache - ok
11:38:02.0545 1488 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
11:38:02.0545 1488 Disk - ok
11:38:02.0701 1488 [ 0561209499CD82BA87E8954A2BDB045D ] Diskeeper C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
11:38:02.0779 1488 Diskeeper - ok
11:38:02.0826 1488 [ 20C394C80113D77406DF8F1ADC720B01 ] DKRtWrt C:\Windows\system32\DRIVERS\DKRtWrt.sys
11:38:02.0841 1488 DKRtWrt - ok
11:38:02.0888 1488 [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
11:38:02.0919 1488 dmvsc - ok
11:38:02.0935 1488 [ CD55F5355D8F55D44C9F4ED875705BD6 ] Dnscache C:\Windows\System32\dnsrslvr.dll
11:38:02.0982 1488 Dnscache - ok
11:38:02.0997 1488 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
11:38:03.0029 1488 dot3svc - ok
11:38:03.0122 1488 [ 9597BCB69286FF017DB1A0FB8144408D ] DozeSvc C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE
11:38:03.0138 1488 DozeSvc - ok
11:38:03.0153 1488 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
11:38:03.0200 1488 DPS - ok
11:38:03.0231 1488 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
11:38:03.0263 1488 drmkaud - ok
11:38:03.0294 1488 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
11:38:03.0325 1488 DXGKrnl - ok
11:38:03.0341 1488 [ 3CE83D7EE95D9C9F03323810A2E747DF ] DzHDD64 C:\Windows\system32\DRIVERS\DzHDD64.sys
11:38:03.0356 1488 DzHDD64 - ok
11:38:03.0403 1488 [ 416A2007878ED1D6FC5DDDB9E1F6DB3E ] e1express C:\Windows\system32\DRIVERS\e1e6032e.sys
11:38:03.0419 1488 e1express - ok
11:38:03.0465 1488 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
11:38:03.0512 1488 EapHost - ok
11:38:03.0559 1488 [ 7A0887B0C3F5D8768C2F7C8524834FE6 ] easytether C:\Windows\system32\DRIVERS\easytthr.sys
11:38:03.0575 1488 easytether - ok
11:38:03.0653 1488 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
11:38:03.0746 1488 ebdrv - ok
11:38:03.0793 1488 [ 0793F40B9B8A1BDD266296409DBD91EA ] EFS C:\Windows\System32\lsass.exe
11:38:03.0809 1488 EFS - ok
11:38:03.0902 1488 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
11:38:03.0933 1488 ehRecvr - ok
11:38:03.0949 1488 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
11:38:03.0949 1488 ehSched - ok
11:38:04.0011 1488 [ A05FC7ECA0966EBB70E4D17B855A853B ] ElbyCDIO C:\Windows\system32\Drivers\ElbyCDIO.sys
11:38:04.0027 1488 ElbyCDIO - ok
11:38:04.0058 1488 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
11:38:04.0074 1488 elxstor - ok
11:38:04.0089 1488 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
11:38:04.0121 1488 ErrDev - ok
11:38:04.0152 1488 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
11:38:04.0183 1488 EventSystem - ok
11:38:04.0277 1488 [ 532B8FF8E07F3772B086620377654F95 ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
11:38:04.0339 1488 EvtEng - ok
11:38:04.0386 1488 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
11:38:04.0417 1488 exfat - ok
11:38:04.0433 1488 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
11:38:04.0495 1488 fastfat - ok
11:38:04.0526 1488 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
11:38:04.0573 1488 Fax - ok
11:38:04.0589 1488 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
11:38:04.0620 1488 fdc - ok
11:38:04.0635 1488 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
11:38:04.0667 1488 fdPHost - ok
11:38:04.0698 1488 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
11:38:04.0729 1488 FDResPub - ok
11:38:04.0745 1488 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
11:38:04.0745 1488 FileInfo - ok
11:38:04.0760 1488 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
11:38:04.0807 1488 Filetrace - ok
11:38:04.0854 1488 [ BB0667B0171B632B97EA759515476F07 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
11:38:04.0885 1488 FLEXnet Licensing Service - ok
11:38:04.0901 1488 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
11:38:04.0916 1488 flpydisk - ok
11:38:04.0932 1488 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
11:38:04.0947 1488 FltMgr - ok
11:38:05.0010 1488 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
11:38:05.0072 1488 FontCache - ok
11:38:05.0119 1488 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
11:38:05.0135 1488 FontCache3.0.0.0 - ok
11:38:05.0150 1488 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
11:38:05.0150 1488 FsDepends - ok
11:38:05.0181 1488 [ E95EF8547DE20CF0603557C0CF7A9462 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
11:38:05.0181 1488 Fs_Rec - ok
11:38:05.0197 1488 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
11:38:05.0213 1488 fvevol - ok
11:38:05.0228 1488 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
11:38:05.0244 1488 gagp30kx - ok
11:38:05.0291 1488 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
11:38:05.0353 1488 gpsvc - ok
11:38:05.0400 1488 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
11:38:05.0415 1488 gusvc - ok
11:38:05.0431 1488 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
11:38:05.0462 1488 hcw85cir - ok
11:38:05.0478 1488 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
11:38:05.0493 1488 HDAudBus - ok
11:38:05.0509 1488 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
11:38:05.0525 1488 HidBatt - ok
11:38:05.0540 1488 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
11:38:05.0556 1488 HidBth - ok
11:38:05.0571 1488 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
11:38:05.0587 1488 HidIr - ok
11:38:05.0603 1488 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
11:38:05.0634 1488 hidserv - ok
11:38:05.0649 1488 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys
11:38:05.0665 1488 HidUsb - ok
11:38:05.0712 1488 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
11:38:05.0759 1488 hkmsvc - ok
11:38:05.0759 1488 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
11:38:05.0790 1488 HomeGroupListener - ok
11:38:05.0837 1488 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
11:38:05.0868 1488 HomeGroupProvider - ok
11:38:05.0883 1488 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
11:38:05.0899 1488 HpSAMD - ok
11:38:05.0977 1488 [ E90D0E3D9715F3BEC7DB2D6321DDDEE8 ] HSF_DPV C:\Windows\system32\DRIVERS\CAX_DPV.sys
11:38:06.0024 1488 HSF_DPV - ok
11:38:06.0055 1488 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
11:38:06.0102 1488 HTTP - ok
11:38:06.0117 1488 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
11:38:06.0117 1488 hwpolicy - ok
11:38:06.0133 1488 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
11:38:06.0149 1488 i8042prt - ok
11:38:06.0164 1488 [ 3DF4395A7CF8B7A72A5F4606366B8C2D ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
11:38:06.0195 1488 iaStorV - ok
11:38:06.0242 1488 [ 16A43ABB5A334C7842F4A60CF9FF8041 ] IBMPMDRV C:\Windows\system32\DRIVERS\ibmpmdrv.sys
11:38:06.0242 1488 IBMPMDRV - ok
11:38:06.0258 1488 [ 32B778CCF1F3B1458EDDA98FB8431EAC ] IBMPMSVC C:\Windows\system32\ibmpmsvc.exe
11:38:06.0258 1488 IBMPMSVC - ok
11:38:06.0305 1488 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
11:38:06.0320 1488 IDriverT ( UnsignedFile.Multi.Generic ) - warning
11:38:06.0320 1488 IDriverT - detected UnsignedFile.Multi.Generic (1)
11:38:06.0383 1488 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
11:38:06.0429 1488 idsvc - ok
11:38:06.0429 1488 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
11:38:06.0445 1488 iirsp - ok
11:38:06.0461 1488 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
11:38:06.0539 1488 IKEEXT - ok
11:38:06.0554 1488 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
11:38:06.0554 1488 intelide - ok
11:38:06.0570 1488 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
11:38:06.0585 1488 intelppm - ok
11:38:06.0601 1488 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
11:38:06.0632 1488 IPBusEnum - ok
11:38:06.0648 1488 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:38:06.0679 1488 IpFilterDriver - ok
11:38:06.0741 1488 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
11:38:06.0788 1488 iphlpsvc - ok
11:38:06.0804 1488 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
11:38:06.0819 1488 IPMIDRV - ok
11:38:06.0835 1488 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
11:38:06.0866 1488 IPNAT - ok
11:38:06.0882 1488 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
11:38:06.0897 1488 IRENUM - ok
11:38:06.0913 1488 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
11:38:06.0913 1488 isapnp - ok
11:38:06.0960 1488 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
11:38:06.0975 1488 iScsiPrt - ok
11:38:06.0991 1488 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
11:38:07.0007 1488 kbdclass - ok
11:38:07.0022 1488 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
11:38:07.0053 1488 kbdhid - ok
11:38:07.0053 1488 [ 0793F40B9B8A1BDD266296409DBD91EA ] KeyIso C:\Windows\system32\lsass.exe
11:38:07.0069 1488 KeyIso - ok
11:38:07.0116 1488 [ 8B5219318DF5895ABD230C373F2DF18A ] kl1 C:\Windows\system32\DRIVERS\kl1.sys
11:38:07.0131 1488 kl1 - ok
11:38:07.0163 1488 [ 65F3B81FA285EAB641F5E6EF7AEB984D ] KLIF C:\Windows\system32\DRIVERS\klif.sys
11:38:07.0178 1488 KLIF - ok
11:38:07.0209 1488 [ 9BD99E1AB3F664120AB95C35F9EC1EB0 ] KLIM6 C:\Windows\system32\DRIVERS\klim6.sys
11:38:07.0225 1488 KLIM6 - ok
11:38:07.0256 1488 [ 2C43FD500522EF3B8C283A5846B7FC41 ] klkbdflt C:\Windows\system32\DRIVERS\klkbdflt.sys
11:38:07.0272 1488 klkbdflt - ok
11:38:07.0319 1488 [ 70A6D2E292017EC47949696F51ABE18D ] klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys
11:38:07.0319 1488 klmouflt - ok
11:38:07.0334 1488 [ A8081ED8D48FA611D11DB97F49A5343D ] kltdi C:\Windows\system32\DRIVERS\kltdi.sys
11:38:07.0350 1488 kltdi - ok
11:38:07.0365 1488 [ 185D21CB8F10CFB351FF65DA88C18BC9 ] kneps C:\Windows\system32\DRIVERS\kneps.sys
11:38:07.0365 1488 kneps - ok
11:38:07.0381 1488 [ CCD53B5BD33CE0C889E830D839C8B66E ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
11:38:07.0397 1488 KSecDD - ok
11:38:07.0428 1488 [ 9FF918A261752C12639E8AD4208D2C2F ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
11:38:07.0443 1488 KSecPkg - ok
11:38:07.0443 1488 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
11:38:07.0490 1488 ksthunk - ok
11:38:07.0553 1488 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
11:38:07.0599 1488 KtmRm - ok
11:38:07.0662 1488 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
11:38:07.0709 1488 LanmanServer - ok
11:38:07.0755 1488 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
11:38:07.0787 1488 LanmanWorkstation - ok
11:38:07.0849 1488 [ 340288B3B2EDC8AFD5FF127DF85142A7 ] LENOVO.MICMUTE C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
11:38:07.0865 1488 LENOVO.MICMUTE - ok
11:38:07.0880 1488 [ 2B9D8555DC004E240082D18E7725CE20 ] lenovo.smi C:\Windows\system32\DRIVERS\smiifx64.sys
11:38:07.0880 1488 lenovo.smi - ok
11:38:07.0911 1488 [ F7DE50781DC4D162C1005EB30D98F931 ] Lenovo.VIRTSCRLSVC C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
11:38:07.0911 1488 Lenovo.VIRTSCRLSVC - ok
11:38:07.0927 1488 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
11:38:07.0974 1488 lltdio - ok
11:38:08.0021 1488 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
11:38:08.0067 1488 lltdsvc - ok
11:38:08.0083 1488 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
11:38:08.0114 1488 lmhosts - ok
11:38:08.0130 1488 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
11:38:08.0145 1488 LSI_FC - ok
11:38:08.0161 1488 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
11:38:08.0161 1488 LSI_SAS - ok
11:38:08.0177 1488 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
11:38:08.0192 1488 LSI_SAS2 - ok
11:38:08.0208 1488 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
11:38:08.0223 1488 LSI_SCSI - ok
11:38:08.0223 1488 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
11:38:08.0270 1488 luafv - ok
11:38:08.0286 1488 [ A8FE8F2783B2929B56F5370A89356CE9 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
11:38:08.0301 1488 MBAMProtector - ok
11:38:08.0379 1488 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
11:38:08.0395 1488 MBAMScheduler - ok
11:38:08.0411 1488 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
11:38:08.0442 1488 MBAMService - ok
11:38:08.0473 1488 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
11:38:08.0489 1488 Mcx2Svc - ok
11:38:08.0504 1488 [ E4F44EC214B3E381E1FC844A02926666 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys
11:38:08.0535 1488 mdmxsdk - ok
11:38:08.0551 1488 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
11:38:08.0567 1488 megasas - ok
11:38:08.0582 1488 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
11:38:08.0598 1488 MegaSR - ok
11:38:08.0723 1488 Microsoft SharePoint Workspace Audit Service - ok
11:38:08.0754 1488 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
11:38:08.0785 1488 MMCSS - ok
11:38:08.0801 1488 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
11:38:08.0847 1488 Modem - ok
11:38:08.0894 1488 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
11:38:08.0910 1488 monitor - ok
11:38:08.0957 1488 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
11:38:08.0972 1488 mouclass - ok
11:38:08.0988 1488 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\drivers\mouhid.sys
11:38:09.0003 1488 mouhid - ok
11:38:09.0003 1488 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
11:38:09.0019 1488 mountmgr - ok
11:38:09.0035 1488 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
11:38:09.0050 1488 mpio - ok
11:38:09.0066 1488 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
11:38:09.0097 1488 mpsdrv - ok
11:38:09.0128 1488 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
11:38:09.0191 1488 MpsSvc - ok
11:38:09.0206 1488 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
11:38:09.0237 1488 MRxDAV - ok
11:38:09.0237 1488 [ FAF015B07E3A2874A790A39B7D2C579F ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
11:38:09.0269 1488 mrxsmb - ok
11:38:09.0284 1488 [ 08E2345DF129082BCDFFDC1440F9C00D ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:38:09.0331 1488 mrxsmb10 - ok
11:38:09.0347 1488 [ 108D87409C5812EF47D81E22843E8C9D ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:38:09.0393 1488 mrxsmb20 - ok
11:38:09.0409 1488 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
11:38:09.0409 1488 msahci - ok
11:38:09.0425 1488 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
11:38:09.0440 1488 msdsm - ok
11:38:09.0456 1488 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
11:38:09.0471 1488 MSDTC - ok
11:38:09.0487 1488 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
11:38:09.0518 1488 Msfs - ok
11:38:09.0534 1488 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
11:38:09.0565 1488 mshidkmdf - ok
11:38:09.0581 1488 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
11:38:09.0581 1488 msisadrv - ok
11:38:09.0627 1488 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
11:38:09.0674 1488 MSiSCSI - ok
11:38:09.0690 1488 msiserver - ok
11:38:09.0721 1488 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
11:38:09.0752 1488 MSKSSRV - ok
11:38:09.0799 1488 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
11:38:09.0846 1488 MSPCLOCK - ok
11:38:09.0877 1488 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
11:38:09.0924 1488 MSPQM - ok
11:38:09.0939 1488 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
11:38:09.0955 1488 MsRPC - ok
11:38:09.0971 1488 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
11:38:09.0971 1488 mssmbios - ok
11:38:10.0002 1488 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
11:38:10.0049 1488 MSTEE - ok
11:38:10.0064 1488 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
11:38:10.0080 1488 MTConfig - ok
11:38:10.0095 1488 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
11:38:10.0111 1488 Mup - ok
11:38:10.0158 1488 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
11:38:10.0205 1488 napagent - ok
11:38:10.0251 1488 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
11:38:10.0283 1488 NativeWifiP - ok
11:38:10.0314 1488 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
11:38:10.0361 1488 NDIS - ok
11:38:10.0376 1488 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
11:38:10.0407 1488 NdisCap - ok
11:38:10.0454 1488 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
11:38:10.0485 1488 NdisTapi - ok
11:38:10.0501 1488 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
11:38:10.0532 1488 Ndisuio - ok
11:38:10.0532 1488 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
11:38:10.0579 1488 NdisWan - ok
11:38:10.0595 1488 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
11:38:10.0626 1488 NDProxy - ok
11:38:10.0626 1488 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
11:38:10.0673 1488 NetBIOS - ok
11:38:10.0735 1488 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
11:38:10.0766 1488 NetBT - ok
11:38:10.0782 1488 [ 0793F40B9B8A1BDD266296409DBD91EA ] Netlogon C:\Windows\system32\lsass.exe
11:38:10.0782 1488 Netlogon - ok
11:38:10.0844 1488 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
11:38:10.0891 1488 Netman - ok
11:38:10.0953 1488 [ DF2D5647A204750C2417C6D2535CBC98 ] NetMeterService C:\Program Files (x86)\HooTech Net Meter\NetMeterService.exe
11:38:10.0953 1488 NetMeterService ( UnsignedFile.Multi.Generic ) - warning
11:38:10.0953 1488 NetMeterService - detected UnsignedFile.Multi.Generic (1)
11:38:11.0000 1488 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:38:11.0109 1488 NetMsmqActivator - ok
11:38:11.0109 1488 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:38:11.0125 1488 NetPipeActivator - ok
11:38:11.0156 1488 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
11:38:11.0203 1488 netprofm - ok
11:38:11.0203 1488 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:38:11.0219 1488 NetTcpActivator - ok
11:38:11.0219 1488 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:38:11.0234 1488 NetTcpPortSharing - ok
11:38:11.0375 1488 [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64 C:\Windows\system32\DRIVERS\netw5v64.sys
11:38:11.0515 1488 netw5v64 - ok
11:38:11.0546 1488 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
11:38:11.0546 1488 nfrd960 - ok
11:38:11.0609 1488 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
11:38:11.0640 1488 NlaSvc - ok
11:38:11.0749 1488 [ B1EF4686961986DFFB7FE8F18E6FCB5B ] nlsX86cc C:\Windows\SysWOW64\nlssrv32.exe
11:38:11.0796 1488 nlsX86cc ( UnsignedFile.Multi.Generic ) - warning
11:38:11.0796 1488 nlsX86cc - detected UnsignedFile.Multi.Generic (1)
11:38:11.0811 1488 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
11:38:11.0843 1488 Npfs - ok
11:38:11.0874 1488 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
11:38:11.0905 1488 nsi - ok
11:38:11.0921 1488 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
11:38:11.0967 1488 nsiproxy - ok
11:38:11.0999 1488 [ 05D78AA5CB5F3F5C31160BDB955D0B7C ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
11:38:12.0061 1488 Ntfs - ok
11:38:12.0077 1488 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
11:38:12.0123 1488 Null - ok
11:38:12.0295 1488 [ 2E16ABA89D5C1CF925541CBBD0F2A5BC ] NVIDIA Performance Driver Service C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
11:38:12.0451 1488 NVIDIA Performance Driver Service - ok
11:38:12.0747 1488 [ A48BFF12CEBF631DC329FB4223201BFA ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
11:38:13.0184 1488 nvlddmkm - ok
11:38:13.0200 1488 [ 5D9FD91F3D38DC9DA01E3CB5FA89CD48 ] nvraid C:\Windows\system32\drivers\nvraid.sys
11:38:13.0215 1488 nvraid - ok
11:38:13.0231 1488 [ F7CD50FE7139F07E77DA8AC8033D1832 ] nvstor C:\Windows\system32\drivers\nvstor.sys
11:38:13.0247 1488 nvstor - ok
11:38:13.0262 1488 [ C4E884D605E12A1F815C89C830873BF7 ] nvsvc C:\Windows\system32\nvvsvc.exe
11:38:13.0309 1488 nvsvc - ok
11:38:13.0325 1488 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
11:38:13.0340 1488 nv_agp - ok
11:38:13.0371 1488 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
11:38:13.0387 1488 ohci1394 - ok
11:38:13.0449 1488 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:38:13.0465 1488 ose - ok
11:38:13.0652 1488 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
11:38:13.0793 1488 osppsvc - ok
11:38:13.0855 1488 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
11:38:13.0886 1488 p2pimsvc - ok
11:38:13.0933 1488 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
11:38:13.0949 1488 p2psvc - ok
11:38:13.0964 1488 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
11:38:13.0980 1488 Parport - ok
11:38:13.0980 1488 Partizan - ok
11:38:13.0995 1488 [ 871EADAC56B0A4C6512BBE32753CCF79 ] partmgr C:\Windows\system32\drivers\partmgr.sys
11:38:13.0995 1488 partmgr - ok
11:38:14.0027 1488 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
11:38:14.0058 1488 PcaSvc - ok
11:38:14.0058 1488 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
11:38:14.0073 1488 pci - ok
11:38:14.0089 1488 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
11:38:14.0105 1488 pciide - ok
11:38:14.0105 1488 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
11:38:14.0120 1488 pcmcia - ok
11:38:14.0136 1488 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
11:38:14.0151 1488 pcw - ok
11:38:14.0183 1488 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
11:38:14.0229 1488 PEAUTH - ok
11:38:14.0292 1488 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
11:38:14.0354 1488 PeerDistSvc - ok
11:38:14.0401 1488 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
11:38:14.0432 1488 PerfHost - ok
11:38:14.0526 1488 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
11:38:14.0604 1488 pla - ok
11:38:14.0651 1488 [ B806E50427511BCF4AD8E8239C3E25FA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
11:38:14.0697 1488 PlugPlay - ok
11:38:14.0713 1488 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
11:38:14.0729 1488 PNRPAutoReg - ok
11:38:14.0744 1488 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
11:38:14.0760 1488 PNRPsvc - ok
11:38:14.0807 1488 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
11:38:14.0869 1488 PolicyAgent - ok
11:38:14.0885 1488 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
11:38:14.0931 1488 Power - ok
11:38:15.0041 1488 [ DEED60F99C5B8E386D507860F600D509 ] Power Manager DBC Service C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
11:38:15.0087 1488 Power Manager DBC Service - ok
11:38:15.0103 1488 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
11:38:15.0150 1488 PptpMiniport - ok
11:38:15.0165 1488 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
11:38:15.0181 1488 Processor - ok
11:38:15.0197 1488 PROCEXP151 - ok
11:38:15.0259 1488 [ 5C78838B4D166D1A27DB3A8A820C799A ] ProfSvc C:\Windows\system32\profsvc.dll
11:38:15.0306 1488 ProfSvc - ok
11:38:15.0306 1488 [ 0793F40B9B8A1BDD266296409DBD91EA ] ProtectedStorage C:\Windows\system32\lsass.exe
11:38:15.0321 1488 ProtectedStorage - ok
11:38:15.0337 1488 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
11:38:15.0368 1488 Psched - ok
11:38:15.0431 1488 [ 543A4EF0923BF70D126625B034EF25AF ] PSI_SVC_2 c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
11:38:15.0431 1488 PSI_SVC_2 - ok
11:38:15.0493 1488 [ 68DCE950DCD2ABBB82362D383EC5836E ] PwmEWSvc C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE
11:38:15.0540 1488 PwmEWSvc - ok
11:38:15.0587 1488 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
11:38:15.0633 1488 ql2300 - ok
11:38:15.0665 1488 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
11:38:15.0680 1488 ql40xx - ok
11:38:15.0696 1488 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
11:38:15.0711 1488 QWAVE - ok
11:38:15.0727 1488 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
11:38:15.0743 1488 QWAVEdrv - ok
11:38:15.0774 1488 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
11:38:15.0805 1488 RasAcd - ok
11:38:15.0852 1488 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
11:38:15.0883 1488 RasAgileVpn - ok
11:38:15.0899 1488 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
11:38:15.0945 1488 RasAuto - ok
11:38:15.0961 1488 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
11:38:15.0992 1488 Rasl2tp - ok
11:38:16.0023 1488 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
11:38:16.0070 1488 RasMan - ok
11:38:16.0070 1488 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
11:38:16.0117 1488 RasPppoe - ok
11:38:16.0117 1488 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
11:38:16.0148 1488 RasSstp - ok
11:38:16.0164 1488 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
11:38:16.0211 1488 rdbss - ok
11:38:16.0226 1488 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
11:38:16.0242 1488 rdpbus - ok
11:38:16.0242 1488 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
11:38:16.0289 1488 RDPCDD - ok
11:38:16.0335 1488 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
11:38:16.0351 1488 RDPDR - ok
11:38:16.0367 1488 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
11:38:16.0413 1488 RDPENCDD - ok
11:38:16.0429 1488 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
11:38:16.0460 1488 RDPREFMP - ok
11:38:16.0507 1488 [ 70CBA1A0C98600A2AA1863479B35CB90 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
11:38:16.0554 1488 RdpVideoMiniport - ok
11:38:16.0569 1488 [ 15B66C206B5CB095BAB980553F38ED23 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
11:38:16.0601 1488 RDPWD - ok
11:38:16.0632 1488 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
11:38:16.0647 1488 rdyboost - ok
11:38:16.0725 1488 [ 7196BE857E29007470FF9B689C7F29A7 ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
11:38:16.0757 1488 RegSrvc - ok
11:38:16.0803 1488 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
11:38:16.0850 1488 RemoteAccess - ok
11:38:16.0897 1488 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
11:38:16.0944 1488 RemoteRegistry - ok
11:38:16.0991 1488 [ 9C3AC71A9934B884FAC567A8807E9C4D ] Revoflt C:\Windows\system32\DRIVERS\revoflt.sys
11:38:16.0991 1488 Revoflt - ok
11:38:17.0037 1488 [ 2A43F9E6DBDE12BC0C104785C3B3F5DF ] rismxdp C:\Windows\system32\DRIVERS\rixdpx64.sys
11:38:17.0053 1488 rismxdp - ok
11:38:17.0069 1488 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
11:38:17.0115 1488 RpcEptMapper - ok
11:38:17.0162 1488 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
11:38:17.0162 1488 RpcLocator - ok
11:38:17.0193 1488 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
11:38:17.0240 1488 RpcSs - ok
11:38:17.0256 1488 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
11:38:17.0287 1488 rspndr - ok
11:38:17.0318 1488 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
11:38:17.0365 1488 s3cap - ok
11:38:17.0381 1488 [ 0793F40B9B8A1BDD266296409DBD91EA ] SamSs C:\Windows\system32\lsass.exe
11:38:17.0381 1488 SamSs - ok
11:38:17.0474 1488 [ F444EBA4C58AD1D6D1DA9850C2B5D829 ] SbieDrv C:\Program Files\Sandboxie\SbieDrv.sys
11:38:17.0474 1488 SbieDrv - ok
11:38:17.0505 1488 [ 9E92ABAE6F6A63C4307FE7CC4AC95831 ] SbieSvc C:\Program Files\Sandboxie\SbieSvc.exe
11:38:17.0521 1488 SbieSvc - ok
11:38:17.0537 1488 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
11:38:17.0552 1488 sbp2port - ok
11:38:17.0568 1488 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
11:38:17.0615 1488 SCardSvr - ok
11:38:17.0630 1488 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
11:38:17.0661 1488 scfilter - ok
11:38:17.0693 1488 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
11:38:17.0786 1488 Schedule - ok
11:38:17.0833 1488 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
11:38:17.0864 1488 SCPolicySvc - ok
11:38:17.0927 1488 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
11:38:17.0942 1488 sdbus - ok
11:38:17.0989 1488 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
11:38:18.0005 1488 SDRSVC - ok
11:38:18.0051 1488 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
11:38:18.0098 1488 secdrv - ok
11:38:18.0114 1488 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
11:38:18.0145 1488 seclogon - ok
11:38:18.0161 1488 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
11:38:18.0192 1488 SENS - ok
11:38:18.0207 1488 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
11:38:18.0223 1488 SensrSvc - ok
11:38:18.0239 1488 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
11:38:18.0254 1488 Serenum - ok
11:38:18.0270 1488 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
11:38:18.0301 1488 Serial - ok
11:38:18.0317 1488 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
11:38:18.0332 1488 sermouse - ok
11:38:18.0348 1488 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
11:38:18.0395 1488 SessionEnv - ok
11:38:18.0457 1488 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
11:38:18.0473 1488 sffdisk - ok
11:38:18.0504 1488 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
11:38:18.0535 1488 sffp_mmc - ok
11:38:18.0566 1488 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
11:38:18.0597 1488 sffp_sd - ok
11:38:18.0613 1488 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
11:38:18.0629 1488 sfloppy - ok
11:38:18.0691 1488 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
11:38:18.0738 1488 SharedAccess - ok
11:38:18.0769 1488 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
11:38:18.0800 1488 ShellHWDetection - ok
11:38:18.0831 1488 [ 7AC6FBFC13ABA3F15B05986412D10E10 ] Shockprf C:\Windows\system32\DRIVERS\Apsx64.sys
11:38:18.0831 1488 Shockprf - ok
11:38:18.0847 1488 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
11:38:18.0863 1488 SiSRaid2 - ok
11:38:18.0878 1488 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
11:38:18.0894 1488 SiSRaid4 - ok
11:38:19.0081 1488 [ 183F04C6742902F33039913A96F5B574 ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
11:38:19.0190 1488 Skype C2C Service - ok
11:38:19.0253 1488 [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
11:38:19.0253 1488 SkypeUpdate - ok
11:38:19.0268 1488 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
11:38:19.0331 1488 Smb - ok
11:38:19.0377 1488 [ 3BC2844AF786CA422CC31D505ACFA9F2 ] smihlp C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys
11:38:19.0393 1488 smihlp - ok
11:38:19.0455 1488 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
11:38:19.0471 1488 SNMPTRAP - ok
11:38:19.0471 1488 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
11:38:19.0487 1488 spldr - ok
11:38:19.0518 1488 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\Windows\System32\spoolsv.exe
11:38:19.0549 1488 Spooler - ok
11:38:19.0643 1488 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
11:38:19.0767 1488 sppsvc - ok
11:38:19.0783 1488 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
11:38:19.0814 1488 sppuinotify - ok
11:38:19.0830 1488 [ 2098B8556D1CEC2ACA9A29CD479E3692 ] srv C:\Windows\system32\DRIVERS\srv.sys
11:38:19.0877 1488 srv - ok
11:38:19.0892 1488 [ D0F73A42040F21F92FD314B42AC5C9E7 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
11:38:19.0955 1488 srv2 - ok
11:38:19.0970 1488 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS
11:38:19.0986 1488 SrvHsfHDA - ok
11:38:20.0048 1488 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS
11:38:20.0111 1488 SrvHsfV92 - ok
11:38:20.0157 1488 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
11:38:20.0189 1488 SrvHsfWinac - ok
11:38:20.0189 1488 [ 2BA8F3250828CCDB4204ECF2C6F40B6A ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
11:38:20.0251 1488 srvnet - ok
11:38:20.0298 1488 [ 8F8324ED1DE63FFC7B1A02CD2D963C72 ] ssadbus C:\Windows\system32\DRIVERS\ssadbus.sys
11:38:20.0329 1488 ssadbus - ok
11:38:20.0391 1488 [ 58221EFCB74167B73667F0024C661CE0 ] ssadmdfl C:\Windows\system32\DRIVERS\ssadmdfl.sys
11:38:20.0423 1488 ssadmdfl - ok
11:38:20.0469 1488 [ 4DA7C71BFAC5AD71255B7E4CAB980163 ] ssadmdm C:\Windows\system32\DRIVERS\ssadmdm.sys
11:38:20.0485 1488 ssadmdm - ok
11:38:20.0516 1488 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
11:38:20.0547 1488 SSDPSRV - ok
11:38:20.0579 1488 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
11:38:20.0610 1488 SstpSvc - ok
11:38:20.0703 1488 [ 5166A8690D912B0B9F29FBB028EA9FE7 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
11:38:20.0719 1488 Stereo Service - ok
11:38:20.0735 1488 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
11:38:20.0750 1488 stexstor - ok
11:38:20.0813 1488 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
11:38:20.0828 1488 stisvc - ok
11:38:20.0859 1488 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
11:38:20.0875 1488 storflt - ok
11:38:20.0891 1488 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
11:38:20.0906 1488 storvsc - ok
11:38:21.0000 1488 [ 59B5A060A31BD4BAB030C4FCD1048292 ] SUService C:\Program Files (x86)\Lenovo\System Update\SUService.exe
11:38:21.0000 1488 SUService - ok
11:38:21.0047 1488 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
11:38:21.0062 1488 swenum - ok
11:38:21.0156 1488 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
11:38:21.0187 1488 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
11:38:21.0187 1488 SwitchBoard - detected UnsignedFile.Multi.Generic (1)
11:38:21.0249 1488 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
11:38:21.0296 1488 swprv - ok
11:38:21.0343 1488 [ C3A39C4079305480972D29C44B868C78 ] Synth3dVsc C:\Windows\system32\drivers\synth3dvsc.sys
11:38:21.0343 1488 Synth3dVsc - ok
11:38:21.0405 1488 [ 883D2880144FD3ED9F1C04B5B5B9B562 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
11:38:21.0405 1488 SynTP - ok
11:38:21.0468 1488 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
11:38:21.0546 1488 SysMain - ok
11:38:21.0561 1488 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
11:38:21.0577 1488 TabletInputService - ok
11:38:21.0593 1488 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
11:38:21.0639 1488 TapiSrv - ok
11:38:21.0686 1488 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
11:38:21.0717 1488 TBS - ok
11:38:21.0764 1488 [ 509383E505C973ED7534A06B3D19688D ] Tcpip C:\Windows\system32\drivers\tcpip.sys
11:38:21.0827 1488 Tcpip - ok
11:38:21.0858 1488 [ 509383E505C973ED7534A06B3D19688D ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
11:38:21.0905 1488 TCPIP6 - ok
11:38:21.0920 1488 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
11:38:21.0951 1488 tcpipreg - ok
11:38:21.0983 1488 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
11:38:21.0998 1488 TDPIPE - ok
11:38:22.0014 1488 [ E4245BDA3190A582D55ED09E137401A9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
11:38:22.0061 1488 TDTCP - ok
11:38:22.0076 1488 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
11:38:22.0107 1488 tdx - ok
11:38:22.0123 1488 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
11:38:22.0139 1488 TermDD - ok
11:38:22.0154 1488 [ 2B5BDFF688EC9871D7EC5837833374E9 ] terminpt C:\Windows\system32\drivers\terminpt.sys
11:38:22.0185 1488 terminpt - ok
11:38:22.0217 1488 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
11:38:22.0279 1488 TermService - ok
11:38:22.0295 1488 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
11:38:22.0310 1488 Themes - ok
11:38:22.0388 1488 [ 8EB3B845A55AFE8367C99C1B499340DF ] ThinkVantage Registry Monitor Service C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
11:38:22.0419 1488 ThinkVantage Registry Monitor Service ( UnsignedFile.Multi.Generic ) - warning
11:38:22.0419 1488 ThinkVantage Registry Monitor Service - detected UnsignedFile.Multi.Generic (1)
11:38:22.0466 1488 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
11:38:22.0497 1488 THREADORDER - ok
11:38:22.0513 1488 [ BC148E3415BF8A9DE83364966F75044F ] TPDIGIMN C:\Windows\system32\DRIVERS\ApsHM64.sys
11:38:22.0513 1488 TPDIGIMN - ok
11:38:22.0544 1488 [ BBD91008BEC4A2BA5D383BC9A15D6F9E ] TPHDEXLGSVC C:\Windows\system32\TPHDEXLG64.exe
11:38:22.0560 1488 TPHDEXLGSVC - ok
11:38:22.0622 1488 [ 83415782D47F8064FCAFEA308ABB2246 ] TPHKLOAD C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
11:38:22.0638 1488 TPHKLOAD - ok
11:38:22.0653 1488 [ C04BB65441913AB621C58A8BD3169B23 ] TPHKSVC C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
11:38:22.0653 1488 TPHKSVC - ok
11:38:22.0700 1488 [ DBCC20C02E8A3E43B03C304A4E40A84F ] TPM C:\Windows\system32\drivers\tpm.sys
11:38:22.0716 1488 TPM - ok
11:38:22.0747 1488 [ 1DF6E6C026AD1D428687FE3B427A87BC ] TPPWRIF C:\Windows\system32\drivers\Tppwr64v.sys
11:38:22.0747 1488 TPPWRIF - ok
11:38:22.0763 1488 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
11:38:22.0809 1488 TrkWks - ok
11:38:22.0903 1488 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
11:38:22.0950 1488 TrustedInstaller - ok
11:38:23.0059 1488 [ 57138BEEDEA832293291036DDF611569 ] TSSCoreService C:\Program Files (x86)\Lenovo\Client Security Solution\tvttcsd.exe
11:38:23.0090 1488 TSSCoreService - ok
11:38:23.0106 1488 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
11:38:23.0153 1488 tssecsrv - ok
11:38:23.0168 1488 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
11:38:23.0199 1488 TsUsbFlt - ok
11:38:23.0215 1488 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
11:38:23.0231 1488 TsUsbGD - ok
11:38:23.0246 1488 [ E1748D04AE40118B62BC18AC86032192 ] tsusbhub C:\Windows\system32\drivers\tsusbhub.sys
11:38:23.0262 1488 tsusbhub - ok
11:38:23.0277 1488 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
11:38:23.0309 1488 tunnel - ok
11:38:23.0387 1488 [ 4581A61AD590BC3CCDF2759D0BDD69FC ] TVT Backup Service C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe
11:38:23.0449 1488 TVT Backup Service - ok
11:38:23.0480 1488 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
11:38:23.0496 1488 uagp35 - ok
11:38:23.0511 1488 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
11:38:23.0558 1488 udfs - ok
11:38:23.0589 1488 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
11:38:23.0605 1488 UI0Detect - ok
11:38:23.0636 1488 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
11:38:23.0652 1488 uliagpkx - ok
11:38:23.0667 1488 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
11:38:23.0683 1488 umbus - ok
11:38:23.0714 1488 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
11:38:23.0745 1488 UmPass - ok
11:38:23.0777 1488 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
11:38:23.0808 1488 UmRdpService - ok
11:38:23.0839 1488 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
11:38:23.0886 1488 upnphost - ok
11:38:23.0917 1488 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
11:38:23.0964 1488 usbaudio - ok
11:38:23.0979 1488 [ 481DFF26B4DCA8F4CBAC1F7DCE1D6829 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
11:38:23.0979 1488 usbccgp - ok
11:38:24.0011 1488 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
11:38:24.0026 1488 usbcir - ok
11:38:24.0073 1488 [ 74EE782B1D9C241EFE425565854C661C ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
11:38:24.0089 1488 usbehci - ok
11:38:24.0120 1488 [ DC96BD9CCB8403251BCF25047573558E ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
11:38:24.0135 1488 usbhub - ok
11:38:24.0151 1488 [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci C:\Windows\system32\drivers\usbohci.sys
11:38:24.0167 1488 usbohci - ok
11:38:24.0182 1488 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
11:38:24.0198 1488 usbprint - ok
11:38:24.0229 1488 [ D76510CFA0FC09023077F22C2F979D86 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:38:24.0245 1488 USBSTOR - ok
11:38:24.0245 1488 [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
11:38:24.0276 1488 usbuhci - ok
11:38:24.0323 1488 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
11:38:24.0338 1488 usbvideo - ok
11:38:24.0354 1488 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
11:38:24.0401 1488 UxSms - ok
11:38:24.0401 1488 [ 0793F40B9B8A1BDD266296409DBD91EA ] VaultSvc C:\Windows\system32\lsass.exe
11:38:24.0416 1488 VaultSvc - ok
11:38:24.0447 1488 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
11:38:24.0447 1488 vdrvroot - ok
11:38:24.0479 1488 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
11:38:24.0525 1488 vds - ok
11:38:24.0557 1488 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
11:38:24.0572 1488 vga - ok
11:38:24.0635 1488 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
11:38:24.0666 1488 VgaSave - ok
11:38:24.0666 1488 VGPU - ok
11:38:24.0697 1488 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
11:38:24.0713 1488 vhdmp - ok
11:38:24.0728 1488 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
11:38:24.0728 1488 viaide - ok
11:38:24.0791 1488 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
11:38:24.0806 1488 vmbus - ok
11:38:24.0822 1488 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
11:38:24.0837 1488 VMBusHID - ok
11:38:24.0884 1488 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
11:38:24.0884 1488 volmgr - ok
11:38:24.0900 1488 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
11:38:24.0915 1488 volmgrx - ok
11:38:24.0931 1488 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
11:38:24.0947 1488 volsnap - ok
11:38:24.0962 1488 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
11:38:24.0962 1488 vsmraid - ok
11:38:25.0009 1488 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
11:38:25.0103 1488 VSS - ok
11:38:25.0103 1488 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
11:38:25.0134 1488 vwifibus - ok
11:38:25.0149 1488 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
11:38:25.0196 1488 W32Time - ok
11:38:25.0212 1488 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
11:38:25.0227 1488 WacomPen - ok
11:38:25.0243 1488 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
11:38:25.0274 1488 WANARP - ok
11:38:25.0290 1488 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
11:38:25.0321 1488 Wanarpv6 - ok
11:38:25.0383 1488 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
11:38:25.0430 1488 WatAdminSvc - ok
11:38:25.0493 1488 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
11:38:25.0555 1488 wbengine - ok
11:38:25.0571 1488 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
11:38:25.0602 1488 WbioSrvc - ok
11:38:25.0617 1488 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
11:38:25.0633 1488 wcncsvc - ok
11:38:25.0649 1488 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
11:38:25.0680 1488 WcsPlugInService - ok
11:38:25.0695 1488 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
11:38:25.0711 1488 Wd - ok
11:38:25.0727 1488 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
11:38:25.0758 1488 Wdf01000 - ok
11:38:25.0773 1488 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
11:38:25.0836 1488 WdiServiceHost - ok
11:38:25.0836 1488 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
11:38:25.0851 1488 WdiSystemHost - ok
11:38:25.0883 1488 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
11:38:25.0914 1488 WebClient - ok
11:38:25.0929 1488 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
11:38:25.0976 1488 Wecsvc - ok
11:38:25.0992 1488 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
11:38:26.0023 1488 wercplsupport - ok
11:38:26.0039 1488 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
11:38:26.0085 1488 WerSvc - ok
11:38:26.0101 1488 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
11:38:26.0132 1488 WfpLwf - ok
11:38:26.0148 1488 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
11:38:26.0163 1488 WIMMount - ok
11:38:26.0195 1488 [ 057B062CF9A11E04DB45B8C3AFC28B11 ] winachsf C:\Windows\system32\DRIVERS\CAX_CNXT.sys
11:38:26.0210 1488 winachsf - ok
11:38:26.0241 1488 WinDefend - ok
11:38:26.0257 1488 WinHttpAutoProxySvc - ok
11:38:26.0351 1488 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
11:38:26.0382 1488 Winmgmt - ok
11:38:26.0429 1488 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
11:38:26.0507 1488 WinRM - ok
11:38:26.0569 1488 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUSB.sys
11:38:26.0585 1488 WinUsb - ok
11:38:26.0616 1488 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
11:38:26.0678 1488 Wlansvc - ok
11:38:26.0678 1488 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
11:38:26.0694 1488 WmiAcpi - ok
11:38:26.0741 1488 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
11:38:26.0772 1488 wmiApSrv - ok
11:38:26.0787 1488 WMPNetworkSvc - ok
11:38:26.0803 1488 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
11:38:26.0819 1488 WPCSvc - ok
11:38:26.0834 1488 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
11:38:26.0865 1488 WPDBusEnum - ok
11:38:26.0881 1488 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
11:38:26.0912 1488 ws2ifsl - ok
11:38:26.0928 1488 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
11:38:26.0943 1488 wscsvc - ok
11:38:26.0959 1488 WSearch - ok
11:38:27.0053 1488 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
11:38:27.0131 1488 wuauserv - ok
11:38:27.0193 1488 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
11:38:27.0224 1488 WudfPf - ok
11:38:27.0240 1488 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
11:38:27.0287 1488 WUDFRd - ok
11:38:27.0333 1488 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
11:38:27.0365 1488 wudfsvc - ok
11:38:27.0380 1488 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
11:38:27.0411 1488 WwanSvc - ok
11:38:27.0474 1488 [ 638C99D993AFAB0E1FAB226E2BBE6D79 ] XAudio C:\Windows\system32\DRIVERS\xaudio64.sys
11:38:27.0474 1488 XAudio - ok
11:38:27.0505 1488 [ 3E775F0BD28DDEFF53D78578B97A3CFF ] XAudioService C:\Windows\system32\DRIVERS\xaudio64.exe
11:38:27.0521 1488 XAudioService - ok
11:38:27.0552 1488 ================ Scan global ===============================
11:38:27.0599 1488 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
11:38:27.0614 1488 [ E0406AEF04B088D1C49FC78D0546F689 ] C:\Windows\system32\winsrv.dll
11:38:27.0630 1488 [ E0406AEF04B088D1C49FC78D0546F689 ] C:\Windows\system32\winsrv.dll
11:38:27.0677 1488 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
11:38:27.0723 1488 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
11:38:27.0723 1488 [Global] - ok
11:38:27.0723 1488 ================ Scan MBR ==================================
11:38:27.0755 1488 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
11:38:28.0082 1488 \Device\Harddisk0\DR0 - ok
11:38:28.0082 1488 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
11:38:28.0675 1488 \Device\Harddisk1\DR1 - ok
11:38:28.0675 1488 ================ Scan VBR ==================================
11:38:28.0706 1488 [ 6250038D7C52886A16250C2878BA98AF ] \Device\Harddisk0\DR0\Partition1
11:38:28.0706 1488 \Device\Harddisk0\DR0\Partition1 - ok
11:38:28.0737 1488 [ D0BCDECA38F11B206F3F82834829AA11 ] \Device\Harddisk0\DR0\Partition2
11:38:28.0737 1488 \Device\Harddisk0\DR0\Partition2 - ok
11:38:28.0737 1488 [ 07C5833822B8415760AB9147F68F5E0A ] \Device\Harddisk1\DR1\Partition1
11:38:28.0737 1488 \Device\Harddisk1\DR1\Partition1 - ok
11:38:28.0737 1488 [ F0AF84382C49D9F4E015553ECE12C24A ] \Device\Harddisk1\DR1\Partition2
11:38:28.0737 1488 \Device\Harddisk1\DR1\Partition2 - ok
11:38:28.0737 1488 ================ Scan active images ========================
11:38:28.0753 1488 [ 3E588B60EC061686BA05D33574A344C6 ] C:\Windows\System32\drivers\crashdmp.sys
11:38:28.0753 1488 C:\Windows\System32\drivers\crashdmp.sys - ok
11:38:28.0753 1488 [ 839B5FE3D48E9F35B22C21A3D5103F6C ] C:\Windows\System32\drivers\Dumpata.sys
11:38:28.0753 1488 C:\Windows\System32\drivers\Dumpata.sys - ok
11:38:28.0753 1488 [ 02062C0B390B7729EDC9E69C680A6F3C ] C:\Windows\System32\drivers\atapi.sys
11:38:28.0753 1488 C:\Windows\System32\drivers\atapi.sys - ok
11:38:28.0753 1488 [ 814DB88F2641691575A455CF25354098 ] C:\Windows\System32\drivers\dumpfve.sys
11:38:28.0753 1488 C:\Windows\System32\drivers\dumpfve.sys - ok
11:38:28.0769 1488 [ 9899284589F75FA8724FF3D16AED75C1 ] C:\Windows\System32\drivers\null.sys
11:38:28.0769 1488 C:\Windows\System32\drivers\null.sys - ok
11:38:28.0769 1488 [ 16A47CE2DECC9B099349A5F840654746 ] C:\Windows\System32\drivers\beep.sys
11:38:28.0769 1488 C:\Windows\System32\drivers\beep.sys - ok
11:38:28.0769 1488 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] C:\Windows\System32\drivers\msfs.sys
11:38:28.0769 1488 C:\Windows\System32\drivers\msfs.sys - ok
11:38:28.0769 1488 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] C:\Windows\System32\drivers\npfs.sys
11:38:28.0769 1488 C:\Windows\System32\drivers\npfs.sys - ok
11:38:28.0769 1488 [ 53E92A310193CB3C03BEA963DE7D9CFC ] C:\Windows\System32\drivers\vga.sys
11:38:28.0769 1488 C:\Windows\System32\drivers\vga.sys - ok
11:38:28.0784 1488 [ E7353D59C9842BC7299FAEB7E7E09340 ] C:\Windows\System32\drivers\videoprt.sys
11:38:28.0784 1488 C:\Windows\System32\drivers\videoprt.sys - ok
11:38:28.0784 1488 [ FC438D1430B28618E2D0C7C332A710AD ] C:\Windows\System32\drivers\watchdog.sys
11:38:28.0784 1488 C:\Windows\System32\drivers\watchdog.sys - ok
11:38:28.0784 1488 [ 3556D5A8BF2CC508BDAB51DEC38D7C61 ] C:\Windows\System32\ntdll.dll
11:38:28.0784 1488 C:\Windows\System32\ntdll.dll - ok
11:38:28.0784 1488 [ 1911A3356FA3F77CCC825CCBAC038C2A ] C:\Windows\System32\smss.exe
11:38:28.0784 1488 C:\Windows\System32\smss.exe - ok
11:38:28.0800 1488 [ B6D64EE607637301FF8C33139B4950DE ] C:\Windows\System32\drivers\usbport.sys
11:38:28.0800 1488 C:\Windows\System32\drivers\usbport.sys - ok
11:38:28.0800 1488 [ 81FB2216D3A60D1284455D511797DB3D ] C:\Windows\System32\drivers\usbuhci.sys
11:38:28.0800 1488 C:\Windows\System32\drivers\usbuhci.sys - ok
11:38:28.0800 1488 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] C:\Windows\System32\drivers\hdaudbus.sys
11:38:28.0800 1488 C:\Windows\System32\drivers\hdaudbus.sys - ok
11:38:28.0815 1488 [ 74EE782B1D9C241EFE425565854C661C ] C:\Windows\System32\drivers\usbehci.sys
11:38:28.0815 1488 C:\Windows\System32\drivers\usbehci.sys - ok
11:38:28.0815 1488 [ 2A43F9E6DBDE12BC0C104785C3B3F5DF ] C:\Windows\System32\drivers\rixdpx64.sys
11:38:28.0815 1488 C:\Windows\System32\drivers\rixdpx64.sys - ok
11:38:28.0815 1488 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] C:\Windows\System32\drivers\i8042prt.sys
11:38:28.0815 1488 C:\Windows\System32\drivers\i8042prt.sys - ok
11:38:28.0815 1488 [ 2C43FD500522EF3B8C283A5846B7FC41 ] C:\Windows\System32\drivers\klkbdflt.sys
11:38:28.0815 1488 C:\Windows\System32\drivers\klkbdflt.sys - ok
11:38:28.0831 1488 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] C:\Windows\System32\drivers\kbdclass.sys
11:38:28.0831 1488 C:\Windows\System32\drivers\kbdclass.sys - ok
11:38:28.0831 1488 [ 883D2880144FD3ED9F1C04B5B5B9B562 ] C:\Windows\System32\drivers\SynTP.sys
11:38:28.0831 1488 C:\Windows\System32\drivers\SynTP.sys - ok
11:38:28.0831 1488 [ 63C8D74BED9F80F4DD0AA7A3101EB639 ] C:\Windows\System32\drivers\usbd.sys
11:38:28.0831 1488 C:\Windows\System32\drivers\usbd.sys - ok
11:38:28.0831 1488 [ 70A6D2E292017EC47949696F51ABE18D ] C:\Windows\System32\drivers\klmouflt.sys
11:38:28.0831 1488 C:\Windows\System32\drivers\klmouflt.sys - ok
11:38:28.0847 1488 [ 7D27EA49F3C1F687D357E77A470AEA99 ] C:\Windows\System32\drivers\mouclass.sys
11:38:28.0847 1488 C:\Windows\System32\drivers\mouclass.sys - ok
11:38:28.0847 1488 [ DBCC20C02E8A3E43B03C304A4E40A84F ] C:\Windows\System32\drivers\tpm.sys
11:38:28.0847 1488 C:\Windows\System32\drivers\tpm.sys - ok
11:38:28.0847 1488 [ 61583EE3C3A17003C4ACD0475646B4D3 ] C:\Windows\System32\drivers\blbdrive.sys
11:38:28.0847 1488 C:\Windows\System32\drivers\blbdrive.sys - ok
11:38:28.0847 1488 [ 03EDB043586CCEBA243D689BDDA370A8 ] C:\Windows\System32\drivers\CompositeBus.sys
11:38:28.0847 1488 C:\Windows\System32\drivers\CompositeBus.sys - ok
11:38:28.0847 1488 [ 16A43ABB5A334C7842F4A60CF9FF8041 ] C:\Windows\System32\drivers\ibmpmdrv.sys
11:38:28.0847 1488 C:\Windows\System32\drivers\ibmpmdrv.sys - ok
11:38:28.0878 1488 [ F6FF8944478594D0E414D3F048F0D778 ] C:\Windows\System32\drivers\wmiacpi.sys
11:38:28.0878 1488 C:\Windows\System32\drivers\wmiacpi.sys - ok
11:38:28.0878 1488 [ 24FBF5CC5C04150073C315A7C83521EE ] C:\Windows\System32\drivers\ks.sys
11:38:28.0878 1488 C:\Windows\System32\drivers\ks.sys - ok
11:38:28.0878 1488 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] C:\Windows\System32\drivers\mssmbios.sys
11:38:28.0878 1488 C:\Windows\System32\drivers\mssmbios.sys - ok
11:38:28.0893 1488 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] C:\Windows\System32\drivers\rdpbus.sys
11:38:28.0893 1488 C:\Windows\System32\drivers\rdpbus.sys - ok
11:38:28.0893 1488 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] C:\Windows\System32\drivers\swenum.sys
11:38:28.0893 1488 C:\Windows\System32\drivers\swenum.sys - ok
11:38:28.0893 1488 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] C:\Windows\System32\drivers\termdd.sys
11:38:28.0893 1488 C:\Windows\System32\drivers\termdd.sys - ok
11:38:28.0893 1488 [ DC54A574663A895C8763AF0FA1FF7561 ] C:\Windows\System32\drivers\umbus.sys
11:38:28.0893 1488 C:\Windows\System32\drivers\umbus.sys - ok
11:38:28.0909 1488 [ DC96BD9CCB8403251BCF25047573558E ] C:\Windows\System32\drivers\usbhub.sys
11:38:28.0909 1488 C:\Windows\System32\drivers\usbhub.sys - ok
11:38:28.0909 1488 [ 3B536A8BEC3B4F23FFDFD78B11A2AB93 ] C:\Windows\System32\autochk.exe
11:38:28.0909 1488 C:\Windows\System32\autochk.exe - ok
11:38:28.0909 1488 [ 0ADC83218B66A6DB380C330836F3E36D ] C:\Windows\System32\drivers\fastfat.sys
11:38:28.0909 1488 C:\Windows\System32\drivers\fastfat.sys - ok
11:38:28.0909 1488 [ 8F8324ED1DE63FFC7B1A02CD2D963C72 ] C:\Windows\System32\drivers\ssadbus.sys
11:38:28.0909 1488 C:\Windows\System32\drivers\ssadbus.sys - ok
11:38:28.0909 1488 [ 8EEA35B5D1718C546C767FF47CEDF4FE ] C:\Windows\System32\drivers\ssadwh.sys
11:38:28.0909 1488 C:\Windows\System32\drivers\ssadwh.sys - ok
11:38:28.0925 1488 [ 8FD0EC6EB52F9EFE15B7A605C827932C ] C:\Windows\System32\Defrag.exe
11:38:28.0925 1488 C:\Windows\System32\Defrag.exe - ok
11:38:28.0925 1488 [ D76510CFA0FC09023077F22C2F979D86 ] C:\Windows\System32\drivers\USBSTOR.SYS
11:38:28.0925 1488 C:\Windows\System32\drivers\USBSTOR.SYS - ok
11:38:28.0940 1488 [ D7301EFDC956857246959EEFE609DC5F ] C:\Windows\System32\Partizan.exe
11:38:28.0940 1488 C:\Windows\System32\Partizan.exe - ok
11:38:28.0940 1488 [ D124F55B9393C976963407DFF51FFA79 ] C:\Windows\SysWOW64\ntdll.dll
11:38:28.0940 1488 C:\Windows\SysWOW64\ntdll.dll - ok
11:38:28.0940 1488 [ 098EF40B77F88148349AAEBFE38E87C7 ] C:\Windows\System32\wow64.dll
11:38:28.0940 1488 C:\Windows\System32\wow64.dll - ok
11:38:28.0940 1488 [ C742077774E78A388F11EC943AD717FC ] C:\Windows\System32\wow64win.dll
11:38:28.0940 1488 C:\Windows\System32\wow64win.dll - ok
11:38:28.0940 1488 [ 7A6326D96D53048FDEC542DF23D875A0 ] C:\Windows\System32\kernel32.dll
11:38:28.0940 1488 C:\Windows\System32\kernel32.dll - ok
11:38:28.0956 1488 [ 99F5AEDBA338CE63F047D86E07DA36F6 ] C:\Windows\System32\wow64cpu.dll
11:38:28.0956 1488 C:\Windows\System32\wow64cpu.dll - ok
11:38:28.0956 1488 [ FE70103391A64039A921DBFFF9C7AB1B ] C:\Windows\System32\user32.dll
11:38:28.0956 1488 C:\Windows\System32\user32.dll - ok
11:38:28.0956 1488 [ E80758CF485DB142FCA1EE03A34EAD05 ] C:\Windows\SysWOW64\kernel32.dll
11:38:28.0956 1488 C:\Windows\SysWOW64\kernel32.dll - ok
11:38:28.0956 1488 [ 6C60B5ACA7442EFB794082CDACFC001C ] C:\Windows\System32\ole32.dll
11:38:28.0956 1488 C:\Windows\System32\ole32.dll - ok
11:38:28.0971 1488 [ D87E1E59C73C1F98D5DED5B3850C40F5 ] C:\Windows\System32\psapi.dll
11:38:28.0971 1488 C:\Windows\System32\psapi.dll - ok
11:38:28.0971 1488 [ 5D8E6C95156ED1F79A63D1EADE6F9ED5 ] C:\Windows\System32\setupapi.dll
11:38:28.0971 1488 C:\Windows\System32\setupapi.dll - ok
11:38:28.0971 1488 [ F6C5302E1F4813D552F41A0AC82455E5 ] C:\Windows\System32\wininet.dll
11:38:28.0971 1488 C:\Windows\System32\wininet.dll - ok
11:38:28.0971 1488 [ 26E716ED95DC48CF6E5AC046089366AF ] C:\Windows\System32\shell32.dll
11:38:28.0971 1488 C:\Windows\System32\shell32.dll - ok
11:38:28.0971 1488 [ 5FADA8B707318E1BD63A7E2B81E6C8CB ] C:\Windows\System32\urlmon.dll
11:38:28.0971 1488 C:\Windows\System32\urlmon.dll - ok
11:38:28.0987 1488 [ 4E4FFB09D895AA000DD56D1404F69A7E ] C:\Windows\System32\Wldap32.dll
11:38:28.0987 1488 C:\Windows\System32\Wldap32.dll - ok
11:38:28.0987 1488 [ F7CE0C81C545364020ED8203CF0A633E ] C:\Windows\System32\difxapi.dll
11:38:28.0987 1488 C:\Windows\System32\difxapi.dll - ok
11:38:29.0003 1488 [ 83404DCBCE4925B6A5A77C5170F46D86 ] C:\Windows\System32\sechost.dll
11:38:29.0003 1488 C:\Windows\System32\sechost.dll - ok
11:38:29.0003 1488 [ 7319BB10FA1F86E49E3DCF4136F6C957 ] C:\Windows\System32\msvcrt.dll
11:38:29.0003 1488 C:\Windows\System32\msvcrt.dll - ok
11:38:29.0003 1488 [ 4BBFA57F594F7E8A8EDC8F377184C3F0 ] C:\Windows\System32\ws2_32.dll
11:38:29.0003 1488 C:\Windows\System32\ws2_32.dll - ok
11:38:29.0003 1488 [ 9835E63E09F824D22B689D2BB789BAB9 ] C:\Windows\System32\comdlg32.dll
11:38:29.0003 1488 C:\Windows\System32\comdlg32.dll - ok
11:38:29.0003 1488 [ AA2C08CE85653B1A0D2E4AB407FA176C ] C:\Windows\System32\imm32.dll
11:38:29.0003 1488 C:\Windows\System32\imm32.dll - ok
11:38:29.0034 1488 [ C431EAF5CAA1C82CAC2534A2EAB348A3 ] C:\Windows\System32\msctf.dll
11:38:29.0034 1488 C:\Windows\System32\msctf.dll - ok
11:38:29.0034 1488 [ 25983DE69B57142039AC8D95E71CD9C9 ] C:\Windows\System32\clbcatq.dll
11:38:29.0034 1488 C:\Windows\System32\clbcatq.dll - ok
11:38:29.0034 1488 [ 1084AA52CCC324EA54C7121FA24C2221 ] C:\Windows\System32\gdi32.dll
11:38:29.0034 1488 C:\Windows\System32\gdi32.dll - ok
11:38:29.0034 1488 [ B8509DCFCFD577F568BE4026BFD982C0 ] C:\Windows\System32\imagehlp.dll
11:38:29.0034 1488 C:\Windows\System32\imagehlp.dll - ok
11:38:29.0034 1488 [ 42F05F980F164E084DB65B2E8CD8430F ] C:\Windows\System32\oleaut32.dll
11:38:29.0034 1488 C:\Windows\System32\oleaut32.dll - ok
11:38:29.0049 1488 [ D202223587518B13D72D68937B7E3F70 ] C:\Windows\System32\lpk.dll
11:38:29.0049 1488 C:\Windows\System32\lpk.dll - ok
11:38:29.0049 1488 [ 0611473C1AD9E2D991CD9482068417F7 ] C:\Windows\System32\rpcrt4.dll
11:38:29.0049 1488 C:\Windows\System32\rpcrt4.dll - ok
11:38:29.0065 1488 [ EAF32CB8C1F810E4715B4DFBE785C7FF ] C:\Windows\System32\shlwapi.dll
11:38:29.0065 1488 C:\Windows\System32\shlwapi.dll - ok
11:38:29.0065 1488 [ 2F8B1E3EE3545D3B5A8D56FA1AE07B65 ] C:\Windows\System32\usp10.dll
11:38:29.0065 1488 C:\Windows\System32\usp10.dll - ok
11:38:29.0065 1488 [ 6DF46D2BD74E3DA1B45F08F10D172732 ] C:\Windows\System32\advapi32.dll
11:38:29.0065 1488 C:\Windows\System32\advapi32.dll - ok
11:38:29.0065 1488 [ 5180380D353277D395D3B36D790AA93E ] C:\Windows\System32\iertutil.dll
11:38:29.0065 1488 C:\Windows\System32\iertutil.dll - ok
11:38:29.0065 1488 [ 14DFDEAF4E589ED3F1FF187A86B9408C ] C:\Windows\System32\comctl32.dll
11:38:29.0065 1488 C:\Windows\System32\comctl32.dll - ok
11:38:29.0081 1488 [ 28C0B5024F5C5A438E78B188CFC81B7F ] C:\Windows\System32\normaliz.dll
11:38:29.0081 1488 C:\Windows\System32\normaliz.dll - ok
11:38:29.0081 1488 [ 044FE45FFD6AD40E3BBBE60B7F41BABE ] C:\Windows\System32\nsi.dll
11:38:29.0081 1488 C:\Windows\System32\nsi.dll - ok
11:38:29.0081 1488 [ EB3F9C2DE1236B5D46B2291D82970E43 ] C:\Windows\System32\wintrust.dll
11:38:29.0081 1488 C:\Windows\System32\wintrust.dll - ok
11:38:29.0081 1488 [ 3F9F2AFA135F0663946A006DD5FFD897 ] C:\Windows\System32\crypt32.dll
11:38:29.0081 1488 C:\Windows\System32\crypt32.dll - ok
11:38:29.0096 1488 [ 2477A28081BDAEE622CF045ACF8EE124 ] C:\Windows\System32\cfgmgr32.dll
11:38:29.0096 1488 C:\Windows\System32\cfgmgr32.dll - ok
11:38:29.0096 1488 [ 06FEC9E8117103BB1141A560E98077DA ] C:\Windows\System32\devobj.dll
11:38:29.0096 1488 C:\Windows\System32\devobj.dll - ok
11:38:29.0096 1488 [ DA68C291B4EF2DEC9C5963266BCAE454 ] C:\Windows\System32\KernelBase.dll
11:38:29.0096 1488 C:\Windows\System32\KernelBase.dll - ok
11:38:29.0096 1488 [ 884415BD4269C02EAF8E2613BF85500D ] C:\Windows\System32\msasn1.dll
11:38:29.0096 1488 C:\Windows\System32\msasn1.dll - ok
11:38:29.0096 1488 [ 9C278785347BCC991F8EA2999D90F58D ] C:\Windows\SysWOW64\normaliz.dll
11:38:29.0096 1488 C:\Windows\SysWOW64\normaliz.dll - ok
11:38:29.0112 1488 [ BF24D6F2ED97FE830BFD52B246F98E67 ] C:\Windows\System32\drivers\dxapi.sys
11:38:29.0112 1488 C:\Windows\System32\drivers\dxapi.sys - ok
11:38:29.0112 1488 [ A89392A32BA98468710FD7E38318934B ] C:\Windows\System32\win32k.sys
11:38:29.0112 1488 C:\Windows\System32\win32k.sys - ok
11:38:29.0127 1488 [ 0D7598360DF6C8637E6D678C20B5C47C ] C:\Windows\System32\csrsrv.dll
11:38:29.0127 1488 C:\Windows\System32\csrsrv.dll - ok
11:38:29.0127 1488 [ 60C2862B4BF0FD9F582EF344C2B1EC72 ] C:\Windows\System32\csrss.exe
11:38:29.0127 1488 C:\Windows\System32\csrss.exe - ok
11:38:29.0127 1488 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\System32\basesrv.dll
11:38:29.0127 1488 C:\Windows\System32\basesrv.dll - ok
11:38:29.0127 1488 [ E0406AEF04B088D1C49FC78D0546F689 ] C:\Windows\System32\winsrv.dll
11:38:29.0127 1488 C:\Windows\System32\winsrv.dll - ok
11:38:29.0127 1488 [ FEDE0629ECB23650D48989517D4914DA ] C:\Windows\System32\drivers\dxg.sys
11:38:29.0127 1488 C:\Windows\System32\drivers\dxg.sys - ok
11:38:29.0159 1488 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\System32\sxssrv.dll
11:38:29.0159 1488 C:\Windows\System32\sxssrv.dll - ok
11:38:29.0159 1488 [ F29FE765E1448EF371CFE05BFAC74ADB ] C:\Windows\System32\tsddd.dll
11:38:29.0159 1488 C:\Windows\System32\tsddd.dll - ok
11:38:29.0159 1488 [ 94355C28C1970635A31B3FE52EB7CEBA ] C:\Windows\System32\wininit.exe
11:38:29.0159 1488 C:\Windows\System32\wininit.exe - ok
11:38:29.0159 1488 [ 2C942733A5983DD4502219FF37C7EBC7 ] C:\Windows\System32\profapi.dll
11:38:29.0159 1488 C:\Windows\System32\profapi.dll - ok
11:38:29.0159 1488 [ 78523A26F5604C0568FE9D1CE86E36F4 ] C:\Windows\System32\KBDUS.DLL
11:38:29.0159 1488 C:\Windows\System32\KBDUS.DLL - ok
11:38:29.0174 1488 [ C2A8CB1275ECB85D246A9ECC02A728E3 ] C:\Windows\System32\RpcRtRemote.dll
11:38:29.0174 1488 C:\Windows\System32\RpcRtRemote.dll - ok
11:38:29.0174 1488 [ 8BEC4D6AD2864EDF68D9AD0C6AA6C6D1 ] C:\Windows\System32\vga.dll
11:38:29.0174 1488 C:\Windows\System32\vga.dll - ok
11:38:29.0174 1488 [ E30B04A8FE665C52162D70233ABEA9A3 ] C:\Windows\System32\framebuf.dll
11:38:29.0174 1488 C:\Windows\System32\framebuf.dll - ok
11:38:29.0190 1488 [ 9CEAD32E79A62150FE9F8557E58E008B ] C:\Windows\System32\sxs.dll
11:38:29.0190 1488 C:\Windows\System32\sxs.dll - ok
11:38:29.0190 1488 [ B26B1801356760841C3BC69F9F91537F ] C:\Windows\System32\WlS0WndH.dll
11:38:29.0190 1488 C:\Windows\System32\WlS0WndH.dll - ok
11:38:29.0190 1488 [ 73188F58FB384E75C4063D29413CEE3D ] C:\Windows\System32\drivers\usbprint.sys
11:38:29.0190 1488 C:\Windows\System32\drivers\usbprint.sys - ok
11:38:29.0190 1488 [ 784FA3DF338E2E8F5F0389D6FAC428AF ] C:\Windows\System32\cryptbase.dll
11:38:29.0190 1488 C:\Windows\System32\cryptbase.dll - ok
11:38:29.0205 1488 [ 0793F40B9B8A1BDD266296409DBD91EA ] C:\Windows\System32\lsass.exe
11:38:29.0205 1488 C:\Windows\System32\lsass.exe - ok
11:38:29.0205 1488 [ 9662EE182644511439F1C53745DC1C88 ] C:\Windows\System32\lsm.exe
11:38:29.0205 1488 C:\Windows\System32\lsm.exe - ok
11:38:29.0205 1488 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\System32\services.exe
11:38:29.0205 1488 C:\Windows\System32\services.exe - ok
11:38:29.0205 1488 [ 1151B1BAA6F350B1DB6598E0FEA7C457 ] C:\Windows\System32\winlogon.exe
11:38:29.0205 1488 C:\Windows\System32\winlogon.exe - ok
11:38:29.0221 1488 [ 9F84806B3991D338FFDFC4ECF86A6923 ] C:\Windows\System32\lsasrv.dll
11:38:29.0221 1488 C:\Windows\System32\lsasrv.dll - ok
11:38:29.0221 1488 [ D8A79180614C14F87DA1038FFEB56F71 ] C:\Windows\System32\sspisrv.dll
11:38:29.0221 1488 C:\Windows\System32\sspisrv.dll - ok
11:38:29.0221 1488 [ 2A86E54B441AD41557F75DC5609B9793 ] C:\Windows\System32\sspicli.dll
11:38:29.0221 1488 C:\Windows\System32\sspicli.dll - ok
11:38:29.0221 1488 [ A744BA6E04C8AA4592818178DBF89521 ] C:\Windows\System32\samsrv.dll
11:38:29.0221 1488 C:\Windows\System32\samsrv.dll - ok
11:38:29.0221 1488 [ E914A50A151DFFE63D3935226DB5E2C1 ] C:\Windows\System32\scext.dll
11:38:29.0221 1488 C:\Windows\System32\scext.dll - ok
11:38:29.0237 1488 [ 858DF0795CB5B4BACE0F33708925A414 ] C:\Windows\System32\secur32.dll
11:38:29.0237 1488 C:\Windows\System32\secur32.dll - ok
11:38:29.0237 1488 [ 68083118797CAF30FB2EA3E71494D67E ] C:\Windows\System32\sysntfy.dll
11:38:29.0237 1488 C:\Windows\System32\sysntfy.dll - ok
11:38:29.0252 1488 [ 0D9764D58C5EFD672B7184854B152E5E ] C:\Windows\System32\winsta.dll
11:38:29.0252 1488 C:\Windows\System32\winsta.dll - ok
11:38:29.0252 1488 [ DEE7267C5D232A3B816866872CE199E6 ] C:\Windows\System32\wmsgapi.dll
11:38:29.0252 1488 C:\Windows\System32\wmsgapi.dll - ok
11:38:29.0252 1488 [ BBCDF350817BA86416C0F06B6981BE8D ] C:\Windows\System32\scesrv.dll
11:38:29.0252 1488 C:\Windows\System32\scesrv.dll - ok
11:38:29.0252 1488 [ 3A9C9BAF610B0DD4967086040B3B62A9 ] C:\Windows\System32\srvcli.dll
11:38:29.0252 1488 C:\Windows\System32\srvcli.dll - ok
11:38:29.0252 1488 [ 3A061472B38233BAFF9CFEFF2E49C46B ] C:\Windows\System32\cryptdll.dll
11:38:29.0252 1488 C:\Windows\System32\cryptdll.dll - ok
11:38:29.0268 1488 [ 3C073B0C596A0AF84933E7406766B040 ] C:\Windows\System32\wevtapi.dll
11:38:29.0268 1488 C:\Windows\System32\wevtapi.dll - ok
11:38:29.0283 1488 [ 7FBEBD2229EA5FD48D41B199EC2D541C ] C:\Windows\System32\authz.dll
11:38:29.0283 1488 C:\Windows\System32\authz.dll - ok
11:38:29.0283 1488 [ 86FE1B1F8FD42CD0DB641AB1CDB13093 ] C:\Windows\System32\cngaudit.dll
11:38:29.0283 1488 C:\Windows\System32\cngaudit.dll - ok
11:38:29.0283 1488 [ E1748D04AE40118B62BC18AC86032192 ] C:\Windows\System32\drivers\tsusbhub.sys
11:38:29.0283 1488 C:\Windows\System32\drivers\tsusbhub.sys - ok
11:38:29.0283 1488 [ 2E8C52A0EC788D90FA35D9507D828771 ] C:\Windows\System32\ncrypt.dll
11:38:29.0283 1488 C:\Windows\System32\ncrypt.dll - ok
11:38:29.0299 1488 [ B9A95365E52F421A20E1501935FADDA5 ] C:\Windows\System32\bcrypt.dll
11:38:29.0299 1488 C:\Windows\System32\bcrypt.dll - ok
11:38:29.0299 1488 [ 65D57212965A93FE78E41E3998BB97AD ] C:\Windows\System32\kerberos.dll
11:38:29.0299 1488 C:\Windows\System32\kerberos.dll - ok
11:38:29.0299 1488 [ 02B64609F865A39365FF88580DF11738 ] C:\Windows\System32\msprivs.dll
11:38:29.0299 1488 C:\Windows\System32\msprivs.dll - ok
11:38:29.0315 1488 [ 50532FCD7ECF02DD169CE5C485F02534 ] C:\Windows\System32\negoexts.dll
11:38:29.0315 1488 C:\Windows\System32\negoexts.dll - ok
11:38:29.0315 1488 [ C6505DE3561537BA1004D638C2F93F2F ] C:\Windows\System32\netjoin.dll
11:38:29.0315 1488 C:\Windows\System32\netjoin.dll - ok
11:38:29.0315 1488 [ DA92473D08DFCE8D355684D636ECAE5A ] C:\Windows\System32\atmfd.dll
11:38:29.0315 1488 C:\Windows\System32\atmfd.dll - ok
11:38:29.0315 1488 [ D0C2FBB6D97416B0166478FC7AE2B212 ] C:\Windows\System32\cryptsp.dll
11:38:29.0315 1488 C:\Windows\System32\cryptsp.dll - ok
11:38:29.0330 1488 [ EF12B8385AA2849999008A977918F96B ] C:\Windows\System32\msv1_0.dll
11:38:29.0330 1488 C:\Windows\System32\msv1_0.dll - ok
11:38:29.0330 1488 [ 1D5185A4C7E6695431AE4B55C3D7D333 ] C:\Windows\System32\mswsock.dll
11:38:29.0330 1488 C:\Windows\System32\mswsock.dll - ok
11:38:29.0330 1488 [ EC7CBFF96B05ECF3D366355B3C64ADCF ] C:\Windows\System32\wship6.dll
11:38:29.0330 1488 C:\Windows\System32\wship6.dll - ok
11:38:29.0330 1488 [ 31559F3244C6BC00A52030CAA83B6B91 ] C:\Windows\System32\WSHTCPIP.DLL
11:38:29.0330 1488 C:\Windows\System32\WSHTCPIP.DLL - ok
11:38:29.0330 1488 [ AA339DD8BB128EF66660DFBBB59043D3 ] C:\Windows\System32\netlogon.dll
11:38:29.0330 1488 C:\Windows\System32\netlogon.dll - ok
11:38:29.0346 1488 [ A52B6CC24063CC83C78C0E6F24DEEC01 ] C:\Windows\System32\dnsapi.dll
11:38:29.0346 1488 C:\Windows\System32\dnsapi.dll - ok
11:38:29.0346 1488 [ 8FFE297B8449386E7B6851458B6E474E ] C:\Windows\System32\logoncli.dll
11:38:29.0346 1488 C:\Windows\System32\logoncli.dll - ok
11:38:29.0346 1488 [ A199DE544BF5C61C134B22C7592226FC ] C:\Windows\System32\schannel.dll
11:38:29.0346 1488 C:\Windows\System32\schannel.dll - ok
11:38:29.0346 1488 [ 95FB6CA4374E343DDD653FCC43F9D26B ] C:\Windows\System32\wdigest.dll
11:38:29.0346 1488 C:\Windows\System32\wdigest.dll - ok
11:38:29.0361 1488 [ E08088A97F95345E181C3DFCE2C615EF ] C:\Windows\System32\pku2u.dll
11:38:29.0361 1488 C:\Windows\System32\pku2u.dll - ok
11:38:29.0361 1488 [ 5D8874A8C11DDDDE29E12DE0E2013493 ] C:\Windows\System32\rsaenh.dll
11:38:29.0361 1488 C:\Windows\System32\rsaenh.dll - ok
11:38:29.0361 1488 [ 8A25506B6948EFBD5A7F37E53CCD36D9 ] C:\Windows\System32\TSpkg.dll
11:38:29.0361 1488 C:\Windows\System32\TSpkg.dll - ok
11:38:29.0377 1488 [ D6C7780A364C6BBACFA796BAB9F1B374 ] C:\Windows\System32\bcryptprimitives.dll
11:38:29.0377 1488 C:\Windows\System32\bcryptprimitives.dll - ok
11:38:29.0377 1488 [ 52D3D5E3586988D4D9E34ACAAC33105C ] C:\Windows\System32\credssp.dll
11:38:29.0377 1488 C:\Windows\System32\credssp.dll - ok
11:38:29.0377 1488 [ 90BDEFC5DF334E5100EAA781D798DE1A ] C:\Windows\System32\efslsaext.dll
11:38:29.0377 1488 C:\Windows\System32\efslsaext.dll - ok
11:38:29.0377 1488 [ E3010FA55B20C878E6C4B2617F0BE704 ] C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
11:38:29.0377 1488 C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll - ok
11:38:29.0408 1488 [ ED78427259134C63ED69804D2132B86C ] C:\Windows\System32\scecli.dll
11:38:29.0408 1488 C:\Windows\System32\scecli.dll - ok
11:38:29.0408 1488 [ 7CC7DF5B654DA579613F811D8C637E29 ] C:\Windows\System32\ubpm.dll
11:38:29.0408 1488 C:\Windows\System32\ubpm.dll - ok
11:38:29.0408 1488 [ 7FA8FDC2C2A27817FD0F624E78D3B50C ] C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll
11:38:29.0408 1488 C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll - ok
11:38:29.0408 1488 [ CEB5903A118AB90BC9B7DDAD6DC64983 ] C:\Program Files\ThinkVantage Fingerprint Software\homefus2.dll
11:38:29.0408 1488 C:\Program Files\ThinkVantage Fingerprint Software\homefus2.dll - ok
11:38:29.0424 1488 [ 497BFEDDAF3950DD909C3B0C5558A25D ] C:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_2b24536c71ed437a\GdiPlus.dll
11:38:29.0424 1488 C:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_2b24536c71ed437a\GdiPlus.dll - ok
11:38:29.0424 1488 [ 764908FE1FA96F93C95B1B67A0FCED29 ] C:\Windows\System32\netapi32.dll
11:38:29.0424 1488 C:\Windows\System32\netapi32.dll - ok
11:38:29.0424 1488 [ 6CECA4C6A489C9B2E6073AFDAAE3F607 ] C:\Windows\System32\netutils.dll
11:38:29.0424 1488 C:\Windows\System32\netutils.dll - ok
11:38:29.0439 1488 [ 3C91392D448F6E5D525A85B7550D8BA9 ] C:\Windows\System32\wkscli.dll
11:38:29.0439 1488 C:\Windows\System32\wkscli.dll - ok
11:38:29.0439 1488 [ FC51229C7D4AFA0D6F186133728B95AB ] C:\Windows\System32\samcli.dll
11:38:29.0439 1488 C:\Windows\System32\samcli.dll - ok
11:38:29.0439 1488 [ EC6BA7C92FA5B2AA4AFDF4DF22AEDAB7 ] C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_88e41e092fab0294\msvcr80.dll
11:38:29.0439 1488 C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_88e41e092fab0294\msvcr80.dll - ok
11:38:29.0439 1488 [ 2B32F3A44356A097E9E0A48C548633BA ] C:\Program Files\ThinkVantage Fingerprint Software\infql2.dll
11:38:29.0439 1488 C:\Program Files\ThinkVantage Fingerprint Software\infql2.dll - ok
11:38:29.0455 1488 [ 850BD2D2D9CB5894935C3B6333CAD6FD ] C:\Windows\System32\riched20.dll
11:38:29.0455 1488 C:\Windows\System32\riched20.dll - ok
11:38:29.0455 1488 [ 94E026870A55AAEAFF7853C1754091E9 ] C:\Windows\System32\version.dll
11:38:29.0455 1488 C:\Windows\System32\version.dll - ok
11:38:29.0455 1488 [ C78655BC80301D76ED4FEF1C1EA40A7D ] C:\Windows\System32\svchost.exe
11:38:29.0455 1488 C:\Windows\System32\svchost.exe - ok
11:38:29.0455 1488 [ B806E50427511BCF4AD8E8239C3E25FA ] C:\Windows\System32\umpnpmgr.dll
11:38:29.0455 1488 C:\Windows\System32\umpnpmgr.dll - ok
11:38:29.0455 1488 [ CD1B5AD07E5F7FEF30E055DCC9E96180 ] C:\Windows\System32\devrtl.dll
11:38:29.0455 1488 C:\Windows\System32\devrtl.dll - ok
11:38:29.0471 1488 [ E6EB44ABAAF1F330119F854856C53EBE ] C:\Windows\System32\SPInf.dll
11:38:29.0471 1488 C:\Windows\System32\SPInf.dll - ok
11:38:29.0471 1488 [ 7A17485DC7D8A7AC81321A42CD034519 ] C:\Windows\System32\userenv.dll
11:38:29.0471 1488 C:\Windows\System32\userenv.dll - ok
11:38:29.0471 1488 [ 9C9307C95671AC962F3D6EB3A4A89BAE ] C:\Windows\System32\gpapi.dll
11:38:29.0471 1488 C:\Windows\System32\gpapi.dll - ok
11:38:29.0471 1488 [ F6C011B46FAEEF33536B2E80F48B5CBE ] C:\Windows\System32\pcwum.dll
11:38:29.0471 1488 C:\Windows\System32\pcwum.dll - ok
11:38:29.0486 1488 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] C:\Windows\System32\umpo.dll
11:38:29.0486 1488 C:\Windows\System32\umpo.dll - ok
11:38:29.0486 1488 [ 716175021BDA290504CE434273F666BC ] C:\Windows\System32\powrprof.dll
11:38:29.0486 1488 C:\Windows\System32\powrprof.dll - ok
11:38:29.0486 1488 [ D3381DC54C34D79B22CEE0D65BA91B7C ] C:\Windows\System32\drivers\WUDFPf.sys
11:38:29.0486 1488 C:\Windows\System32\drivers\WUDFPf.sys - ok
11:38:29.0502 1488 [ 5C627D1B1138676C0A7AB2C2C190D123 ] C:\Windows\System32\rpcss.dll
11:38:29.0502 1488 C:\Windows\System32\rpcss.dll - ok
11:38:29.0502 1488 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] C:\Windows\System32\RpcEpMap.dll
11:38:29.0502 1488 C:\Windows\System32\RpcEpMap.dll - ok
11:38:29.0502 1488 [ 715F03B4C7223349768013EA95D9E5B7 ] C:\Windows\System32\LogonUI.exe
11:38:29.0502 1488 C:\Windows\System32\LogonUI.exe - ok
11:38:29.0502 1488 [ 0BEE002C68E28CE6DA161DCF1376D7D7 ] C:\Windows\System32\authui.dll
11:38:29.0502 1488 C:\Windows\System32\authui.dll - ok
11:38:29.0517 1488 [ 6011714C8C5C55CBFFAD24D61E879FBD ] C:\Windows\System32\wevtsvc.dll
11:38:29.0517 1488 C:\Windows\System32\wevtsvc.dll - ok
11:38:29.0533 1488 [ B3BFBD758506ECB50C5804AAA76318F9 ] C:\Windows\System32\cryptui.dll
11:38:29.0533 1488 C:\Windows\System32\cryptui.dll - ok
11:38:29.0533 1488 [ 1F4492FE41767CDB8B89D17655847CDD ] C:\Windows\System32\ntmarta.dll
11:38:29.0533 1488 C:\Windows\System32\ntmarta.dll - ok
11:38:29.0533 1488 [ 5C78838B4D166D1A27DB3A8A820C799A ] C:\Windows\System32\profsvc.dll
11:38:29.0533 1488 C:\Windows\System32\profsvc.dll - ok
11:38:29.0533 1488 [ 58775492FFD419248B08325E583C527F ] C:\Windows\System32\atl.dll
11:38:29.0533 1488 C:\Windows\System32\atl.dll - ok
11:38:29.0549 1488 [ 80E69670BDA10F32A941BA7358E33012 ] C:\Windows\System32\WUDFPlatform.dll
11:38:29.0549 1488 C:\Windows\System32\WUDFPlatform.dll - ok
11:38:29.0549 1488 [ 7A95C95B6C4CF292D689106BCAE49543 ] C:\Windows\System32\WUDFSvc.dll
11:38:29.0549 1488 C:\Windows\System32\WUDFSvc.dll - ok
11:38:29.0549 1488 [ 588CD0C78A7FAAE4186B5EEA0AF3ED67 ] C:\Windows\System32\adtschema.dll
11:38:29.0549 1488 C:\Windows\System32\adtschema.dll - ok
11:38:29.0564 1488 [ F9EC845C5EECF20E9A67F9F805F2EF1F ] C:\Windows\System32\keyiso.dll
11:38:29.0564 1488 C:\Windows\System32\keyiso.dll - ok
11:38:29.0564 1488 [ 15597883FBE9B056F276ADA3AD87D9AF ] C:\Windows\System32\cryptsvc.dll
11:38:29.0564 1488 C:\Windows\System32\cryptsvc.dll - ok
11:38:29.0564 1488 [ 19B07E7E8915D701225DA41CB3877306 ] C:\Windows\System32\wbem\WMIsvc.dll
11:38:29.0564 1488 C:\Windows\System32\wbem\WMIsvc.dll - ok
11:38:29.0564 1488 [ CF318F60A84F15AF352439465A8D05F4 ] C:\Program Files\Windows Defender\MpSvc.dll
11:38:29.0564 1488 C:\Program Files\Windows Defender\MpSvc.dll - ok
11:38:29.0580 1488 [ 50544D04AD845C43130B70212EC05CCD ] C:\Windows\System32\microsoft-windows-kernel-power-events.dll
11:38:29.0580 1488 C:\Windows\System32\microsoft-windows-kernel-power-events.dll - ok
11:38:29.0580 1488 [ DA6B67270FD9DB3697B20FCE94950741 ] C:\Windows\System32\drivers\fltMgr.sys
11:38:29.0580 1488 C:\Windows\System32\drivers\fltMgr.sys - ok
11:38:29.0580 1488 [ 7DB5AA22A8A8E5C2D335F44853C1F6DE ] C:\Windows\System32\wbemcomn.dll
11:38:29.0580 1488 C:\Windows\System32\wbemcomn.dll - ok
11:38:29.0580 1488 [ A3DB3C17EE6CAE65D53602B4E80BCCBC ] C:\Windows\System32\PSHED.DLL
11:38:29.0580 1488 C:\Windows\System32\PSHED.DLL - ok
11:38:29.0595 1488 [ 5B3EBFC3DA142324B388DDCC4465E1FF ] C:\Windows\System32\samlib.dll
11:38:29.0595 1488 C:\Windows\System32\samlib.dll - ok
11:38:29.0595 1488 [ 4E9C2DB10F7E6AE91BF761139D4B745B ] C:\Windows\System32\shacct.dll
11:38:29.0595 1488 C:\Windows\System32\shacct.dll - ok
11:38:29.0595 1488 [ F06BB4E336EA57511FDBAFAFCC47DE62 ] C:\Windows\System32\propsys.dll
11:38:29.0595 1488 C:\Windows\System32\propsys.dll - ok
11:38:29.0595 1488 [ 0C52762C606BCF6A377D5E4688191A6B ] C:\Windows\System32\wbem\WmiDcPrv.dll
11:38:29.0595 1488 C:\Windows\System32\wbem\WmiDcPrv.dll - ok
11:38:29.0595 1488 [ A3F5E8EC1316C3E2562B82694A251C9E ] C:\Windows\System32\wbem\fastprox.dll
11:38:29.0595 1488 C:\Windows\System32\wbem\fastprox.dll - ok
11:38:29.0611 1488 [ C6DCD1D11ED6827F05C00773C3E7053C ] C:\Windows\System32\sfc.dll
11:38:29.0611 1488 C:\Windows\System32\sfc.dll - ok
11:38:29.0611 1488 [ 895C9AB0A855547445C4181195230757 ] C:\Windows\System32\sfc_os.dll
11:38:29.0611 1488 C:\Windows\System32\sfc_os.dll - ok
11:38:29.0627 1488 [ BD3674BE7FC9D8D3732C83E8499576ED ] C:\Windows\System32\wtsapi32.dll
11:38:29.0627 1488 C:\Windows\System32\wtsapi32.dll - ok
11:38:29.0627 1488 [ ADF3E771F429940E762AC097F5A54EAF ] C:\Program Files\Windows Defender\MpClient.dll
11:38:29.0627 1488 C:\Program Files\Windows Defender\MpClient.dll - ok
11:38:29.0627 1488 [ EE26D130808D16C0E417BBBED0451B34 ] C:\Windows\System32\ntdsapi.dll
11:38:29.0627 1488 C:\Windows\System32\ntdsapi.dll - ok
11:38:29.0627 1488 [ D29E998E8277666982B4F0303BF4E7AF ] C:\Windows\System32\uxtheme.dll
11:38:29.0627 1488 C:\Windows\System32\uxtheme.dll - ok
11:38:29.0627 1488 [ 666A60F6F5E719856FF6254E0966EFF7 ] C:\Windows\System32\wbem\wbemprox.dll
11:38:29.0627 1488 C:\Windows\System32\wbem\wbemprox.dll - ok
11:38:29.0658 1488 [ 3CB6A7286422C72C34DAB54A5DFF1A34 ] C:\Windows\System32\dui70.dll
11:38:29.0658 1488 C:\Windows\System32\dui70.dll - ok
11:38:29.0658 1488 [ 0E2F58F6E698EDCB9E58FAD0CBCD0567 ] C:\Windows\System32\vssapi.dll
11:38:29.0658 1488 C:\Windows\System32\vssapi.dll - ok
11:38:29.0658 1488 [ 8CCDE014A4CDF84564E03ACE064CA753 ] C:\Windows\System32\duser.dll
11:38:29.0658 1488 C:\Windows\System32\duser.dll - ok
11:38:29.0658 1488 [ D7F1EF374A90709B31591823B002F918 ] C:\Windows\System32\SndVolSSO.dll
11:38:29.0658 1488 C:\Windows\System32\SndVolSSO.dll - ok
11:38:29.0658 1488 [ 896F15A6434D93EDB42519D5E18E6B50 ] C:\Windows\System32\hid.dll
11:38:29.0658 1488 C:\Windows\System32\hid.dll - ok
11:38:29.0673 1488 [ 227E2C382A1E02F8D4965E664D3BBE43 ] C:\Windows\System32\MMDevAPI.dll
11:38:29.0673 1488 C:\Windows\System32\MMDevAPI.dll - ok
11:38:29.0673 1488 [ DA1B7075260F3872585BFCDD668C648B ] C:\Windows\System32\dwmapi.dll
11:38:29.0673 1488 C:\Windows\System32\dwmapi.dll - ok
11:38:29.0689 1488 [ D6F630C1FD7F436316093AE500363B19 ] C:\Windows\System32\xmllite.dll
11:38:29.0689 1488 C:\Windows\System32\xmllite.dll - ok
11:38:29.0689 1488 [ 287923557447D7E4BDD7E65B1F0F5428 ] C:\Windows\System32\vsstrace.dll
11:38:29.0689 1488 C:\Windows\System32\vsstrace.dll - ok
11:38:29.0689 1488 [ 26B73A85855681500BCC25C7CD9FF5B1 ] C:\Windows\System32\WindowsCodecs.dll
11:38:29.0689 1488 C:\Windows\System32\WindowsCodecs.dll - ok
11:38:29.0689 1488 [ 9F2BACD5E1776A4BB7CC0EC3C3A4F96D ] C:\Windows\System32\winbrand.dll
11:38:29.0689 1488 C:\Windows\System32\winbrand.dll - ok
11:38:29.0689 1488 [ 9BC8610C32C96A2983A65DC21CAFA921 ] C:\Windows\System32\UXInit.dll
11:38:29.0689 1488 C:\Windows\System32\UXInit.dll - ok
11:38:29.0705 1488 [ D63F0353F632FB1EDE724173BE6DB5B5 ] C:\Windows\System32\esent.dll
11:38:29.0705 1488 C:\Windows\System32\esent.dll - ok
11:38:29.0705 1488 [ 0255C22D99602534F15CBB8D9B6F152F ] C:\Windows\System32\wbem\WinMgmtR.dll
11:38:29.0705 1488 C:\Windows\System32\wbem\WinMgmtR.dll - ok
11:38:29.0705 1488 [ 5EB55F661DEBF156E126160BCD4D89F8 ] C:\Windows\System32\wbem\wbemcore.dll
11:38:29.0705 1488 C:\Windows\System32\wbem\wbemcore.dll - ok
11:38:29.0705 1488 [ 087D8668C71634A3A3761135ABF16EEE ] C:\Windows\System32\wbem\esscli.dll
11:38:29.0705 1488 C:\Windows\System32\wbem\esscli.dll - ok
11:38:29.0720 1488 [ 718B6F51AB7F6FE2988A36868F9AD3AB ] C:\Windows\System32\wbem\wbemsvc.dll
11:38:29.0720 1488 C:\Windows\System32\wbem\wbemsvc.dll - ok
11:38:29.0720 1488 [ 0143DB80DACFB7C2B5B7009ED9063353 ] C:\Windows\System32\wbem\wmiutils.dll
11:38:29.0720 1488 C:\Windows\System32\wbem\wmiutils.dll - ok
11:38:29.0720 1488 [ 0AB34456654C283DAA13B8D2BA21439B ] C:\Windows\System32\wbem\repdrvfs.dll
11:38:29.0720 1488 C:\Windows\System32\wbem\repdrvfs.dll - ok
11:38:29.0720 1488 [ FE05D03B73000CFF476E1D29109F3A84 ] C:\Program Files\Windows Defender\MpEvMsg.dll
11:38:29.0720 1488 C:\Program Files\Windows Defender\MpEvMsg.dll - ok
11:38:29.0720 1488 [ DDD0357A92FA843EFF8915ED17253D6C ] C:\Windows\System32\wbem\WmiPrvSD.dll
11:38:29.0720 1488 C:\Windows\System32\wbem\WmiPrvSD.dll - ok
11:38:29.0736 1488 [ D41FEBD098234F02485A4EA98D4730A4 ] C:\Windows\System32\ncobjapi.dll
11:38:29.0736 1488 C:\Windows\System32\ncobjapi.dll - ok
11:38:29.0736 1488 [ 5AA945234E9D4CCE4F715276B9AA712C ] C:\Windows\System32\imageres.dll
11:38:29.0736 1488 C:\Windows\System32\imageres.dll - ok
11:38:29.0751 1488 [ 6F40D6FB05E0C1E5402812B426971AF0 ] C:\Windows\System32\wbem\wbemess.dll
11:38:29.0751 1488 C:\Windows\System32\wbem\wbemess.dll - ok
11:38:29.0751 1488 [ 4FDFA3F219692D17011BF1B428857C1E ] C:\Program Files\Windows Defender\MpRTP.dll
11:38:29.0751 1488 C:\Program Files\Windows Defender\MpRTP.dll - ok
11:38:29.0751 1488 [ FBD879D17B26D49DD7A48FF58062FAE6 ] C:\Windows\System32\tdh.dll
11:38:29.0751 1488 C:\Windows\System32\tdh.dll - ok
11:38:29.0751 1488 [ D527EF4364D2D00443470940B177EAD4 ] C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E8AE222B-3C7F-4A4E-AED2-88F0B883F1AC}\mpengine.dll
11:38:29.0751 1488 C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E8AE222B-3C7F-4A4E-AED2-88F0B883F1AC}\mpengine.dll - ok
11:38:29.0767 1488 [ B144A2223EF11ED42310124A7839258E ] C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E8AE222B-3C7F-4A4E-AED2-88F0B883F1AC}\mpasbase.vdm
11:38:29.0767 1488 C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E8AE222B-3C7F-4A4E-AED2-88F0B883F1AC}\mpasbase.vdm - ok
11:38:29.0767 1488 [ DA8CBCC158B2B2D538C2D75D05CB33D3 ] C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E8AE222B-3C7F-4A4E-AED2-88F0B883F1AC}\mpasdlta.vdm
11:38:29.0767 1488 C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E8AE222B-3C7F-4A4E-AED2-88F0B883F1AC}\mpasdlta.vdm - ok
11:38:29.0767 1488 [ 93BB66044FA76734E882C6F3E8EE1900 ] C:\Program Files\Windows Defender\MsMpLics.dll
11:38:29.0767 1488 C:\Program Files\Windows Defender\MsMpLics.dll - ok
11:38:29.0767 1488 [ 218A400108F280428FA22282D3268BBC ] C:\Windows\System32\wscapi.dll
11:38:29.0767 1488 C:\Windows\System32\wscapi.dll - ok
11:38:29.0767 1488 [ B84E2D174DC84916A536572BB8F691A8 ] C:\Windows\System32\wscisvif.dll
11:38:29.0767 1488 C:\Windows\System32\wscisvif.dll - ok
11:38:29.0798 1488 [ 6C1E3C43B35268C17833244C8ED96430 ] C:\Windows\System32\wscproxystub.dll
11:38:29.0798 1488 C:\Windows\System32\wscproxystub.dll - ok
11:38:29.0798 1488 [ 2B81776DA02017A37FE26C662827470E ] C:\Windows\System32\IPHLPAPI.DLL
11:38:29.0798 1488 C:\Windows\System32\IPHLPAPI.DLL - ok
11:38:29.0798 1488 [ 4C9210E8F4E052F6A4EB87716DA0C24C ] C:\Windows\System32\winnsi.dll
11:38:29.0798 1488 C:\Windows\System32\winnsi.dll - ok
11:38:29.0798 1488 [ A8EDB86FC2A4D6D1285E4C70384AC35A ] C:\Windows\System32\dllhost.exe
11:38:29.0798 1488 C:\Windows\System32\dllhost.exe - ok
11:38:29.0798 1488 [ 14DFDEAF4E589ED3F1FF187A86B9408C ] C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\comctl32.dll
11:38:29.0798 1488 C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\comctl32.dll - ok
11:38:29.0814 1488 [ A0A2C1D812C231C9BFE119FDC68E341B ] C:\Windows\System32\IDStore.dll
11:38:29.0814 1488 C:\Windows\System32\IDStore.dll - ok
11:38:29.0814 1488 [ 6CEF7856A3EFAC59470F6208F0F585CE ] C:\Windows\System32\mpr.dll
11:38:29.0814 1488 C:\Windows\System32\mpr.dll - ok
11:38:29.0814 1488 [ BAFE84E637BF7388C96EF48D4D3FDD53 ] C:\Windows\System32\userinit.exe
11:38:29.0814 1488 C:\Windows\System32\userinit.exe - ok
11:38:29.0814 1488 [ AC4C51EB24AA95B77F705AB159189E24 ] C:\Windows\explorer.exe
11:38:29.0814 1488 C:\Windows\explorer.exe - ok
11:38:29.0829 1488 [ EED05D42D91835064703E2318552ED25 ] C:\Windows\System32\ExplorerFrame.dll
11:38:29.0829 1488 C:\Windows\System32\ExplorerFrame.dll - ok
11:38:29.0829 1488 [ BE097F5BB10F9079FCEB2DC4E7E20F02 ] C:\Windows\System32\slc.dll
11:38:29.0829 1488 C:\Windows\System32\slc.dll - ok
11:38:29.0829 1488 [ 90499F3163A9F815CF196A205EA3CD5D ] C:\Windows\System32\apphelp.dll
11:38:29.0829 1488 C:\Windows\System32\apphelp.dll - ok
11:38:29.0829 1488 [ 024352FEEC9042260BB4CFB4D79A206B ] C:\Windows\System32\EhStorShell.dll
11:38:29.0829 1488 C:\Windows\System32\EhStorShell.dll - ok
11:38:29.0845 1488 [ F1D2ABA7038E01F7465E36F2057E7C13 ] C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
11:38:29.0845 1488 C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL - ok
11:38:29.0845 1488 [ D233C7FEAE3FAA25F93A9E6B46815ADC ] C:\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251\msvcr90.dll
11:38:29.0845 1488 C:\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251\msvcr90.dll - ok
11:38:29.0845 1488 [ 241AF87821FDA0F5792037B779F49BE0 ] C:\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251\msvcp90.dll
11:38:29.0845 1488 C:\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251\msvcp90.dll - ok
11:38:29.0845 1488 [ 57AC86AC664CC774C861DAB2B1D1E978 ] C:\Windows\winsxs\amd64_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.6161_none_0a1fd3a3a768b895\ATL90.dll
11:38:29.0845 1488 C:\Windows\winsxs\amd64_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.6161_none_0a1fd3a3a768b895\ATL90.dll - ok
11:38:29.0861 1488 [ 5ABAEB53E6ECF7878A5C4C4ABED92050 ] C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE14\Cultures\OFFICE.ODF
11:38:29.0861 1488 C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE14\Cultures\OFFICE.ODF - ok
11:38:29.0861 1488 [ 66E3C667D853DF349E310568F60B9B6A ] C:\PROGRA~1\MICROS~2\Office14\1033\GrooveIntlResource.dll
11:38:29.0861 1488 C:\PROGRA~1\MICROS~2\Office14\1033\GrooveIntlResource.dll - ok
11:38:29.0861 1488 [ 32802C0F6FC7C8F561B9D91F52A46421 ] C:\Windows\System32\cscui.dll
11:38:29.0861 1488 C:\Windows\System32\cscui.dll - ok
11:38:29.0876 1488 [ 1BF0CB861A48FEB1638228760750F3CB ] C:\Windows\System32\cscapi.dll
11:38:29.0876 1488 C:\Windows\System32\cscapi.dll - ok
11:38:29.0876 1488 [ 7EE5F17A21D9A9101207DF4BC37B085D ] C:\Windows\System32\cscdll.dll
11:38:29.0876 1488 C:\Windows\System32\cscdll.dll - ok
11:38:29.0876 1488 [ 7BBF670114373CE6A203FA155A9E0D0A ] C:\Windows\System32\ntshrui.dll
11:38:29.0876 1488 C:\Windows\System32\ntshrui.dll - ok
11:38:29.0876 1488 [ 1D63F4366288B8A7595397E27010FD44 ] C:\Windows\System32\IconCodecService.dll
11:38:29.0876 1488 C:\Windows\System32\IconCodecService.dll - ok
11:38:29.0892 1488 [ 025E7DBDB98866ED3CB2D4DDA70B364D ] C:\Windows\System32\runonce.exe
11:38:29.0892 1488 C:\Windows\System32\runonce.exe - ok
11:38:29.0892 1488 [ 95E2376B3323F062EB562B8586D0F14A ] C:\Windows\SysWOW64\advapi32.dll
11:38:29.0892 1488 C:\Windows\SysWOW64\advapi32.dll - ok
11:38:29.0892 1488 [ 61EABC3358D869519D851B08C8FA512D ] C:\Windows\SysWOW64\KernelBase.dll
11:38:29.0892 1488 C:\Windows\SysWOW64\KernelBase.dll - ok
11:38:29.0892 1488 [ E46D48A7FE961401F1CBF85531CDF05D ] C:\Windows\SysWOW64\msvcrt.dll
11:38:29.0892 1488 C:\Windows\SysWOW64\msvcrt.dll - ok
11:38:29.0892 1488 [ D44741F65A1D71F65814A12CF6E2400A ] C:\Windows\SysWOW64\runonce.exe
11:38:29.0892 1488 C:\Windows\SysWOW64\runonce.exe - ok
11:38:29.0923 1488 [ F08F6FCD09F9BE94C37ACC1B344685FF ] C:\Windows\SysWOW64\cryptbase.dll
11:38:29.0923 1488 C:\Windows\SysWOW64\cryptbase.dll - ok
11:38:29.0923 1488 [ D6D3AD7BF1D6F6CE9547613ED5E170A2 ] C:\Windows\SysWOW64\gdi32.dll
11:38:29.0923 1488 C:\Windows\SysWOW64\gdi32.dll - ok
11:38:29.0923 1488 [ 384721EF4024890092625E20CADFAF85 ] C:\Windows\SysWOW64\lpk.dll
11:38:29.0923 1488 C:\Windows\SysWOW64\lpk.dll - ok
11:38:29.0939 1488 [ C5AD8083CF94201F1F8084ECC696A8B7 ] C:\Windows\SysWOW64\rpcrt4.dll
11:38:29.0939 1488 C:\Windows\SysWOW64\rpcrt4.dll - ok
11:38:29.0939 1488 [ CFC97F07904067A1E5FAE195D534DA3A ] C:\Windows\SysWOW64\sechost.dll
11:38:29.0939 1488 C:\Windows\SysWOW64\sechost.dll - ok
11:38:29.0939 1488 [ 7224D964A6D657374C551C878EB2C386 ] C:\Windows\SysWOW64\sspicli.dll
11:38:29.0939 1488 C:\Windows\SysWOW64\sspicli.dll - ok
11:38:29.0939 1488 [ 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 ] C:\Windows\SysWOW64\user32.dll
11:38:29.0939 1488 C:\Windows\SysWOW64\user32.dll - ok
11:38:29.0954 1488 [ 804AAAFEBB3AD5F49334DD906BCB1DE5 ] C:\Windows\SysWOW64\usp10.dll
11:38:29.0954 1488 C:\Windows\SysWOW64\usp10.dll - ok
11:38:29.0954 1488 [ 928CF7268086631F54C3D8E17238C6DD ] C:\Windows\SysWOW64\ole32.dll
11:38:29.0954 1488 C:\Windows\SysWOW64\ole32.dll - ok
11:38:29.0954 1488 [ 8CC3C111D653E96F3EA1590891491D71 ] C:\Windows\SysWOW64\shlwapi.dll
11:38:29.0954 1488 C:\Windows\SysWOW64\shlwapi.dll - ok
11:38:29.0954 1488 [ 352B3DC62A0D259A82A052238425C872 ] C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
11:38:29.0954 1488 C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll - ok
11:38:29.0970 1488 [ 16AB4BD2ACC52109F43739BF0E89E18F ] C:\Windows\SysWOW64\shell32.dll
11:38:29.0970 1488 C:\Windows\SysWOW64\shell32.dll - ok
11:38:29.0970 1488 [ A6F09E5669D9A19035F6D942CAA15882 ] C:\Windows\SysWOW64\imm32.dll
11:38:29.0970 1488 C:\Windows\SysWOW64\imm32.dll - ok
11:38:29.0970 1488 [ C9618BC9B2B0FD7C1138D8774795A79B ] C:\Windows\SysWOW64\msctf.dll
11:38:29.0970 1488 C:\Windows\SysWOW64\msctf.dll - ok
11:38:29.0970 1488 [ 42B6A94DD747DF2B5F628A2752E62A98 ] C:\Windows\System32\ctfmon.exe
11:38:29.0970 1488 C:\Windows\System32\ctfmon.exe - ok
11:38:29.0970 1488 [ 1F1CA9E99DD5BF918BE0BF30B5A42FDA ] C:\Windows\System32\MsCtfMonitor.dll
11:38:29.0970 1488 C:\Windows\System32\MsCtfMonitor.dll - ok
11:38:29.0985 1488 [ F09A9A1AD21FE618C4C8B0A0D830C886 ] C:\Windows\System32\msutb.dll
11:38:29.0985 1488 C:\Windows\System32\msutb.dll - ok
11:38:29.0985 1488 [ 1FCB1A72BF5C784F7358E6BEF38E4571 ] C:\Windows\System32\timedate.cpl
11:38:29.0985 1488 C:\Windows\System32\timedate.cpl - ok
11:38:29.0985 1488 [ 732E668096B1A37B7BFD4B9021E69A8E ] C:\Windows\System32\oleres.dll
11:38:29.0985 1488 C:\Windows\System32\oleres.dll - ok
11:38:30.0001 1488 [ C4F40F6CACD796A8E16671D0E9A2F319 ] C:\Windows\System32\shdocvw.dll
11:38:30.0001 1488 C:\Windows\System32\shdocvw.dll - ok
11:38:30.0001 1488 [ A0A65D306A5490D2EB8E7DE66898ECFD ] C:\Windows\System32\linkinfo.dll
11:38:30.0001 1488 C:\Windows\System32\linkinfo.dll - ok
11:38:30.0001 1488 [ 27B2E97E2A3F112C842BBA92B9589AFC ] C:\totalcmd\TOTALCMD64.EXE
11:38:30.0001 1488 C:\totalcmd\TOTALCMD64.EXE - ok
11:38:30.0001 1488 [ 3504B34CD2DE00BA3CC1A195F1B739BD ] C:\Windows\System32\gameux.dll
11:38:30.0001 1488 C:\Windows\System32\gameux.dll - ok
11:38:30.0017 1488 [ 9689A9C7F7C2A1A423CDA2C3B43FFF65 ] C:\Windows\System32\wer.dll
11:38:30.0017 1488 C:\Windows\System32\wer.dll - ok
11:38:30.0017 1488 [ 1EAC1A8CA6874BF5B15E2EFB9A9A7B86 ] C:\Windows\System32\msftedit.dll
11:38:30.0017 1488 C:\Windows\System32\msftedit.dll - ok
11:38:30.0017 1488 [ 7CB3ACB163DE051169095DC6507B8977 ] C:\Windows\System32\msls31.dll
11:38:30.0017 1488 C:\Windows\System32\msls31.dll - ok
11:38:30.0032 1488 [ 7DBA84667DC18877AEF693E3543DFAD7 ] C:\Program Files\Common Files\Microsoft Shared\ink\tiptsf.dll
11:38:30.0032 1488 C:\Program Files\Common Files\Microsoft Shared\ink\tiptsf.dll - ok
11:38:30.0032 1488 [ 4C2C4640BF23AAFCF90519E0F34436CE ] C:\Windows\System32\DeviceCenter.dll
11:38:30.0032 1488 C:\Windows\System32\DeviceCenter.dll - ok
11:38:30.0032 1488 [ 6A16BCE3C09496650BE881C467611653 ] C:\Windows\System32\msi.dll
11:38:30.0032 1488 C:\Windows\System32\msi.dll - ok
11:38:30.0032 1488 [ 69754747274B76E7FAF287239333D7E6 ] C:\Windows\System32\msiltcfg.dll
11:38:30.0032 1488 C:\Windows\System32\msiltcfg.dll - ok
11:38:30.0048 1488 [ DD81D91FF3B0763C392422865C9AC12E ] C:\Windows\System32\rundll32.exe
11:38:30.0048 1488 C:\Windows\System32\rundll32.exe - ok
11:38:30.0048 1488 [ D07EE60DCD2B0C408E466707D2E285A2 ] C:\Windows\Branding\ShellBrd\shellbrd.dll
11:38:30.0048 1488 C:\Windows\Branding\ShellBrd\shellbrd.dll - ok
11:38:30.0048 1488 [ F1115299B9F4C983BC4523B33E3A506C ] C:\Windows\System32\ieframe.dll
11:38:30.0048 1488 C:\Windows\System32\ieframe.dll - ok
11:38:30.0063 1488 [ BD4C1D83353BFB80F6BA019F6D0BA95B ] C:\Windows\ehome\ehshell.exe
11:38:30.0063 1488 C:\Windows\ehome\ehshell.exe - ok
11:38:30.0063 1488 [ 9869A4A10B90546DBD56947839FB4B87 ] C:\Windows\System32\oleacc.dll
11:38:30.0063 1488 C:\Windows\System32\oleacc.dll - ok
11:38:30.0063 1488 [ 24F4B480F335A6C724AF352253C5D98B ] C:\Windows\System32\thumbcache.dll
11:38:30.0063 1488 C:\Windows\System32\thumbcache.dll - ok
11:38:30.0063 1488 [ 10E4A1D2132CCB5C6759F038CDB6F3C9 ] C:\Windows\System32\calc.exe
11:38:30.0063 1488 C:\Windows\System32\calc.exe - ok
11:38:30.0079 1488 [ 405F4D32D2185F1F1BD753D8EEAFFB3A ] C:\Windows\System32\networkexplorer.dll
11:38:30.0079 1488 C:\Windows\System32\networkexplorer.dll - ok
11:38:30.0079 1488 [ B22CB67919EBAD88B0E8BB9CDA446010 ] C:\Windows\System32\StikyNot.exe
11:38:30.0079 1488 C:\Windows\System32\StikyNot.exe - ok
11:38:30.0079 1488 [ EF2AE43BCD46ABB13FC3E5B2B1935C73 ] C:\Windows\System32\winmm.dll
11:38:30.0079 1488 C:\Windows\System32\winmm.dll - ok
11:38:30.0079 1488 [ 7633F554EEAFDE7F144B41C2FCAF5F63 ] C:\Windows\System32\SnippingTool.exe
11:38:30.0079 1488 C:\Windows\System32\SnippingTool.exe - ok
11:38:30.0079 1488 [ 78A1E65207484B7F8D3217507745F47C ] C:\Windows\System32\avrt.dll
11:38:30.0079 1488 C:\Windows\System32\avrt.dll - ok
11:38:30.0095 1488 [ 8560FFFC8EB3A806DCD4F82252CFC8C6 ] C:\Windows\System32\ksuser.dll
11:38:30.0095 1488 C:\Windows\System32\ksuser.dll - ok
11:38:30.0095 1488 [ 1473768973453DE50DC738C2955FC4DD ] C:\Windows\System32\wdmaud.drv
11:38:30.0095 1488 C:\Windows\System32\wdmaud.drv - ok
11:38:30.0095 1488 [ 458F4590F80563EB2A0A72709BFC2BD9 ] C:\Windows\System32\mspaint.exe
11:38:30.0095 1488 C:\Windows\System32\mspaint.exe - ok
11:38:30.0095 1488 [ 50F739538EF014B2E7EC59431749D838 ] C:\Windows\System32\mstsc.exe
11:38:30.0095 1488 C:\Windows\System32\mstsc.exe - ok
11:38:30.0110 1488 [ 233B45DDF77BD45E53872881CFF1839B ] C:\Windows\System32\Magnify.exe
11:38:30.0110 1488 C:\Windows\System32\Magnify.exe - ok
11:38:30.0110 1488 [ 5BACFD51D926774C8DD8028BEC9B4374 ] C:\Program Files\Microsoft Games\Solitaire\Solitaire.exe
11:38:30.0110 1488 C:\Program Files\Microsoft Games\Solitaire\Solitaire.exe - ok
11:38:30.0110 1488 [ 232FC28EDEA1E55F27ACD1DD90A3E769 ] C:\Program Files\DxO Labs\DxO Optics Pro v8\DXOOpticsPro.exe
11:38:30.0110 1488 C:\Program Files\DxO Labs\DxO Optics Pro v8\DXOOpticsPro.exe - ok
11:38:30.0126 1488 [ 34CB7EF1933930E0EA68BCEB3322CCF5 ] C:\Program Files\COMSOL\COMSOL42a\bin\win64\comsol.exe
11:38:30.0126 1488 C:\Program Files\COMSOL\COMSOL42a\bin\win64\comsol.exe - ok
11:38:30.0126 1488 [ 0187863C9D1FBD2C7FBD5D10CB265A4C ] C:\Program Files (x86)\Symantec\pcAnywhere\awres-all.dll
11:38:30.0126 1488 C:\Program Files (x86)\Symantec\pcAnywhere\awres-all.dll - ok
11:38:30.0126 1488 [ 5DCC9E6A5D08081380AB916EFF450819 ] C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe
11:38:30.0126 1488 C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe - ok
11:38:30.0126 1488 [ AA54E54414C59D23571C5E2224874B71 ] C:\Program Files (x86)\Symantec\pcAnywhere\PCAQuickConnectRes.dll
11:38:30.0126 1488 C:\Program Files (x86)\Symantec\pcAnywhere\PCAQuickConnectRes.dll - ok
11:38:30.0157 1488 [ F832EEEA97CDDA1AF577E721F652A0D1 ] C:\Windows\System32\batmeter.dll
11:38:30.0157 1488 C:\Windows\System32\batmeter.dll - ok
11:38:30.0157 1488 [ C3761661C17C2248A9379A8FB89E3DE1 ] C:\Windows\System32\stobject.dll
11:38:30.0157 1488 C:\Windows\System32\stobject.dll - ok
11:38:30.0157 1488 [ 4166F82BE4D24938977DD1746BE9B8A0 ] C:\Windows\System32\es.dll
11:38:30.0157 1488 C:\Windows\System32\es.dll - ok
11:38:30.0157 1488 [ 2D2A6EC8EAD30EC3ACE2FD6FB1B3E122 ] C:\Windows\System32\prnfldr.dll
11:38:30.0157 1488 C:\Windows\System32\prnfldr.dll - ok
11:38:30.0157 1488 [ 0015ACFBBDD164A8A730009908868CA7 ] C:\Windows\System32\winspool.drv
11:38:30.0157 1488 C:\Windows\System32\winspool.drv - ok
11:38:30.0173 1488 [ 42A9CB6906D9A8BEDC83B57163E62924 ] C:\Windows\System32\DXP.dll
11:38:30.0173 1488 C:\Windows\System32\DXP.dll - ok
11:38:30.0173 1488 [ 2BC7C9FD0A9F2C9AFC373F3AD1EE3891 ] C:\Windows\System32\Syncreg.dll
11:38:30.0173 1488 C:\Windows\System32\Syncreg.dll - ok
11:38:30.0188 1488 [ DB70FE36AC8F594E9E69479C076BADB8 ] C:\Windows\System32\HelpPaneProxy.dll
11:38:30.0188 1488 C:\Windows\System32\HelpPaneProxy.dll - ok
11:38:30.0188 1488 [ CD47548A52B02D254BF6D7F7A5F2BFD3 ] C:\Windows\HelpPane.exe
11:38:30.0188 1488 C:\Windows\HelpPane.exe - ok
11:38:30.0188 1488 [ 86F1F949DD51FB5A044F1BD34CBE4AA8 ] C:\Windows\System32\apds.dll
11:38:30.0188 1488 C:\Windows\System32\apds.dll - ok
11:38:30.0188 1488 [ 3819AD4329303EAC88480CA16A650735 ] C:\Windows\System32\UIAnimation.dll
11:38:30.0188 1488 C:\Windows\System32\UIAnimation.dll - ok
11:38:30.0188 1488 [ 8494E126F0B10180F3293AF861CE1F7A ] C:\Windows\System32\mlang.dll
11:38:30.0188 1488 C:\Windows\System32\mlang.dll - ok
11:38:30.0204 1488 [ E7368F0A8D19445EAF5C5D0DBB8B8DAB ] C:\Windows\System32\AltTab.dll
11:38:30.0204 1488 C:\Windows\System32\AltTab.dll - ok
11:38:30.0204 1488 [ C836175870E00ACC546066632E15BD10 ] C:\Windows\ehome\ehSSO.dll
11:38:30.0204 1488 C:\Windows\ehome\ehSSO.dll - ok
11:38:30.0204 1488 [ A42F2C1EB3B66C54FB3C7B79D30C1A6D ] C:\Windows\System32\netshell.dll
11:38:30.0204 1488 C:\Windows\System32\netshell.dll - ok
11:38:30.0204 1488 [ A0BFC858B3A45CF9BFFFC3C8C08ED7FC ] C:\Windows\System32\apss.dll
11:38:30.0204 1488 C:\Windows\System32\apss.dll - ok
11:38:30.0219 1488 [ 5C29199C9F0EDE64F17F268084EC4392 ] C:\Windows\System32\msxml6.dll
11:38:30.0219 1488 C:\Windows\System32\msxml6.dll - ok
11:38:30.0219 1488 [ 2DF36F15B2BC1571A6A542A3C2107920 ] C:\Windows\System32\nlaapi.dll
11:38:30.0219 1488 C:\Windows\System32\nlaapi.dll - ok
11:38:30.0219 1488 [ 10F815BE90A66AAFC6C713D1BD626064 ] C:\Windows\System32\pnidui.dll
11:38:30.0219 1488 C:\Windows\System32\pnidui.dll - ok
11:38:30.0219 1488 [ 1C8B787BAA52DEAD1A6FEC1502D652F0 ] C:\Windows\System32\mshtml.dll
11:38:30.0219 1488 C:\Windows\System32\mshtml.dll - ok
11:38:30.0219 1488 [ B9F0A4020AA98B7A20287BF7FE99A1FD ] C:\Windows\System32\QUTIL.DLL
11:38:30.0219 1488 C:\Windows\System32\QUTIL.DLL - ok
11:38:30.0235 1488 [ C8FDF0FA9E97E2FAAF3F814716AAA881 ] C:\Windows\System32\WPDShServiceObj.dll
11:38:30.0235 1488 C:\Windows\System32\WPDShServiceObj.dll - ok
11:38:30.0235 1488 [ 4F3CD1C59EA71401E155C432BCECE180 ] C:\Windows\System32\PortableDeviceTypes.dll
11:38:30.0235 1488 C:\Windows\System32\PortableDeviceTypes.dll - ok
11:38:30.0235 1488 [ E64D9EC8018C55873B40FDEE9DBEF5B3 ] C:\Windows\System32\PortableDeviceApi.dll
11:38:30.0235 1488 C:\Windows\System32\PortableDeviceApi.dll - ok
11:38:30.0251 1488 [ 8569E35D00F45972E506502EEE622BA4 ] C:\Windows\System32\srchadmin.dll
11:38:30.0251 1488 C:\Windows\System32\srchadmin.dll - ok
11:38:30.0251 1488 [ 92DBF0A4C9239169010FC6E07859C82E ] C:\Windows\System32\ActionCenter.dll
11:38:30.0251 1488 C:\Windows\System32\ActionCenter.dll - ok
11:38:30.0251 1488 [ F7A256EC899C72B4ECDD2C02CB592EFD ] C:\Windows\System32\bthprops.cpl
11:38:30.0251 1488 C:\Windows\System32\bthprops.cpl - ok
11:38:30.0251 1488 [ 9B8BB76787A4F9439D86323E8C6CEAEA ] C:\Program Files\WIDCOMM\Bluetooth Software\BTNCopy.dll
11:38:30.0251 1488 C:\Program Files\WIDCOMM\Bluetooth Software\BTNCopy.dll - ok
11:38:30.0266 1488 [ 47B8DEBEC68FACCD026F99CAE8698C93 ] C:\Windows\System32\webcheck.dll
11:38:30.0266 1488 C:\Windows\System32\webcheck.dll - ok
11:38:30.0282 1488 [ 4A435F95B940E93A88FEC144BD409789 ] C:\Windows\System32\ncsi.dll
11:38:30.0282 1488 C:\Windows\System32\ncsi.dll - ok
11:38:30.0282 1488 [ BC9489DF517C426D4044D99F14449134 ] C:\Windows\System32\webio.dll
11:38:30.0282 1488 C:\Windows\System32\webio.dll - ok
11:38:30.0282 1488 [ 58F4493BF748A3A89689997B7BD00E95 ] C:\Windows\System32\winhttp.dll
11:38:30.0282 1488 C:\Windows\System32\winhttp.dll - ok
11:38:30.0282 1488 [ 0040C486584A8E582C861CFB57AB5387 ] C:\Windows\System32\FWPUCLNT.DLL
11:38:30.0282 1488 C:\Windows\System32\FWPUCLNT.DLL - ok
11:38:30.0297 1488 [ 101797BA603D227946B4B5109867EB19 ] C:\Windows\System32\SyncCenter.dll
11:38:30.0297 1488 C:\Windows\System32\SyncCenter.dll - ok
11:38:30.0297 1488 [ 8130391F82D52D36C0441F714136957F ] C:\Windows\System32\imapi2.dll
11:38:30.0297 1488 C:\Windows\System32\imapi2.dll - ok
11:38:30.0297 1488 [ B3CE0951E3C1EA3C733573C472EE85F9 ] C:\Windows\System32\msimtf.dll
11:38:30.0297 1488 C:\Windows\System32\msimtf.dll - ok
11:38:30.0313 1488 [ BAAFAF9CEAEC0B73C2A3550A01F6CECB ] C:\Windows\System32\taskschd.dll
11:38:30.0313 1488 C:\Windows\System32\taskschd.dll - ok
11:38:30.0313 1488 [ 6A5C1A8AC0B572679361026D0E900420 ] C:\Windows\System32\hgcpl.dll
11:38:30.0313 1488 C:\Windows\System32\hgcpl.dll - ok
11:38:30.0313 1488 [ 862596399AAFD2A21DB2AF9270CD4F70 ] C:\Windows\System32\mstask.dll
11:38:30.0313 1488 C:\Windows\System32\mstask.dll - ok
11:38:30.0313 1488 [ 908ACB1F594274965A53926B10C81E89 ] C:\Windows\System32\provsvc.dll
11:38:30.0313 1488 C:\Windows\System32\provsvc.dll - ok
11:38:30.0329 1488 [ E6F0F82788E8BD0F7A616350EFA0761C ] C:\Windows\System32\actxprxy.dll
11:38:30.0329 1488 C:\Windows\System32\actxprxy.dll - ok
11:38:30.0329 1488 [ 357BE883C5236BFC7341CB9E82308908 ] C:\Windows\System32\wlanapi.dll
11:38:30.0329 1488 C:\Windows\System32\wlanapi.dll - ok
11:38:30.0329 1488 [ 7F1B4C6FF3B85F9ADF74055187B8A22C ] C:\Windows\System32\wlanutil.dll
11:38:30.0329 1488 C:\Windows\System32\wlanutil.dll - ok
11:38:30.0329 1488 [ 5DA219F57A9076FB6FBD3C9C3713A672 ] C:\Windows\System32\WWanAPI.dll
11:38:30.0329 1488 C:\Windows\System32\WWanAPI.dll - ok
11:38:30.0329 1488 [ 62C7AACC746C9723468A8F2169ED3E85 ] C:\Windows\System32\wwapi.dll
11:38:30.0329 1488 C:\Windows\System32\wwapi.dll - ok
11:38:30.0344 1488 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] C:\Windows\System32\netprofm.dll
11:38:30.0344 1488 C:\Windows\System32\netprofm.dll - ok
11:38:30.0344 1488 [ 6B851E682A36453E1B1EE297FFB6E2AB ] C:\Windows\System32\QAGENT.DLL
11:38:30.0344 1488 C:\Windows\System32\QAGENT.DLL - ok
11:38:30.0344 1488 [ C746F3BF98E92FB137B5BD2B8B5925BD ] C:\Windows\System32\FXSST.dll
11:38:30.0344 1488 C:\Windows\System32\FXSST.dll - ok
11:38:30.0344 1488 [ 650CAEA856943E29F25A25D31E004B18 ] C:\Windows\System32\FXSAPI.dll
11:38:30.0344 1488 C:\Windows\System32\FXSAPI.dll - ok
11:38:30.0360 1488 [ C8E8B8239FCF17BEA10E751BE5854631 ] C:\Windows\System32\FXSRESM.dll
11:38:30.0360 1488 C:\Windows\System32\FXSRESM.dll - ok
11:38:30.0360 1488 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] C:\Windows\System32\FXSSVC.exe
11:38:30.0360 1488 C:\Windows\System32\FXSSVC.exe - ok
11:38:30.0360 1488 [ 77A8A1791145710C7EFE76EA82BF0763 ] C:\Program Files\Internet Explorer\ieproxy.dll
11:38:30.0360 1488 C:\Program Files\Internet Explorer\ieproxy.dll - ok
11:38:30.0375 1488 [ EBC984F0CE40E0DAF0454D806EC2A7EC ] C:\Users\Administrator\Desktop\glookedygloop.exe
11:38:30.0375 1488 C:\Users\Administrator\Desktop\glookedygloop.exe - ok
11:38:30.0375 1488 [ 454E292861A4EF1D72F43F42BBAF6917 ] C:\Windows\SysWOW64\crypt32.dll
11:38:30.0375 1488 C:\Windows\SysWOW64\crypt32.dll - ok
11:38:30.0375 1488 [ 938F39B50BAFE13D6F58C7790682C010 ] C:\Windows\SysWOW64\msasn1.dll
11:38:30.0375 1488 C:\Windows\SysWOW64\msasn1.dll - ok
11:38:30.0375 1488 [ 028D74F61952756C9DFFF7969162BB39 ] C:\Windows\SysWOW64\oleaut32.dll
11:38:30.0375 1488 C:\Windows\SysWOW64\oleaut32.dll - ok
11:38:30.0407 1488 [ 10FB16B50AFFDA6D44588F3C445DC273 ] C:\Windows\SysWOW64\setupapi.dll
11:38:30.0407 1488 C:\Windows\SysWOW64\setupapi.dll - ok
11:38:30.0407 1488 [ 3FFAEA12666E565FF51BF2FCA674F543 ] C:\Windows\SysWOW64\cfgmgr32.dll
11:38:30.0407 1488 C:\Windows\SysWOW64\cfgmgr32.dll - ok
11:38:30.0407 1488 [ CC4ED8BEA78B0DCA6F217E014C3291A7 ] C:\Windows\SysWOW64\devobj.dll
11:38:30.0407 1488 C:\Windows\SysWOW64\devobj.dll - ok
11:38:30.0407 1488 [ 702254574E7E52052DE39408457B7149 ] C:\Windows\SysWOW64\version.dll
11:38:30.0407 1488 C:\Windows\SysWOW64\version.dll - ok
11:38:30.0407 1488 [ CA9F7888B524D8100B977C81F44C3234 ] C:\Windows\SysWOW64\winhttp.dll
11:38:30.0407 1488 C:\Windows\SysWOW64\winhttp.dll - ok
11:38:30.0422 1488 [ 02C61D8AD469417F5508225C75DE3236 ] C:\Windows\SysWOW64\webio.dll
11:38:30.0422 1488 C:\Windows\SysWOW64\webio.dll - ok
11:38:30.0422 1488 [ 2D0D2DA87BEA7144F2A17F19D0D17E4C ] C:\Windows\SysWOW64\wintrust.dll
11:38:30.0422 1488 C:\Windows\SysWOW64\wintrust.dll - ok
11:38:30.0438 1488 [ 43964FA89CCF97BA6BE34D69455AC65F ] C:\Windows\SysWOW64\uxtheme.dll
11:38:30.0438 1488 C:\Windows\SysWOW64\uxtheme.dll - ok
11:38:30.0438 1488 [ 4E5FE39C1076D115EC8BFCFE14D75B80 ] C:\Windows\SysWOW64\credssp.dll
11:38:30.0438 1488 C:\Windows\SysWOW64\credssp.dll - ok
11:38:30.0438 1488 [ 7321F18D1F820612ED0E9F2D4B578A7E ] C:\Windows\SysWOW64\cryptsp.dll
11:38:30.0438 1488 C:\Windows\SysWOW64\cryptsp.dll - ok
11:38:30.0438 1488 [ 59DF156711A76BCB993253EC6C9BBF41 ] C:\Windows\SysWOW64\dnsapi.dll
11:38:30.0438 1488 C:\Windows\SysWOW64\dnsapi.dll - ok
11:38:30.0438 1488 [ 6377051C63D5552A311935C67E9FDFDC ] C:\Windows\SysWOW64\nsi.dll
11:38:30.0438 1488 C:\Windows\SysWOW64\nsi.dll - ok
11:38:30.0453 1488 [ 7FF15A4F092CD4A96055BA69F903E3E9 ] C:\Windows\SysWOW64\ws2_32.dll
11:38:30.0453 1488 C:\Windows\SysWOW64\ws2_32.dll - ok
11:38:30.0453 1488 [ F146E2BA475893DD77B2370DC1211FC6 ] C:\Windows\System32\drivers\30744083.sys
11:38:30.0453 1488 C:\Windows\System32\drivers\30744083.sys - ok
11:38:30.0453 1488 [ 0CE4D3BD306DA6D1F6F233C403F5B667 ] C:\Windows\SysWOW64\msi.dll
11:38:30.0453 1488 C:\Windows\SysWOW64\msi.dll - ok
11:38:30.0453 1488 [ C733D233B623B7FFCE5031E4B756EE26 ] C:\Windows\SysWOW64\profapi.dll
11:38:30.0453 1488 C:\Windows\SysWOW64\profapi.dll - ok
11:38:30.0469 1488 [ D15618A0FF8DBC2C5BF3726BACC75A0B ] C:\Windows\SysWOW64\userenv.dll
11:38:30.0469 1488 C:\Windows\SysWOW64\userenv.dll - ok
11:38:30.0469 1488 [ FF5688D309347F2720911D8796912834 ] C:\Windows\SysWOW64\clbcatq.dll
11:38:30.0469 1488 C:\Windows\SysWOW64\clbcatq.dll - ok
11:38:30.0469 1488 [ 102CF6879887BBE846A00C459E6D4ABC ] C:\Windows\SysWOW64\riched20.dll
11:38:30.0469 1488 C:\Windows\SysWOW64\riched20.dll - ok
11:38:30.0469 1488 [ E2A17BCC08D92F42E08AF6BA2F93ABA7 ] C:\Windows\SysWOW64\ExplorerFrame.dll
11:38:30.0469 1488 C:\Windows\SysWOW64\ExplorerFrame.dll - ok
11:38:30.0469 1488 [ EE06B85BC69F18826302348A2AD089E0 ] C:\Windows\SysWOW64\dui70.dll
11:38:30.0469 1488 C:\Windows\SysWOW64\dui70.dll - ok
11:38:30.0485 1488 [ 6E1F8165C365D35C8E3C045AF0CDD481 ] C:\Windows\SysWOW64\duser.dll
11:38:30.0485 1488 C:\Windows\SysWOW64\duser.dll - ok
11:38:30.0485 1488 ============================================================
11:38:30.0485 1488 Scan finished
11:38:30.0485 1488 ============================================================
11:38:30.0500 1480 Detected object count: 5
11:38:30.0500 1480 Actual detected object count: 5
11:39:01.0778 1480 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
11:39:01.0778 1480 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:39:01.0778 1480 NetMeterService ( UnsignedFile.Multi.Generic ) - skipped by user
11:39:01.0778 1480 NetMeterService ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:39:01.0794 1480 nlsX86cc ( UnsignedFile.Multi.Generic ) - skipped by user
11:39:01.0794 1480 nlsX86cc ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:39:01.0794 1480 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
11:39:01.0794 1480 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:39:01.0809 1480 ThinkVantage Registry Monitor Service ( UnsignedFile.Multi.Generic ) - skipped by user
11:39:01.0809 1480 ThinkVantage Registry Monitor Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:39:06.0287 1432 Deinitialize success

#13 homedoc

homedoc
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:12:19 AM

Posted 17 December 2012 - 07:26 PM

COMBOFIX IN SAFE MODE

ComboFix 12-12-17.02 - Administrator 12/17/2012 11:56:01.4.2 - x64 MINIMAL
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.6078.4875 [GMT -5:00]
Running from: c:\users\Administrator\Desktop\goopC.exe
AV: Kaspersky Internet Security *Enabled/Outdated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
FW: Kaspersky Internet Security *Enabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
SP: Kaspersky Internet Security *Enabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
ADS - Windows: deleted 0 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
E:\install.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-11-17 to 2012-12-17 )))))))))))))))))))))))))))))))
.
.
2012-12-17 17:02 . 2012-12-17 17:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-16 15:39 . 2012-12-16 15:39 -------- d-----w- c:\users\Acronis Agent User
2012-12-16 15:37 . 2012-12-16 15:37 -------- d-----w- c:\programdata\SpeedBit
2012-12-16 15:37 . 2012-12-16 15:37 -------- d-----w- c:\program files (x86)\Common Files\SpeedBit
2012-12-16 15:37 . 2012-12-16 15:36 90824 ----a-w- c:\windows\SysWow64\EasyHook32.dll
2012-12-16 15:37 . 2012-12-16 15:36 109256 ----a-w- c:\windows\SysWow64\EasyHook64.dll
2012-12-16 15:36 . 2012-12-16 15:36 172032 ----a-w- c:\windows\SysWow64\AniGIF.ocx
2012-12-16 11:57 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E8AE222B-3C7F-4A4E-AED2-88F0B883F1AC}\mpengine.dll
2012-12-14 02:02 . 2012-12-14 03:17 -------- d-----w- C:\bleepcomp
2012-12-13 18:04 . 2012-12-13 18:05 -------- d-----w- c:\program files\DAPx64
2012-12-11 10:23 . 2012-12-11 10:36 -------- d-----w- c:\program files\PhotoZoom Pro 5
2012-12-11 00:37 . 2012-12-11 06:27 -------- d-----w- c:\program files\PhotomatixPro4
2012-12-07 19:42 . 2009-09-04 22:29 1892184 ----a-w- c:\windows\SysWow64\D3DX9_42.dll
2012-12-07 19:42 . 2009-09-04 22:29 2475352 ----a-w- c:\windows\system32\D3DX9_42.dll
2012-12-06 20:11 . 2012-06-11 23:17 18784 ----a-w- c:\windows\system32\roboot64.exe
2012-12-06 20:11 . 2008-11-21 05:08 16896 ----a-w- c:\windows\system32\sasnative64.exe
2012-12-06 20:11 . 2012-12-07 00:17 -------- d-----w- c:\program files (x86)\Advanced System Optimizer 3
2012-12-06 20:01 . 2012-12-07 00:17 -------- d-----w- c:\program files\Registrar Registry Manager (64-bit)
2012-12-06 03:39 . 2012-12-06 03:39 -------- d-----w- c:\programdata\NCH Software
2012-12-06 03:39 . 2012-12-06 03:39 -------- d-----w- c:\program files (x86)\NCH Software
2012-12-06 03:39 . 2012-12-06 03:39 32024 ----a-w- c:\windows\system32\drivers\debutfilterx64.sys
2012-12-05 19:01 . 2012-10-02 19:03 2712200 ----a-w- c:\program files (x86)\procexp.exe
2012-12-05 18:42 . 2012-12-05 18:42 -------- d-----w- c:\program files (x86)\R-Studio
2012-12-03 18:45 . 2012-12-03 18:45 -------- d-----w- c:\programdata\McAfee
2012-11-30 05:28 . 2011-02-19 12:05 1139200 ----a-w- c:\windows\system32\FntCache.dll
2012-11-30 05:28 . 2011-02-19 12:04 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-11-30 05:28 . 2011-02-19 12:04 902656 ----a-w- c:\windows\system32\d2d1.dll
2012-11-30 05:28 . 2011-02-19 06:30 1076736 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-11-30 05:28 . 2011-02-19 06:30 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2012-11-30 02:47 . 2012-10-30 02:04 66395536 ----a-w- c:\windows\system32\MRT.exe
2012-11-30 02:06 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-11-30 02:06 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-11-30 02:04 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe
2012-11-30 02:04 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
2012-11-30 01:35 . 2012-07-11 22:09 64856 ----a-w- c:\windows\system32\klfphc.dll
2012-11-30 01:35 . 2012-11-30 01:35 -------- d-----w- c:\windows\ELAMBKUP
2012-11-30 01:35 . 2012-12-17 17:05 -------- d-----w- c:\programdata\Kaspersky Lab
2012-11-30 01:35 . 2012-11-30 01:35 -------- d-----w- c:\program files (x86)\Kaspersky Lab
2012-11-30 01:34 . 2012-11-30 02:02 613720 ----a-w- c:\windows\system32\drivers\klif.sys
2012-11-30 01:34 . 2012-08-13 23:24 89432 ----a-w- c:\windows\system32\drivers\klflt.sys
2012-11-30 01:04 . 2012-11-30 00:14 -------- d-----w- c:\windows\Panther
2012-11-30 00:49 . 2012-11-29 23:27 -------- d-----w- C:\$WINDOWS.~Q
2012-11-30 00:39 . 2012-11-30 00:45 -------- d-----w- C:\$INPLACE.~TR
2012-11-30 00:13 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-11-30 00:13 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-11-30 00:13 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-11-30 00:13 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-11-30 00:13 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-11-30 00:13 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-11-30 00:13 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-11-30 00:13 . 2012-06-02 20:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-11-30 00:13 . 2012-06-02 20:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-11-29 23:13 . 2012-11-29 23:13 -------- d-----w- c:\users\Default\Roaming
2012-11-29 23:13 . 2012-11-29 23:13 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2012-11-29 22:11 . 2012-12-07 00:17 -------- d-----w- c:\users\Dave
2012-11-29 22:11 . 2012-12-17 00:47 -------- d-----w- c:\users\Administrator
2012-11-29 22:09 . 2012-11-29 22:09 -------- d-----w- c:\program files\Protector Suite
2012-11-29 22:09 . 2012-11-29 22:09 -------- d-----w- c:\program files\Synaptics
2012-11-29 22:09 . 2012-12-17 17:04 -------- d-----w- c:\programdata\NVIDIA
2012-11-29 22:09 . 2012-05-31 18:31 3106152 ----a-w- c:\windows\system32\nvsvc64.dll
2012-11-29 22:09 . 2012-05-31 18:30 6105960 ----a-w- c:\windows\system32\nvcpl.dll
2012-11-29 22:09 . 2012-05-31 18:30 63336 ----a-w- c:\windows\system32\nvshext.dll
2012-11-29 22:09 . 2012-05-31 18:30 55656 ----a-w- c:\windows\system32\nv3dappshextr.dll
2012-11-29 22:09 . 2012-05-31 18:30 2561896 ----a-w- c:\windows\system32\nvsvcr.dll
2012-11-29 22:09 . 2012-05-31 18:30 118120 ----a-w- c:\windows\system32\nvmctray.dll
2012-11-29 22:09 . 2012-05-31 18:30 890216 ----a-w- c:\windows\system32\nvvsvc.exe
2012-11-29 22:09 . 2012-05-31 18:30 851816 ----a-w- c:\windows\system32\nv3dappshext.dll
2012-11-29 22:09 . 2012-05-31 18:30 427880 ----a-w- c:\windows\SysWow64\oemdspif.dll
2012-11-29 22:08 . 2012-11-29 22:43 -------- d-----w- c:\programdata\NVIDIA Corporation
2012-11-29 22:08 . 2012-11-29 22:30 -------- d-----w- c:\program files\NVIDIA Corporation
2012-11-29 22:08 . 2012-11-29 22:08 -------- d-----w- c:\program files\CONEXANT
2012-11-29 22:07 . 2012-11-29 22:32 -------- d-----w- c:\program files (x86)\Analog Devices
2012-11-26 20:18 . 2012-11-29 22:46 -------- d-----w- c:\windows\SysWow64\Adobe
2012-11-23 22:30 . 2012-07-26 02:36 9728 ------w- c:\windows\system32\Wdfres.dll
2012-11-23 19:26 . 2012-10-08 11:31 2312704 ------w- c:\windows\system32\jscript9.dll
2012-11-23 19:26 . 2012-10-08 11:24 1346048 ------w- c:\windows\system32\urlmon(128).dll
2012-11-23 19:26 . 2012-10-08 07:48 1103872 ------w- c:\windows\SysWow64\urlmon(134).dll
2012-11-23 19:26 . 2012-10-08 11:23 1392128 ------w- c:\windows\system32\wininet(130).dll
2012-11-23 19:26 . 2012-10-08 07:48 1129472 ------w- c:\windows\SysWow64\wininet(135).dll
2012-11-23 19:26 . 2012-10-08 07:56 1800704 ------w- c:\windows\SysWow64\jscript9.dll
2012-11-23 19:26 . 2012-10-08 11:15 2144768 ------w- c:\windows\system32\iertutil(124).dll
2012-11-23 19:26 . 2012-10-08 07:41 1793024 ------w- c:\windows\SysWow64\iertutil(133).dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-06 20:32 . 2012-07-17 16:43 1652 ----a-w- c:\windows\system32\ASOROSet.bin
2012-11-30 02:02 . 2012-07-25 19:53 29528 ----a-w- c:\windows\system32\drivers\klmouflt.sys
2012-11-30 02:02 . 2012-06-08 16:38 54104 ----a-w- c:\windows\system32\drivers\kltdi.sys
2012-11-30 02:02 . 2012-05-26 00:38 29016 ----a-w- c:\windows\system32\drivers\klkbdflt.sys
2012-11-07 19:56 . 2012-11-07 19:56 158805 ----a-w- c:\windows\01 Transaction Pro Importer 5.0 Uninstaller.exe
2012-10-25 13:09 . 2012-06-24 06:10 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-25 13:09 . 2012-06-24 06:10 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-23 15:09 . 2012-10-23 15:09 332288 ----a-w- c:\windows\system32\uxtheme.new
2012-10-18 20:33 . 2012-10-18 20:33 0 ----a-w- c:\windows\SysWow64\REN3C89.tmp
2012-10-18 20:33 . 2012-10-18 20:33 0 ----a-w- c:\windows\SysWow64\REN3C88.tmp
2012-10-09 18:47 . 2012-10-09 18:47 31 ----a-w- c:\users\Dave\AERO.bat
2012-09-29 23:54 . 2012-09-02 01:29 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-26 22:18 . 2012-09-26 22:18 39184 ----a-w- c:\windows\SysWow64\Partizan.exe
2012-09-25 03:16 . 2012-10-18 20:34 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-20 22:27 . 2009-04-01 06:19 61440 ----a-w- c:\windows\SysWow64\CleanMem.exe
2012-09-10 13:16 . 2012-10-31 18:37 649864 ----a-w- c:\program files (x86)\autoruns.exe
2012-09-10 13:16 . 2012-10-31 18:37 567944 ----a-w- c:\program files (x86)\autorunsc.exe
2010-05-05 04:50 . 2012-06-24 06:33 434176 ----a-w- c:\program files (x86)\glint.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{5B51B86E-6A75-451B-9F35-C2403FC7CF00}]
2011-06-20 19:33 191648 ----a-w- c:\program files (x86)\dtSearch\Plugins\dtswebhits_bho.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D5974A72-C81C-4DC3-BE77-A8A7BBC8864E}]
2012-12-16 15:49 431784 ----a-w- c:\program files (x86)\DAP\LinkVerifier.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Copernic Desktop Search - Corporate"="c:\program files (x86)\Copernic Desktop Search - Corporate\DesktopSearchService.exe" [2012-07-23 1788416]
"EasyTether"="c:\program files (x86)\Mobile Stream\EasyTether\easytthr.exe" [2012-06-06 48680]
"MP3 Skype Recorder"="c:\program files (x86)\MP3 Skype Recorder\MP3 Skype Recorder.exe" [2011-11-18 1975296]
"NetMeter"="c:\program files (x86)\HooTech Net Meter\HooNetMeter.exe" [2008-12-06 577536]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2012-08-25 765200]
"thebat_startup"="c:\program files (x86)\The Bat!\thebat.exe" [2011-07-26 13909936]
"Total Commander Extended x64"="c:\totalcmd\Totalcmd64.exe" [2012-08-03 7764632]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-11-09 17877168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2009-05-18 1314816]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-07-27 823224]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-07-27 36800]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"bdinstaller"="c:\program files\Common Files\Bitdefender\SetupInformation\downloader\setuplauncher.exe" [2012-06-18 676128]
"RegRun WinBait"="c:\windows\winbait.exe" [2012-06-27 20240]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"@RegRunOnSecure"="c:\progra~1\Greatis\REGRUN~1\OnSecure.exe" [2008-12-22 61664]
"PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2012-05-16 5941344]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe" [2012-11-30 356376]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"EasyTether"="c:\program files (x86)\Mobile Stream\EasyTether\easytthr.exe" [2012-06-06 48680]
.
c:\users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Chaos32.exe - Shortcut.lnk - c:\program files (x86)\Chaos32\Chaos32.exe [2012-7-10 1347584]
glint.exe - Shortcut.lnk - c:\program files (x86)\glint.exe [2012-6-24 434176]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-10-20 1082144]
Jabra Device Service.lnk - c:\program files (x86)\Jabra\Jabra PC Suite\JabraDeviceService.exe [2012-5-16 151552]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"DisableCAD"= 1 (0x1)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MaxRecentDocs"= 100 (0x64)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{F552DDE6-2090-4bf4-B924-6141E87789A5}"= "c:\progra~1\Greatis\REGRUN~1\RRShell.dll" [2009-04-06 335943]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0autocheck autocheck У\0autocheck \0autocheck \0autocheck \0autocheck autocheck ?\0autocheck \0autocheck autocheck n\Diske????к\0autocheck autocheck ??2\0autocheck \0autocheck \0autocheck \0autocheck \0autocheck \0autocheck \0autocheck \0autocheck \0autocheck autocheck 11E1-????и\0autocheck autocheck Defrag\0autocheck \0autocheck \0autocheck \0autocheck \0autocheck \0autocheck \0autocheck \0autocheck \0autocheck \0autocheck \0autocheck \0autocheck \0autocheck \0autocheck autocheck ф\0autocheck \0autocheck \0autocheck \0autocheck \0autocheck \0autocheck \0autocheck \0autocheck \0autocheck \0autocheck \0autocheck \0autocheck \0autocheck \0autocheck \0autocheck \0autocheck \0autocheck \0autocheck \0autocheck \0autocheck \0autocheck \0autocheck \0autocheck \0autocheck \0autocheck \0autocheck \0autocheck \0autocheck \0autocheck Partizan
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 BootlogService;BootlogService;c:\program files\Greatis\RegRunSuite\BootLogService.exe [2012-06-27 65296]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2011-07-12 101736]
R2 NetMeterService;Net Meter Service;c:\program files (x86)\HooTech Net Meter\NetMeterService.exe [2010-04-20 192512]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 DozeSvc;Lenovo Doze Mode Service;c:\program files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2012-05-16 320576]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2012-05-16 1662560]
R3 PROCEXP151;PROCEXP151;c:\windows\system32\Drivers\PROCEXP151.SYS [x]
R3 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE [2012-05-16 1665120]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 20992]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 31800]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-21 88960]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 34816]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-08-30 1255736]
S0 DzHDD64;DzHDD64;c:\windows\System32\DRIVERS\DzHDD64.sys [2012-05-16 29512]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys [2011-12-29 25416]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2012-08-02 28504]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys [2012-11-30 54104]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys [2012-08-13 178008]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys [2010-09-07 15472]
S2 ASO3DiskOptimizer;ASO3DiskOptimizer;c:\program files (x86)\Advanced System Optimizer 3\ASO3DefragSrv64.exe [2012-06-11 263520]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2011-07-12 133992]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936]
S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\nlssrv32.exe [2012-09-05 66560]
S2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;c:\program files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [2009-07-20 4908576]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-12-13 3290896]
S2 smihlp;SMI Helper Driver (smihlp);c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [2011-05-30 13128]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-31 382312]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [2011-07-12 145256]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2011-07-12 142696]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2011-05-13 36328]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [2006-12-21 300032]
S3 debutfilter;Debut Filter Driver v6.10.01;c:\windows\system32\DRIVERS\debutfilterx64.sys [2012-12-06 32024]
S3 DKRtWrt;DKRtWrt;c:\windows\system32\DRIVERS\DKRtWrt.sys [2011-02-14 44624]
S3 easytether;easytether;c:\windows\system32\DRIVERS\easytthr.sys [2012-06-06 20784]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys [2012-11-30 29016]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2012-11-30 29528]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-05-13 157672]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-05-13 16872]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-05-13 177640]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-24 13:09]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AcWin7Hlpr"="c:\program files (x86)\Lenovo\Access Connections\AcTBenabler.exe" [2011-10-20 33344]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2011-06-10 5990200]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-05-31 1694016]
"PSQLLauncher"="c:\program files\ThinkVantage Fingerprint Software\launcher.exe" [2011-07-14 85832]
"TpShocks"="TpShocks.exe" [2012-06-21 222720]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.speedbit.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Download with &DAP - c:\program files (x86)\DAP\dapextie.htm
IE: &Verify with DAP - c:\program files (x86)\DAP\dapverify.htm
IE: Add to Anti-Banner - c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Download &all with DAP - c:\program files (x86)\DAP\dapextie2.htm
IE: Download with Xilisoft YouTube Video Converter - c:\program files (x86)\Xilisoft\YouTube Video Converter\upod_link.HTM
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Закачать ВСЕ при помощи Download Master
IE: Закачать при помощи Download Master
IE: Передать на удаленную закачку DM
TCP: DhcpNameServer = 192.168.2.1
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-60121623.sys
SafeBoot-91672145.sys
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{00C6482D-C502-44C8-8409-FCE54AD9C208}"=hex:51,66,7a,6c,4c,1d,38,12,43,4b,d5,
04,30,8b,a6,01,fb,1f,bf,a5,4f,87,86,1c
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{381FFDE8-2394-4F90-B10D-FC6124A40F8C}"=hex:51,66,7a,6c,4c,1d,38,12,86,fe,0c,
3c,a6,6d,fe,0a,ce,1b,bf,21,21,fa,4b,98
"{6E45F3E8-2683-4824-A6BE-08108022FB36}"=hex:51,66,7a,6c,4c,1d,38,12,86,f0,56,
6a,b1,68,4a,0d,d9,a8,4b,50,85,7c,bf,22
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3}"=hex:51,66,7a,6c,4c,1d,38,12,ed,e2,e6,
8b,ec,e5,85,03,cf,88,91,ea,bc,02,ef,f7
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{BF468356-BB7E-42D7-9F15-4F3B9BCFCED2}"=hex:51,66,7a,6c,4c,1d,38,12,38,80,55,
bb,4c,f5,b9,07,e0,03,0c,7b,9e,91,8a,c6
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:37,62,4c,48,f5,5a,cd,01
.
[HKEY_USERS\S-1-5-21-1119690581-3265781577-448518777-1000_Classes\Wow6432Node\CLSID\{1fd0bcac-0532-4323-b71c-89962c97e3a4}]
@Denied: (Full) (Everyone)
"Model"=dword:000000df
"Therad"=dword:00000016
.
[HKEY_USERS\S-1-5-21-1119690581-3265781577-448518777-1000_Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):f8,1f,d2,ed,8d,14,2f,01,c2,7e,24,73,3e,a0,91,5f,d1,3b,c9,70,66,
f4,f5,e6,14,69,63,25,e2,35,95,68,8d,85,da,71,51,dd,98,eb,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0\Alias]
@=""
"0"="ActionsPane Schema for Add-Ins"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0\Solutions\http://schemas.microsoft.com/office/smartdocuments/2003\0]
"Key"="http://schemas.microsoft.com/office/smartdocuments/2003"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0\Solutions\http://schemas.microsoft.com/office/smartdocuments/2003\0\{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}\Alias]
"0"="Microsoft Actions Pane 3"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Symantec\pcAnywhere\awhost32.exe
c:\program files (x86)\Symantec\pcAnywhere\AWHPROBE.EXE
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\Lenovo\Client Security Solution\tvttcsd.exe
c:\program files (x86)\Lenovo\Access Connections\AcSvc.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\windows\SysWOW64\rundll32.exe
c:\progra~2\ThinkPad\UTILIT~1\SCHTASK.exe
c:\program files (x86)\Jabra\Jabra PC Suite\JabraSkypeDriver.exe
c:\program files (x86)\Jabra\Jabra PC Suite\JabraAvayaIPDriver.exe
c:\program files (x86)\Jabra\Jabra PC Suite\JabraSametimeV85Driver.exe
c:\program files (x86)\Jabra\Jabra PC Suite\JabraAvayaOneXDriver.exe
c:\program files (x86)\Jabra\Jabra PC Suite\JabraCiscoWebExConnectDriver.exe
c:\program files (x86)\Jabra\Jabra PC Suite\JabraSametimeDriver.exe
c:\program files (x86)\Lenovo\Client Security Solution\password_manager.exe
c:\program files (x86)\Lenovo\System Update\SUService.exe
c:\program files (x86)\Microsoft Office\Office14\WINWORD.EXE
.
**************************************************************************
.
Completion time: 2012-12-17 12:12:01 - machine was rebooted
ComboFix-quarantined-files.txt 2012-12-17 17:12
ComboFix2.txt 2012-12-14 03:17
ComboFix3.txt 2012-12-08 17:05
.
Pre-Run: 96,742,690,816 bytes free
Post-Run: 96,715,984,896 bytes free
.
- - End Of File - - E1C44A9A8F7DF2876A6765678A600751

#14 homedoc

homedoc
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:12:19 AM

Posted 17 December 2012 - 07:27 PM

COMBOFIX IN NORMAL MODE

ComboFix 12-12-17.02 - Dave 12/17/2012 13:00:25.5.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.6078.3943 [GMT -5:00]
Running from: c:\users\Administrator\Desktop\goopC.exe
AV: Kaspersky Internet Security *Disabled/Outdated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
FW: Kaspersky Internet Security *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
SP: Kaspersky Internet Security *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\!win2kdownloads mirror\09FFA7EA964E433680A5.EXE
c:\!win2kdownloads mirror\D145FFF4A0A14BCAA0DF.EXE
.
.
((((((((((((((((((((((((( Files Created from 2012-11-17 to 2012-12-17 )))))))))))))))))))))))))))))))
.
.
2012-12-17 19:05 . 2012-12-17 19:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-17 17:14 . 2012-12-17 17:14 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E8AE222B-3C7F-4A4E-AED2-88F0B883F1AC}\offreg.dll
2012-12-17 16:55 . 2012-12-17 17:12 -------- d-----w- C:\goopC
2012-12-16 15:39 . 2012-12-16 15:39 -------- d-----w- c:\users\Acronis Agent User
2012-12-16 15:37 . 2012-12-16 15:37 -------- d-----w- c:\programdata\SpeedBit
2012-12-16 15:37 . 2012-12-16 15:37 -------- d-----w- c:\program files (x86)\Common Files\SpeedBit
2012-12-16 15:37 . 2012-12-16 15:36 90824 ----a-w- c:\windows\SysWow64\EasyHook32.dll
2012-12-16 15:37 . 2012-12-16 15:36 109256 ----a-w- c:\windows\SysWow64\EasyHook64.dll
2012-12-16 15:36 . 2012-12-16 15:36 172032 ----a-w- c:\windows\SysWow64\AniGIF.ocx
2012-12-16 11:57 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E8AE222B-3C7F-4A4E-AED2-88F0B883F1AC}\mpengine.dll
2012-12-14 02:02 . 2012-12-14 03:17 -------- d-----w- C:\bleepcomp
2012-12-13 18:04 . 2012-12-13 18:05 -------- d-----w- c:\program files\DAPx64
2012-12-11 10:23 . 2012-12-11 10:36 -------- d-----w- c:\program files\PhotoZoom Pro 5
2012-12-11 00:37 . 2012-12-11 06:27 -------- d-----w- c:\program files\PhotomatixPro4
2012-12-07 19:42 . 2009-09-04 22:29 1892184 ----a-w- c:\windows\SysWow64\D3DX9_42.dll
2012-12-07 19:42 . 2009-09-04 22:29 2475352 ----a-w- c:\windows\system32\D3DX9_42.dll
2012-12-06 20:11 . 2012-06-11 23:17 18784 ----a-w- c:\windows\system32\roboot64.exe
2012-12-06 20:11 . 2008-11-21 05:08 16896 ----a-w- c:\windows\system32\sasnative64.exe
2012-12-06 20:11 . 2012-12-07 00:17 -------- d-----w- c:\program files (x86)\Advanced System Optimizer 3
2012-12-06 20:01 . 2012-12-07 00:17 -------- d-----w- c:\program files\Registrar Registry Manager (64-bit)
2012-12-06 03:39 . 2012-12-06 03:39 -------- d-----w- c:\programdata\NCH Software
2012-12-06 03:39 . 2012-12-06 03:39 -------- d-----w- c:\program files (x86)\NCH Software
2012-12-06 03:39 . 2012-12-06 03:39 32024 ----a-w- c:\windows\system32\drivers\debutfilterx64.sys
2012-12-05 19:01 . 2012-10-02 19:03 2712200 ----a-w- c:\program files (x86)\procexp.exe
2012-12-05 18:42 . 2012-12-05 18:42 -------- d-----w- c:\program files (x86)\R-Studio
2012-12-03 18:45 . 2012-12-03 18:45 -------- d-----w- c:\programdata\McAfee
2012-11-30 05:28 . 2011-02-19 12:05 1139200 ----a-w- c:\windows\system32\FntCache.dll
2012-11-30 05:28 . 2011-02-19 12:04 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-11-30 05:28 . 2011-02-19 12:04 902656 ----a-w- c:\windows\system32\d2d1.dll
2012-11-30 05:28 . 2011-02-19 06:30 1076736 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-11-30 05:28 . 2011-02-19 06:30 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2012-11-30 02:47 . 2012-10-30 02:04 66395536 ----a-w- c:\windows\system32\MRT.exe
2012-11-30 02:06 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-11-30 02:06 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-11-30 02:04 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe
2012-11-30 02:04 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
2012-11-30 01:35 . 2012-07-11 22:09 64856 ----a-w- c:\windows\system32\klfphc.dll
2012-11-30 01:35 . 2012-11-30 01:35 -------- d-----w- c:\windows\ELAMBKUP
2012-11-30 01:35 . 2012-12-17 17:06 -------- d-----w- c:\programdata\Kaspersky Lab
2012-11-30 01:35 . 2012-11-30 01:35 -------- d-----w- c:\program files (x86)\Kaspersky Lab
2012-11-30 01:34 . 2012-11-30 02:02 613720 ----a-w- c:\windows\system32\drivers\klif.sys
2012-11-30 01:34 . 2012-08-13 23:24 89432 ----a-w- c:\windows\system32\drivers\klflt.sys
2012-11-30 01:04 . 2012-11-30 00:14 -------- d-----w- c:\windows\Panther
2012-11-30 00:49 . 2012-11-29 23:27 -------- d-----w- C:\$WINDOWS.~Q
2012-11-30 00:39 . 2012-11-30 00:45 -------- d-----w- C:\$INPLACE.~TR
2012-11-30 00:13 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-11-30 00:13 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-11-30 00:13 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-11-30 00:13 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-11-30 00:13 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-11-30 00:13 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-11-30 00:13 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-11-30 00:13 . 2012-06-02 20:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-11-30 00:13 . 2012-06-02 20:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-11-29 23:13 . 2012-11-29 23:13 -------- d-----w- c:\users\Default\Roaming
2012-11-29 23:13 . 2012-11-29 23:13 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2012-11-29 22:11 . 2012-12-07 00:17 -------- d-----w- c:\users\Dave
2012-11-29 22:11 . 2012-12-17 00:47 -------- d-----w- c:\users\Administrator
2012-11-29 22:09 . 2012-11-29 22:09 -------- d-----w- c:\program files\Protector Suite
2012-11-29 22:09 . 2012-11-29 22:09 -------- d-----w- c:\program files\Synaptics
2012-11-29 22:09 . 2012-12-17 17:04 -------- d-----w- c:\programdata\NVIDIA
2012-11-29 22:09 . 2012-05-31 18:31 3106152 ----a-w- c:\windows\system32\nvsvc64.dll
2012-11-29 22:09 . 2012-05-31 18:30 6105960 ----a-w- c:\windows\system32\nvcpl.dll
2012-11-29 22:09 . 2012-05-31 18:30 63336 ----a-w- c:\windows\system32\nvshext.dll
2012-11-29 22:09 . 2012-05-31 18:30 55656 ----a-w- c:\windows\system32\nv3dappshextr.dll
2012-11-29 22:09 . 2012-05-31 18:30 2561896 ----a-w- c:\windows\system32\nvsvcr.dll
2012-11-29 22:09 . 2012-05-31 18:30 118120 ----a-w- c:\windows\system32\nvmctray.dll
2012-11-29 22:09 . 2012-05-31 18:30 890216 ----a-w- c:\windows\system32\nvvsvc.exe
2012-11-29 22:09 . 2012-05-31 18:30 851816 ----a-w- c:\windows\system32\nv3dappshext.dll
2012-11-29 22:09 . 2012-05-31 18:30 427880 ----a-w- c:\windows\SysWow64\oemdspif.dll
2012-11-29 22:08 . 2012-11-29 22:43 -------- d-----w- c:\programdata\NVIDIA Corporation
2012-11-29 22:08 . 2012-11-29 22:30 -------- d-----w- c:\program files\NVIDIA Corporation
2012-11-29 22:08 . 2012-11-29 22:08 -------- d-----w- c:\program files\CONEXANT
2012-11-29 22:07 . 2012-11-29 22:32 -------- d-----w- c:\program files (x86)\Analog Devices
2012-11-26 20:18 . 2012-11-29 22:46 -------- d-----w- c:\windows\SysWow64\Adobe
2012-11-23 22:30 . 2012-07-26 02:36 9728 ------w- c:\windows\system32\Wdfres.dll
2012-11-23 19:26 . 2012-10-08 11:31 2312704 ------w- c:\windows\system32\jscript9.dll
2012-11-23 19:26 . 2012-10-08 11:24 1346048 ------w- c:\windows\system32\urlmon(128).dll
2012-11-23 19:26 . 2012-10-08 07:48 1103872 ------w- c:\windows\SysWow64\urlmon(134).dll
2012-11-23 19:26 . 2012-10-08 11:23 1392128 ------w- c:\windows\system32\wininet(130).dll
2012-11-23 19:26 . 2012-10-08 07:48 1129472 ------w- c:\windows\SysWow64\wininet(135).dll
2012-11-23 19:26 . 2012-10-08 07:56 1800704 ------w- c:\windows\SysWow64\jscript9.dll
2012-11-23 19:26 . 2012-10-08 11:15 2144768 ------w- c:\windows\system32\iertutil(124).dll
2012-11-23 19:26 . 2012-10-08 07:41 1793024 ------w- c:\windows\SysWow64\iertutil(133).dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-06 20:32 . 2012-07-17 16:43 1652 ----a-w- c:\windows\system32\ASOROSet.bin
2012-11-30 02:02 . 2012-07-25 19:53 29528 ----a-w- c:\windows\system32\drivers\klmouflt.sys
2012-11-30 02:02 . 2012-06-08 16:38 54104 ----a-w- c:\windows\system32\drivers\kltdi.sys
2012-11-30 02:02 . 2012-05-26 00:38 29016 ----a-w- c:\windows\system32\drivers\klkbdflt.sys
2012-11-07 19:56 . 2012-11-07 19:56 158805 ----a-w- c:\windows\01 Transaction Pro Importer 5.0 Uninstaller.exe
2012-10-25 13:09 . 2012-06-24 06:10 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-25 13:09 . 2012-06-24 06:10 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-23 15:09 . 2012-10-23 15:09 332288 ----a-w- c:\windows\system32\uxtheme.new
2012-10-18 20:33 . 2012-10-18 20:33 0 ----a-w- c:\windows\SysWow64\REN3C89.tmp
2012-10-18 20:33 . 2012-10-18 20:33 0 ----a-w- c:\windows\SysWow64\REN3C88.tmp
2012-10-09 18:47 . 2012-10-09 18:47 31 ----a-w- c:\users\Dave\AERO.bat
2012-09-29 23:54 . 2012-09-02 01:29 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-26 22:18 . 2012-09-26 22:18 39184 ----a-w- c:\windows\SysWow64\Partizan.exe
2012-09-25 03:16 . 2012-10-18 20:34 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-20 22:27 . 2009-04-01 06:19 61440 ----a-w- c:\windows\SysWow64\CleanMem.exe
2012-09-10 13:16 . 2012-10-31 18:37 649864 ----a-w- c:\program files (x86)\autoruns.exe
2012-09-10 13:16 . 2012-10-31 18:37 567944 ----a-w- c:\program files (x86)\autorunsc.exe
2010-05-05 04:50 . 2012-06-24 06:33 434176 ----a-w- c:\program files (x86)\glint.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{5B51B86E-6A75-451B-9F35-C2403FC7CF00}]
2011-06-20 19:33 191648 ----a-w- c:\program files (x86)\dtSearch\Plugins\dtswebhits_bho.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D5974A72-C81C-4DC3-BE77-A8A7BBC8864E}]
2012-12-16 15:49 431784 ----a-w- c:\program files (x86)\DAP\LinkVerifier.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Copernic Desktop Search - Corporate"="c:\program files (x86)\Copernic Desktop Search - Corporate\DesktopSearchService.exe" [2012-07-23 1788416]
"EasyTether"="c:\program files (x86)\Mobile Stream\EasyTether\easytthr.exe" [2012-06-06 48680]
"MP3 Skype Recorder"="c:\program files (x86)\MP3 Skype Recorder\MP3 Skype Recorder.exe" [2011-11-18 1975296]
"NetMeter"="c:\program files (x86)\HooTech Net Meter\HooNetMeter.exe" [2008-12-06 577536]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2012-08-25 765200]
"thebat_startup"="c:\program files (x86)\The Bat!\thebat.exe" [2011-07-26 13909936]
"Total Commander Extended x64"="c:\totalcmd\Totalcmd64.exe" [2012-08-03 7764632]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-11-09 17877168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2009-05-18 1314816]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-07-27 823224]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-07-27 36800]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"bdinstaller"="c:\program files\Common Files\Bitdefender\SetupInformation\downloader\setuplauncher.exe" [2012-06-18 676128]
"RegRun WinBait"="c:\windows\winbait.exe" [2012-06-27 20240]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"@RegRunOnSecure"="c:\progra~1\Greatis\REGRUN~1\OnSecure.exe" [2008-12-22 61664]
"PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2012-05-16 5941344]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe" [2012-11-30 356376]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"EasyTether"="c:\program files (x86)\Mobile Stream\EasyTether\easytthr.exe" [2012-06-06 48680]
.
c:\users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Chaos32.exe - Shortcut.lnk - c:\program files (x86)\Chaos32\Chaos32.exe [2012-7-10 1347584]
glint.exe - Shortcut.lnk - c:\program files (x86)\glint.exe [2012-6-24 434176]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-10-20 1082144]
Jabra Device Service.lnk - c:\program files (x86)\Jabra\Jabra PC Suite\JabraDeviceService.exe [2012-5-16 151552]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"DisableCAD"= 1 (0x1)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MaxRecentDocs"= 100 (0x64)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{F552DDE6-2090-4bf4-B924-6141E87789A5}"= "c:\progra~1\Greatis\REGRUN~1\RRShell.dll" [2009-04-06 335943]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0autocheck autocheck У\0autocheck \0autocheck \0autocheck \0autocheck autocheck ?\0autocheck \0autocheck autocheck n\Diske????к\0autocheck autocheck ??2\0autocheck \0autocheck \0autocheck \0autocheck \0autocheck \0autocheck \0autocheck \0autocheck \0autocheck autocheck 11E1-????и\0autocheck autocheck Defrag\0autocheck \0autocheck \0autocheck \0autocheck \0autocheck \0autocheck \0autocheck \0autocheck \0autocheck \0autocheck \0autocheck \0autocheck \0autocheck \0autocheck autocheck ф\0autocheck \0autocheck \0autocheck \0autocheck \0autocheck \0autocheck \0autocheck \0autocheck \0autocheck \0autocheck \0autocheck \0autocheck \0autocheck \0autocheck \0autocheck \0autocheck \0autocheck \0autocheck \0autocheck \0autocheck \0autocheck \0autocheck \0autocheck \0autocheck \0autocheck \0autocheck \0autocheck \0autocheck \0autocheck Partizan
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 BootlogService;BootlogService;c:\program files\Greatis\RegRunSuite\BootLogService.exe [2012-06-27 65296]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2011-07-12 101736]
R2 NetMeterService;Net Meter Service;c:\program files (x86)\HooTech Net Meter\NetMeterService.exe [2010-04-20 192512]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-12-13 3290896]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 DozeSvc;Lenovo Doze Mode Service;c:\program files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2012-05-16 320576]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2012-05-16 1662560]
R3 PROCEXP151;PROCEXP151;c:\windows\system32\Drivers\PROCEXP151.SYS [x]
R3 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE [2012-05-16 1665120]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 20992]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 31800]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-21 88960]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 34816]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-08-30 1255736]
S0 DzHDD64;DzHDD64;c:\windows\System32\DRIVERS\DzHDD64.sys [2012-05-16 29512]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys [2011-12-29 25416]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2012-08-02 28504]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys [2012-11-30 54104]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys [2012-08-13 178008]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys [2010-09-07 15472]
S2 ASO3DiskOptimizer;ASO3DiskOptimizer;c:\program files (x86)\Advanced System Optimizer 3\ASO3DefragSrv64.exe [2012-06-11 263520]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2011-07-12 133992]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936]
S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\nlssrv32.exe [2012-09-05 66560]
S2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;c:\program files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [2009-07-20 4908576]
S2 smihlp;SMI Helper Driver (smihlp);c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [2011-05-30 13128]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-31 382312]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [2011-07-12 145256]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2011-07-12 142696]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2011-05-13 36328]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [2006-12-21 300032]
S3 debutfilter;Debut Filter Driver v6.10.01;c:\windows\system32\DRIVERS\debutfilterx64.sys [2012-12-06 32024]
S3 DKRtWrt;DKRtWrt;c:\windows\system32\DRIVERS\DKRtWrt.sys [2011-02-14 44624]
S3 easytether;easytether;c:\windows\system32\DRIVERS\easytthr.sys [2012-06-06 20784]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys [2012-11-30 29016]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2012-11-30 29528]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-05-13 157672]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-05-13 16872]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-05-13 177640]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-24 13:09]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AcWin7Hlpr"="c:\program files (x86)\Lenovo\Access Connections\AcTBenabler.exe" [2011-10-20 33344]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2011-06-10 5990200]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-05-31 1694016]
"PSQLLauncher"="c:\program files\ThinkVantage Fingerprint Software\launcher.exe" [2011-07-14 85832]
"TpShocks"="TpShocks.exe" [2012-06-21 222720]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.speedbit.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Download with &DAP - c:\program files (x86)\DAP\dapextie.htm
IE: &Verify with DAP - c:\program files (x86)\DAP\dapverify.htm
IE: Add to Anti-Banner - c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Download &all with DAP - c:\program files (x86)\DAP\dapextie2.htm
IE: Download with Xilisoft YouTube Video Converter - c:\program files (x86)\Xilisoft\YouTube Video Converter\upod_link.HTM
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Закачать ВСЕ при помощи Download Master
IE: Закачать при помощи Download Master
IE: Передать на удаленную закачку DM
TCP: DhcpNameServer = 192.168.2.1
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{00C6482D-C502-44C8-8409-FCE54AD9C208}"=hex:51,66,7a,6c,4c,1d,38,12,43,4b,d5,
04,30,8b,a6,01,fb,1f,bf,a5,4f,87,86,1c
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{381FFDE8-2394-4F90-B10D-FC6124A40F8C}"=hex:51,66,7a,6c,4c,1d,38,12,86,fe,0c,
3c,a6,6d,fe,0a,ce,1b,bf,21,21,fa,4b,98
"{6E45F3E8-2683-4824-A6BE-08108022FB36}"=hex:51,66,7a,6c,4c,1d,38,12,86,f0,56,
6a,b1,68,4a,0d,d9,a8,4b,50,85,7c,bf,22
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3}"=hex:51,66,7a,6c,4c,1d,38,12,ed,e2,e6,
8b,ec,e5,85,03,cf,88,91,ea,bc,02,ef,f7
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{BF468356-BB7E-42D7-9F15-4F3B9BCFCED2}"=hex:51,66,7a,6c,4c,1d,38,12,38,80,55,
bb,4c,f5,b9,07,e0,03,0c,7b,9e,91,8a,c6
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:37,62,4c,48,f5,5a,cd,01
.
[HKEY_USERS\S-1-5-21-1119690581-3265781577-448518777-1000_Classes\Wow6432Node\CLSID\{1fd0bcac-0532-4323-b71c-89962c97e3a4}]
@Denied: (Full) (Everyone)
"Model"=dword:000000df
"Therad"=dword:00000016
.
[HKEY_USERS\S-1-5-21-1119690581-3265781577-448518777-1000_Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):f8,1f,d2,ed,8d,14,2f,01,c2,7e,24,73,3e,a0,91,5f,d1,3b,c9,70,66,
f4,f5,e6,14,69,63,25,e2,35,95,68,8d,85,da,71,51,dd,98,eb,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0\Alias]
@=""
"0"="ActionsPane Schema for Add-Ins"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0\Solutions\http://schemas.microsoft.com/office/smartdocuments/2003\0]
"Key"="http://schemas.microsoft.com/office/smartdocuments/2003"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0\Solutions\http://schemas.microsoft.com/office/smartdocuments/2003\0\{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}\Alias]
"0"="Microsoft Actions Pane 3"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-12-17 14:09:04
ComboFix-quarantined-files.txt 2012-12-17 19:09
ComboFix2.txt 2012-12-14 03:17
ComboFix3.txt 2012-12-08 17:05
.
Pre-Run: 96,538,689,536 bytes free
Post-Run: 96,435,449,856 bytes free
.
- - End Of File - - 725835FB415656CD25D2620C91614A99

#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:19 PM

Posted 17 December 2012 - 08:42 PM

Hi Dave,

I am going to have you run a Combofix script to delete some entries.

I noticed you have CleanMem Mini Monitor installed on your computer. This program is known to make efforts to connect to the internet. You might try disabling the program and see if it makes any difference.

Please do this.


===================================================


Running Combofix Script

-------------------

  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open notepad and copy/paste the text below into the Notepad document

    File::
    c:\windows\SysWow64\REN3C89.tmp
    c:\windows\SysWow64\REN3C88.tmp
    C:\Windows\SysWow64\CoreObjX62.dll
    RegLockDel::
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{5B51B86E-6A75-451B-9F35-C2403FC7CF00}]
    [HKEY_USERS\S-1-5-21-1119690581-3265781577-448518777-1000_Classes\Wow6432Node\CLSID\{1fd0bcac-0532-4323-b71c-89962c97e3a4}]
    DDS::
    IE: Закачать ВСЕ при помощи Download Master
    IE: Закачать при помощи Download Master
    IE: Передать на удаленную закачку DM
    

  • Save this on your desktop as CFScript.txt.


    Posted Image

  • Referring to the picture above, drag CFScript.txt into ComboFix.exe
  • When finished, it will create a log for you at C:\ComboFix.txt. Please copy/paste the information in your next reply.

===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • Combofix log
  • Please recap remaining issues

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users