Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

registry compromised?


  • Please log in to reply
7 replies to this topic

#1 bluedog22

bluedog22

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:31 AM

Posted 03 February 2013 - 09:57 PM

Not sure what's going on, computer recently super slow, pages hang. Sometimes I can move the curser, but the keyboard won't work. Occasionally browser page gets redirected, but not always. When this does happen I always get a popup asking if I'm sure I want to leave the (unwanted) page.
I've downloaded and run several removal programs, ( Malwarebytes, spybot, and superantispyware)as well as scanning with microsoft security essentials.
All programs find issues and ask if I want to remove them.( Which I awnser yes to. )They seem to remove offending entities and I always reboot afterward.
However problems still exist and when I run another scan to check, same nasty bugs show up. funmoods specifically is always found in registry and I cant seem to remove it.
Any help you can offer would be sincerely appreciated.
Thanks!

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:31 AM

Posted 03 February 2013 - 10:02 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here.If you get crashes in normal mode,run it in safemode with networking

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 bluedog22

bluedog22
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:31 AM

Posted 04 February 2013 - 08:58 PM

Here are the logs and the results from the eset scan



09:35:38.0534 23344 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
09:35:39.0584 23344 ============================================================
09:35:39.0584 23344 Current date / time: 2013/02/04 09:35:39.0584
09:35:39.0584 23344 SystemInfo:
09:35:39.0584 23344
09:35:39.0584 23344 OS Version: 6.1.7601 ServicePack: 1.0
09:35:39.0584 23344 Product type: Workstation
09:35:39.0584 23344 ComputerName: OWNER-THINK
09:35:39.0585 23344 UserName: Owner
09:35:39.0585 23344 Windows directory: C:\Windows
09:35:39.0585 23344 System windows directory: C:\Windows
09:35:39.0585 23344 Running under WOW64
09:35:39.0585 23344 Processor architecture: Intel x64
09:35:39.0585 23344 Number of processors: 4
09:35:39.0585 23344 Page size: 0x1000
09:35:39.0585 23344 Boot type: Normal boot
09:35:39.0585 23344 ============================================================
09:35:45.0608 23344 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
09:35:45.0628 23344 ============================================================
09:35:45.0628 23344 \Device\Harddisk0\DR0:
09:35:45.0628 23344 MBR partitions:
09:35:45.0628 23344 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2EE000
09:35:45.0628 23344 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x239CF800
09:35:45.0628 23344 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x23CBE000, BlocksNum 0x1770000
09:35:45.0628 23344 ============================================================
09:35:46.0151 23344 C: <-> \Device\Harddisk0\DR0\Partition2
09:35:46.0343 23344 Q: <-> \Device\Harddisk0\DR0\Partition3
09:35:46.0403 23344 ============================================================
09:35:46.0403 23344 Initialize success
09:35:46.0403 23344 ============================================================
09:36:55.0089 20608 ============================================================
09:36:55.0089 20608 Scan started
09:36:55.0090 20608 Mode: Manual;
09:36:55.0090 20608 ============================================================
09:36:56.0294 20608 ================ Scan system memory ========================
09:36:56.0294 20608 System memory - ok
09:36:56.0294 20608 ================ Scan services =============================
09:36:57.0227 20608 [ 581D88B25C4D4121824FED2CA38E562F ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
09:36:57.0230 20608 !SASCORE - ok
09:37:08.0790 7684 ============================================================
09:37:08.0790 7684 Scan started
09:37:08.0790 7684 Mode: Manual; TDLFS;
09:37:08.0790 7684 ============================================================
09:37:09.0893 7684 ================ Scan system memory ========================
09:37:09.0893 7684 System memory - ok
09:37:09.0894 7684 ================ Scan services =============================
09:37:10.0383 7684 [ 581D88B25C4D4121824FED2CA38E562F ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
09:37:10.0384 7684 !SASCORE - ok
09:37:10.0910 7684 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
09:37:10.0913 7684 1394ohci - ok
09:37:11.0283 7684 [ F4AF97702BAD85BFEF64B9A557F11B6F ] 5U877 C:\Windows\system32\DRIVERS\5U877.sys
09:37:11.0286 7684 5U877 - ok
09:37:11.0488 7684 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
09:37:11.0492 7684 ACPI - ok
09:37:11.0690 7684 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
09:37:11.0692 7684 AcpiPmi - ok
09:37:12.0486 7684 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
09:37:12.0488 7684 AdobeARMservice - ok
09:37:14.0101 7684 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
09:37:14.0105 7684 AdobeFlashPlayerUpdateSvc - ok
09:37:14.0339 7684 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
09:37:14.0558 7684 adp94xx - ok
09:37:14.0932 7684 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
09:37:14.0938 7684 adpahci - ok
09:37:15.0055 7684 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
09:37:15.0058 7684 adpu320 - ok
09:37:15.0150 7684 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
09:37:15.0152 7684 AeLookupSvc - ok
09:37:15.0477 7684 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
09:37:15.0485 7684 AFD - ok
09:37:15.0593 7684 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
09:37:18.0149 7684 agp440 - ok
09:37:18.0794 7684 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
09:37:18.0796 7684 ALG - ok
09:37:18.0928 7684 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
09:37:18.0929 7684 aliide - ok
09:37:19.0162 7684 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
09:37:19.0164 7684 amdide - ok
09:37:19.0819 7684 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
09:37:19.0821 7684 AmdK8 - ok
09:37:19.0897 7684 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
09:37:19.0900 7684 AmdPPM - ok
09:37:20.0173 7684 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
09:37:20.0175 7684 amdsata - ok
09:37:20.0601 7684 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
09:37:20.0604 7684 amdsbs - ok
09:37:20.0808 7684 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
09:37:20.0810 7684 amdxata - ok
09:37:21.0136 7684 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
09:37:21.0138 7684 AppID - ok
09:37:21.0261 7684 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
09:37:21.0262 7684 AppIDSvc - ok
09:37:21.0513 7684 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
09:37:21.0516 7684 Appinfo - ok
09:37:22.0341 7684 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
09:37:22.0343 7684 Apple Mobile Device - ok
09:37:22.0925 7684 [ DCEBADAB68650A3EC48FDC102A6D67E8 ] Application Sendori C:\Program Files (x86)\Sendori\SendoriSvc.exe
09:37:23.0220 7684 Application Sendori - ok
09:37:23.0444 7684 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
09:37:23.0446 7684 AppMgmt - ok
09:37:23.0502 7684 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
09:37:23.0512 7684 arc - ok
09:37:23.0589 7684 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
09:37:23.0592 7684 arcsas - ok
09:37:23.0709 7684 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
09:37:23.0710 7684 AsyncMac - ok
09:37:23.0834 7684 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
09:37:23.0835 7684 atapi - ok
09:37:24.0281 7684 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
09:37:24.0293 7684 AudioEndpointBuilder - ok
09:37:24.0309 7684 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
09:37:24.0314 7684 AudioSrv - ok
09:37:25.0254 7684 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
09:37:25.0257 7684 AxInstSV - ok
09:37:25.0881 7684 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
09:37:25.0999 7684 b06bdrv - ok
09:37:26.0566 7684 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
09:37:26.0579 7684 b57nd60a - ok
09:37:26.0968 7684 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
09:37:26.0971 7684 BDESVC - ok
09:37:27.0075 7684 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
09:37:27.0077 7684 Beep - ok
09:37:27.0437 7684 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
09:37:27.0501 7684 BFE - ok
09:37:28.0254 7684 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
09:37:29.0243 7684 BITS - ok
09:37:29.0421 7684 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
09:37:29.0422 7684 blbdrive - ok
09:37:29.0946 7684 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
09:37:29.0953 7684 Bonjour Service - ok
09:37:30.0012 7684 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
09:37:30.0014 7684 bowser - ok
09:37:30.0269 7684 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
09:37:30.0271 7684 BrFiltLo - ok
09:37:30.0363 7684 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
09:37:30.0365 7684 BrFiltUp - ok
09:37:30.0523 7684 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
09:37:30.0526 7684 Browser - ok
09:37:30.0772 7684 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
09:37:30.0775 7684 Brserid - ok
09:37:30.0859 7684 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
09:37:30.0861 7684 BrSerWdm - ok
09:37:30.0982 7684 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
09:37:31.0021 7684 BrUsbMdm - ok
09:37:31.0189 7684 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
09:37:31.0191 7684 BrUsbSer - ok
09:37:31.0279 7684 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
09:37:31.0281 7684 BTHMODEM - ok
09:37:31.0411 7684 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
09:37:31.0413 7684 bthserv - ok
09:37:32.0125 7684 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
09:37:32.0127 7684 cdfs - ok
09:37:32.0807 7684 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
09:37:32.0809 7684 cdrom - ok
09:37:33.0037 7684 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
09:37:33.0039 7684 CertPropSvc - ok
09:37:33.0205 7684 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
09:37:33.0207 7684 circlass - ok
09:37:33.0729 7684 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
09:37:33.0737 7684 CLFS - ok
09:37:34.0090 7684 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:37:34.0093 7684 clr_optimization_v2.0.50727_32 - ok
09:37:34.0185 7684 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
09:37:34.0191 7684 clr_optimization_v2.0.50727_64 - ok
09:37:34.0404 7684 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:37:35.0015 7684 clr_optimization_v4.0.30319_32 - ok
09:37:35.0366 7684 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
09:37:35.0369 7684 clr_optimization_v4.0.30319_64 - ok
09:37:35.0531 7684 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
09:37:35.0533 7684 CmBatt - ok
09:37:35.0597 7684 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
09:37:35.0652 7684 cmdide - ok
09:37:36.0093 7684 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys
09:37:36.0168 7684 CNG - ok
09:37:36.0677 7684 [ 290CD2777CAF8A5E5499C7FC9E74CB87 ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT64.sys
09:37:36.0750 7684 CnxtHdAudService - ok
09:37:36.0888 7684 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
09:37:36.0889 7684 Compbatt - ok
09:37:36.0926 7684 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
09:37:36.0928 7684 CompositeBus - ok
09:37:36.0950 7684 COMSysApp - ok
09:37:37.0292 7684 [ EAC0CBC5EA44F47C8F5DA0B937DC0FC3 ] CrashPlanService C:\Program Files\CrashPlan\CrashPlanService.exe
09:37:44.0217 7684 CrashPlanService - ok
09:37:44.0287 7684 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
09:37:44.0335 7684 crcdisk - ok
09:37:44.0558 7684 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
09:37:44.0569 7684 CryptSvc - ok
09:37:44.0686 7684 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
09:37:44.0693 7684 CSC - ok
09:37:45.0070 7684 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
09:37:45.0129 7684 CscService - ok
09:37:45.0279 7684 [ 9D0D050170D47E778B624A28C90F23DE ] CxAudMsg C:\Windows\system32\CxAudMsg64.exe
09:37:46.0612 7684 CxAudMsg - ok
09:37:46.0739 7684 [ C7259495924D21F1AFA26467D9F4DAE0 ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys
09:37:46.0741 7684 dc3d - ok
09:37:47.0201 7684 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
09:37:47.0288 7684 DcomLaunch - ok
09:37:47.0452 7684 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
09:37:47.0462 7684 defragsvc - ok
09:37:47.0535 7684 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
09:37:47.0537 7684 DfsC - ok
09:37:47.0734 7684 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
09:37:47.0740 7684 Dhcp - ok
09:37:47.0798 7684 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
09:37:47.0800 7684 discache - ok
09:37:48.0055 7684 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
09:37:48.0057 7684 Disk - ok
09:37:48.0116 7684 [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
09:37:48.0118 7684 dmvsc - ok
09:37:48.0288 7684 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
09:37:48.0291 7684 Dnscache - ok
09:37:48.0406 7684 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
09:37:48.0410 7684 dot3svc - ok
09:37:48.0486 7684 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
09:37:48.0488 7684 DPS - ok
09:37:48.0718 7684 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
09:37:48.0720 7684 drmkaud - ok
09:37:48.0839 7684 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
09:37:48.0948 7684 DXGKrnl - ok
09:37:49.0124 7684 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
09:37:49.0126 7684 EapHost - ok
09:37:50.0508 7684 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
09:37:50.0643 7684 ebdrv - ok
09:37:50.0698 7684 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
09:37:50.0875 7684 EFS - ok
09:37:51.0119 7684 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
09:37:51.0170 7684 ehRecvr - ok
09:37:51.0328 7684 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
09:37:51.0330 7684 ehSched - ok
09:37:51.0539 7684 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
09:37:51.0559 7684 elxstor - ok
09:37:51.0635 7684 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
09:37:51.0636 7684 ErrDev - ok
09:37:52.0047 7684 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
09:37:52.0052 7684 EventSystem - ok
09:37:52.0162 7684 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
09:37:52.0165 7684 exfat - ok
09:37:52.0248 7684 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
09:37:52.0252 7684 fastfat - ok
09:37:52.0476 7684 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
09:37:52.0504 7684 Fax - ok
09:37:52.0588 7684 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
09:37:52.0589 7684 fdc - ok
09:37:52.0635 7684 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
09:37:52.0636 7684 fdPHost - ok
09:37:52.0740 7684 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
09:37:52.0741 7684 FDResPub - ok
09:37:52.0815 7684 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
09:37:52.0816 7684 FileInfo - ok
09:37:52.0937 7684 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
09:37:52.0938 7684 Filetrace - ok
09:37:53.0068 7684 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
09:37:53.0069 7684 flpydisk - ok
09:37:53.0150 7684 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
09:37:53.0155 7684 FltMgr - ok
09:37:53.0438 7684 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
09:37:53.0507 7684 FontCache - ok
09:37:53.0781 7684 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
09:37:53.0970 7684 FontCache3.0.0.0 - ok
09:37:54.0634 7684 [ D40B85303BCFF96A717392B06FB015C4 ] Freemake Improver C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
09:38:00.0608 7684 Freemake Improver - ok
09:38:00.0705 7684 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
09:38:00.0707 7684 FsDepends - ok
09:38:00.0826 7684 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
09:38:00.0827 7684 Fs_Rec - ok
09:38:01.0041 7684 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
09:38:01.0045 7684 fvevol - ok
09:38:01.0500 7684 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
09:38:01.0503 7684 gagp30kx - ok
09:38:01.0698 7684 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
09:38:01.0700 7684 GEARAspiWDM - ok
09:38:01.0941 7684 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
09:38:01.0986 7684 gpsvc - ok
09:38:02.0265 7684 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
09:38:02.0269 7684 gupdate - ok
09:38:02.0329 7684 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
09:38:02.0330 7684 gupdatem - ok
09:38:02.0567 7684 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
09:38:02.0570 7684 gusvc - ok
09:38:02.0624 7684 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
09:38:02.0626 7684 hcw85cir - ok
09:38:02.0803 7684 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
09:38:02.0891 7684 HdAudAddService - ok
09:38:03.0021 7684 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
09:38:03.0024 7684 HDAudBus - ok
09:38:03.0068 7684 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
09:38:03.0070 7684 HidBatt - ok
09:38:03.0115 7684 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
09:38:03.0117 7684 HidBth - ok
09:38:03.0185 7684 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
09:38:03.0187 7684 HidIr - ok
09:38:03.0261 7684 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
09:38:03.0263 7684 hidserv - ok
09:38:03.0397 7684 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
09:38:03.0399 7684 HidUsb - ok
09:38:03.0670 7684 [ 9C66FEEFCA9D5DD712AB78D17BB16DA8 ] HitmanProScheduler C:\Program Files\HitmanPro\hmpsched.exe
09:38:03.0704 7684 HitmanProScheduler - ok
09:38:03.0795 7684 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
09:38:03.0798 7684 hkmsvc - ok
09:38:03.0851 7684 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
09:38:03.0855 7684 HomeGroupListener - ok
09:38:03.0918 7684 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
09:38:03.0922 7684 HomeGroupProvider - ok
09:38:04.0010 7684 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
09:38:04.0012 7684 HpSAMD - ok
09:38:04.0103 7684 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
09:38:04.0159 7684 HTTP - ok
09:38:04.0201 7684 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
09:38:04.0212 7684 hwpolicy - ok
09:38:04.0684 7684 [ E935C8099F9196BF19224D9EE4808612 ] HyperW7Svc C:\Program Files\Lenovo\RapidBoot\HyperW7Svc64.exe
09:38:05.0015 7684 HyperW7Svc - ok
09:38:05.0169 7684 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
09:38:05.0172 7684 i8042prt - ok
09:38:05.0301 7684 [ D7921D5A870B11CC1ADAB198A519D50A ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
09:38:05.0304 7684 iaStor - ok
09:38:05.0553 7684 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
09:38:05.0558 7684 iaStorV - ok
09:38:05.0667 7684 [ B21087E1A64FD474BF3E1A602A714F1F ] IBMPMDRV C:\Windows\system32\DRIVERS\ibmpmdrv.sys
09:38:05.0669 7684 IBMPMDRV - ok
09:38:05.0785 7684 [ A3E4DE0F77031061972485EF9BD8E4D0 ] IBMPMSVC C:\Windows\system32\ibmpmsvc.exe
09:38:05.0786 7684 IBMPMSVC - ok
09:38:06.0146 7684 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
09:38:06.0286 7684 idsvc - ok
09:38:06.0955 7684 [ 33FAA40B288002C89529DBD14F3AB72C ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
09:38:07.0182 7684 igfx - ok
09:38:07.0320 7684 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
09:38:07.0323 7684 iirsp - ok
09:38:07.0461 7684 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
09:38:07.0619 7684 IKEEXT - ok
09:38:07.0779 7684 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
09:38:07.0783 7684 IntcDAud - ok
09:38:07.0829 7684 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
09:38:07.0831 7684 intelide - ok
09:38:07.0929 7684 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
09:38:07.0931 7684 intelppm - ok
09:38:08.0078 7684 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
09:38:08.0080 7684 IPBusEnum - ok
09:38:08.0133 7684 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:38:08.0134 7684 IpFilterDriver - ok
09:38:08.0223 7684 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
09:38:08.0275 7684 iphlpsvc - ok
09:38:08.0311 7684 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
09:38:08.0313 7684 IPMIDRV - ok
09:38:08.0477 7684 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
09:38:08.0480 7684 IPNAT - ok
09:38:08.0744 7684 [ 0F261EC4F514926177C70C1832374231 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
09:38:08.0751 7684 iPod Service - ok
09:38:08.0813 7684 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
09:38:08.0815 7684 IRENUM - ok
09:38:08.0890 7684 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
09:38:08.0897 7684 isapnp - ok
09:38:08.0989 7684 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
09:38:08.0993 7684 iScsiPrt - ok
09:38:09.0457 7684 [ 6C85719A21B3F62C2C76280F4BD36C7B ] jhi_service C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
09:38:09.0556 7684 jhi_service - ok
09:38:09.0604 7684 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
09:38:09.0605 7684 kbdclass - ok
09:38:09.0810 7684 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
09:38:09.0823 7684 kbdhid - ok
09:38:09.0854 7684 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
09:38:09.0856 7684 KeyIso - ok
09:38:09.0974 7684 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
09:38:09.0976 7684 KSecDD - ok
09:38:10.0087 7684 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
09:38:10.0090 7684 KSecPkg - ok
09:38:10.0250 7684 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
09:38:10.0251 7684 ksthunk - ok
09:38:10.0401 7684 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
09:38:10.0407 7684 KtmRm - ok
09:38:10.0646 7684 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
09:38:11.0557 7684 LanmanServer - ok
09:38:11.0611 7684 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
09:38:11.0614 7684 LanmanWorkstation - ok
09:38:11.0707 7684 [ 56B74943929BC575914631EDC0E72220 ] LENOVO.CAMMUTE C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
09:38:11.0709 7684 LENOVO.CAMMUTE - ok
09:38:11.0814 7684 [ 340288B3B2EDC8AFD5FF127DF85142A7 ] LENOVO.MICMUTE C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
09:38:11.0817 7684 LENOVO.MICMUTE - ok
09:38:11.0919 7684 [ 2B9D8555DC004E240082D18E7725CE20 ] lenovo.smi C:\Windows\system32\DRIVERS\smiifx64.sys
09:38:11.0921 7684 lenovo.smi - ok
09:38:12.0266 7684 [ F9B51B2A5DA1222A910021C71E9EA559 ] LENOVO.TPKNRSVC C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
09:38:12.0281 7684 LENOVO.TPKNRSVC - ok
09:38:12.0417 7684 [ F7DE50781DC4D162C1005EB30D98F931 ] Lenovo.VIRTSCRLSVC C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
09:38:15.0284 7684 Lenovo.VIRTSCRLSVC - ok
09:38:15.0464 7684 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
09:38:15.0465 7684 lltdio - ok
09:38:15.0526 7684 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
09:38:15.0532 7684 lltdsvc - ok
09:38:15.0565 7684 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
09:38:15.0567 7684 lmhosts - ok
09:38:15.0662 7684 [ E7859BA062DB5E23C6DD34AD66B09F50 ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
09:38:15.0666 7684 LMS - ok
09:38:15.0789 7684 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
09:38:15.0791 7684 LSI_FC - ok
09:38:16.0411 7684 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
09:38:16.0483 7684 LSI_SAS - ok
09:38:16.0589 7684 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
09:38:16.0591 7684 LSI_SAS2 - ok
09:38:16.0649 7684 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
09:38:16.0652 7684 LSI_SCSI - ok
09:38:16.0838 7684 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
09:38:16.0840 7684 luafv - ok
09:38:17.0175 7684 [ 92EB844D90615CB266F84C3202B8786E ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
09:38:17.0176 7684 MBAMProtector - ok
09:38:17.0522 7684 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
09:38:17.0527 7684 MBAMScheduler - ok
09:38:17.0768 7684 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
09:38:17.0829 7684 MBAMService - ok
09:38:18.0119 7684 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
09:38:18.0123 7684 Mcx2Svc - ok
09:38:18.0230 7684 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
09:38:18.0231 7684 megasas - ok
09:38:18.0388 7684 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
09:38:18.0392 7684 MegaSR - ok
09:38:18.0505 7684 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
09:38:18.0506 7684 MEIx64 - ok
09:38:18.0656 7684 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
09:38:18.0659 7684 MMCSS - ok
09:38:18.0732 7684 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
09:38:18.0733 7684 Modem - ok
09:38:18.0840 7684 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
09:38:18.0847 7684 monitor - ok
09:38:18.0929 7684 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
09:38:18.0930 7684 mouclass - ok
09:38:19.0022 7684 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
09:38:19.0036 7684 mouhid - ok
09:38:19.0104 7684 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
09:38:19.0113 7684 mountmgr - ok
09:38:19.0312 7684 [ 05BF204EC0E82CC4A054DB189C8A3D84 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
09:38:19.0315 7684 MpFilter - ok
09:38:20.0999 7684 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
09:38:30.0699 7684 mpio - ok
09:38:30.0755 7684 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
09:38:30.0764 7684 mpsdrv - ok
09:38:31.0017 7684 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
09:38:31.0250 7684 MpsSvc - ok
09:38:31.0306 7684 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
09:38:31.0309 7684 MRxDAV - ok
09:38:31.0479 7684 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
09:38:31.0481 7684 mrxsmb - ok
09:38:31.0673 7684 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:38:31.0677 7684 mrxsmb10 - ok
09:38:31.0702 7684 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:38:31.0704 7684 mrxsmb20 - ok
09:38:31.0775 7684 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
09:38:31.0777 7684 msahci - ok
09:38:31.0880 7684 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
09:38:31.0883 7684 msdsm - ok
09:38:32.0019 7684 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
09:38:32.0022 7684 MSDTC - ok
09:38:32.0193 7684 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
09:38:32.0195 7684 Msfs - ok
09:38:32.0248 7684 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
09:38:32.0249 7684 mshidkmdf - ok
09:38:32.0340 7684 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
09:38:32.0342 7684 msisadrv - ok
09:38:32.0550 7684 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
09:38:33.0284 7684 MSiSCSI - ok
09:38:33.0290 7684 msiserver - ok
09:38:33.0355 7684 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
09:38:33.0357 7684 MSKSSRV - ok
09:38:33.0550 7684 [ CC8E4F72F21340A4D3A3D4DB50313EF5 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
09:38:33.0551 7684 MsMpSvc - ok
09:38:33.0832 7684 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
09:38:33.0833 7684 MSPCLOCK - ok
09:38:33.0969 7684 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
09:38:33.0970 7684 MSPQM - ok
09:38:34.0051 7684 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
09:38:34.0060 7684 MsRPC - ok
09:38:34.0233 7684 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
09:38:34.0235 7684 mssmbios - ok
09:38:34.0420 7684 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
09:38:34.0421 7684 MSTEE - ok
09:38:34.0522 7684 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
09:38:34.0540 7684 MTConfig - ok
09:38:34.0594 7684 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
09:38:34.0596 7684 Mup - ok
09:38:34.0945 7684 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
09:38:34.0965 7684 napagent - ok
09:38:35.0349 7684 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
09:38:35.0391 7684 NativeWifiP - ok
09:38:35.0676 7684 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
09:38:35.0778 7684 NDIS - ok
09:38:35.0907 7684 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
09:38:35.0909 7684 NdisCap - ok
09:38:36.0069 7684 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
09:38:36.0071 7684 NdisTapi - ok
09:38:36.0238 7684 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
09:38:36.0240 7684 Ndisuio - ok
09:38:36.0286 7684 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
09:38:36.0289 7684 NdisWan - ok
09:38:36.0602 7684 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
09:38:36.0604 7684 NDProxy - ok
09:38:36.0811 7684 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
09:38:36.0813 7684 NetBIOS - ok
09:38:36.0956 7684 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
09:38:37.0022 7684 NetBT - ok
09:38:37.0211 7684 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
09:38:37.0215 7684 Netlogon - ok
09:38:37.0579 7684 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
09:38:37.0587 7684 Netman - ok
09:38:37.0778 7684 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
09:38:37.0849 7684 netprofm - ok
09:38:37.0932 7684 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
09:38:37.0935 7684 NetTcpPortSharing - ok
09:38:38.0051 7684 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
09:38:38.0053 7684 nfrd960 - ok
09:38:38.0315 7684 [ 5FF89F20317309D28AC1EDEB0CD1BA72 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
09:38:38.0357 7684 NisDrv - ok
09:38:38.0481 7684 [ 79E80B10FE8F6662E0C9162A68C43444 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
09:38:38.0489 7684 NisSrv - ok
09:38:39.0066 7684 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
09:38:39.0089 7684 NlaSvc - ok
09:38:39.0131 7684 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
09:38:39.0132 7684 Npfs - ok
09:38:39.0296 7684 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
09:38:39.0299 7684 nsi - ok
09:38:39.0358 7684 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
09:38:39.0359 7684 nsiproxy - ok
09:38:39.0956 7684 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
09:38:39.0994 7684 Ntfs - ok
09:38:40.0018 7684 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
09:38:40.0019 7684 Null - ok
09:38:40.0128 7684 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
09:38:40.0130 7684 nvraid - ok
09:38:40.0205 7684 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
09:38:40.0272 7684 nvstor - ok
09:38:40.0297 7684 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
09:38:40.0300 7684 nv_agp - ok
09:38:40.0323 7684 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
09:38:40.0327 7684 ohci1394 - ok
09:38:40.0581 7684 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:38:40.0637 7684 ose - ok
09:38:41.0720 7684 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
09:38:41.0834 7684 osppsvc - ok
09:38:42.0023 7684 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
09:38:42.0067 7684 p2pimsvc - ok
09:38:42.0209 7684 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
09:38:42.0263 7684 p2psvc - ok
09:38:42.0407 7684 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
09:38:42.0409 7684 Parport - ok
09:38:42.0446 7684 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
09:38:42.0449 7684 partmgr - ok
09:38:42.0597 7684 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
09:38:42.0664 7684 PcaSvc - ok
09:38:43.0748 7684 [ 4B5F5774FF1C577B9515FDD2B5C535C5 ] PCDSRVC{127174DC-C366ED8B-06020200}_0 c:\program files\pc-doctor\pcdsrvc_x64.pkms
09:38:44.0115 7684 PCDSRVC{127174DC-C366ED8B-06020200}_0 - ok
09:38:44.0281 7684 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
09:38:44.0284 7684 pci - ok
09:38:44.0313 7684 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
09:38:44.0314 7684 pciide - ok
09:38:44.0428 7684 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
09:38:44.0431 7684 pcmcia - ok
09:38:44.0462 7684 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
09:38:44.0464 7684 pcw - ok
09:38:44.0550 7684 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
09:38:44.0559 7684 PEAUTH - ok
09:38:44.0972 7684 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
09:38:45.0060 7684 PeerDistSvc - ok
09:38:46.0039 7684 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
09:38:46.0041 7684 PerfHost - ok
09:38:46.0567 7684 [ 52C9F4359AF4A25969B882AECC6F3BDA ] PHCORE C:\Program Files\Lenovo\RapidBoot\PHCORE64.SYS
09:38:46.0619 7684 PHCORE - ok
09:38:48.0519 7684 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
09:38:52.0659 7684 pla - ok
09:38:53.0096 7684 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
09:38:53.0105 7684 PlugPlay - ok
09:38:53.0334 7684 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
09:38:53.0337 7684 PNRPAutoReg - ok
09:38:53.0378 7684 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
09:38:53.0381 7684 PNRPsvc - ok
09:38:53.0880 7684 [ 6F5DDC52A9103CC8E1ED5892C1D15613 ] Point64 C:\Windows\system32\DRIVERS\point64.sys
09:38:53.0882 7684 Point64 - ok
09:38:54.0071 7684 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
09:38:54.0077 7684 PolicyAgent - ok
09:38:54.0697 7684 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
09:38:54.0786 7684 Power - ok
09:38:55.0365 7684 [ 0BF1D6B41E4D4376BE4E4FA31D1A88C0 ] Power Manager DBC Service C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
09:38:55.0493 7684 Power Manager DBC Service - ok
09:38:56.0094 7684 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
09:38:56.0097 7684 PptpMiniport - ok
09:38:56.0186 7684 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
09:38:56.0188 7684 Processor - ok
09:38:56.0503 7684 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
09:38:56.0507 7684 ProfSvc - ok
09:38:56.0532 7684 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
09:38:56.0534 7684 ProtectedStorage - ok
09:38:56.0698 7684 [ B8035AF9CC0CCBA9A09AC0A0D9801797 ] psadd C:\Windows\system32\DRIVERS\psadd.sys
09:38:56.0700 7684 psadd - ok
09:38:57.0684 7684 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
09:38:57.0862 7684 Psched - ok
09:38:58.0293 7684 [ 543A4EF0923BF70D126625B034EF25AF ] PSI_SVC_2 C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
09:38:58.0296 7684 PSI_SVC_2 - ok
09:38:58.0493 7684 [ D20BF8B293EB90E3C4ED2F38B51948A1 ] PwmEWSvc C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE
09:38:58.0496 7684 PwmEWSvc - ok
09:38:59.0373 7684 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
09:38:59.0450 7684 ql2300 - ok
09:38:59.0755 7684 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
09:38:59.0758 7684 ql40xx - ok
09:38:59.0868 7684 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
09:38:59.0872 7684 QWAVE - ok
09:38:59.0951 7684 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
09:38:59.0953 7684 QWAVEdrv - ok
09:38:59.0988 7684 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
09:38:59.0990 7684 RasAcd - ok
09:39:00.0103 7684 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
09:39:00.0105 7684 RasAgileVpn - ok
09:39:00.0153 7684 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
09:39:00.0156 7684 RasAuto - ok
09:39:00.0230 7684 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
09:39:00.0235 7684 Rasl2tp - ok
09:39:00.0454 7684 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
09:39:00.0460 7684 RasMan - ok
09:39:00.0657 7684 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
09:39:00.0659 7684 RasPppoe - ok
09:39:00.0768 7684 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
09:39:00.0770 7684 RasSstp - ok
09:39:00.0841 7684 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
09:39:00.0845 7684 rdbss - ok
09:39:00.0930 7684 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
09:39:03.0663 7684 rdpbus - ok
09:39:04.0119 7684 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
09:39:04.0120 7684 RDPCDD - ok
09:39:04.0248 7684 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
09:39:04.0253 7684 RDPDR - ok
09:39:04.0343 7684 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
09:39:04.0345 7684 RDPENCDD - ok
09:39:04.0460 7684 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
09:39:04.0462 7684 RDPREFMP - ok
09:39:04.0796 7684 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
09:39:05.0321 7684 RdpVideoMiniport - ok
09:39:05.0529 7684 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
09:39:05.0640 7684 RDPWD - ok
09:39:05.0811 7684 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
09:39:05.0814 7684 rdyboost - ok
09:39:05.0945 7684 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
09:39:05.0948 7684 RemoteAccess - ok
09:39:06.0035 7684 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
09:39:06.0039 7684 RemoteRegistry - ok
09:39:06.0110 7684 [ 5A227511ED22DDFEDF7EF7323C8F7D2F ] risdxc C:\Windows\system32\DRIVERS\risdxc64.sys
09:39:06.0112 7684 risdxc - ok
09:39:06.0201 7684 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
09:39:06.0204 7684 RpcEptMapper - ok
09:39:06.0278 7684 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
09:39:06.0280 7684 RpcLocator - ok
09:39:06.0380 7684 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
09:39:06.0385 7684 RpcSs - ok
09:39:06.0573 7684 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
09:39:06.0635 7684 rspndr - ok
09:39:06.0924 7684 [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
09:39:06.0932 7684 RTL8167 - ok
09:39:07.0401 7684 [ 513338976B722822B555D739D78F9E9F ] RTL8192Ce C:\Windows\system32\DRIVERS\rtl8192Ce.sys
09:39:07.0417 7684 RTL8192Ce - ok
09:39:07.0688 7684 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
09:39:07.0689 7684 s3cap - ok
09:39:07.0733 7684 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
09:39:07.0735 7684 SamSs - ok
09:39:07.0981 7684 [ 3289766038DB2CB14D07DC84392138D5 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
09:39:07.0983 7684 SASDIFSV - ok
09:39:07.0987 7684 SAService - ok
09:39:08.0069 7684 [ 58A38E75F3316A83C23DF6173D41F2B5 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
09:39:08.0070 7684 SASKUTIL - ok
09:39:08.0157 7684 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
09:39:08.0159 7684 sbp2port - ok
09:39:08.0324 7684 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
09:39:08.0329 7684 SCardSvr - ok
09:39:08.0458 7684 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
09:39:08.0460 7684 scfilter - ok
09:39:09.0153 7684 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
09:39:09.0238 7684 Schedule - ok
09:39:09.0461 7684 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
09:39:09.0463 7684 SCPolicySvc - ok
09:39:09.0597 7684 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
09:39:09.0601 7684 SDRSVC - ok
09:39:10.0334 7684 [ 206387AB881E93A1A6EB89966C8651F1 ] SDScannerService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
09:39:10.0349 7684 SDScannerService - ok
09:39:11.0362 7684 [ A529CFE32565C0B145578FFB2B32C9A5 ] SDUpdateService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
09:39:14.0942 7684 SDUpdateService - ok
09:39:15.0391 7684 [ CB63BDB77BB86549FC3303C2F11EDC18 ] SDWSCService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
09:39:15.0393 7684 SDWSCService - ok
09:39:15.0824 7684 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
09:39:15.0830 7684 secdrv - ok
09:39:15.0876 7684 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
09:39:15.0879 7684 seclogon - ok
09:39:15.0999 7684 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
09:39:16.0002 7684 SENS - ok
09:39:16.0204 7684 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
09:39:16.0206 7684 SensrSvc - ok
09:39:16.0545 7684 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
09:39:16.0546 7684 Serenum - ok
09:39:16.0764 7684 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
09:39:18.0498 7684 Serial - ok
09:39:18.0680 7684 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
09:39:18.0681 7684 sermouse - ok
09:39:19.0182 7684 [ B8080082E50653121591885E43A33250 ] Service Sendori C:\Program Files (x86)\Sendori\Sendori.Service.exe
09:39:19.0270 7684 Service Sendori - ok
09:39:19.0517 7684 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
09:39:20.0295 7684 SessionEnv - ok
09:39:20.0388 7684 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
09:39:20.0432 7684 sffdisk - ok
09:39:20.0481 7684 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
09:39:20.0570 7684 sffp_mmc - ok
09:39:20.0783 7684 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
09:39:20.0798 7684 sffp_sd - ok
09:39:20.0849 7684 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
09:39:20.0851 7684 sfloppy - ok
09:39:20.0998 7684 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
09:39:21.0005 7684 SharedAccess - ok
09:39:21.0167 7684 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
09:39:21.0234 7684 ShellHWDetection - ok
09:39:21.0497 7684 [ C3F190562FE82EFDA7CCEF305EBAD3E3 ] Shockprf C:\Windows\system32\DRIVERS\Apsx64.sys
09:39:21.0500 7684 Shockprf - ok
09:39:21.0664 7684 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
09:39:22.0809 7684 SiSRaid2 - ok
09:39:22.0857 7684 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
09:39:22.0860 7684 SiSRaid4 - ok
09:39:23.0097 7684 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
09:39:23.0286 7684 SkypeUpdate - ok
09:39:23.0351 7684 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
09:39:23.0353 7684 Smb - ok
09:39:24.0914 7684 [ 51630E657E104487AD3897A7A6047B94 ] sndappv2 C:\Program Files (x86)\Sendori\sndappv2.exe
09:39:25.0661 7684 sndappv2 - ok
09:39:25.0764 7684 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
09:39:25.0766 7684 SNMPTRAP - ok
09:39:25.0840 7684 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
09:39:25.0842 7684 spldr - ok
09:39:25.0971 7684 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
09:39:26.0069 7684 Spooler - ok
09:39:27.0595 7684 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
09:39:28.0302 7684 sppsvc - ok
09:39:28.0478 7684 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
09:39:30.0656 7684 sppuinotify - ok
09:39:35.0403 7684 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
09:39:35.0559 7684 srv - ok
09:39:37.0618 7684 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
09:39:37.0648 7684 srv2 - ok
09:39:37.0708 7684 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
09:39:37.0713 7684 srvnet - ok
09:39:37.0980 7684 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
09:39:38.0058 7684 SSDPSRV - ok
09:39:38.0241 7684 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
09:39:39.0208 7684 SstpSvc - ok
09:39:39.0280 7684 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
09:39:39.0282 7684 stexstor - ok
09:39:39.0585 7684 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
09:39:39.0587 7684 StillCam - ok
09:39:39.0746 7684 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
09:39:39.0755 7684 stisvc - ok
09:39:39.0804 7684 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
09:39:39.0807 7684 storflt - ok
09:39:40.0097 7684 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
09:39:40.0102 7684 StorSvc - ok
09:39:40.0356 7684 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
09:39:40.0534 7684 storvsc - ok
09:39:40.0778 7684 [ 6EA2F517373771CAC5188E82617C9C0B ] SUService C:\Program Files (x86)\Lenovo\System Update\SUService.exe
09:39:40.0880 7684 SUService - ok
09:39:40.0968 7684 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
09:39:40.0976 7684 swenum - ok
09:39:41.0978 7684 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
09:39:46.0888 7684 SwitchBoard - ok
09:39:47.0212 7684 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
09:39:47.0244 7684 swprv - ok
09:39:47.0841 7684 [ FFDD13B42D4B106AC9FAFBB0E1F7FAA5 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
09:39:47.0873 7684 SynTP - ok
09:39:48.0158 7684 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
09:39:48.0225 7684 SysMain - ok
09:39:48.0534 7684 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
09:39:48.0538 7684 TabletInputService - ok
09:39:49.0084 7684 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
09:39:53.0250 7684 TapiSrv - ok
09:39:53.0327 7684 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
09:39:53.0329 7684 TBS - ok
09:39:53.0590 7684 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
09:39:53.0857 7684 Tcpip - ok
09:39:54.0490 7684 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
09:39:54.0504 7684 TCPIP6 - ok
09:39:54.0685 7684 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
09:39:54.0687 7684 tcpipreg - ok
09:39:54.0814 7684 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
09:39:54.0836 7684 TDPIPE - ok
09:39:55.0009 7684 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
09:39:55.0976 7684 TDTCP - ok
09:39:56.0075 7684 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
09:39:57.0475 7684 tdx - ok
09:39:57.0501 7684 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
09:39:58.0446 7684 TermDD - ok
09:39:58.0524 7684 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
09:39:58.0790 7684 TermService - ok
09:39:59.0109 7684 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
09:39:59.0112 7684 Themes - ok
09:39:59.0379 7684 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
09:39:59.0382 7684 THREADORDER - ok
09:39:59.0421 7684 [ 1BB77ECCBFA3675B1EE8D6D6D37A1E1E ] TPDIGIMN C:\Windows\system32\DRIVERS\ApsHM64.sys
09:39:59.0422 7684 TPDIGIMN - ok
09:39:59.0523 7684 [ 88F81D810FF16AC65B02643DAF308D4F ] TPHDEXLGSVC C:\Windows\system32\TPHDEXLG64.exe
09:40:01.0423 7684 TPHDEXLGSVC - ok
09:40:01.0631 7684 [ 83415782D47F8064FCAFEA308ABB2246 ] TPHKLOAD C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
09:40:01.0633 7684 TPHKLOAD - ok
09:40:01.0699 7684 [ C04BB65441913AB621C58A8BD3169B23 ] TPHKSVC C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
09:40:01.0701 7684 TPHKSVC - ok
09:40:02.0352 7684 [ DBCC20C02E8A3E43B03C304A4E40A84F ] TPM C:\Windows\system32\drivers\tpm.sys
09:40:02.0353 7684 TPM - ok
09:40:02.0523 7684 [ 7165B5A9B4867F64A6D6935F57D4196B ] TPPWRIF C:\Windows\system32\drivers\Tppwr64v.sys
09:40:02.0524 7684 TPPWRIF - ok
09:40:02.0643 7684 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
09:40:02.0646 7684 TrkWks - ok
09:40:03.0071 7684 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
09:40:06.0249 7684 TrustedInstaller - ok
09:40:06.0381 7684 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
09:40:06.0382 7684 tssecsrv - ok
09:40:06.0527 7684 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
09:40:06.0541 7684 TsUsbFlt - ok
09:40:07.0035 7684 [ AD64450A4ABE076F5CB34CC08EEACB07 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
09:40:07.0066 7684 TsUsbGD - ok
09:40:07.0486 7684 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
09:40:07.0489 7684 tunnel - ok
09:40:07.0621 7684 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
09:40:07.0624 7684 uagp35 - ok
09:40:08.0279 7684 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
09:40:08.0313 7684 udfs - ok
09:40:08.0443 7684 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
09:40:10.0021 7684 UI0Detect - ok
09:40:10.0305 7684 [ BE788A747457E6916586C410EC0111E7 ] UleadBurningHelper C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
09:40:10.0323 7684 UleadBurningHelper - ok
09:40:10.0719 7684 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
09:40:10.0720 7684 uliagpkx - ok
09:40:10.0803 7684 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
09:40:10.0804 7684 umbus - ok
09:40:11.0059 7684 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
09:40:11.0125 7684 UmPass - ok
09:40:11.0237 7684 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
09:40:11.0241 7684 UmRdpService - ok
09:40:11.0728 7684 [ E91F8AFBD7FB96C94B266579D6BFA77A ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
09:40:12.0060 7684 UNS - ok
09:40:12.0225 7684 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
09:40:12.0234 7684 upnphost - ok
09:40:12.0401 7684 [ 43228F8EDD1B0BCDD3145AD246E63D39 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
09:40:12.0795 7684 USBAAPL64 - ok
09:40:12.0875 7684 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
09:40:12.0878 7684 usbccgp - ok
09:40:13.0004 7684 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
09:40:13.0005 7684 usbcir - ok
09:40:13.0048 7684 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
09:40:13.0049 7684 usbehci - ok
09:40:13.0106 7684 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
09:40:13.0116 7684 usbhub - ok
09:40:13.0195 7684 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
09:40:13.0197 7684 usbohci - ok
09:40:13.0358 7684 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
09:40:13.0360 7684 usbprint - ok
09:40:13.0519 7684 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
09:40:13.0522 7684 usbscan - ok
09:40:13.0625 7684 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:40:13.0627 7684 USBSTOR - ok
09:40:13.0658 7684 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
09:40:13.0681 7684 usbuhci - ok
09:40:13.0896 7684 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
09:40:13.0898 7684 usbvideo - ok
09:40:14.0197 7684 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
09:40:14.0250 7684 UxSms - ok
09:40:14.0288 7684 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
09:40:14.0290 7684 VaultSvc - ok
09:40:14.0386 7684 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
09:40:14.0388 7684 vdrvroot - ok
09:40:14.0499 7684 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
09:40:14.0507 7684 vds - ok
09:40:14.0649 7684 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
09:40:14.0652 7684 vga - ok
09:40:14.0763 7684 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
09:40:14.0765 7684 VgaSave - ok
09:40:14.0926 7684 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
09:40:14.0929 7684 vhdmp - ok
09:40:15.0112 7684 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
09:40:15.0113 7684 viaide - ok
09:40:15.0236 7684 [ 94BB24C999C97C7B31AC154559C9ECEE ] VIPAppService C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
09:40:16.0527 7684 VIPAppService - ok
09:40:16.0702 7684 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
09:40:16.0707 7684 vmbus - ok
09:40:16.0767 7684 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
09:40:16.0768 7684 VMBusHID - ok
09:40:16.0831 7684 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
09:40:16.0833 7684 volmgr - ok
09:40:16.0887 7684 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
09:40:16.0892 7684 volmgrx - ok
09:40:16.0939 7684 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
09:40:16.0943 7684 volsnap - ok
09:40:17.0064 7684 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
09:40:17.0067 7684 vsmraid - ok
09:40:17.0453 7684 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
09:40:17.0563 7684 VSS - ok
09:40:17.0653 7684 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
09:40:17.0855 7684 vwifibus - ok
09:40:18.0013 7684 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
09:40:18.0016 7684 vwififlt - ok
09:40:18.0490 7684 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
09:40:18.0493 7684 vwifimp - ok
09:40:18.0809 7684 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
09:40:18.0818 7684 W32Time - ok
09:40:18.0943 7684 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
09:40:18.0945 7684 WacomPen - ok
09:40:19.0300 7684 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
09:40:19.0302 7684 WANARP - ok
09:40:19.0357 7684 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
09:40:19.0358 7684 Wanarpv6 - ok
09:40:19.0815 7684 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
09:40:19.0890 7684 WatAdminSvc - ok
09:40:20.0032 7684 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
09:40:20.0181 7684 wbengine - ok
09:40:20.0245 7684 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
09:40:20.0249 7684 WbioSrvc - ok
09:40:20.0326 7684 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
09:40:20.0333 7684 wcncsvc - ok
09:40:20.0425 7684 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
09:40:20.0435 7684 WcsPlugInService - ok
09:40:20.0646 7684 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
09:40:20.0733 7684 Wd - ok
09:40:21.0164 7684 [ A3D04EBF5227886029B4532F20D026F7 ] WDC_SAM C:\Windows\system32\DRIVERS\wdcsam64.sys
09:40:21.0172 7684 WDC_SAM - ok
09:40:21.0367 7684 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
09:40:21.0376 7684 Wdf01000 - ok
09:40:21.0428 7684 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
09:40:21.0430 7684 WdiServiceHost - ok
09:40:21.0435 7684 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
09:40:21.0437 7684 WdiSystemHost - ok
09:40:21.0472 7684 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
09:40:21.0477 7684 WebClient - ok
09:40:21.0632 7684 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
09:40:21.0638 7684 Wecsvc - ok
09:40:21.0714 7684 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
09:40:21.0718 7684 wercplsupport - ok
09:40:21.0877 7684 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
09:40:21.0880 7684 WerSvc - ok
09:40:21.0997 7684 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
09:40:21.0998 7684 WfpLwf - ok
09:40:22.0053 7684 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
09:40:22.0431 7684 WIMMount - ok
09:40:22.0442 7684 WinDefend - ok
09:40:22.0451 7684 WinHttpAutoProxySvc - ok
09:40:22.0653 7684 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
09:40:22.0658 7684 Winmgmt - ok
09:40:23.0188 7684 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
09:40:23.0714 7684 WinRM - ok
09:40:24.0058 7684 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
09:40:24.0061 7684 WinUsb - ok
09:40:24.0516 7684 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
09:40:25.0025 7684 Wlansvc - ok
09:40:25.0089 7684 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
09:40:25.0091 7684 wlcrasvc - ok
09:40:25.0511 7684 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
09:40:25.0741 7684 wlidsvc - ok
09:40:25.0955 7684 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
09:40:25.0956 7684 WmiAcpi - ok
09:40:26.0036 7684 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
09:40:26.0040 7684 wmiApSrv - ok
09:40:26.0160 7684 WMPNetworkSvc - ok
09:40:26.0254 7684 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
09:40:26.0276 7684 WPCSvc - ok
09:40:26.0422 7684 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
09:40:26.0450 7684 WPDBusEnum - ok
09:40:26.0675 7684 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
09:40:26.0677 7684 ws2ifsl - ok
09:40:27.0302 7684 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
09:40:27.0349 7684 wscsvc - ok
09:40:27.0594 7684 [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
09:40:27.0595 7684 WSDPrintDevice - ok
09:40:27.0598 7684 WSearch - ok
09:40:27.0970 7684 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
09:40:28.0406 7684 wuauserv - ok
09:40:28.0476 7684 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
09:40:28.0479 7684 WudfPf - ok
09:40:28.0785 7684 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
09:40:28.0793 7684 WUDFRd - ok
09:40:28.0967 7684 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
09:40:29.0341 7684 wudfsvc - ok
09:40:29.0440 7684 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
09:40:29.0463 7684 WwanSvc - ok
09:40:29.0530 7684 ================ Scan global ===============================
09:40:29.0593 7684 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
09:40:29.0724 7684 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
09:40:29.0735 7684 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
09:40:29.0839 7684 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
09:40:30.0056 7684 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
09:40:30.0061 7684 [Global] - ok
09:40:30.0062 7684 ================ Scan MBR ==================================
09:40:30.0088 7684 [ 05CAF6D09AEF7B95D7F9F037D8CB297E ] \Device\Harddisk0\DR0
09:40:31.0211 7684 \Device\Harddisk0\DR0 - ok
09:40:31.0214 7684 ================ Scan VBR ==================================
09:40:31.0253 7684 [ 9E1D13E2E8AE1F76FB89599D9ABA5394 ] \Device\Harddisk0\DR0\Partition1
09:40:31.0256 7684 \Device\Harddisk0\DR0\Partition1 - ok
09:40:31.0275 7684 [ FA3547DAA6F00600EDAE0EA0B891BDD4 ] \Device\Harddisk0\DR0\Partition2
09:40:31.0277 7684 \Device\Harddisk0\DR0\Partition2 - ok
09:40:31.0320 7684 [ 412C7FB70936DCF0F66274AC370BDF38 ] \Device\Harddisk0\DR0\Partition3
09:40:31.0322 7684 \Device\Harddisk0\DR0\Partition3 - ok
09:40:31.0324 7684 ============================================================
09:40:31.0324 7684 Scan finished
09:40:31.0324 7684 ============================================================
09:40:31.0361 22796 Detected object count: 0
09:40:31.0361 22796 Actual detected object count: 0




aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2013-02-04 10:37:41
-----------------------------
10:37:41.032 OS Version: Windows x64 6.1.7601 Service Pack 1
10:37:41.032 Number of processors: 4 586 0x2A07
10:37:41.033 ComputerName: OWNER-THINK UserName: Owner
10:37:43.157 Initialze error C000010E - driver not loaded
10:37:43.878 write error "aswCmnB.dll". The process cannot access the file because it is being used by another process.
10:37:43.980 AVAST engine defs: 13020400
10:38:05.272 Service scanning
10:42:12.679 Modules scanning
10:42:12.682 Disk 0 trace - called modules:
10:42:12.684
10:42:14.214 AVAST engine scan C:\Windows
10:42:26.193 AVAST engine scan C:\Windows\system32
11:00:53.949 AVAST engine scan C:\Windows\system32\drivers
11:02:25.960 AVAST engine scan C:\Users\Owner
12:33:04.509 The log file has been saved successfully to "C:\Users\Owner\Desktop\aswMBR.txt"




C:\Users\Owner\Downloads\PaintDotNet_Setup.exe a variant of Win32/Adware.iBryte.C application cleaned by deleting - quarantined

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:31 AM

Posted 04 February 2013 - 09:18 PM

Download

Malwarebytes

Install,update and run a full scan

Click on Show results.Right click on the list ,select all and remove them.

Post the generated log here

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List restore points

Click Go and post the result.

Download

Farbar service scanner

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

Download

adware cleaner

Launch it click on Delete

A log should be generated after scan ,post it here

Download

Junkware removal tool

For vista and windows 7 right click on the tool and select run as administrator

After scan gets completed,post the generated log here.


Download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here


Download

Autoruns

Extract and launch autoruns.exe

Allow the scan to get finished

Now click on FILE-SAVE

Filename:Autoruns.txt
Save as :Text

Paste the contents of text here

#5 bluedog22

bluedog22
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:31 AM

Posted 05 February 2013 - 07:14 PM

Here's the next set.






Malwarebytes Anti-Malware (Trial) 1.70.0.1100
www.malwarebytes.org

Database version: v2013.02.05.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Owner :: OWNER-THINK [administrator]

Protection: Enabled

2/5/2013 9:04:20 AM
mbam-log-2013-02-05 (09-04-20).txt

Scan type: Full scan (C:\|Q:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 550137
Time elapsed: 3 hour(s), 24 minute(s), 51 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 32
HKCR\AppID\{F85FA3F2-D2C8-4D4D-BB1C-3181E691AF2B} (PUP.FaceThemes) -> Quarantined and deleted successfully.
HKCR\CLSID\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Quarantined and deleted successfully.
HKCR\funmoods.funmoodsHlpr.1 (PUP.FunMoods) -> Quarantined and deleted successfully.
HKCR\funmoods.funmoodsHlpr (PUP.FunMoods) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Quarantined and deleted successfully.
HKCR\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\escort.escortIEPane.1 (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\escort.escortIEPane (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\funmoodsApp.appCore.1 (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\funmoodsApp.appCore (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\f (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\Typelib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\Typelib\{A3F56272-CDB4-4310-9BB1-9A0D0757A3B3} (PUP.FaceThemes) -> Quarantined and deleted successfully.
HKCR\Interface\{D6975F9E-15B2-4FE7-9D16-FC2E85CB201B} (PUP.FaceThemes) -> Quarantined and deleted successfully.
HKCR\CLSID\{300BEC06-B743-4D19-86B9-11DC711D7FFB} (PUP.FaceThemes) -> Quarantined and deleted successfully.
HKCR\SelectionLinks.SelectionLinksBHO.1 (PUP.FaceThemes) -> Quarantined and deleted successfully.
HKCR\SelectionLinks.SelectionLinksBHO (PUP.FaceThemes) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{300BEC06-B743-4D19-86B9-11DC711D7FFB} (PUP.FaceThemes) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{300BEC06-B743-4D19-86B9-11DC711D7FFB} (PUP.FaceThemes) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{300BEC06-B743-4D19-86B9-11DC711D7FFB} (PUP.FaceThemes) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{300BEC06-B743-4D19-86B9-11DC711D7FFB} (PUP.FaceThemes) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{300BEC06-B743-4D19-86B9-11DC711D7FFB} (PUP.FaceThemes) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{300BEC06-B743-4D19-86B9-11DC711D7FFB} (PUP.FaceThemes) -> Quarantined and deleted successfully.
HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj (PUP.FunMoods) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj (PUP.FunMoods) -> Quarantined and deleted successfully.

Registry Values Detected: 2
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Data: -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Data: Funmoods Toolbar -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 4
C:\Users\Owner\AppData\LocalLow\Funmoods (PUP.FunMoods) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\LocalLow\Funmoods\Funmoods (PUP.FunMoods) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\LocalLow\Funmoods\Funmoods\us (PUP.FunMoods) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\LocalLow\Funmoods\Funmoods\us\20101003 (PUP.FunMoods) -> Quarantined and deleted successfully.

Files Detected: 10
C:\Program Files (x86)\OApps\SelectionLinks.dll (PUP.FaceThemes) -> Quarantined and deleted successfully.
C:\Users\Owner\Downloads\oi_ie6setupOe.exe (PUP.BundleInstaller.OI) -> Quarantined and deleted successfully.
C:\Users\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage (PUP.Funmoods) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage (PUP.Funmoods) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\funmoods.crx (PUP.Funmoods) -> Quarantined and deleted successfully.
C:\Users\Owner\Local Settings\Application Data\funmoods.crx (PUP.Funmoods) -> Quarantined and deleted successfully.
C:\Users\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cjpglkicenollcignonpgiafdgfeehoj_0.localstorage (PUP.FunMoods) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cjpglkicenollcignonpgiafdgfeehoj_0.localstorage (PUP.FunMoods) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\LocalLow\Funmoods\Funmoods\us\20101003\kywrds.tat (PUP.FunMoods) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\LocalLow\Funmoods\Funmoods\us\20101003\kywrds.ttr (PUP.FunMoods) -> Quarantined and deleted successfully.

(end)




MiniToolBox by Farbar Version:10-01-2013
Ran by Owner (administrator) on 05-02-2013 at 18:31:20
Running from "C:\Users\Owner\Downloads"
Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================



========================= IP Configuration: ================================

1x1 11b/g/n Wireless LAN PCI Express Half Mini Card Adapter = Wireless Network Connection (Connected)
Realtek PCIe GBE Family Controller = Local Area Connection (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Owner-THINK
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Mixed
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
Physical Address. . . . . . . . . : 60-D8-19-C6-24-24
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : mshome.net
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : F0-DE-F1-B2-84-26
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 1x1 11b/g/n Wireless LAN PCI Express Half Mini Card Adapter
Physical Address. . . . . . . . . : 60-D8-19-C6-24-24
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::2cb0:f7f1:ce7a:f689%12(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.5(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Tuesday, February 05, 2013 6:22:40 PM
Lease Expires . . . . . . . . . . : Wednesday, February 06, 2013 6:25:09 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 325113881
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-16-88-CE-CF-F0-DE-F1-B2-84-26
DNS Servers . . . . . . . . . . . : 216.146.35.240
216.146.36.240
192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{EA42BB77-C364-4A24-ABDC-9D6E1F1682FD}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6ab8:287f:2225:b943:fbcb(Preferred)
Link-local IPv6 Address . . . . . : fe80::287f:2225:b943:fbcb%14(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: sendori-rdns1.dyndns.com
Address: 216.146.35.240

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
Name: google.com
Addresses: 2607:f8b0:4004:800::1004
74.125.228.14
74.125.228.0
74.125.228.1
74.125.228.5
74.125.228.3
74.125.228.4
74.125.228.8
74.125.228.2
74.125.228.7
74.125.228.9
74.125.228.6


Pinging google.com [74.125.228.14] with 32 bytes of data:
Reply from 74.125.228.14: bytes=32 time=26ms TTL=56
Reply from 74.125.228.14: bytes=32 time=19ms TTL=56

Ping statistics for 74.125.228.14:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 19ms, Maximum = 26ms, Average = 22ms
Server: sendori-rdns1.dyndns.com
Address: 216.146.35.240

DNS request timed out.
timeout was 2 seconds.
Name: yahoo.com
Addresses: 206.190.36.45
98.139.183.24
98.138.253.109


Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
Reply from 206.190.36.45: bytes=32 time=218ms TTL=52
Reply from 206.190.36.45: bytes=32 time=168ms TTL=52

Ping statistics for 206.190.36.45:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 168ms, Maximum = 218ms, Average = 193ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time=8ms TTL=128
Reply from 127.0.0.1: bytes=32 time=2ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 2ms, Maximum = 8ms, Average = 5ms
===========================================================================
Interface List
15...60 d8 19 c6 24 24 ......Microsoft Virtual WiFi Miniport Adapter
13...f0 de f1 b2 84 26 ......Realtek PCIe GBE Family Controller
12...60 d8 19 c6 24 24 ......1x1 11b/g/n Wireless LAN PCI Express Half Mini Card Adapter
1...........................Software Loopback Interface 1
16...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
14...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.5 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.5 281
192.168.1.5 255.255.255.255 On-link 192.168.1.5 281
192.168.1.255 255.255.255.255 On-link 192.168.1.5 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.5 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.5 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
14 58 ::/0 On-link
1 306 ::1/128 On-link
14 58 2001::/32 On-link
14 306 2001:0:9d38:6ab8:287f:2225:b943:fbcb/128
On-link
12 281 fe80::/64 On-link
14 306 fe80::/64 On-link
14 306 fe80::287f:2225:b943:fbcb/128
On-link
12 281 fe80::2cb0:f7f1:ce7a:f689/128
On-link
1 306 ff00::/8 On-link
14 306 ff00::/8 On-link
12 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 09 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\Sendori.dll [321384] (Sendori)
Catalog9 02 C:\Windows\SysWOW64\Sendori.dll [321384] (Sendori)
Catalog9 03 C:\Windows\SysWOW64\Sendori.dll [321384] (Sendori)
Catalog9 04 C:\Windows\SysWOW64\Sendori.dll [321384] (Sendori)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 12 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 13 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 14 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 15 C:\Windows\SysWOW64\Sendori.dll [321384] (Sendori)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (02/05/2013 06:24:51 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/05/2013 06:18:35 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Error calling a routine on the Shadow Copy Provider {b5946137-7b9f-4925-af80-51abd60b20d5}. Routine returned E_INVALIDARG.
Routine details GetSnapshot({00000000-0000-0000-0000-000000000000},000000000025A380).


Operation:
Get Shadow Copy Properties

Context:
Execution Context: Coordinator

Error: (02/05/2013 06:18:34 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: The I/O writes cannot be held during the shadow copy creation period on volume \\?\Volume{f33314c5-2ef2-11e1-b7d3-806e6f6e6963}\.
The volume index in the shadow copy set is 0. Error details: Open[0x00000000, The operation completed successfully.
], Flush[0x00000000, The operation completed successfully.
], Release[0x80042314, The shadow copy provider timed out while holding writes to the volume being shadow copied. This is probably due to excessive activity on the volume by an application or a system service. Try again later when activity on the volume is reduced.
], OnRun[0x00000000, The operation completed successfully.
].


Operation:
Executing Asynchronous Operation

Context:
Current State: DoSnapshotSet

Error: (02/05/2013 06:18:34 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: The shadow copy could not be committed - operation timed out.
Error context: DeviceIoControl(\\?\Volume{f33314c5-2ef2-11e1-b7d3-806e6f6e6963} - 0000000000000194,0x0053c010,000000000041A470,0,000000000041B480,4096,[0]).


Operation:
Committing shadow copies

Context:
Execution Context: System Provider

Error: (02/05/2013 05:37:22 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7421638

Error: (02/05/2013 05:37:22 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7421638

Error: (02/05/2013 05:37:22 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/05/2013 05:37:21 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7420515

Error: (02/05/2013 05:37:21 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7420515

Error: (02/05/2013 05:37:21 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (02/05/2013 06:26:32 PM) (Source: Service Control Manager) (User: )
Description: The Service Sendori service hung on starting.

Error: (02/05/2013 06:24:20 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (02/05/2013 06:23:44 PM) (Source: Service Control Manager) (User: )
Description: The Freemake Improver service failed to start due to the following error:
%%1053

Error: (02/05/2013 06:23:44 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Freemake Improver service to connect.

Error: (02/05/2013 06:18:43 PM) (Source: volsnap) (User: )
Description: The flush and hold writes operation on volume C: timed out while waiting for a release writes command.

Error: (02/05/2013 01:54:09 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Application Sendori service.

Error: (02/05/2013 01:22:34 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Lenovo.VIRTSCRLSVC service.

Error: (02/05/2013 01:22:34 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Application Sendori service.

Error: (02/05/2013 01:17:21 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Apple Mobile Device service.

Error: (02/05/2013 00:35:33 PM) (Source: volsnap) (User: )
Description: The flush and hold writes operation on volume C: timed out while waiting for a release writes command.


Microsoft Office Sessions:
=========================
Error: (02/05/2013 06:24:51 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/05/2013 06:18:35 PM) (Source: VSS)(User: )
Description: {b5946137-7b9f-4925-af80-51abd60b20d5}GetSnapshot({00000000-0000-0000-0000-000000000000},000000000025A380)

Operation:
Get Shadow Copy Properties

Context:
Execution Context: Coordinator

Error: (02/05/2013 06:18:34 PM) (Source: VSS)(User: )
Description: \\?\Volume{f33314c5-2ef2-11e1-b7d3-806e6f6e6963}\00x00000000, The operation completed successfully.
0x00000000, The operation completed successfully.
0x80042314, The shadow copy provider timed out while holding writes to the volume being shadow copied. This is probably due to excessive activity on the volume by an application or a system service. Try again later when activity on the volume is reduced.
0x00000000, The operation completed successfully.


Operation:
Executing Asynchronous Operation

Context:
Current State: DoSnapshotSet

Error: (02/05/2013 06:18:34 PM) (Source: VSS)(User: )
Description: DeviceIoControl(\\?\Volume{f33314c5-2ef2-11e1-b7d3-806e6f6e6963} - 0000000000000194,0x0053c010,000000000041A470,0,000000000041B480,4096,[0])

Operation:
Committing shadow copies

Context:
Execution Context: System Provider

Error: (02/05/2013 05:37:22 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7421638

Error: (02/05/2013 05:37:22 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7421638

Error: (02/05/2013 05:37:22 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/05/2013 05:37:21 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7420515

Error: (02/05/2013 05:37:21 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7420515

Error: (02/05/2013 05:37:21 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second


=========================== Installed Programs ============================

7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
Adobe Acrobat X Pro - English, Français, Deutsch (Version: 10.1.1)
Adobe AIR (Version: 3.3.0.3650)
Adobe CS6 Design and Web Premium (Version: 6)
Adobe Digital Editions
Adobe Download Assistant (Version: 1.2)
Adobe Flash Player 11 ActiveX (Version: 11.5.502.146)
Adobe Flash Player 11 Plugin (Version: 11.5.502.146)
Adobe Help Manager (Version: 4.0.244)
Adobe Illustrator CS6 (Version: 16.0)
Adobe Reader X (10.1.5) (Version: 10.1.5)
Adobe Widget Browser (Version: 2.0 Build 348)
Adobe Widget Browser (Version: 2.0.348)
Advanced File Fixer 2012 version 2.8 (Version: 2.8)
Apple Application Support (Version: 2.3.2)
Apple Mobile Device Support (Version: 6.0.1.3)
Apple Software Update (Version: 2.1.3.127)
Audacity 2.0.3 (Version: 2.0.3)
Bing Rewards Client Installer (Version: 16.0.345.0)
BisonCam Twain Pro (Version: 1.5.4.7)
Bonjour (Version: 3.0.0.10)
Burn.Now 4.5 (Version: 4.5.0)
Canon MG6100 series MP Drivers
Cisco EAP-FAST Module (Version: 2.2.14)
Cisco LEAP Module (Version: 1.0.19)
Cisco PEAP Module (Version: 1.1.6)
Conexant HD Audio (Version: 8.32.27.0)
Corel Burn.Now Lenovo Edition (Version: 4.5.0)
Corel DVD MovieFactory 7 (Version: 7.0.0)
Corel DVD MovieFactory Lenovo Edition (Version: 7.0.0)
Corel WinDVD (Version: 10.0.5.828)
CrashPlan (Version: 3.4.1)
Create Recovery Media (Version: 1.20.0.00)
D3DX10 (Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Direct DiscRecorder (Version: 1.00.0000)
Dropbox (Version: 1.6.16)
Evernote v. 4.2.3 (Version: 4.2.3.15)
Facebook Video Calling 1.2.0.287 (Version: 1.2.287)
FileMaker Pro 11 (Version: 11.0.3.0)
Free Audio Converter version 5.0.21.1201 (Version: 5.0.21.1201)
Freemake Video Converter version 3.1.2 (Version: 3.1.2)
GIMP 2.8.2 (Version: 2.8.2)
Google Chrome (Version: 22.0.1229.79)
Google Chrome Frame (Version: 22.0.1229.79)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.4.3607.2246)
Google Update Helper (Version: 1.3.21.123)
HitmanPro 3.7 (Version: 3.7.1.186)
HP Photo Creations (Version: 1.0.0.3781)
HP Photosmart Plus B210 series Basic Device Software (Version: 22.50.231.0)
HP Photosmart Plus B210 series Help (Version: 140.0.54.54)
HP Photosmart Plus B210 series Product Improvement Study (Version: 22.50.231.0)
HP Update (Version: 5.002.006.003)
iCloud (Version: 2.1.1.3)
Integrated Camera Driver Installer Package Ver.1.1.0.1147 (Version: 1.1.0.1147)
Intel® Control Center (Version: 1.2.1.1007)
Intel® Identity Protection Technology 1.1.2.0 (Version: 1.1.2.0)
Intel® Management Engine Components (Version: 7.0.0.1144)
Intel® Processor Graphics (Version: 8.15.10.2476)
Internet Explorer (Enable DEP)
iTunes (Version: 11.0.1.12)
Java 7 Update 11 (Version: 7.0.110)
Java Auto Updater (Version: 2.1.9.0)
Junk Mail filter update (Version: 15.4.3502.0922)
Lenovo Auto Scroll Utility (Version: 1.10)
Lenovo Patch Utility (Version: 1.0.1.1)
Lenovo Patch Utility 64 bit (Version: 1.2.0.1)
Lenovo Power Management Driver (Version: 1.66.00.22)
Lenovo Registration (Version: 1.0.4)
Lenovo SimpleTap (Version: 3.0.0010.00)
Lenovo System Interface Driver (Version: 1.05)
Lenovo ThinkVantage Toolbox (Version: 6.0.5849.23)
Lenovo User Guide (Version: 1.0.0008.00)
Lenovo Warranty Information (Version: 1.0.0005.00)
Lenovo Welcome (Version: 3.00.006.0)
Malwarebytes Anti-Malware version 1.70.0.1100 (Version: 1.70.0.1100)
Mesh Runtime (Version: 15.4.5722.2)
Message Center Plus (Version: 2.0.0012.00)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Money Plus (Version: 17)
Microsoft Money Shared Libraries (Version: 17.0.0.724)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Professional 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Single Image 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Security Client (Version: 4.1.0522.0)
Microsoft Security Essentials (Version: 4.1.522.0)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
On Screen Display (Version: 6.60.00)
ooVoo (Version: 3.5.3023)
PDF Settings CS6 (Version: 11.0)
Picasa 3 (Version: 3.8)
PlayReady PC Runtime x86 (Version: 1.3.0)
QBFC 2.1 (Version: 2.1.00050)
QBF




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.6.2 (02.02.2013:2)
OS: Windows 7 Professional x64
Ran by Owner on Tue 02/05/2013 at 18:38:55.11
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{6a1806cd-94d4-4689-ba73-e35ea1ea9990}\\DisplayName
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{6a1806cd-94d4-4689-ba73-e35ea1ea9990}\\URL



~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 02/05/2013 at 18:50:59.29
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~














Rkill 2.4.6 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 02/05/2013 06:57:39 PM in x64 mode.
Windows Version: Windows 7 Professional Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* Explorer Policy Removed: NoActiveDesktopChanges [HKLM]

Backup Registry file created at:
C:\Users\Owner\Desktop\rkill\rkill-02-05-2013-06-58-06.reg

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* ALERT: ZEROACCESS rootkit symptoms found!

* HKEY_CLASSES_ROOT\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 [ZA Reg Hijack]
* C:\$Recycle.Bin\S-1-5-21-3513094602-2579651782-1916629540-1000\$bef483622674e852550e648efc094a71\ [ZA Dir]
* C:\$Recycle.Bin\S-1-5-21-3513094602-2579651782-1916629540-1000\$bef483622674e852550e648efc094a71\@ [ZA File]
* C:\$Recycle.Bin\S-1-5-21-3513094602-2579651782-1916629540-1000\$bef483622674e852550e648efc094a71\L\ [ZA Dir]
* C:\$Recycle.Bin\S-1-5-21-3513094602-2579651782-1916629540-1000\$bef483622674e852550e648efc094a71\U\ [ZA Dir]

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* No issues found.

Program finished at: 02/05/2013 06:58:44 PM
Execution time: 0 hours(s), 1 minute(s), and 5 seconds(s)










"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "AdobeAAMUpdater-1.0" "Adobe Updater Startup Utility" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\oobe\pdapp\uwa\updaterstartuputility.exe"
+ "ALCKRESI.EXE" "ThinkVantage AutoLock Resident module" "Lenovo Group Limited" "c:\program files\lenovo\autolock\alckresi.exe"
+ "ForteConfig" "FMAPP Application" "" "c:\program files\conexant\forteconfig\fmapp.exe"
+ "HotKeysCmds" "hkcmd Module" "Intel Corporation" "c:\windows\system32\hkcmd.exe"
+ "IgfxTray" "igfxTray Module" "Intel Corporation" "c:\windows\system32\igfxtray.exe"
+ "LENOVO.TPKNRRES" "Microphone volume control module" "Lenovo Group Limited" "c:\program files\lenovo\communications utility\tpknrres.exe"
+ "MSC" "Microsoft Security Client User Interface" "Microsoft Corporation" "c:\program files\microsoft security client\msseces.exe"
+ "Persistence" "persistence Module" "Intel Corporation" "c:\windows\system32\igfxpers.exe"
+ "SmartAudio" "SmartAudio Control Panel application" "Conexant Systems, Inc." "c:\program files\conexant\saii\saiicpl.exe"
+ "SynTPEnh" "Synaptics TouchPad Enhancements" "Synaptics Incorporated" "c:\program files\synaptics\syntp\syntpenh.exe"
+ "TpShocks" "ThinkVantage Active Protection System" "Lenovo." "c:\windows\system32\tpshocks.exe"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Acrobat Assistant 8.0" "AcroTray" "Adobe Systems Inc." "c:\program files (x86)\adobe\acrobat 10.0\acrobat\acrotray.exe"
+ "Adobe Acrobat Speed Launcher" "Adobe Acrobat SpeedLauncher" "Adobe Systems Incorporated" "c:\program files (x86)\adobe\acrobat 10.0\acrobat\acrobat_sl.exe"
+ "Adobe ARM" "Adobe Reader and Acrobat Manager" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\arm\1.0\adobearm.exe"
+ "AdobeCS6ServiceManager" "Adobe CS6 Service Manager" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\cs6servicemanager\cs6servicemanager.exe"
+ "APSDaemon" "Apple Push" "Apple Inc." "c:\program files (x86)\common files\apple\apple application support\apsdaemon.exe"
+ "BrowserPlugInHelper" "" "" "File not found: C:\Program Files (x86)\Wondershare\Video Converter Ultimate\BrowserPlugInHelper.exe"
+ "HP Software Update" "hpwuSchd Application" "Hewlett-Packard" "c:\program files (x86)\hp\hp software update\hpwuschd2.exe"
+ "iTunesHelper" "iTunesHelper" "Apple Inc." "c:\program files (x86)\itunes\ituneshelper.exe"
+ "Lenovo Registration" "Lenovo Registration" "Lenovo, Inc." "c:\program files (x86)\lenovo registration\lenovoreg.exe"
+ "PWMTRV" "ThinkPad Power Manager Background Monitor and Tray Battery Gauge" "Lenovo Group Limited" "c:\program files (x86)\thinkpad\utilities\pwmtr64v.dll"
+ "QuickTime Task" "QuickTime Task" "Apple Inc." "c:\program files (x86)\quicktime\qttask.exe"
+ "RotateImage" "RCIMGDIR" "Ricoh co.,Ltd." "c:\program files (x86)\integrated camera driver\x64\rcimgdir.exe"
+ "SDTray" "Spybot - Search & Destroy tray access" "Safer-Networking Ltd." "c:\program files (x86)\spybot - search & destroy 2\sdtray.exe"
+ "Sendori Tray" "Sendori Notification Icon" "Sendori, Inc." "c:\program files (x86)\sendori\sendoritray.exe"
+ "SunJavaUpdateSched" "Java™ Update Scheduler" "Sun Microsystems, Inc." "c:\program files (x86)\common files\java\java update\jusched.exe"
+ "SwitchBoard" "SwitchBoard Server (32 bit)" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\switchboard\switchboard.exe"
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup" "" "" ""
+ "CrashPlan Tray.lnk" "Windows system tray interface to CrashPlan" "Code 42 Software, Inc." "c:\program files\crashplan\crashplantray.exe"
"C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup" "" "" ""
+ "Dropbox.lnk" "Dropbox" "Dropbox, Inc." "c:\users\owner\appdata\roaming\dropbox\bin\dropbox.exe"
+ "OneNote 2010 Screen Clipper and Launcher.lnk" "Microsoft OneNote Quick Launcher" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\onenotem.exe"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Microsoft Windows" "Windows Mail" "Microsoft Corporation" "c:\program files\windows mail\winmail.exe"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Microsoft Windows" "Windows Mail" "Microsoft Corporation" "c:\program files (x86)\windows mail\winmail.exe"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "ApplePhotoStreams" "ApplePhotoStreams.exe" "Apple Inc." "c:\program files (x86)\common files\apple\internet services\applephotostreams.exe"
+ "Facebook Update" "Facebook Installer" "Facebook Inc." "c:\users\owner\appdata\local\facebook\update\facebookupdate.exe"
+ "iCloudServices" "iCloud" "Apple Inc." "c:\program files (x86)\common files\apple\internet services\icloudservices.exe"
+ "ooVoo.exe" "ooVoo" "ooVoo LLC" "c:\program files (x86)\oovoo\oovoo.exe"
+ "Skype" "Skype " "Skype Technologies S.A." "c:\program files (x86)\skype\phone\skype.exe"
+ "Spotify Web Helper" "SpotifyWebHelper" "Spotify Ltd" "c:\users\owner\appdata\roaming\spotify\data\spotifywebhelper.exe"
+ "SUPERAntiSpyware" "SUPERAntiSpyware Application" "SUPERAntiSpyware.com" "c:\program files\superantispyware\superantispyware.exe"
+ "swg" "GoogleToolbarNotifier" "Google Inc." "c:\program files (x86)\google\googletoolbarnotifier\googletoolbarnotifier.exe"
"HKLM\SOFTWARE\Classes\Protocols\Filter" "" "" ""
+ "text/xml" "Microsoft Office XML MIME Filter" "Microsoft Corporation" "c:\program files\common files\microsoft shared\office14\msoxmlmf.dll"
"HKCU\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "DropboxExt" "Dropbox Shell Extension" "Dropbox, Inc." "c:\users\owner\appdata\roaming\dropbox\bin\dropboxext64.17.dll"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "7-Zip" "7-Zip Shell Extension" "Igor Pavlov" "c:\program files\7-zip\7-zip.dll"
+ "Adobe.Acrobat.ContextMenu" "Adobe Acrobat Context Menu" "Adobe Systems Inc." "c:\program files (x86)\adobe\acrobat 10.0\acrobat elements\contextmenu64.dll"
+ "EPP" "Microsoft Security Client Shell Extension" "Microsoft Corporation" "c:\program files\microsoft security client\shellext.dll"
+ "PhotoStreamsExt" "" "" "c:\program files\common files\apple\internet services\shellstreams64.dll"
+ "SASContextMenu Class" "SUPERAntiSpyware Context Menu Extension" "SUPERAntiSpyware.com" "c:\program files\superantispyware\sasctxmn64.dll"
+ "SDECon32" "Windows Explorer context menu integration" "Safer-Networking Ltd." "c:\program files (x86)\spybot - search & destroy 2\sdecon64.dll"
+ "SDECon64" "Windows Explorer context menu integration" "Safer-Networking Ltd." "c:\program files (x86)\spybot - search & destroy 2\sdecon64.dll"
+ "WondershareVideoConverterFileOpreation" "" "" "c:\windows\syswow64\wscm64.dll"
"HKLM\Software\Wow6432Node\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "Adobe.Acrobat.ContextMenu" "Adobe Acrobat Context Menu" "Adobe Systems Inc." "c:\program files (x86)\adobe\acrobat 10.0\acrobat elements\contextmenu.dll"
+ "PhotoStreamsExt" "ShellStreams.dll" "Apple Inc." "c:\program files (x86)\common files\apple\internet services\shellstreams.dll"
+ "SDECon32" "Windows Explorer context menu integration" "Safer-Networking Ltd." "c:\program files (x86)\spybot - search & destroy 2\sdecon32.dll"
+ "SDECon64" "Windows Explorer context menu integration" "Safer-Networking Ltd." "c:\program files (x86)\spybot - search & destroy 2\sdecon32.dll"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "Lenovo SimpleTap" "ShellExt" "Lenovo" "c:\program files\lenovo\simpletap\shellext64.dll"
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll"
"HKCU\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "DropboxExt" "Dropbox Shell Extension" "Dropbox, Inc." "c:\users\owner\appdata\roaming\dropbox\bin\dropboxext64.17.dll"
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "7-Zip" "7-Zip Shell Extension" "Igor Pavlov" "c:\program files\7-zip\7-zip.dll"
+ "EPP" "Microsoft Security Client Shell Extension" "Microsoft Corporation" "c:\program files\microsoft security client\shellext.dll"
+ "SASContextMenu Class" "SUPERAntiSpyware Context Menu Extension" "SUPERAntiSpyware.com" "c:\program files\superantispyware\sasctxmn64.dll"
"HKLM\Software\Classes\Directory\Shellex\DragDropHandlers" "" "" ""
+ "7-Zip" "7-Zip Shell Extension" "Igor Pavlov" "c:\program files\7-zip\7-zip.dll"
"HKCU\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "DropboxExt" "Dropbox Shell Extension" "Dropbox, Inc." "c:\users\owner\appdata\roaming\dropbox\bin\dropboxext64.17.dll"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "Gadgets" "Sidebar droptarget" "Microsoft Corporation" "c:\program files\windows sidebar\sbdrop.dll"
+ "igfxcui" "igfxpph Module" "Intel Corporation" "c:\windows\system32\igfxpph.dll"
+ "Lenovo SimpleTap" "ShellExt" "Lenovo" "c:\program files\lenovo\simpletap\shellext64.dll"
"HKLM\Software\Wow6432Node\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "Gadgets" "Sidebar droptarget" "Microsoft Corporation" "c:\program files (x86)\windows sidebar\sbdrop.dll"
"HKLM\Software\Wow6432Node\Classes\Folder\Shellex\ColumnHandlers" "" "" ""
+ "PDF Shell Extension" "PDF Shell Extension" "Adobe Systems, Inc." "c:\program files (x86)\common files\adobe\acrobat\activex\pdfshell.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "Adobe.Acrobat.ContextMenu" "Adobe Acrobat Context Menu" "Adobe Systems Inc." "c:\program files (x86)\adobe\acrobat 10.0\acrobat elements\contextmenu64.dll"
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll"
+ "SDECon32" "Windows Explorer context menu integration" "Safer-Networking Ltd." "c:\program files (x86)\spybot - search & destroy 2\sdecon64.dll"
+ "SDECon64" "Windows Explorer context menu integration" "Safer-Networking Ltd." "c:\program files (x86)\spybot - search & destroy 2\sdecon64.dll"
"HKLM\Software\Wow6432Node\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "Adobe.Acrobat.ContextMenu" "Adobe Acrobat Context Menu" "Adobe Systems Inc." "c:\program files (x86)\adobe\acrobat 10.0\acrobat elements\contextmenu.dll"
+ "SDECon32" "Windows Explorer context menu integration" "Safer-Networking Ltd." "c:\program files (x86)\spybot - search & destroy 2\sdecon32.dll"
+ "SDECon64" "Windows Explorer context menu integration" "Safer-Networking Ltd." "c:\program files (x86)\spybot - search & destroy 2\sdecon32.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers" "" "" ""
+ "DropboxExt1" "Dropbox Shell Extension" "Dropbox, Inc." "c:\users\owner\appdata\roaming\dropbox\bin\dropboxext64.17.dll"
+ "DropboxExt2" "Dropbox Shell Extension" "Dropbox, Inc." "c:\users\owner\appdata\roaming\dropbox\bin\dropboxext64.17.dll"
+ "DropboxExt3" "Dropbox Shell Extension" "Dropbox, Inc." "c:\users\owner\appdata\roaming\dropbox\bin\dropboxext64.17.dll"
+ "DropboxExt4" "Dropbox Shell Extension" "Dropbox, Inc." "c:\users\owner\appdata\roaming\dropbox\bin\dropboxext64.17.dll"
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers" "" "" ""
+ "DropboxExt1" "Dropbox Shell Extension" "Dropbox, Inc." "c:\users\owner\appdata\roaming\dropbox\bin\dropboxext.17.dll"
+ "DropboxExt2" "Dropbox Shell Extension" "Dropbox, Inc." "c:\users\owner\appdata\roaming\dropbox\bin\dropboxext.17.dll"
+ "DropboxExt3" "Dropbox Shell Extension" "Dropbox, Inc." "c:\users\owner\appdata\roaming\dropbox\bin\dropboxext.17.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "Google Toolbar Helper" "Google Toolbar" "Google Inc." "c:\program files (x86)\google\google toolbar\googletoolbar_64.dll"
+ "Office Document Cache Handler" "Microsoft Office Document Cache Handler" "Microsoft Corporation" "c:\program files\microsoft office\office14\urlredir.dll"
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "Adobe PDF Conversion Toolbar Helper" "Adobe PDF Toolbar for Internet Explorer" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\acrobat\activex\acroiefavclient.dll"
+ "Adobe PDF Link Helper" "Adobe PDF Helper for Internet Explorer" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\acrobat\activex\acroiehelpershim.dll"
+ "ChromeFrame BHO" "Chrome Frame renders the Web of the future in the browsers of the past. It's like strapping a rocket engine to a minivan." "Google Inc." "c:\program files (x86)\google\chrome\application\22.0.1229.79\npchrome_frame.dll"
+ "Google Toolbar Helper" "Google Toolbar" "Google Inc." "c:\program files (x86)\google\google toolbar\googletoolbar_32.dll"
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "Oracle Corporation" "c:\program files (x86)\java\jre7\bin\jp2ssv.dll"
+ "Java™ Plug-In SSV Helper" "Java™ Platform SE binary" "Oracle Corporation" "c:\program files (x86)\java\jre7\bin\ssv.dll"
+ "Office Document Cache Handler" "Microsoft Office Document Cache Handler" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\urlredir.dll"
+ "SmartSelect Class" "Adobe PDF Toolbar for Internet Explorer" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\acrobat\activex\acroiefavclient.dll"
+ "Spybot-S&D IE Protection" "Blocks URLs that could install spyware, malware etc." "Safer-Networking Ltd." "c:\program files (x86)\spybot - search & destroy 2\sdhelper.dll"
"HKLM\Software\Microsoft\Internet Explorer\Toolbar" "" "" ""
+ "Google Toolbar" "Google Toolbar" "Google Inc." "c:\program files (x86)\google\google toolbar\googletoolbar_64.dll"
"HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar" "" "" ""
+ "Adobe PDF" "Adobe PDF Toolbar for Internet Explorer" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\acrobat\activex\acroiefavclient.dll"
+ "Google Toolbar" "Google Toolbar" "Google Inc." "c:\program files (x86)\google\google toolbar\googletoolbar_32.dll"
"HKLM\Software\Microsoft\Internet Explorer\Extensions" "" "" ""
+ "OneNote Lin&ked Notes" "Microsoft OneNote Internet Explorer Add-in" "Microsoft Corporation" "c:\program files\microsoft office\office14\onbttnielinkednotes.dll"
+ "Se&nd to OneNote" "Microsoft OneNote Internet Explorer Add-in" "Microsoft Corporation" "c:\program files\microsoft office\office14\onbttnie.dll"
"HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Extensions" "" "" ""
+ "&Blog This in Windows Live Writer" "Windows Live Writer Blog This Extension" "Microsoft Corporation" "c:\program files (x86)\windows live\writer\writerbrowserextension.dll"
+ "Add to Evernote 4" "" "" "File not found: C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204"
+ "OneNote Lin&ked Notes" "Microsoft OneNote Internet Explorer Add-in" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\onbttnielinkednotes.dll"
+ "Se&nd to OneNote" "Microsoft OneNote Internet Explorer Add-in" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\onbttnie.dll"
+ "Spybot - Search && Destroy Configuration" "Blocks URLs that could install spyware, malware etc." "Safer-Networking Ltd." "c:\program files (x86)\spybot - search & destroy 2\sdhelper.dll"
"Task Scheduler" "" "" ""
+ "\Adobe Flash Player Updater" "Adobe® Flash® Player Update Service 11.5 r502" "Adobe Systems Incorporated" "c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe"
+ "\AdobeAAMUpdater-1.0-Owner-THINK-Owner" "Adobe Updater Startup Utility" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\oobe\pdapp\uwa\updaterstartuputility.exe"
+ "\Apple\AppleSoftwareUpdate" "Apple Software Update" "Apple Inc." "c:\program files (x86)\apple software update\softwareupdate.exe"
+ "\FacebookUpdateTaskUserS-1-5-21-3513094602-2579651782-1916629540-1000Core" "Facebook Installer" "Facebook Inc." "c:\users\owner\appdata\local\facebook\update\facebookupdate.exe"
+ "\FacebookUpdateTaskUserS-1-5-21-3513094602-2579651782-1916629540-1000UA" "Facebook Installer" "Facebook Inc." "c:\users\owner\appdata\local\facebook\update\facebookupdate.exe"
+ "\GoogleUpdateTaskMachineCore" "Google Installer" "Google Inc." "c:\program files (x86)\google\update\googleupdate.exe"
+ "\GoogleUpdateTaskMachineUA" "Google Installer" "Google Inc." "c:\program files (x86)\google\update\googleupdate.exe"
+ "\HPCustParticipation HP Photosmart Plus B210 series" "HP Customer Participation." "Hewlett-Packard Co." "c:\program files\hp\hp photosmart plus b210 series\bin\hpcustpartic.exe"
+ "\Lenovo\Lenovo Customer Feedback Program" "Lenovo.TVT.CustomerFeedback.Agent" "Lenovo" "c:\program files\lenovo\customer feedback program\lenovo.tvt.customerfeedback.agent.exe"
+ "\Lenovo\SimpleTap\Start SimpleTap for Owner-THINK.Owner" "SimpleTap" "Lenovo" "c:\program files\lenovo\simpletap\simpletap.exe"
+ "\MCP" "Message Center Plus Launcher" "" "c:\program files (x86)\lenovo\message center plus\mcplaunch.exe"
+ "\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan" "Microsoft Malware Protection Command Line Utility" "Microsoft Corporation" "c:\program files\microsoft security client\mpcmdrun.exe"
+ "\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task" "Windows Live Social Object Extractor Engine" "Microsoft Corporation" "c:\program files (x86)\windows live\soxe\wlsoxe.dll"
+ "\Microsoft\Windows\NetTrace\GatherNetworkInfo" "" "" "c:\windows\system32\gathernetworkinfo.vbs"
+ "\Microsoft\Windows\Windows Media Sharing\UpdateLibrary" "Windows Media Player Network Sharing Service Configuration Application" "Microsoft Corporation" "c:\program files\windows media player\wmpnscfg.exe"
+ "\PCDEventLauncher" "PC-Doctor Module" "PC-Doctor, Inc." "c:\program files\pc-doctor\sessionchecker.exe"
+ "\PCDoctorBackgroundMonitorTask" "PC-Doctor Module" "PC-Doctor, Inc." "c:\program files\pc-doctor\uaclauncher.exe"
+ "\PMTask" "ThinkPad Power Manager Idle Task" "Lenovo Group Limited" "c:\program files (x86)\thinkpad\utilities\pwmidtsv.exe"
+ "\Safer-Networking\Spybot - Search and Destroy\Check for updates" "Update" "Safer-Networking Ltd." "c:\program files (x86)\spybot - search & destroy 2\sdupdate.exe"
+ "\Safer-Networking\Spybot - Search and Destroy\Refresh immunization" "Pro-active browser protection" "Safer-Networking Ltd." "c:\program files (x86)\spybot - search & destroy 2\sdimmunize.exe"
+ "\Safer-Networking\Spybot - Search and Destroy\Scan the system" "Malware Scanner" "Safer-Networking Ltd." "c:\program files (x86)\spybot - search & destroy 2\sdscan.exe"
+ "\Scheduled Update for Ask Toolbar" "" "" "File not found: C:\Program Files (x86)\Ask.com\UpdateTask.exe"
+ "\SUPERAntiSpyware Scheduled Task 204899a6-28ea-4c80-88c4-a94169563336" "SUPERAntiSpyware Task Dispatcher" "SUPERAdBlocker.com" "c:\program files\superantispyware\sastask.exe"
+ "\SUPERAntiSpyware Scheduled Task 36437cfd-e10a-4953-b0b8-b1c90c88738c" "SUPERAntiSpyware Task Dispatcher" "SUPERAdBlocker.com" "c:\program files\superantispyware\sastask.exe"
+ "\SystemToolsDailyTest" "PC-Doctor Module" "PC-Doctor, Inc." "c:\program files\pc-doctor\uaclauncher.exe"
+ "\{7B236D49-AA06-4D42-9C9A-C1D1D6580F42}" "Internet Explorer" "Microsoft Corporation" "c:\program files (x86)\internet explorer\iexplore.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "!SASCORE" "SUPERAntiSpyware Core Service" "SUPERAntiSpyware.com" "c:\program files\superantispyware\sascore64.exe"
+ "AdobeARMservice" "Adobe Acrobat Updater keeps your Adobe software up to date." "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\arm\1.0\armsvc.exe"
+ "AdobeFlashPlayerUpdateSvc" "This service keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes." "Adobe Systems Incorporated" "c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe"
+ "Apple Mobile Device" "Provides the interface to Apple mobile devices." "Apple Inc." "c:\program files (x86)\common files\apple\mobile device support\applemobiledeviceservice.exe"
+ "Application Sendori" "Sets and maintains Sendori protection on this computer." "Sendori, Inc." "c:\program files (x86)\sendori\sendorisvc.exe"
+ "Bonjour Service" "Enables hardware devices and software services to automatically configure themselves on the network and advertise their presence." "Apple Inc." "c:\program files\bonjour\mdnsresponder.exe"
+ "CrashPlanService" "This service backs up your files!" "CrashPlan" "c:\program files\crashplan\crashplanservice.exe"
+ "CxAudMsg" "Monitors audio device events and forward them to subscribing application. If this service is stop. the aduio effects will not function properly." "Conexant Systems Inc." "c:\windows\system32\cxaudmsg64.exe"
+ "Freemake Improver" "Freemake Improver" "Freemake" "c:\programdata\freemake\freemakeutilsservice\freemakeutilsservice.exe"
+ "gupdate" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files (x86)\google\update\googleupdate.exe"
+ "gupdatem" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files (x86)\google\update\googleupdate.exe"
+ "gusvc" "Google Updater keeps your Google software up to date. If Google Updater Service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work." "Google" "c:\program files (x86)\google\common\google updater\googleupdaterservice.exe"
+ "HitmanProScheduler" "HitmanPro Scheduler controls scheduled scans" "SurfRight B.V." "c:\program files\hitmanpro\hmpsched.exe"
+ "HyperW7Svc" "HyperW7 Service" "Lenovo Group Limited" "c:\program files\lenovo\rapidboot\hyperw7svc64.exe"
+ "IBMPMSVC" "Lenovo Power Management Service" "Lenovo." "c:\windows\system32\ibmpmsvc.exe"
+ "iPod Service" "iPod hardware management services" "Apple Inc." "c:\program files\ipod\bin\ipodservice.exe"
+ "jhi_service" "Intel® Identity Protection Technology Host Interface Service - Allows applications to access the local Intel Identity Protection Technology" "Intel Corporation" "c:\program files (x86)\intel\services\ipt\jhi_service.exe"
+ "LENOVO.CAMMUTE" "Camera Mute Control Service for ThinkPad" "Lenovo Group Limited" "c:\program files\lenovo\communications utility\cammute.exe"
+ "LENOVO.MICMUTE" "Microphone Mute Controll Service for ThinkPad" "Lenovo Group Limited" "c:\program files\lenovo\hotkey\micmute.exe"
+ "LENOVO.TPKNRSVC" "Microphone volume control service" "Lenovo Group Limited" "c:\program files\lenovo\communications utility\tpknrsvc.exe"
+ "Lenovo.VIRTSCRLSVC" "Auto Scroll Start Service" "Lenovo Group Limited" "c:\program files\lenovo\virtscrl\lvvsst.exe"
+ "LMS" "Allows applications to access the local Intel® Management and Security Application using its locally-available selected network interfaces." "Intel Corporation" "c:\program files (x86)\intel\intel® management engine components\lms\lms.exe"
+ "MBAMScheduler" "Malwarebytes Anti-Malware scheduler" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamscheduler.exe"
+ "MBAMService" "Malwarebytes Anti-Malware service" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamservice.exe"
+ "MsMpSvc" "Helps protect users from malware and other potentially unwanted software" "Microsoft Corporation" "c:\program files\microsoft security client\msmpeng.exe"
+ "NisSrv" "Helps guard against intrusion attempts targeting known and newly discovered vulnerabilities in network protocols" "Microsoft Corporation" "c:\program files\microsoft security client\nissrv.exe"
+ "ose" "Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports." "Microsoft Corporation" "c:\program files (x86)\common files\microsoft shared\source engine\ose.exe"
+ "osppsvc" "Office Software Protection Platform Service (unlocalized description)" "Microsoft Corporation" "c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\osppsvc.exe"
+ "Power Manager DBC Service" "Power Manager Dynamic Brightness Control Service" "Lenovo" "c:\program files (x86)\thinkpad\utilities\pwmdbsvc.exe"
+ "PSI_SVC_2" "This service provides Protexis licensing functionalty." "Protexis Inc." "c:\program files (x86)\common files\protexis\license service\psiservice_2.exe"
+ "PwmEWSvc" "Power Manager Cisco EnergyWise Enabler" "Lenovo Group Limited" "c:\program files (x86)\thinkpad\utilities\pwmewsvc.exe"
+ "SAService" "SmartAudio Helper service" "Conexant Systems, Inc." "c:\windows\syswow64\sasrv.exe"
+ "SDScannerService" "Offers malware scanning services to Spybot-S&D modules." "Safer-Networking Ltd." "c:\program files (x86)\spybot - search & destroy 2\sdfssvc.exe"
+ "SDUpdateService" "Downloads Spybot updates and installs them." "Safer-Networking Ltd." "c:\program files (x86)\spybot - search & destroy 2\sdupdsvc.exe"
+ "SDWSCService" "Integrates Spybot into the Windows Security Center." "Safer-Networking Ltd." "c:\program files (x86)\spybot - search & destroy 2\sdwscsvc.exe"
+ "Service Sendori" "Service Sendori." "sendori" "c:\program files (x86)\sendori\sendori.service.exe"
+ "SkypeUpdate" "Enables the detection, download and installation of updates for Skype." "Skype Technologies" "c:\program files (x86)\skype\updater\updater.exe"
+ "sndappv2" "Sets and maintains sndappv2 LSP protection on this computer." "Sendori" "c:\program files (x86)\sendori\sndappv2.exe"
+ "SUService" "ThinkVantage System Update" "Lenovo Group Limited" "c:\program files (x86)\lenovo\system update\suservice.exe"
+ "SwitchBoard" "Adobe SwitchBoard" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\switchboard\switchboard.exe"
+ "TPHDEXLGSVC" "ThinkVantage Active Protection System - HDD Logger Module" "Lenovo." "c:\windows\system32\tphdexlg64.exe"
+ "TPHKLOAD" "ThinkPad Message Client Loader" "Lenovo Group Limited" "c:\program files\lenovo\hotkey\tphkload.exe"
+ "TPHKSVC" "On screen display Fn+Fx handler" "Lenovo Group Limited" "c:\program files\lenovo\hotkey\tphksvc.exe"
+ "UleadBurningHelper" "ULCDRSvr" "Ulead Systems, Inc." "c:\program files (x86)\common files\ulead systems\dvd\ulcdrsvr.exe"
+ "UNS" "Intel® Management and Security Application User Notification Service - Updates the Windows Event Log with notifications of pre defined events received from the local Intel® Management and Security Application Device." "Intel Corporation" "c:\program files (x86)\intel\intel® management engine components\uns\uns.exe"
+ "VIPAppService" "VIP Service" "Symantec Corporation" "c:\program files (x86)\symantec\vip access client\vipappservice.exe"
+ "WinDefend" "Protection against spyware and potentially unwanted software" "Microsoft Corporation" "c:\program files\windows defender\mpsvc.dll"
+ "wlidsvc" "Enables Windows Live ID authentication." "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidsvc.exe"
+ "WMPNetworkSvc" "Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play" "Microsoft Corporation" "c:\program files\windows media player\wmpnetwk.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "5U877" "Ricoh USB Camera driver" "Ricoh co.,Ltd." "c:\windows\system32\drivers\5u877.sys"
+ "adp94xx" "Adaptec Windows SAS/SATA Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adp94xx.sys"
+ "adpahci" "Adaptec Windows SATA Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adpahci.sys"
+ "adpu320" "Adaptec StorPort Ultra320 SCSI Driver (X64)" "Adaptec, Inc." "c:\windows\system32\drivers\adpu320.sys"
+ "aliide" "ALi mini IDE Driver" "Acer Laboratories Inc." "c:\windows\system32\drivers\aliide.sys"
+ "amdsata" "AHCI 1.2 Device Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdsata.sys"
+ "amdsbs" "AMD Technology AHCI Compatible Controller Driver for Windows - AMD64 platform" "AMD Technologies Inc." "c:\windows\system32\drivers\amdsbs.sys"
+ "amdxata" "Storage Filter Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdxata.sys"
+ "arc" "Adaptec RAID Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\arc.sys"
+ "arcsas" "Adaptec SAS RAID WS03 Driver" "Adaptec, Inc." "c:\windows\system32\drivers\arcsas.sys"
+ "b06bdrv" "Broadcom NetXtreme II GigE VBD" "Broadcom Corporation" "c:\windows\system32\drivers\bxvbda.sys"
+ "b57nd60a" "Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver." "Broadcom Corporation" "c:\windows\system32\drivers\b57nd60a.sys"
+ "BrFiltLo" "Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltlo.sys"
+ "BrFiltUp" "Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltup.sys"
+ "Brserid" "Brotehr Serial I/F Driver (WDM)" "Brother Industries Ltd." "c:\windows\system32\drivers\brserid.sys"
+ "BrSerWdm" "Brother Serial driver (WDM version)" "Brother Industries Ltd." "c:\windows\system32\drivers\brserwdm.sys"
+ "BrUsbMdm" "Brother USB MDM Driver " "Brother Industries Ltd." "c:\windows\system32\drivers\brusbmdm.sys"
+ "BrUsbSer" "Brother USB Serial Driver" "Brother Industries Ltd." "c:\windows\system32\drivers\brusbser.sys"
+ "cmdide" "CMD PCI IDE Bus Driver" "CMD Technology, Inc." "c:\windows\system32\drivers\cmdide.sys"
+ "CnxtHdAudService" "64-bit High Definition Audio Function Driver" "Conexant Systems Inc." "c:\windows\system32\drivers\chdrt64.sys"
+ "ebdrv" "Broadcom NetXtreme II 10 GigE VBD" "Broadcom Corporation" "c:\windows\system32\drivers\evbda.sys"
+ "elxstor" "Storport Miniport Driver for LightPulse HBAs" "Emulex" "c:\windows\system32\drivers\elxstor.sys"
+ "GEARAspiWDM" "CD DVD Filter" "GEAR Software Inc." "c:\windows\system32\drivers\gearaspiwdm.sys"
+ "hcw85cir" "Hauppauge WinTV 885 Consumer IR Driver for eHome" "Hauppauge Computer Works, Inc." "c:\windows\system32\drivers\hcw85cir.sys"
+ "hitmanpro37" "HitmanPro 3.7 Support Driver" "" "c:\windows\system32\drivers\hitmanpro37.sys"
+ "HpSAMD" "Smart Array SAS/SATA Controller Media Driver" "Hewlett-Packard Company" "c:\windows\system32\drivers\hpsamd.sys"
+ "iaStor" "Intel Rapid Storage Technology driver - x64" "Intel Corporation" "c:\windows\system32\drivers\iastor.sys"
+ "iaStorV" "Intel Matrix Storage Manager driver - x64" "Intel Corporation" "c:\windows\system32\drivers\iastorv.sys"
+ "IBMPMDRV" "Lenovo Power Management Driver" "Lenovo." "c:\windows\system32\drivers\ibmpmdrv.sys"
+ "igfx" "Intel Graphics Kernel Mode Driver" "Intel Corporation" "c:\windows\system32\drivers\igdkmd64.sys"
+ "iirsp" "Intel/ICP Raid Storport Driver" "Intel Corp./ICP vortex GmbH" "c:\windows\system32\drivers\iirsp.sys"
+ "IntcDAud" "Intel® Display Audio Driver" "Intel® Corporation" "c:\windows\system32\drivers\intcdaud.sys"
+ "lenovo.smi" "SMI Driver for Lenovo system" "Lenovo Group Limited" "c:\windows\system32\drivers\smiifx64.sys"
+ "LSI_FC" "LSI Fusion-MPT FC Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_fc.sys"
+ "LSI_SAS" "LSI Fusion-MPT SAS Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas.sys"
+ "LSI_SAS2" "LSI SAS Gen2 Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas2.sys"
+ "LSI_SCSI" "LSI Fusion-MPT SCSI Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_scsi.sys"
+ "MBAMProtector" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\windows\system32\drivers\mbam.sys"
+ "megasas" "MEGASAS RAID Controller Driver for Windows 7\Server 2008 R2 for x64" "LSI Corporation" "c:\windows\system32\drivers\megasas.sys"
+ "MegaSR" "LSI MegaRAID Software RAID Driver" "LSI Corporation, Inc." "c:\windows\system32\drivers\megasr.sys"
+ "MEIx64" "Intel® Management Engine Interface" "Intel Corporation" "c:\windows\system32\drivers\hecix64.sys"
+ "nfrd960" "IBM ServeRAID Controller Driver" "IBM Corporation" "c:\windows\system32\drivers\nfrd960.sys"
+ "nvraid" "NVIDIA® nForce™ RAID Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvraid.sys"
+ "nvstor" "NVIDIA® nForce™ Sata Performance Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvstor.sys"
+ "PHCORE" "RapidBoot Driver" "Lenovo Group Limited" "c:\program files\lenovo\rapidboot\phcore64.sys"
+ "psadd" "SMBIOS Driver" "Lenovo Information Product(ShenZhen China) Inc." "c:\windows\system32\drivers\psadd.sys"
+ "ql2300" "QLogic Fibre Channel Stor Miniport Driver" "QLogic Corporation" "c:\windows\system32\drivers\ql2300.sys"
+ "ql40xx" "QLogic iSCSI Storport Miniport Driver" "QLogic Corporation" "c:\windows\system32\drivers\ql40xx.sys"
+ "risdxc" "RICOH PCIe SDXC/MMC Controller Driver" "REDC" "c:\windows\system32\drivers\risdxc64.sys"
+ "RTL8167" "Realtek 8136/8168/8169 NDIS 6.20 64-bit Driver " "Realtek " "c:\windows\system32\drivers\rt64win7.sys"
+ "RTL8192Ce" "Realtek RTL81892CE NDIS Driverr" "Realtek Semiconductor Corporation " "c:\windows\system32\drivers\rtl8192ce.sys"
+ "SASDIFSV" "SASDIFSV64.SYS" "SUPERAdBlocker.com and SUPERAntiSpyware.com" "c:\program files\superantispyware\sasdifsv64.sys"
+ "SASKUTIL" "SASKUTIL64.SYS" "SUPERAdBlocker.com and SUPERAntiSpyware.com" "c:\program files\superantispyware\saskutil64.sys"
+ "secdrv" "Macrovision SECURITY Driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys"
+ "Shockprf" "Shockproof Disk Driver" "Lenovo." "c:\windows\system32\drivers\apsx64.sys"
+ "SiSRaid2" "SiS RAID Stor Miniport Driver" "Silicon Integrated Systems Corp." "c:\windows\system32\drivers\sisraid2.sys"
+ "SiSRaid4" "SiS AHCI Stor-Miniport Driver" "Silicon Integrated Systems" "c:\windows\system32\drivers\sisraid4.sys"
+ "stexstor" "Promise SuperTrak EX Series Driver for Windows " "Promise Technology" "c:\windows\system32\drivers\stexstor.sys"
+ "SynTP" "Synaptics Touchpad Driver" "Synaptics Incorporated" "c:\windows\system32\drivers\syntp.sys"
+ "TPDIGIMN" "APS Digitizer Activity Monitor" "Lenovo." "c:\windows\system32\drivers\apshm64.sys"
+ "TPPWRIF" "Power Manager" "Lenovo Group Limited" "c:\windows\system32\drivers\tppwr64v.sys"
+ "USBAAPL64" "Apple Mobile Device USB Driver" "Apple, Inc." "c:\windows\system32\drivers\usbaapl64.sys"
+ "viaide" "VIA Generic PCI IDE Bus Driver" "VIA Technologies, Inc." "c:\windows\system32\drivers\viaide.sys"
+ "vsmraid" "VIA RAID DRIVER FOR AMD-X86-64" "VIA Technologies Inc.,Ltd" "c:\windows\system32\drivers\vsmraid.sys"
+ "WDC_SAM" "Manages WD external storage products." "Western Digital Technologies" "c:\windows\system32\drivers\wdcsam64.sys"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm"
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.dvacm" "Ulead DV Audio ACM Driver" "Ulead Systems, Inc." "c:\program files (x86)\common files\ulead systems\vio\dvacm.acm"
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\syswow64\l3codeca.acm"
+ "msacm.mpegacm" "Ulead MPEG1 Layer2 Audio ACM Driver" "Ulead Systems, Inc." "c:\program files (x86)\common files\ulead systems\mpeg\mpegacm.acm"
+ "msacm.ulmp3acm" "Ulead MP3 codec engine" "Ulead systems" "c:\program files (x86)\common files\ulead systems\mpeg\ulmp3acm.acm"
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\syswow64\iccvid.dll"
+ "vidc.XVID" "" "" "c:\windows\syswow64\xvidvfw.dll"
"HKLM\Software\Wow6432Node\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "Capture File Writer" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "Dib Output" "" "Ulead Systems, Inc." "c:\program files (x86)\common files\ulead systems\filters\diboutput.ax"
+ "Dib Receive" "" "Ulead Systems, Inc." "c:\program files (x86)\common files\ulead systems\filters\dibreceive.ax"
+ "DirectVobSub" "" "" "File not found: C:\Program Files (x86)\FreeTime\FormatFactory\FFModules\AviSynthPlugins\vsfilter.dll"
+ "DirectVobSub (auto-loading version)" "" "" "File not found: C:\Program Files (x86)\FreeTime\FormatFactory\FFModules\AviSynthPlugins\vsfilter.dll"
+ "DV ACM V/A Source Filter" "" "Ulead Systems, Inc." "c:\program files (x86)\common files\ulead systems\filters\dvsf.ax"
+ "DV V/A Source Filter" "" "Ulead Systems, Inc." "c:\program files (x86)\common files\ulead systems\filters\dvsf.ax"
+ "DV Video Source Filter" "" "Ulead Systems, Inc." "c:\program files (x86)\common files\ulead systems\filters\dvsf.ax"
+ "ffdshow DXVA Video Decoder" "" "" "File not found: C:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Filters\ffdshow\ffdshow.ax"
+ "InterVideo Audio Decoder" "IVIAUDIO LOGID.119684" "InterVideo Inc." "c:\program files (x86)\corel\corelwindvd2010\iviaudio.ax"
+ "InterVideo Video Decoder" "IVIVIDEO LOGID.119684" " InterVideo Inc." "c:\program files (x86)\corel\corelwindvd2010\ivivideo.ax"
+ "MS PR Source Filter" "PlayReady DirectShow Source Filter DLL" "Microsoft Corporation" "c:\program files (x86)\playready\prsource.dll"
+ "PlayReady DMO Wrapper" "PlayReady DirectShow DMO Wrapper Filter DLL" "Microsoft Corporation" "c:\program files (x86)\playready\prdmowrapper.dll"
+ "Record Queue" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "Ulead AMR Audio Decoder" "MP4 AMR Audio Decoder Filter" "Ulead Systems, Inc." "c:\program files (x86)\common files\ulead systems\mpeg\uladamr.ax"
+ "Ulead Audio Dual Channel Filter" "Ulead Audio Dual Channel Filter" "Ulead Systems, Inc." "c:\program files (x86)\common files\ulead systems\mpeg\uaudiodcfilter.ax"
+ "Ulead DV Scene Detect" "" "" "C:\Program Files (x86)\Common Files\Ulead Systems\DVD\"
+ "Ulead DV SubTitle Filter" "DV SubTitle Filter" "Ulead Systems, Inc." "c:\program files (x86)\common files\ulead systems\mpeg\dvtranssubtitle.ax"
+ "Ulead DV Writer" "ulDVWriter" "Corel" "c:\program files (x86)\common files\ulead systems\capture\uldvrite.ax"
+ "Ulead DVB Parser" "Ulead DVB Parser Filter" "Ulead Systems, Inc." "c:\program files (x86)\common files\ulead systems\mpeg\uldvbparser.ax"
+ "Ulead DVD Audio Decoder 2" "Audio Decoder" "Ulead Systems, Inc." "c:\program files (x86)\common files\ulead systems\mpeg\uldvdaudio.ax"
+ "Ulead DVD Navigator" "DVD Navigator filter" "Ulead Systems, Inc." "c:\program files (x86)\common files\ulead systems\dvd\uleaddvdnavigator.ax"
+ "Ulead DVD Parser" "ulDVDParser" "Ulead Systems, Inc." "c:\program files (x86)\common files\ulead systems\mpeg\uldvdparser.ax"
+ "Ulead DVD Video decoder 2" "DVD Video Decoder with DxVA Support" "Ulead Systems, Inc." "c:\program files (x86)\common files\ulead systems\mpeg\uldvdvideo.ax"
+ "Ulead DVSD Push Source Filter" "Ulead DVSD Push Source Filter" "Ulead Systems, Inc." "c:\program files (x86)\common files\ulead systems\mpeg\uldvsdpushsource.ax"
+ "ULead File Source (Async.)" "Ulead Async Filter" "Ulead Systems" "c:\program files (x86)\common files\ulead systems\mpeg\ulasync.ax"
+ "ULead File Writer" "File Dump Filter" "ULead Systems" "c:\program files (x86)\common files\ulead systems\mpeg\uldump.ax"
+ "Ulead H264 Decoder" "uldsh264" "uleadivi" "c:\program files (x86)\common files\ulead systems\mpeg\uldsh264.ax"
+ "ULead Infinite Pin Tee" "Ulead Infinite Tee Filter" "Ulead Systems, Inc." "c:\program files (x86)\common files\ulead systems\mpeg\uinftee.ax"
+ "Ulead MPEG Audio Decoder" "Audio Decoder" "Ulead Systems, Inc." "c:\program files (x86)\common files\ulead systems\mpeg\uldvdaudio.ax"
+ "Ulead MPEG Audio Encoder" "DS MPEG Audio Encoder" "Ulead Systems" "c:\program files (x86)\common files\ulead systems\mpeg\uleampeg.ax"
+ "Ulead MPEG Encoder" "MPEG Encoder and Muxer" "ULead Systems" "c:\program files (x86)\common files\ulead systems\mpeg\ulesmpeg.ax"
+ "Ulead MPEG Muxer" "MPEG Muxer" "ULead Systems" "c:\program files (x86)\common files\ulead systems\mpeg\ulmxmpeg.ax"
+ "Ulead MPEG Splitter" "ULead Mpeg I/II Splitter" "ULead Systems" "c:\program files (x86)\common files\ulead systems\mpeg\ulspmpeg.ax"
+ "Ulead MPEG Transcoder" "ulMPGTrans" "Ulead com" "c:\program files (x86)\common files\ulead systems\mpeg\ulmpgtrans.ax"
+ "Ulead MPEG Video Decoder" "MPEG Video and Audio Decoder" "ULead Systems" "c:\program files (x86)\common files\ulead systems\mpeg\uldsmpeg.ax"
+ "Ulead MPEG-4 ASP Video Decoder" "MP4 ASP Video Decoder Filter" "Ulead Systems, Inc." "c:\program files (x86)\common files\ulead systems\mpeg\ulaspvdmp4.ax"
+ "Ulead MPEG-4 Audio Decoder" "MP4 AAC Audio Decoder Filter" "Ulead Systems, Inc." "c:\program files (x86)\common files\ulead systems\mpeg\uladmp4.ax"
+ "Ulead MPEG-4 Encoder" "MP4 Encoder Filter" "Ulead Systems, Inc." "c:\program files (x86)\common files\ulead systems\mpeg\ulmp4enc.ax"
+ "Ulead MPEG-4 Splitter" "MP4 Splitter Filter" "Ulead Systems, Inc." "c:\program files (x86)\common files\ulead systems\mpeg\ulspmp4.ax"
+ "Ulead MPEG-4 Video Decoder" "MP4 Video Decoder Filter" "Ulead Systems, Inc." "c:\program files (x86)\common files\ulead systems\mpeg\ulvdmp4.ax"
+ "Ulead Ogg Parser" "ulOggParserFilter" "Ulead Systems, Inc." "c:\program files (x86)\common files\ulead systems\mpeg\uloggparserfilter.ax"
+ "Ulead OggVorbis Decoder" "ulOggVorbisDecoderFilter" "Ulead Systems, Inc." "c:\program files (x86)\common files\ulead systems\mpeg\uloggvorbisdecoderfilter.ax"
+ "Ulead OggVorbis Encoder" "ulOggVorbisEncoderFilter" "Ulead Systems, Inc." "c:\program files (x86)\common files\ulead systems\mpeg\uloggvorbisencoderfilter.ax"
+ "Ulead Push Source Filter" "Ulead Push Source Filter" "Ulead Systems, Inc." "c:\program files (x86)\common files\ulead systems\mpeg\ulpushsource.ax"
+ "Ulead Sub-Picture Push Source Filter" "Ulead Sub-Picture Push Source Filter" "Ulead Systems, Inc." "c:\program files (x86)\common files\ulead systems\mpeg\ulsubpicpushsource.ax"
+ "Ulead Video Deinterlace Filter" "" "Ulead Systems, Inc." "c:\program files (x86)\common files\ulead systems\filters\deinterlace.ax"
+ "WM VIH2 Fix" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT DV Extract Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Sample Info Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Switch Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Virtual Renderer" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Virtual Source" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WS ScreenCapture" "" "" "File not found: C:\Program Files (x86)\Wondershare\Video Converter Ultimate\ScreenCaptureFilter.ax"
+ "Xvid MPEG-4 Video Decoder" "xvid" "http://www.xvid.org" "c:\windows\syswow64\xvid.ax"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers" "" "" ""
+ "WLIDCredentialProvider" "Microsoft® Windows Live ID Credential Provider" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidcredprov.dll"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify" "" "" ""
+ "igfxcui" "igfxdev Module" "Intel Corporation" "c:\windows\system32\igfxdev.dll"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries" "" "" ""
+ "SendoriLSP" "" "" "File not found: C:\Windows\system32\Sendori.dll"
+ "SendoriLSP over [MSAFD Tcpip [TCP/IP]]" "" "" "File not found: C:\Windows\system32\Sendori.dll"
+ "SendoriLSP over [MSAFD Tcpip [TCP/IPv6]]" "" "" "File not found: C:\Windows\system32\Sendori.dll"
+ "SendoriLSP over [MSAFD Tcpip [UDP/IP]]" "" "" "File not found: C:\Windows\system32\Sendori.dll"
+ "SendoriLSP over [MSAFD Tcpip [UDP/IPv6]]" "" "" "File not found: C:\Windows\system32\Sendori.dll"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries" "" "" ""
+ "mdnsNSP" "Bonjour Namespace Provider" "Apple Inc." "c:\program files (x86)\bonjour\mdnsnsp.dll"
+ "WindowsLive Local NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corp." "c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll"
+ "WindowsLive NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corp." "c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64" "" "" ""
+ "mdnsNSP" "Bonjour Namespace Provider" "Apple Inc." "c:\program files\bonjour\mdnsnsp.dll"
+ "WindowsLive Local NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidnsp.dll"
+ "WindowsLive NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidnsp.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors" "" "" ""
+ "Adobe PDF Port Monitor" "Adobe PDF Port Monitor DLL" "Adobe Systems Inc" "c:\windows\system32\adobepdf.dll"
+ "Canon BJ Language Monitor MG6100 series" "IJ Language Monitor" "CANON INC." "c:\windows\system32\cnmlmag.dll"
+ "Canon BJ Language Monitor MG6100 series XPS" "IJ Language Monitor" "CANON INC." "c:\windows\system32\cnmxlmag.dll"
+ "HP 8e11 Status Monitor" "Print Status Language Monitor" "Hewlett-Packard Co." "c:\windows\system32\hpinksts8e11lm.dll"
+ "HP Discovery Port Monitor (HP Photosmart Plus B210 series)" "HP Discovery Port Monitor" "Hewlett-Packard Co." "c:

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:31 AM

Posted 05 February 2013 - 10:26 PM

Please run malwarebytes again and post the clean log


Now run RKILL given in previous instructions and post the new log


Edited by narenxp, 09 February 2013 - 08:46 AM.


#7 bluedog22

bluedog22
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:31 AM

Posted 09 February 2013 - 08:41 AM

Rkill 2.4.6 by Lawrence Abrams (Grinler)
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 02/09/2013 08:38:46 AM in x64 mode.
Windows Version: Windows 7 Professional Service Pack 1
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * ALERT: ZEROACCESS rootkit symptoms found!
 
     * HKEY_CLASSES_ROOT\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 [ZA Reg Hijack]
 
Checking Windows Service Integrity: 
 
 * No issues found.
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * No issues found.
 
Program finished at: 02/09/2013 08:39:56 AM
Execution time: 0 hours(s), 1 minute(s), and 9 seconds(s)


#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:31 AM

Posted 09 February 2013 - 08:54 AM

Download

 

Zaccess.reg

 

Launch it and click YES

 


Remove temporary and junk files

Download

TFC

Launch it,it will close all running programs

click on START,it should ask for reboot.If TFC locks up the system,run it in safemode


Create a new restore point

Follow this guide to turn off and turn on your restore points

XP- http://support.microsoft.com/kb/310405

Vista & windows 7- http://windows.microsoft.com/en-US/windows7/Turn-System-Restore-on-or-off

Turn off your system restore-It deletes old infected restore points

Turn on system restore and create a new restore point

Update JAVA and Flash player

Uninstall old version of java from control panel-Add or remove programs.Download the latest version from here

http://java.com/en/

Update your flash player

Antivirus recommendations

Update your antivirus frequently.Two free antivirus that i would suggest are

Microsoft security essentials or Avast.You can select either one of them.

If you have a paid one,make sure to update it frequently.Do not use multiple security softwares.

Informative guides that could prevent you from being infected again

How did I get infected?

http://www.bleepingcomputer.com/forums/topic2520.html

Best Practices for Safe Computing - Prevention of Malware Infection

http://www.bleepingcomputer.com/forums/topic407147.html

Simple and easy ways to keep your computer safe and secure on the Internet

http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

Safe surfing smile.png
 


Edited by narenxp, 09 February 2013 - 08:54 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users