|
#1
August 8th, 2012, 10:39 PM
|
||||
|
||||
|
HiJackThis log - help reading it?
Recently started to get some weird adware with FireFox. Can anybody see anything?
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 4:36:51 PM, on 8/8/2012 Platform: Unknown Windows (WinNT 6.01.3505 SP1) MSIE: Internet Explorer v9.00 (9.00.8112.16447) Boot mode: Normal Running processes: C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe C:\Program Files (x86)\ContourStoryteller\ContourAutoplay.exe C:\Program Files (x86)\SnanSnap\PFU\ScanSnap\CardMinder\CardLaunche r.exe C:\Users\Andrew\AppData\Local\Apps\Evernote\Everno te\EvernoteClipper.exe C:\PROGRA~1\Lenovo\Zoom\TPSCREX.EXE C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE C:\Program Files (x86)\ThinkPad\Tablet Shortcut\TSMResident.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Windows\SSDriver\fi5110\SsWiaChecker.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\core\PDapp.exe C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.ex e C:\Program Files (x86)\Adobe\Adobe Muse\Adobe Muse.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Users\Andrew\AppData\Local\Temp\Temp1_hijackthi s.zip\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.msn.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL O2 - BHO: IEPlugin - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O4 - HKLM\..\Run: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe O4 - HKLM\..\Run: [TSMResident] "C:\Program Files (x86)\ThinkPad\Tablet Shortcut\TSMRESIDENT.EXE" /r O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.ex e" -launchedbylogin O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [DNS7reminder] "C:\Program Files (x86)\Nuance\NaturallySpeaking11\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking11\Ereg.in i" O4 - HKLM\..\Run: [ScanSnap WIA Service Checker] C:\Windows\SSDriver\fi5110\SsWiaChecker.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.ex e" -launchedbylogin O4 - HKCU\..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler O4 - HKCU\..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe O4 - Startup: EvernoteClipper.lnk = Andrew\AppData\Local\Apps\Evernote\Evernote\Everno teClipper.exe O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE O4 - Global Startup: CardMinder Viewer.lnk = ? O4 - Global Startup: Conversion to PDF with ScanSnap Organizer.lnk = ? O8 - Extra context menu item: Add to Evernote 4.0 - res://C:\Users\Andrew\AppData\Local\Apps\Evernote\Everno te\EvernoteIE.dll/204 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm O9 - Extra button: @C:\Users\Andrew\AppData\Local\Apps\Evernote\Evern ote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Users\Andrew\AppData\Local\Apps\Evernote\Everno te\EvernoteIE.dll/204 (file missing) (HKCU) O9 - Extra 'Tools' menuitem: @C:\Users\Andrew\AppData\Local\Apps\Evernote\Evern ote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Users\Andrew\AppData\Local\Apps\Evernote\Everno te\EvernoteIE.dll/204 (file missing) (HKCU) O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O13 - Gopher Prefix: O17 - HKLM\System\CCS\Services\Tcpip\..\{D8669281-776F-4710-83F1-9A1DFB7D08E2}: NameServer = 208.67.222.222,208.67.220.220 O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: ASR Service (ASRSVC) - Lenovo Group Limited - C:\Program Files (x86)\ThinkPad\Tablet Shortcut\ASR\ASRSVC.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe O23 - Service: @C:\Windows\system32\CxAudMsg64.exe,-100 (CxAudMsg) - Unknown owner - C:\Windows\system32\CxAudMsg64.exe (file missing) O23 - Service: Lenovo Doze Mode Service (DozeSvc) - Lenovo. - C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE O23 - Service: Dragon Service (DragonSvc) - Nuance Communications, Inc. - C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe O23 - Service: HyperW7 Service (HyperW7Svc) - Lenovo Group Limited - C:\Program Files\Lenovo\RapidBoot\HyperW7Svc64.exe O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\Windows\system32\ibmpmsvc.exe (file missing) O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Intel(R) Identity Protection Technology Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Lenovo Camera Mute (LENOVO.CAMMUTE) - Lenovo Group Limited - C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe O23 - Service: Lenovo Microphone Mute (LENOVO.MICMUTE) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe O23 - Service: Lenovo Keyboard Noise Reduction (LENOVO.TPKNRSVC) - Lenovo Group Limited - C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe O23 - Service: Lenovo Auto Scroll (Lenovo.VIRTSCRLSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Power Manager DBC Service - Lenovo - C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Conexant SmartAudio service (SAService) - Conexant Systems, Inc. - C:\Windows\system32\SAsrv.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Screen Reading Optimizer Service Program (SROSVC) - Lenovo Group Limited - C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe O23 - Service: System Update (SUService) - Lenovo Group Limited - C:\Program Files (x86)\Lenovo\System Update\SUService.exe O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O23 - Service: TabletServiceISD - Wacom Technology, Corp. - C:\Program Files\Tablet\ISD\ISD_Tablet.exe O23 - Service: TABLET Service (TabletSVC) - Lenovo Group Limited - C:\Program Files (x86)\ThinkPad\Tablet Shortcut\TSMService.exe O23 - Service: Tether - Unknown owner - C:\Program Files (x86)\Tether\TBService.exe O23 - Service: Wacom ISD Touch Service (TouchServiceISD) - Wacom Technology, Corp. - C:\Program Files\Tablet\ISD\ISD_TouchService.exe O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Unknown owner - C:\Windows\System32\TPHDEXLG64.exe (file missing) O23 - Service: Lenovo Hotkey Client Loader (TPHKLOAD) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe O23 - Service: On Screen Display (TPHKSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: VIPAppService - Symantec Corporation - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe O23 - Service: Cisco AnyConnect VPN Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 14923 bytes 
|
|
#2
August 9th, 2012, 12:31 AM
|
||||
|
||||
|
Hello R4NG3R,
This log really reflects little as far as browsers like Firefox go. Let's get a more detailed look at things. To make sure you have an accurate view of files there, make sure you can View Hidden Files. Also uncheck "Hide Extensions for Known File Types" To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs. Here are some antivirus disable tips if needed. ------- Click here and download OldTimer's OTL to your desktop, then click that to open the scan display. At the top click "Scan All Users", then click "Run Scan". Make no other changes at this time. When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are also saved in the same location as OTL.exe. Post the contents of those back here please. ----------- Click here and download the installer for Gmer to your desktop, then click that file to run Gmer. Once the opening scan finishes, click on Scan (again, before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan). When completed, click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please. ----------- Download aswMBR ( 511KB ) to your desktop.
A lot, but comprehensive, and will make sure we get a good view of everything.
|
|
#3
August 10th, 2012, 11:43 PM
|
||||
|
||||
|
GMER Log
GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-08-10 17:12:28 Windows 6.1.7601 Service Pack 1 Running: c5u0bgg5.exe ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Par ameters\Keys\ec55f9f0891e Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Paramet ers\Keys\ec55f9f0891e (not active ControlSet) ---- Files - GMER 1.0.15 ---- File C:\Windows\SysWOW64\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\list[1].js 3644 bytes File C:\Windows\SysWOW64\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\login_button[1].htm 8305 bytes File C:\Windows\SysWOW64\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\info_48[1] 4113 bytes File C:\Windows\SysWOW64\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\gleak_728_90-ros[1].htm 820 bytes File C:\Windows\SysWOW64\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\6057122783[1].htm 7568 bytes File C:\Windows\SysWOW64\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\afr[3].htm 1821 bytes File C:\Windows\SysWOW64\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\afr[4].htm 1292 bytes File C:\Windows\SysWOW64\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\afr[5].htm 1822 bytes File C:\Windows\SysWOW64\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\seg[1].gif 43 bytes File C:\Windows\SysWOW64\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\0YC6ULPT\dis[1].htm 9 bytes File C:\Windows\SysWOW64\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\0YC6ULPT\load[1].js 395 bytes File C:\Windows\SysWOW64\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\0YC6ULPT\building-energy-2012-paul-eldrenkamp-part-2[1].htm 0 bytes File C:\Windows\SysWOW64\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\0YC6ULPT\p-01-0VIaSjnOLg[3].gif 35 bytes File C:\Windows\SysWOW64\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\0YC6ULPT\if[5].htm 299 bytes File C:\Windows\SysWOW64\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\0YC6ULPT\ddc[8].htm 2048 bytes File C:\Windows\SysWOW64\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\0YC6ULPT\ros[1].htm 0 bytes File C:\Windows\SysWOW64\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\0YC6ULPT\newscanary_com[1].htm 9584 bytes File C:\Windows\SysWOW64\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\0YC6ULPT\bct[1].htm 1232 bytes File C:\Windows\SysWOW64\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\0YC6ULPT\afr[1].htm 1823 bytes File C:\Windows\SysWOW64\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\0YC6ULPT\1397560127@x23[1].htm 3585 bytes File C:\Windows\SysWOW64\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\0YC6ULPT\0RNN5McXkl_344142481[1].htm 0 bytes File C:\Windows\SysWOW64\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\0YC6ULPT\11847603827@x23[1].htm 3585 bytes File C:\Windows\SysWOW64\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\0YC6ULPT\12121113027@x23[1].htm 3584 bytes File C:\Windows\SysWOW64\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\0YC6ULPT\errorPageStrings[1] 2013 bytes File C:\Windows\SysWOW64\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\0YC6ULPT\financial_news_feed[1].js 0 bytes File C:\Windows\SysWOW64\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\0YC6ULPT\fpi[6].htm 2048 bytes File C:\Windows\SysWOW64\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\0YC6ULPT\fpi[7].htm 2048 bytes File C:\Windows\SysWOW64\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\afr[7].htm 1823 bytes File C:\Windows\SysWOW64\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\like[5].htm 16384 bytes File C:\Windows\SysWOW64\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\ddc[8].htm 2048 bytes File C:\Windows\SysWOW64\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\comments[1].htm 10485 bytes File C:\Windows\SysWOW64\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\gleak_300_250-ros[1].htm 821 bytes File C:\Windows\SysWOW64\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\AdDisplayTrackerServlet[7].htm 0 bytes File C:\Windows\SysWOW64\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\afr[4].htm 0 bytes File C:\Windows\SysWOW64\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\afr[5].htm 0 bytes File C:\Windows\SysWOW64\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\business[1].htm 0 bytes File C:\Windows\SysWOW64\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\banner[1].htm 0 bytes File C:\Windows\SysWOW64\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\banner[2].htm 0 bytes File C:\Windows\SysWOW64\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\banner[3].htm 0 bytes File C:\Windows\SysWOW64\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\banner[4].htm 0 bytes File C:\Windows\SysWOW64\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\ddcCAMR2RHK.htm 0 bytes File C:\Windows\SysWOW64\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\%E2%80%9C-avengers%E2%80%9D-promo-poster-released-first-look-591258[1].htm 24576 bytes File C:\Windows\SysWOW64\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\imp[1].htm 3514 bytes File C:\Windows\SysWOW64\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\aceUAC[1].js 0 bytes File C:\Windows\SysWOW64\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\PID_2144349_AGBookRound edProRegular[1].swf 21188 bytes File C:\Windows\SysWOW64\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\iframe3[2].htm 642 bytes File C:\Windows\SysWOW64\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\PSI[1].gif 35 bytes File C:\Windows\SysWOW64\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\getjs[1].js 8971 bytes File C:\Windows\SysWOW64\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\VMQ3F1NY\ddc[7].htm 12858 bytes File C:\Windows\SysWOW64\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\VMQ3F1NY\getjs[4].js 9036 bytes File C:\Windows\SysWOW64\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\W7YGI9LP\beacon[4].js 1900 bytes File C:\Windows\SysWOW64\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\W7YGI9LP\14[1].htm 1603 bytes File C:\Windows\SysWOW64\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\W7YGI9LP\fpi[4].htm 2048 bytes File C:\Windows\SysWOW64\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\W7YGI9LP\afr[5].htm 1318 bytes File C:\Windows\SysWOW64\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\W7YGI9LP\covergirl-cosmetics-name-pink-their-new-covergirl[1].htm 24576 bytes File C:\Windows\SysWOW64\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\W7YGI9LP\p-01-0VIaSjnOLg[3].gif 35 bytes File C:\Windows\SysWOW64\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\W7YGI9LP\p-01-0VIaSjnOLg[4].gif 35 bytes File C:\Windows\SysWOW64\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\165GLU0M.txt 2911 bytes File C:\Windows\SysWOW64\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\1ICQYB2K.txt 281 bytes File C:\Windows\SysWOW64\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\2QXHE6VK.txt 0 bytes File C:\Windows\SysWOW64\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\G4H2SVB2.txt 489 bytes File C:\Windows\SysWOW64\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\G61G0S7W.txt 119 bytes File C:\Windows\SysWOW64\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\S4M7NSM6.txt 0 bytes File C:\Windows\SysWOW64\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\SF0GKWMM.txt 2957 bytes File C:\Windows\SysWOW64\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\TQG96YQI.txt 149 bytes File C:\Windows\SysWOW64\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\7J2XHS43.txt 725 bytes File C:\Windows\SysWOW64\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\7PLNLWH8.txt 95 bytes File C:\Windows\SysWOW64\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\7TQ4P3PW.txt 115 bytes File C:\Windows\SysWOW64\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\8588Y4FK.txt 1726 bytes File C:\Windows\SysWOW64\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\86DQL6K0.txt 1513 bytes File C:\Windows\SysWOW64\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\880G1818.txt 0 bytes File C:\Windows\SysWOW64\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\8NS1IKM1.txt 814 bytes File C:\Windows\SysWOW64\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\KXTBNXSZ.txt 1457 bytes File C:\Windows\SysWOW64\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\LB3DVMFR.txt 506 bytes File C:\Windows\SysWOW64\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\LIT6O7HC.txt 1139 bytes File C:\Windows\SysWOW64\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\LKI9TMQ8.txt 0 bytes File C:\Windows\SysWOW64\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\LVVCVUCO.txt 443 bytes File C:\Windows\SysWOW64\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\LY6VAKUS.txt 0 bytes File C:\Windows\SysWOW64\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\N1I70BGQ.txt 2454 bytes File C:\Windows\SysWOW64\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\N5ZC55OS.txt 617 bytes File C:\Windows\SysWOW64\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\3WQNWBZ5.txt 626 bytes File C:\Windows\SysWOW64\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\48WC9F6T.txt 185 bytes File C:\Windows\SysWOW64\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\4CSD7QOX.txt 246 bytes File C:\Windows\SysWOW64\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\59K1CHIG.txt 427 bytes File C:\Windows\SysWOW64\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\5V2L6A9Z.txt 426 bytes File C:\Windows\SysWOW64\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\5VP3I6BG.txt 115 bytes File C:\Windows\SysWOW64\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\BXPGPYV2.txt 488 bytes File C:\Windows\SysWOW64\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\C3485CAD.txt 122 bytes File C:\Windows\SysWOW64\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\CO4WKD7G.txt 1252 bytes File C:\Windows\SysWOW64\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\D3QEAXPN.txt 286 bytes File C:\Windows\SysWOW64\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\D7FYKY4B.txt 363 bytes File C:\Windows\SysWOW64\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\WIIIY33O.txt 233 bytes File C:\Windows\SysWOW64\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\WJG7KNX3.txt 173 bytes File C:\Windows\SysWOW64\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\X0DSDJLX.txt 0 bytes File C:\Windows\SysWOW64\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\Y9O0OG9D.txt 0 bytes File C:\Windows\SysWOW64\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\YJKGZFG6.txt 607 bytes File C:\Windows\SysWOW64\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\YTIQX1A3.txt 5767 bytes File C:\Windows\SysWOW64\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\Z7I0XGLA.txt 205 bytes File C:\Windows\SysWOW64\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\ZQPXN0J4.txt 3279 bytes File C:\Windows\SysWOW64\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\P10YMTX6.txt 0 bytes File C:\Windows\SysWOW64\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\P2P1SHYK.txt 139 bytes File C:\Windows\SysWOW64\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\PKV1N2D7.txt 3645 bytes File C:\Windows\SysWOW64\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\QA8O4ZSN.txt 555 bytes File C:\Windows\SysWOW64\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\QB1JXVXN.txt 330 bytes File C:\Windows\SysWOW64\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\UFLLDDGH.txt 170 bytes File C:\Windows\SysWOW64\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\UMG02RMK.txt 2532 bytes File C:\Windows\SysWOW64\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\DK0RIR02.txt 732 bytes File C:\Windows\SysWOW64\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\EKRQMSNX.txt 603 bytes File C:\Windows\SysWOW64\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\FVYHO60C.txt 284 bytes File C:\Windows\Temp\flaBA9.tmp 5636096 bytes File C:\Windows\Temp\flaDF3B.tmp 1835008 bytes File C:\Windows\Temp\flaDF99.tmp 1966080 bytes ---- EOF - GMER 1.0.15 ---- ====================================== MBR log aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software Run date: 2012-08-10 17:28:01 ----------------------------- 17:28:01.308 OS Version: Windows x64 6.1.7601 Service Pack 1 17:28:01.308 Number of processors: 4 586 0x2A07 17:28:01.309 ComputerName: ANDREW-THINKPAD UserName: Andrew 17:28:02.982 Initialize success 17:28:10.887 AVAST engine defs: 12081001 17:28:12.553 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 17:28:12.554 Disk 0 Vendor: HITACHI_ ESBZ Size: 238475MB BusType: 3 17:28:12.568 Disk 0 MBR read successfully 17:28:12.569 Disk 0 MBR scan 17:28:12.572 Disk 0 unknown MBR code 17:28:12.581 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 1200 MB offset 2048 17:28:12.592 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 227273 MB offset 2459648 17:28:12.625 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 10000 MB offset 467914752 17:28:12.691 Disk 0 scanning C:\Windows\system32\drivers 17:28:26.741 Service scanning 17:29:10.083 Modules scanning 17:29:10.088 Disk 0 trace - called modules: 17:29:10.150 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys 17:29:10.477 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8009049060] 17:29:10.488 3 CLASSPNP.SYS[fffff8800186c43f] -> nt!IofCallDriver -> [0xfffffa80074f7ab0] 17:29:10.495 5 ACPI.sys[fffff88000ef17a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0xfffffa80074f6050] 17:29:13.429 AVAST engine scan C:\Windows 17:29:22.889 AVAST engine scan C:\Windows\system32 17:30:53.842 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk] 17:30:55.849 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk] 17:32:17.730 AVAST engine scan C:\Windows\system32\drivers 17:32:30.132 AVAST engine scan C:\Users\Andrew 17:38:50.288 Disk 0 MBR has been saved successfully to "C:\Users\Andrew\Desktop\MBR.dat" 17:38:50.288 The log file has been saved successfully to "C:\Users\Andrew\Desktop\aswMBR.txt" ==============================
|
|
#4
August 10th, 2012, 11:44 PM
|
||||
|
||||
|
OTL PART 1
OTL logfile created on: 8/10/2012 4:38:49 PM - Run 2 OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Andrew\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 7.89 Gb Total Physical Memory | 5.65 Gb Available Physical Memory | 71.65% Memory free 15.78 Gb Paging File | 13.54 Gb Available in Paging File | 85.80% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 221.95 Gb Total Space | 66.67 Gb Free Space | 30.04% Space Free | Partition Type: NTFS Drive F: | 931.51 Gb Total Space | 139.93 Gb Free Space | 15.02% Space Free | Partition Type: NTFS Drive Q: | 9.77 Gb Total Space | 1.46 Gb Free Space | 14.92% Space Free | Partition Type: NTFS Computer Name: THINKPAD | User Name: | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/08/10 15:11:07 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Andrew\Desktop\OTL.exe PRC - [2012/08/07 19:44:40 | 000,686,280 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_ 3_300_257_ActiveX.exe PRC - [2012/04/04 00:53:56 | 000,815,512 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe PRC - [2012/03/09 16:26:58 | 001,073,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.ex e PRC - [2012/01/23 15:42:34 | 001,014,112 | ---- | M] (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) -- C:\Users\Andrew\AppData\Local\Apps\Evernote\Everno te\EvernoteClipper.exe PRC - [2011/11/25 16:10:54 | 000,052,664 | ---- | M] () -- C:\Program Files (x86)\Tether\TBService.exe PRC - [2011/09/22 13:43:28 | 000,645,048 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe PRC - [2011/06/04 11:12:36 | 000,296,808 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe PRC - [2011/06/04 09:44:33 | 000,222,496 | ---- | M] (Acresso Corporation) -- C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe PRC - [2011/04/13 07:58:14 | 002,179,704 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\VIP Access Client\VIPUIManager.exe PRC - [2011/04/13 07:58:14 | 000,084,088 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe PRC - [2011/04/04 20:22:12 | 000,059,240 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe PRC - [2011/04/04 20:21:56 | 000,040,808 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe PRC - [2011/03/14 22:04:14 | 000,446,592 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\SysWOW64\SASrv.exe PRC - [2011/03/02 17:07:36 | 000,443,240 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe PRC - [2011/02/24 02:10:24 | 000,212,944 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe PRC - [2011/01/16 22:58:42 | 000,267,624 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe PRC - [2011/01/12 22:26:20 | 000,138,168 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ZOOM\TpScrex.exe PRC - [2010/12/14 16:07:36 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe PRC - [2010/12/01 22:55:56 | 000,064,440 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe PRC - [2010/11/24 02:34:26 | 000,045,496 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\micmute.exe PRC - [2010/04/07 00:37:40 | 000,093,032 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe PRC - [2010/04/01 00:50:46 | 000,043,960 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe PRC - [2009/09/30 11:07:34 | 000,086,016 | ---- | M] (PFU LIMITED) -- C:\Windows\SSDriver\fi5110\SsWiaChecker.exe PRC - [2009/01/08 09:36:42 | 002,521,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\Updater6\Adobe_Updater.exe ========== Modules (No Company Name) ========== MOD - [2012/03/09 16:26:54 | 000,100,352 | ---- | M] () -- C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\zlib1.dll MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011/08/31 16:44:40 | 000,315,392 | ---- | M] () -- C:\Users\Andrew\AppData\Local\Apps\Evernote\Everno te\libtidy.dll MOD - [2011/08/31 16:44:38 | 000,433,664 | ---- | M] () -- C:\Users\Andrew\AppData\Local\Apps\Evernote\Everno te\libxml2.dll MOD - [2010/11/20 22:24:09 | 000,232,448 | ---- | M] () -- \\?\globalroot\systemroot\syswow64\mswsock.DLL MOD - [2010/11/20 22:24:09 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2011/08/01 21:17:13 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64) SRV:64bit: - [2011/04/04 20:22:12 | 000,059,240 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe -- (LENOVO.TPKNRSVC) SRV:64bit: - [2011/04/04 20:21:56 | 000,040,808 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe -- (LENOVO.CAMMUTE) SRV:64bit: - [2011/02/02 02:36:50 | 005,638,000 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\ISD\ISD_Tablet.exe -- (TabletServiceISD) SRV:64bit: - [2011/02/02 02:36:50 | 000,449,904 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\ISD\ISD_TouchService.exe -- (TouchServiceISD) SRV:64bit: - [2011/02/01 00:05:12 | 000,045,928 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Windows\SysNative\ibmpmsvc.exe -- (IBMPMSVC) SRV:64bit: - [2011/01/13 16:05:46 | 000,047,728 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Windows\SysNative\TPHDEXLG64.exe -- (TPHDEXLGSVC) SRV:64bit: - [2010/12/18 17:50:36 | 000,962,848 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe -- (btwdins) SRV:64bit: - [2010/12/17 11:18:08 | 000,198,784 | ---- | M] (Conexant Systems Inc.) [Auto | Running] -- C:\Windows\SysNative\CxAudMsg64.exe -- (CxAudMsg) SRV:64bit: - [2010/12/03 15:01:54 | 000,116,072 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\RapidBoot\HyperW7Svc64.exe -- (HyperW7Svc) SRV:64bit: - [2010/12/02 21:00:56 | 000,114,024 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\tphkload.exe -- (TPHKLOAD) SRV:64bit: - [2010/12/01 22:55:56 | 000,064,440 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC) SRV:64bit: - [2010/11/24 02:34:26 | 000,045,496 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE) SRV:64bit: - [2010/04/07 00:37:40 | 000,093,032 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe -- (Lenovo.VIRTSCRLSVC) SRV - [2012/07/30 21:05:54 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2011/11/25 16:10:54 | 000,052,664 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Tether\TBService.exe -- (Tether) SRV - [2011/09/22 13:43:28 | 000,645,048 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent) SRV - [2011/08/01 21:16:00 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2011/06/04 11:12:36 | 000,296,808 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe -- (DragonSvc) SRV - [2011/04/13 07:58:14 | 000,084,088 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe -- (VIPAppService) SRV - [2011/03/23 13:48:00 | 000,477,032 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE -- (DozeSvc) SRV - [2011/03/23 13:48:00 | 000,079,208 | ---- | M] (Lenovo) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service) SRV - [2011/03/14 22:04:14 | 000,446,592 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\SASrv.exe -- (SAService) SRV - [2011/03/02 17:07:36 | 000,443,240 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe -- (SROSVC) SRV - [2011/02/24 02:10:24 | 000,212,944 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe -- (jhi_service) SRV - [2010/12/14 16:07:36 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe -- (SUService) SRV - [2010/03/18 16:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\msco rsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\msco rsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011/11/03 03:01:00 | 000,056,208 | ---- | M] (Rovi Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2011/09/22 13:29:18 | 000,022,264 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpnva64.sys -- (vpnva) DRV:64bit: - [2011/07/22 13:02:51 | 000,040,248 | ---- | M] (Lenovo Information Product(ShenZhen China) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\psadd.sys -- (psadd) DRV:64bit: - [2011/07/16 22:15:22 | 000,031,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pmxdrv.sys -- (pmxdrv) DRV:64bit: - [2011/06/23 17:39:52 | 000,341,680 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress) DRV:64bit: - [2011/05/19 21:06:46 | 001,442,352 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2011/05/10 08:06:14 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl) DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011/03/23 18:25:00 | 000,101,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdxc64.sys -- (risdxc) DRV:64bit: - [2011/03/23 13:48:00 | 000,031,344 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\DZHDD64.SYS -- (DzHDD64) DRV:64bit: - [2011/03/23 13:48:00 | 000,014,960 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\TPPWR64V.SYS -- (TPPWRIF) DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011/03/10 22:10:38 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2011/03/10 22:10:30 | 012,264,384 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2011/03/04 20:18:42 | 000,166,016 | ---- | M] (Ricoh co.,Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\5U877.sys -- (5U877) DRV:64bit: - [2011/02/23 09:14:44 | 001,142,376 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192Ce.sys -- (RTL8192Ce) DRV:64bit: - [2011/02/09 17:48:56 | 001,577,600 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService) DRV:64bit: - [2011/02/01 00:05:12 | 000,039,024 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ibmpmdrv.sys -- (IBMPMDRV) DRV:64bit: - [2011/01/13 16:04:20 | 000,139,888 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsX64.sys -- (Shockprf) DRV:64bit: - [2011/01/13 16:02:28 | 000,023,664 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsHM64.sys -- (TPDIGIMN) DRV:64bit: - [2010/12/18 02:58:00 | 000,425,000 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (BTWAMPFL) DRV:64bit: - [2010/12/18 02:57:34 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap) DRV:64bit: - [2010/12/18 02:57:34 | 000,021,416 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid) DRV:64bit: - [2010/12/18 02:57:32 | 000,162,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt) DRV:64bit: - [2010/12/18 02:57:32 | 000,145,960 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio) DRV:64bit: - [2010/12/03 15:01:58 | 000,031,592 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Program Files\Lenovo\RapidBoot\PHCORE64.sys -- (PHCORE) DRV:64bit: - [2010/12/02 01:49:24 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacommousefilter.sys -- (wacommousefilter) DRV:64bit: - [2010/12/02 01:49:22 | 000,016,368 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WacomVTHid.sys -- (wacomvthid) DRV:64bit: - [2010/12/02 01:49:20 | 000,016,168 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacomvhid.sys -- (wacomvhid) DRV:64bit: - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010/11/05 09:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010/10/19 02:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2010/09/07 00:09:36 | 000,015,472 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\smiifx64.sys -- (lenovo.smi) DRV:64bit: - [2010/06/27 20:39:46 | 000,017,064 | ---- | M] (Lenovo) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\wstbtndb.sys -- (HBtnKey) DRV:64bit: - [2009/10/16 10:23:00 | 000,050,856 | ---- | M] (Tether) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qrkis.sys -- (qrkis) DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/07/13 19:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam) DRV:64bit: - [2009/07/13 18:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM) DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2008/06/27 07:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs) DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6FCACAC3-3AAC-4FCE-B4C0-CAFB3C8AE179} IE:64bit: - HKLM\..\SearchScopes\{6FCACAC3-3AAC-4FCE-B4C0-CAFB3C8AE179}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {6FCACAC3-3AAC-4FCE-B4C0-CAFB3C8AE179} IE - HKLM\..\SearchScopes\{6FCACAC3-3AAC-4FCE-B4C0-CAFB3C8AE179}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVer sion\Internet Settings: "ProxyEnable" = 0 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVer sion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Inter net Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Inter net Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-21-3337292661-3892445894-1563625469-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.msn.com IE - HKU\S-1-5-21-3337292661-3892445894-1563625469-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad [binary data] IE - HKU\S-1-5-21-3337292661-3892445894-1563625469-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/welcome/thinkpad [binary data] IE - HKU\S-1-5-21-3337292661-3892445894-1563625469-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com IE - HKU\S-1-5-21-3337292661-3892445894-1563625469-1000\..\SearchScopes,DefaultScope = {6FCACAC3-3AAC-4FCE-B4C0-CAFB3C8AE179} IE - HKU\S-1-5-21-3337292661-3892445894-1563625469-1000\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3337292661-3892445894-1563625469-1000\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_10 2.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDet ect64.dll (Adobe Systems) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.4: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDet ect32.dll (Adobe Systems) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extens ions\\VIP@verisign.com: C:\Program Files (x86)\Symantec\VIP Access Client\ [2011/07/16 22:30:33 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extens ions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012/04/29 19:16:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/30 21:05:54 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/30 21:05:54 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/07/22 12:54:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andrew\AppData\Roaming\Mozilla\Extensions [2012/06/20 20:36:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Pr ofiles\vd56xmj0.default\extensions [2012/06/07 22:23:58 | 000,000,000 | ---D | M] (Evernote Web Clipper) -- C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Pr ofiles\vd56xmj0.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800} [2012/05/07 22:40:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2011/07/16 22:30:33 | 000,000,000 | ---D | M] (Symantec VIP Access Add-On) -- C:\PROGRAM FILES (X86)\SYMANTEC\VIP ACCESS CLIENT [2012/06/06 19:32:33 | 000,030,312 | ---- | M] () (No name found) -- C:\USERS\ANDREW\APPDATA\ROAMING\MOZILLA\FIREFOX\PR OFILES\VD56XMJ0.DEFAULT\EXTENSIONS\{888D99E7-E8B5-46A3-851E-1EC45DA1E644}.XPI [2012/06/20 20:36:45 | 000,382,926 | ---- | M] () (No name found) -- C:\USERS\ANDREW\APPDATA\ROAMING\MOZILLA\FIREFOX\PR OFILES\VD56XMJ0.DEFAULT\EXTENSIONS\READABLE@EVERNO TE.COM.XPI [2012/07/30 21:05:54 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012/06/21 21:00:45 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012/06/21 21:00:45 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml ========== Chrome ========== O1 HOSTS File: ([2011/09/20 14:03:27 | 000,000,878 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Symantec VIP Access Add-On) - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll (Symantec Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Symantec VIP Access Add-On) - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll (Symantec Corporation) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.e xe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [ForteConfig] C:\Program Files\CONEXANT\ForteConfig\fmapp.exe () O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe (Conexant systems, Inc.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.ex e (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.ex e (Adobe Systems Incorporated) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [DNS7reminder] C:\Program Files (x86)\Nuance\NaturallySpeaking11\Ereg\Ereg.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe (Ricoh co.,Ltd.) O4 - HKLM..\Run: [ScanSnap WIA Service Checker] C:\Windows\SSDriver\fi5110\SsWiaChecker.exe (PFU LIMITED) O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3337292661-3892445894-1563625469-1000..\Run: [AdobeBridge] File not found O4 - HKU\S-1-5-21-3337292661-3892445894-1563625469-1000..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe File not found O4 - HKU\S-1-5-21-3337292661-3892445894-1563625469-1000..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\ Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Users\Andrew\AppData\Local\Apps\Evernote\Everno te\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O4 - Startup: C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\ Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk = File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\S-1-5-21-3337292661-3892445894-1563625469-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoChangeStartMenu = 0 O7 - HKU\S-1-5-21-3337292661-3892445894-1563625469-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoClose = 0 O7 - HKU\S-1-5-21-3337292661-3892445894-1563625469-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoLogOff = 0 O8:64bit: - Extra context menu item: Add to Evernote 4.0 - C:\Users\Andrew\AppData\Local\Apps\Evernote\Everno te\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm () O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: Add to Evernote 4.0 - C:\Users\Andrew\AppData\Local\Apps\Evernote\Everno te\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm () O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - mmswsock.dll File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 209.55.5.10 209.55.5.11 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{223125D5-B850-480F-817A-E3663480ADBA}: DhcpNameServer = 192.168.1.1 209.55.5.10 209.55.5.11 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{892F7DF4-418B-4FBE-B8AB-197563166780}: DhcpNameServer = 192.168.1.1 209.55.5.10 209.55.5.11 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{D8669281-776F-4710-83F1-9A1DFB7D08E2}: NameServer = 208.67.222.222,208.67.220.220 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{F8B34D19-8902-4B09-B4AA-B022F7A92F6C}: DhcpNameServer = 8.8.8.8 O18 - Protocol\Handler\ms-help - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010/05/07 18:01:54 | 000,000,162 | ---- | M] () - F:\Autorun.inf -- [ NTFS ] O32 - AutoRun File - [2008/06/10 11:32:46 | 000,000,049 | -HS- | M] () - Q:\AUTORUN.INF -- [ NTFS ] O33 - MountPoints2\{2e5f3fa7-bc04-11e0-a4a1-f0def1701b6f}\Shell - "" = AutoRun O33 - MountPoints2\{2e5f3fa7-bc04-11e0-a4a1-f0def1701b6f}\Shell\AutoRun\command - "" = E:\AutoPlay.exe O33 - MountPoints2\{a54fe1c6-b021-11e0-97d9-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{a54fe1c6-b021-11e0-97d9-806e6f6e6963}\Shell\AutoRun\command - "" = Q:\LenovoQDrive.exe -- [2009/08/10 16:01:24 | 000,267,576 | -HS- | M] (Lenovo Group Limited) O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/08/10 15:11:07 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Andrew\Desktop\OTL.exe [2012/08/08 16:58:22 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Roaming\AdobeMuse [2012/08/08 15:53:36 | 000,000,000 | ---D | C] -- C:\Users\Andrew\Desktop\Videos [2012/08/08 14:51:32 | 000,000,000 | ---D | C] -- C:\Users\Andrew\Desktop\Scanned [2012/08/07 19:49:46 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA% [2012/08/07 19:44:40 | 000,426,184 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012/08/07 15:51:17 | 000,000,000 | ---D | C] -- C:\Users\Andrew\Desktop\Himsel_Meth_Observership [2012/08/03 13:26:31 | 000,000,000 | ---D | C] -- C:\ProgramData\RIBS [2012/08/03 11:20:18 | 000,000,000 | ---D | C] -- C:\Users\Andrew\Desktop\farm [2012/08/01 17:04:48 | 000,000,000 | ---D | C] -- C:\Users\Andrew\Desktop\sshpsite [2012/08/01 11:14:20 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Roaming\Apple Computer [2012/08/01 10:57:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinDirStat [2012/07/30 20:47:44 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2012/07/22 10:12:29 | 000,000,000 | ---D | C] -- C:\Users\Andrew\Desktop\Welders [2012/07/20 23:47:44 | 000,000,000 | ---D | C] -- C:\Users\Andrew\Documents\Site [2012/07/20 23:26:15 | 000,000,000 | ---D | C] -- C:\Users\Andrew\Desktop\Flash Professional CS5 Classroom in a Book [2012/07/20 23:02:20 | 000,000,000 | ---D | C] -- C:\Users\Andrew\Desktop\Adobe.Muse.Tutorials.HQ-KRt [2012/07/20 23:01:08 | 000,000,000 | ---D | C] -- C:\Users\Andrew\Desktop\Adobe Flash CS6 Manual [2012/07/12 21:57:45 | 000,000,000 | ---D | C] -- C:\Users\Andrew\Documents\publish [2012/07/12 19:07:31 | 000,000,000 | ---D | C] -- C:\Users\Andrew\Desktop\Review1 [2012/07/12 18:54:50 | 000,000,000 | ---D | C] -- C:\Users\Andrew\Desktop\trail_cam_deleteME [2012/07/11 17:54:23 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012/07/11 17:54:23 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012/07/11 17:54:23 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012/07/11 17:54:23 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012/07/11 17:54:23 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012/07/11 17:54:23 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012/07/11 17:54:22 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012/07/11 17:54:22 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012/07/11 17:54:22 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012/07/11 17:54:22 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012/07/11 17:54:22 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012/07/11 17:54:22 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012/07/11 17:54:21 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [3 C:\Users\Andrew\Desktop\*.tmp files -> C:\Users\Andrew\Desktop\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/08/10 15:11:59 | 000,302,592 | ---- | M] () -- C:\Users\Andrew\Desktop\c5u0bgg5.exe [2012/08/10 15:11:07 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Andrew\Desktop\OTL.exe [2012/08/10 14:40:56 | 000,726,270 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/08/10 14:40:56 | 000,624,412 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/08/10 14:40:56 | 000,106,756 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/08/10 14:25:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/08/09 10:03:03 | 000,000,132 | ---- | M] () -- C:\Users\Andrew\AppData\Roaming\Adobe PNG Format CS6 Prefs [2012/08/08 16:25:19 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/08/08 16:25:19 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/08/08 16:17:44 | 2058,801,151 | -HS- | M] () -- C:\hiberfil.sys [2012/08/08 11:29:17 | 000,001,277 | ---- | M] () -- C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\ Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2012/08/07 19:44:40 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012/08/07 19:44:40 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012/08/05 20:47:37 | 000,065,522 | ---- | M] () -- C:\Users\Andrew\Desktop\harddrive.JPG [2012/08/05 09:09:06 | 000,034,612 | ---- | M] () -- C:\Users\Andrew\Desktop\CancelledKingsville.pdf [2012/08/05 08:56:02 | 000,023,337 | ---- | M] () -- C:\Users\Andrew\Desktop\WalmartBa.pdf [2012/08/05 08:48:32 | 000,023,276 | ---- | M] () -- C:\Users\Andrew\Desktop\WalmartAli.pdf [2012/08/05 08:45:43 | 000,023,309 | ---- | M] () -- C:\Users\Andrew\Desktop\Walmarthwy.pdf [2012/08/05 08:42:24 | 000,023,296 | ---- | M] () -- C:\Users\Andrew\Desktop\WalmartPortland.pdf [2012/08/03 13:24:34 | 000,002,078 | ---- | M] () -- C:\Users\Public\Desktop\Lightroom 4.1 64-bit.lnk [2012/08/01 13:50:51 | 000,165,051 | ---- | M] () -- C:\Users\Andrew\Desktop\Grace3.jpg [2012/08/01 13:50:44 | 000,189,981 | ---- | M] () -- C:\Users\Andrew\Desktop\Grace2.jpg [2012/08/01 13:50:35 | 000,173,304 | ---- | M] () -- C:\Users\Andrew\Desktop\Grace1.jpg [2012/07/30 21:51:39 | 001,653,427 | ---- | M] () -- C:\Users\Andrew\Desktop\Toll_Violation_Invoice.pdf [2012/07/28 15:29:34 | 004,111,266 | ---- | M] () -- C:\Users\Andrew\Desktop\Kashmir2.mp3 [2012/07/28 13:43:03 | 007,350,400 | ---- | M] () -- C:\Users\Andrew\Desktop\Kashmir.mp3 [2012/07/21 20:40:20 | 000,028,698 | ---- | M] () -- C:\Users\Andrew\Desktop\Adorama_Reeipt.pdf [2012/07/21 20:40:08 | 000,028,700 | ---- | M] () -- C:\Users\Andrew\Desktop\Adorama_Receipt.pdf [2012/07/20 23:17:37 | 001,671,168 | ---- | M] () -- C:\Users\Andrew\Documents\Paperless Database_Backup.accdb [2012/07/19 17:36:58 | 000,001,114 | ---- | M] () -- C:\Users\Andrew\AppData\Roaming\SAS7_000.DAT [2012/07/16 22:07:54 | 033,680,259 | ---- | M] () -- C:\Users\Andrew\Desktop\Adobe Acrobat X Guide.pdf [2012/07/16 21:03:11 | 017,006,209 | ---- | M] () -- C:\Users\Andrew\Desktop\Adobe After Effects CS5 Classroom In A Book.pdf [2012/07/13 19:03:20 | 005,042,440 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012/07/12 21:48:10 | 000,000,156 | ---- | M] () -- C:\Users\Andrew\Documents\MuseLogPrefs.xml [2012/07/12 21:39:20 | 000,001,675 | ---- | M] () -- C:\Users\Andrew\Documents\Untitled-2.edge [3 C:\Users\Andrew\Desktop\*.tmp files -> C:\Users\Andrew\Desktop\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
|
|
#5
August 10th, 2012, 11:46 PM
|
||||
|
||||
|
OTL PART 2
===== ========== Files Created - No Company Name ========== [2012/08/10 15:11:59 | 000,302,592 | ---- | C] () -- C:\Users\Andrew\Desktop\c5u0bgg5.exe [2012/08/07 19:44:16 | 000,232,960 | ---- | C] () -- C:\Windows\Installer\{725f6c39-7974-175c-52fc-7de7996e4e3f}\U\00000008.@ [2012/08/07 19:44:16 | 000,080,896 | ---- | C] () -- C:\Windows\Installer\{725f6c39-7974-175c-52fc-7de7996e4e3f}\U\80000064.@ [2012/08/07 19:44:16 | 000,000,804 | ---- | C] () -- C:\Windows\Installer\{725f6c39-7974-175c-52fc-7de7996e4e3f}\L\00000004.@ [2012/08/07 19:44:15 | 000,092,160 | ---- | C] () -- C:\Windows\Installer\{725f6c39-7974-175c-52fc-7de7996e4e3f}\U\80000032.@ [2012/08/07 19:44:15 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{725f6c39-7974-175c-52fc-7de7996e4e3f}\U\80000000.@ [2012/08/07 19:44:14 | 000,002,048 | ---- | C] () -- C:\Windows\Installer\{725f6c39-7974-175c-52fc-7de7996e4e3f}\U\00000004.@ [2012/08/07 19:44:14 | 000,001,632 | ---- | C] () -- C:\Windows\Installer\{725f6c39-7974-175c-52fc-7de7996e4e3f}\U\000000cb.@ [2012/08/05 20:47:36 | 000,065,522 | ---- | C] () -- C:\Users\Andrew\Desktop\harddrive.JPG [2012/08/05 09:09:06 | 000,034,612 | ---- | C] () -- C:\Users\Andrew\Desktop\Cancelled.pdf [2012/08/05 08:56:02 | 000,023,337 | ---- | C] () -- C:\Users\Andrew\Desktop\Walmart.pdf [2012/08/05 08:48:32 | 000,023,276 | ---- | C] () -- C:\Users\Andrew\Desktop\Walmart.pdf [2012/08/05 08:45:43 | 000,023,309 | ---- | C] () -- C:\Users\Andrew\Desktop\Walmarthwy7.pdf [2012/08/05 08:42:24 | 000,023,296 | ---- | C] () -- C:\Users\Andrew\Desktop\WalmartPortland.pdf [2012/08/03 13:24:35 | 000,002,086 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Lightroom 4.1 64-bit.lnk [2012/08/03 13:24:34 | 000,002,078 | ---- | C] () -- C:\Users\Public\Desktop\Lightroom 4.1 64-bit.lnk [2012/08/01 20:05:14 | 000,000,132 | ---- | C] () -- C:\Users\Andrew\AppData\Roaming\Adobe PNG Format CS6 Prefs [2012/08/01 13:50:50 | 000,165,051 | ---- | C] () -- C:\Users\Andrew\Desktop\Grace3.jpg [2012/08/01 13:50:42 | 000,189,981 | ---- | C] () -- C:\Users\Andrew\Desktop\Grace2.jpg [2012/08/01 13:50:31 | 000,173,304 | ---- | C] () -- C:\Users\Andrew\Desktop\Grace1.jpg [2012/07/30 21:51:49 | 001,653,427 | ---- | C] () -- C:\Users\Andrew\Desktop\Tolinvoice.pdf [2012/07/28 15:29:22 | 004,111,266 | ---- | C] () -- C:\Users\Andrew\Desktop\Kashmir2.mp3 [2012/07/28 13:42:28 | 007,350,400 | ---- | C] () -- C:\Users\Andrew\Desktop\Kashmir.mp3 [2012/07/21 20:40:20 | 000,028,698 | ---- | C] () -- C:\Users\Andrew\Desktop\Adorama_Reeipt.pdf [2012/07/21 20:40:08 | 000,028,700 | ---- | C] () -- C:\Users\Andrew\Desktop\Adorama_Receipt.pdf [2012/07/20 23:02:09 | 017,006,209 | ---- | C] () -- C:\Users\Andrew\Desktop\Adobe After Effects CS5 Classroom In A Book.pdf [2012/07/20 23:01:48 | 033,680,259 | ---- | C] () -- C:\Users\Andrew\Desktop\Adobe Acrobat X Guide.pdf [2012/07/19 17:36:58 | 000,001,114 | ---- | C] () -- C:\Users\Andrew\AppData\Roaming\SAS7_000.DAT [2012/07/12 21:48:10 | 000,000,156 | ---- | C] () -- C:\Users\Andrew\Documents\MuseLogPrefs.xml [2012/07/12 21:39:20 | 000,001,675 | ---- | C] () -- C:\Users\Andrew\Documents\Untitled-2.edge [2012/07/12 19:37:08 | 000,001,205 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe After Effects CS6.lnk [2012/07/12 19:32:34 | 000,001,101 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Media Encoder CS6.lnk [2012/01/11 14:11:05 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{725f6c39-7974-175c-52fc-7de7996e4e3f}\@ [2012/01/11 14:11:05 | 000,002,048 | -HS- | C] () -- C:\Users\Andrew\AppData\Local\{725f6c39-7974-175c-52fc-7de7996e4e3f}\@ [2012/01/07 12:52:35 | 000,000,161 | ---- | C] () -- C:\Windows\DISPARAM.INI [2011/10/29 11:19:05 | 000,000,143 | ---- | C] () -- C:\Users\Andrew\webct_upload_applet.properties [2011/08/08 20:54:08 | 000,046,592 | ---- | C] () -- C:\Windows\devcon.exe [2011/08/08 20:53:50 | 000,124,144 | -H-- | C] () -- C:\Windows\Druni.exe [2011/08/08 20:53:50 | 000,002,418 | -H-- | C] () -- C:\Windows\DRUnins.ini [2011/08/01 00:23:59 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll [2011/07/16 22:21:51 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2011/07/16 22:21:50 | 000,213,332 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2011/07/16 22:21:49 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin ========== Alternate Data Streams ========== @Alternate Data Stream - 248 bytes -> C:\ProgramData\TEMP:0FF263E8 < End of report >
|
|
#6
August 11th, 2012, 01:10 AM
|
||||
|
||||
|
ZAccess bootkit/rootkit infection there.
Be sure to continue to temporarily disable any protective software when running the scan tools we use here. Click here and download Kaspersky's TDSSKiller to your desktop, but as you download it, rename it to larry.com then click that file to run TDSSKiller. In the display that opens click Start scan. Once that completes, follow any prompts to act on anything it located, including as reboot (Reboot Now) if requested. When the scan completes it will create a log file on your C drive. Similar in name to this: C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt Your copy will be different - some of those numbers will reflect the date/time it was just run by you there. Copy/paste those contents back here please. If it does locate malware, but does not prompt for a reboot, go ahead and do reboot.
|
|
#7
August 11th, 2012, 03:04 AM
|
||||
|
||||
|
21:01:15.0282 7080 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
21:01:15.0710 7080 ================================================== ========== 21:01:15.0710 7080 Current date / time: 2012/08/10 21:01:15.0710 21:01:15.0710 7080 SystemInfo: 21:01:15.0710 7080 21:01:15.0711 7080 OS Version: 6.1.7601 ServicePack: 1.0 21:01:15.0711 7080 Product type: Workstation 21:01:15.0711 7080 ComputerName: ANDREW-THINKPAD 21:01:15.0711 7080 UserName: Andrew 21:01:15.0711 7080 Windows directory: C:\Windows 21:01:15.0711 7080 System windows directory: C:\Windows 21:01:15.0711 7080 Running under WOW64 21:01:15.0711 7080 Processor architecture: Intel x64 21:01:15.0711 7080 Number of processors: 4 21:01:15.0711 7080 Page size: 0x1000 21:01:15.0711 7080 Boot type: Normal boot 21:01:15.0711 7080 ================================================== ========== 21:01:16.0186 7080 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 21:01:16.0190 7080 ================================================== ========== 21:01:16.0190 7080 \Device\Harddisk0\DR0: 21:01:16.0190 7080 MBR partitions: 21:01:16.0190 7080 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x258000 21:01:16.0190 7080 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x258800, BlocksNum 0x1BBE4800 21:01:16.0190 7080 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1BE3D000, BlocksNum 0x1388000 21:01:16.0190 7080 ================================================== ========== 21:01:16.0214 7080 C: <-> \Device\Harddisk0\DR0\Partition1 21:01:16.0258 7080 Q: <-> \Device\Harddisk0\DR0\Partition2 21:01:16.0258 7080 ================================================== ========== 21:01:16.0258 7080 Initialize success 21:01:16.0258 7080 ================================================== ========== 21:01:19.0326 7096 ================================================== ========== 21:01:19.0326 7096 Scan started 21:01:19.0326 7096 Mode: Manual; 21:01:19.0326 7096 ================================================== ========== 21:01:20.0872 7096 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys 21:01:20.0875 7096 1394ohci - ok 21:01:20.0983 7096 5U877 (f4af97702bad85bfef64b9a557f11b6f) C:\Windows\system32\DRIVERS\5U877.sys 21:01:20.0986 7096 5U877 - ok 21:01:21.0059 7096 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys 21:01:21.0064 7096 ACPI - ok 21:01:21.0188 7096 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys 21:01:21.0188 7096 AcpiPmi - ok 21:01:21.0356 7096 adfs (2f0683fd2df1d92e891caca14b45a8c1) C:\Windows\system32\drivers\adfs.sys 21:01:21.0358 7096 adfs - ok 21:01:21.0566 7096 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys 21:01:21.0576 7096 adp94xx - ok 21:01:21.0724 7096 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys 21:01:21.0732 7096 adpahci - ok 21:01:21.0789 7096 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys 21:01:21.0793 7096 adpu320 - ok 21:01:21.0830 7096 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll 21:01:21.0833 7096 AeLookupSvc - ok 21:01:21.0891 7096 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys 21:01:21.0896 7096 AFD - ok 21:01:21.0928 7096 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys 21:01:21.0929 7096 agp440 - ok 21:01:21.0967 7096 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe 21:01:21.0969 7096 ALG - ok 21:01:21.0988 7096 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys 21:01:21.0988 7096 aliide - ok 21:01:22.0004 7096 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys 21:01:22.0005 7096 amdide - ok 21:01:22.0011 7096 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys 21:01:22.0012 7096 AmdK8 - ok 21:01:22.0018 7096 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys 21:01:22.0019 7096 AmdPPM - ok 21:01:22.0047 7096 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys 21:01:22.0048 7096 amdsata - ok 21:01:22.0106 7096 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys 21:01:22.0109 7096 amdsbs - ok 21:01:22.0128 7096 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys 21:01:22.0128 7096 amdxata - ok 21:01:22.0186 7096 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys 21:01:22.0187 7096 AppID - ok 21:01:22.0208 7096 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll 21:01:22.0208 7096 AppIDSvc - ok 21:01:22.0234 7096 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll 21:01:22.0236 7096 Appinfo - ok 21:01:22.0371 7096 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 21:01:22.0372 7096 Apple Mobile Device - ok 21:01:22.0410 7096 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys 21:01:22.0411 7096 arc - ok 21:01:22.0423 7096 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys 21:01:22.0424 7096 arcsas - ok 21:01:22.0482 7096 ASRSVC (eae432a64924ce4e5afb128b92e4c78a) C:\Program Files (x86)\ThinkPad\Tablet Shortcut\ASR\ASRSVC.exe 21:01:22.0487 7096 ASRSVC - ok 21:01:22.0503 7096 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 21:01:22.0504 7096 AsyncMac - ok 21:01:22.0540 7096 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys 21:01:22.0540 7096 atapi - ok 21:01:22.0604 7096 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll 21:01:22.0610 7096 AudioEndpointBuilder - ok 21:01:22.0615 7096 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll 21:01:22.0618 7096 AudioSrv - ok 21:01:22.0662 7096 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll 21:01:22.0663 7096 AxInstSV - ok 21:01:22.0723 7096 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys 21:01:22.0730 7096 b06bdrv - ok 21:01:22.0767 7096 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 21:01:22.0770 7096 b57nd60a - ok 21:01:22.0833 7096 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll 21:01:22.0835 7096 BDESVC - ok 21:01:22.0853 7096 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 21:01:22.0853 7096 Beep - ok 21:01:22.0925 7096 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys 21:01:22.0926 7096 blbdrive - ok 21:01:23.0054 7096 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe 21:01:23.0070 7096 Bonjour Service - ok 21:01:23.0129 7096 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys 21:01:23.0130 7096 bowser - ok 21:01:23.0202 7096 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys 21:01:23.0203 7096 BrFiltLo - ok 21:01:23.0206 7096 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys 21:01:23.0206 7096 BrFiltUp - ok 21:01:23.0260 7096 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll 21:01:23.0262 7096 Browser - ok 21:01:23.0289 7096 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 21:01:23.0292 7096 Brserid - ok 21:01:23.0298 7096 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 21:01:23.0298 7096 BrSerWdm - ok 21:01:23.0313 7096 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 21:01:23.0313 7096 BrUsbMdm - ok 21:01:23.0335 7096 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 21:01:23.0336 7096 BrUsbSer - ok 21:01:23.0371 7096 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys 21:01:23.0372 7096 BthEnum - ok 21:01:23.0407 7096 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys 21:01:23.0408 7096 BTHMODEM - ok 21:01:23.0448 7096 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys 21:01:23.0449 7096 BthPan - ok 21:01:23.0507 7096 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys 21:01:23.0513 7096 BTHPORT - ok 21:01:23.0555 7096 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll 21:01:23.0556 7096 bthserv - ok 21:01:23.0579 7096 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys 21:01:23.0581 7096 BTHUSB - ok 21:01:23.0652 7096 BTWAMPFL (8834f87a6a745872894df8223201a6c3) C:\Windows\system32\DRIVERS\btwampfl.sys 21:01:23.0656 7096 BTWAMPFL - ok 21:01:23.0677 7096 btwaudio (9863d82ecbec6106d377ed73680d99d8) C:\Windows\system32\drivers\btwaudio.sys 21:01:23.0679 7096 btwaudio - ok 21:01:23.0716 7096 btwavdt (3432dd66ae75ab2de6d0527ad78dbfc7) C:\Windows\system32\DRIVERS\btwavdt.sys 21:01:23.0719 7096 btwavdt - ok 21:01:23.0860 7096 btwdins (eb4afe08fb39bb444f221d7d501e0915) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe 21:01:25.0188 7096 btwdins - ok 21:01:25.0234 7096 btwl2cap (382dc5a631ced0462ea09b7eb898bdbf) C:\Windows\system32\DRIVERS\btwl2cap.sys 21:01:25.0234 7096 btwl2cap - ok 21:01:25.0250 7096 btwrchid (13a9c2cedd44c175e6ca39a536795ca6) C:\Windows\system32\DRIVERS\btwrchid.sys 21:01:25.0251 7096 btwrchid - ok 21:01:25.0317 7096 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 21:01:25.0318 7096 cdfs - ok 21:01:25.0414 7096 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys 21:01:25.0415 7096 cdrom - ok 21:01:25.0474 7096 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll 21:01:25.0475 7096 CertPropSvc - ok 21:01:25.0513 7096 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys 21:01:25.0515 7096 circlass - ok 21:01:25.0566 7096 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 21:01:25.0570 7096 CLFS - ok 21:01:25.0695 7096 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\msco rsvw.exe 21:01:25.0696 7096 clr_optimization_v2.0.50727_32 - ok 21:01:25.0748 7096 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ms corsvw.exe 21:01:25.0750 7096 clr_optimization_v2.0.50727_64 - ok 21:01:25.0842 7096 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\msco rsvw.exe 21:01:25.0846 7096 clr_optimization_v4.0.30319_32 - ok 21:01:26.0019 7096 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ms corsvw.exe 21:01:26.0022 7096 clr_optimization_v4.0.30319_64 - ok 21:01:26.0056 7096 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys 21:01:26.0057 7096 CmBatt - ok 21:01:26.0070 7096 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys 21:01:26.0071 7096 cmdide - ok 21:01:26.0128 7096 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys 21:01:26.0135 7096 CNG - ok 21:01:26.0258 7096 CnxtHdAudService (db6f09464c57606892bf6d2458483417) C:\Windows\system32\drivers\CHDRT64.sys 21:01:26.0272 7096 CnxtHdAudService - ok 21:01:26.0403 7096 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys 21:01:26.0403 7096 Compbatt - ok 21:01:26.0447 7096 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys 21:01:26.0447 7096 CompositeBus - ok 21:01:26.0456 7096 COMSysApp - ok 21:01:26.0484 7096 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys 21:01:26.0484 7096 crcdisk - ok 21:01:26.0530 7096 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll 21:01:26.0531 7096 CryptSvc - ok 21:01:26.0576 7096 CxAudMsg (9d0d050170d47e778b624a28c90f23de) C:\Windows\system32\CxAudMsg64.exe 21:01:26.0578 7096 CxAudMsg - ok 21:01:26.0631 7096 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll 21:01:26.0636 7096 DcomLaunch - ok 21:01:26.0673 7096 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll 21:01:26.0675 7096 defragsvc - ok 21:01:26.0703 7096 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys 21:01:26.0704 7096 DfsC - ok 21:01:26.0763 7096 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll 21:01:26.0766 7096 Dhcp - ok 21:01:26.0789 7096 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 21:01:26.0789 7096 discache - ok 21:01:26.0861 7096 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys 21:01:26.0863 7096 Disk - ok 21:01:26.0910 7096 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll 21:01:26.0913 7096 Dnscache - ok 21:01:26.0954 7096 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll 21:01:26.0957 7096 dot3svc - ok 21:01:27.0074 7096 DozeSvc (e6987f7818154791a6937bcc6655599b) C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE 21:01:27.0080 7096 DozeSvc - ok 21:01:27.0106 7096 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll 21:01:27.0108 7096 DPS - ok 21:01:27.0199 7096 DragonSvc (b123656688d67df3a08fe5912203f71b) C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe 21:01:27.0203 7096 DragonSvc - ok 21:01:27.0248 7096 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 21:01:27.0248 7096 drmkaud - ok 21:01:27.0334 7096 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys 21:01:27.0343 7096 DXGKrnl - ok 21:01:27.0380 7096 DzHDD64 (ce4cffd9f64b86bceb1c343fc9924d72) C:\Windows\system32\DRIVERS\DzHDD64.sys 21:01:27.0381 7096 DzHDD64 - ok 21:01:27.0437 7096 e1cexpress (426a0ae0b9f4f1cf4ba6faf4ee28e5b0) C:\Windows\system32\DRIVERS\e1c62x64.sys 21:01:27.0439 7096 e1cexpress - ok 21:01:27.0471 7096 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll 21:01:27.0473 7096 EapHost - ok 21:01:27.0655 7096 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys 21:01:27.0685 7096 ebdrv - ok 21:01:27.0796 7096 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe 21:01:27.0797 7096 EFS - ok 21:01:27.0870 7096 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe 21:01:27.0876 7096 ehRecvr - ok 21:01:27.0931 7096 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe 21:01:27.0932 7096 ehSched - ok 21:01:28.0018 7096 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys 21:01:28.0026 7096 elxstor - ok 21:01:28.0031 7096 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys 21:01:28.0032 7096 ErrDev - ok 21:01:28.0092 7096 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll 21:01:28.0097 7096 EventSystem - ok 21:01:28.0122 7096 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 21:01:28.0123 7096 exfat - ok 21:01:28.0148 7096 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 21:01:28.0149 7096 fastfat - ok 21:01:28.0206 7096 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe 21:01:28.0212 7096 Fax - ok 21:01:28.0234 7096 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys 21:01:28.0235 7096 fdc - ok 21:01:28.0261 7096 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll 21:01:28.0263 7096 fdPHost - ok 21:01:28.0286 7096 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll 21:01:28.0287 7096 FDResPub - ok 21:01:28.0307 7096 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 21:01:28.0308 7096 FileInfo - ok 21:01:28.0329 7096 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 21:01:28.0329 7096 Filetrace - ok 21:01:28.0479 7096 FLEXnet Licensing Service (1f63900e2eb00101b9aca2b7a870704e) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe 21:01:28.0491 7096 FLEXnet Licensing Service - ok 21:01:28.0637 7096 FLEXnet Licensing Service 64 (1c3fb052a0bb72edaed90785c34d6eed) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe 21:01:28.0650 7096 FLEXnet Licensing Service 64 - ok 21:01:28.0815 7096 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys 21:01:28.0816 7096 flpydisk - ok 21:01:28.0874 7096 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys 21:01:28.0877 7096 FltMgr - ok 21:01:29.0000 7096 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll 21:01:29.0014 7096 FontCache - ok 21:01:29.0096 7096 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\Pres entationFontCache.exe 21:01:29.0097 7096 FontCache3.0.0.0 - ok 21:01:29.0171 7096 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 21:01:29.0172 7096 FsDepends - ok 21:01:29.0226 7096 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys 21:01:29.0227 7096 Fs_Rec - ok 21:01:29.0300 7096 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys 21:01:29.0303 7096 fvevol - ok 21:01:29.0416 7096 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys 21:01:29.0416 7096 gagp30kx - ok 21:01:29.0460 7096 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 21:01:29.0461 7096 GEARAspiWDM - ok 21:01:29.0541 7096 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll 21:01:29.0553 7096 gpsvc - ok 21:01:29.0583 7096 HBtnKey (943350b87bb0339bf61343e8ac3ef25e) C:\Windows\system32\DRIVERS\wstbtndb.sys 21:01:29.0584 7096 HBtnKey - ok 21:01:29.0607 7096 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 21:01:29.0608 7096 hcw85cir - ok 21:01:29.0657 7096 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys 21:01:29.0660 7096 HdAudAddService - ok 21:01:29.0688 7096 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys 21:01:29.0689 7096 HDAudBus - ok 21:01:29.0707 7096 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys 21:01:29.0707 7096 HidBatt - ok 21:01:29.0726 7096 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys 21:01:29.0727 7096 HidBth - ok 21:01:29.0737 7096 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys 21:01:29.0737 7096 HidIr - ok 21:01:29.0760 7096 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll 21:01:29.0761 7096 hidserv - ok 21:01:29.0807 7096 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys 21:01:29.0807 7096 HidUsb - ok 21:01:29.0829 7096 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll 21:01:29.0830 7096 hkmsvc - ok 21:01:29.0852 7096 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll 21:01:29.0855 7096 HomeGroupListener - ok 21:01:29.0892 7096 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll 21:01:29.0895 7096 HomeGroupProvider - ok 21:01:29.0932 7096 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys 21:01:29.0933 7096 HpSAMD - ok 21:01:30.0015 7096 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys 21:01:30.0023 7096 HTTP - ok 21:01:30.0041 7096 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys 21:01:30.0041 7096 hwpolicy - ok 21:01:30.0132 7096 HyperW7Svc (9149907ff8681ad6475607eebf62dd2f) C:\Program Files\Lenovo\RapidBoot\HyperW7Svc64.exe 21:01:30.0133 7096 HyperW7Svc - ok 21:01:30.0178 7096 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys 21:01:30.0179 7096 i8042prt - ok 21:01:30.0226 7096 iaStor (d7921d5a870b11cc1adab198a519d50a) C:\Windows\system32\drivers\iaStor.sys 21:01:30.0230 7096 iaStor - ok 21:01:30.0291 7096 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys 21:01:30.0295 7096 iaStorV - ok 21:01:30.0325 7096 IBMPMDRV (a9bd44426a69079240767fe4aee0ea71) C:\Windows\system32\DRIVERS\ibmpmdrv.sys 21:01:30.0325 7096 IBMPMDRV - ok 21:01:30.0333 7096 IBMPMSVC (57d4a3ed5497db0c5a53e680a9bdd1c6) C:\Windows\system32\ibmpmsvc.exe 21:01:30.0334 7096 IBMPMSVC - ok 21:01:30.0465 7096 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 21:01:30.0474 7096 idsvc - ok 21:01:31.0283 7096 igfx (66dc0ce2d1867b8178eaa0e11930dbd7) C:\Windows\system32\DRIVERS\igdkmd64.sys 21:01:31.0518 7096 igfx - ok 21:01:31.0649 7096 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys 21:01:31.0651 7096 iirsp - ok 21:01:31.0743 7096 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll 21:01:31.0751 7096 IKEEXT - ok 21:01:31.0800 7096 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys 21:01:31.0807 7096 IntcDAud - ok 21:01:31.0829 7096 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys 21:01:31.0829 7096 intelide - ok 21:01:31.0870 7096 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys 21:01:31.0871 7096 intelppm - ok 21:01:31.0905 7096 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll 21:01:31.0907 7096 IPBusEnum - ok 21:01:31.0935 7096 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys 21:01:31.0937 7096 IpFilterDriver - ok 21:01:31.0947 7096 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys 21:01:31.0948 7096 IPMIDRV - ok 21:01:31.0995 7096 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 21:01:31.0996 7096 IPNAT - ok 21:01:32.0125 7096 iPod Service (4472c8825b5e41d8697d5962f47ab1c9) C:\Program Files\iPod\bin\iPodService.exe 21:01:32.0134 7096 iPod Service - ok 21:01:32.0149 7096 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 21:01:32.0149 7096 IRENUM - ok 21:01:32.0181 7096 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys 21:01:32.0182 7096 isapnp - ok 21:01:32.0209 7096 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys 21:01:32.0212 7096 iScsiPrt - ok 21:01:32.0295 7096 jhi_service (6c85719a21b3f62c2c76280f4bd36c7b) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe 21:01:32.0297 7096 jhi_service - ok 21:01:32.0323 7096 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys 21:01:32.0324 7096 kbdclass - ok 21:01:32.0356 7096 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys 21:01:32.0356 7096 kbdhid - ok 21:01:32.0386 7096 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 21:01:32.0388 7096 KeyIso - ok 21:01:32.0432 7096 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys 21:01:32.0433 7096 KSecDD - ok 21:01:32.0463 7096 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys 21:01:32.0464 7096 KSecPkg - ok 21:01:32.0497 7096 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 21:01:32.0497 7096 ksthunk - ok 21:01:32.0554 7096 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll 21:01:32.0557 7096 KtmRm - ok 21:01:32.0605 7096 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll 21:01:32.0608 7096 LanmanServer - ok 21:01:32.0636 7096 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll 21:01:32.0638 7096 LanmanWorkstation - ok 21:01:32.0743 7096 LENOVO.CAMMUTE (1ef45f1bd62b8f4c19458326a3e91930) C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe 21:01:32.0745 7096 LENOVO.CAMMUTE - ok 21:01:32.0823 7096 LENOVO.MICMUTE (fce735941da27929dbfc1918f286ffd8) C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe 21:01:32.0824 7096 LENOVO.MICMUTE - ok 21:01:32.0852 7096 lenovo.smi (2b9d8555dc004e240082d18e7725ce20) C:\Windows\system32\DRIVERS\smiifx64.sys 21:01:32.0853 7096 lenovo.smi - ok 21:01:32.0875 7096 LENOVO.TPKNRSVC (448be3e001004a55e8a959c57e17f6d8) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe 21:01:32.0876 7096 LENOVO.TPKNRSVC - ok 21:01:32.0923 7096 Lenovo.VIRTSCRLSVC (6f2cc57eb5836d2ac9bd37f3554d55f8) C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe 21:01:32.0925 7096 Lenovo.VIRTSCRLSVC - ok 21:01:32.0965 7096 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 21:01:32.0966 7096 lltdio - ok 21:01:33.0023 7096 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll 21:01:33.0027 7096 lltdsvc - ok 21:01:33.0043 7096 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll 21:01:33.0044 7096 lmhosts - ok 21:01:33.0087 7096 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys 21:01:33.0088 7096 LSI_FC - ok 21:01:33.0146 7096 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys 21:01:33.0147 7096 LSI_SAS - ok 21:01:33.0153 7096 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys 21:01:33.0154 7096 LSI_SAS2 - ok 21:01:33.0187 7096 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys 21:01:33.0188 7096 LSI_SCSI - ok 21:01:33.0213 7096 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 21:01:33.0214 7096 luafv - ok 21:01:33.0247 7096 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll 21:01:33.0248 7096 Mcx2Svc - ok 21:01:33.0266 7096 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys 21:01:33.0267 7096 megasas - ok 21:01:33.0285 7096 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys 21:01:33.0288 7096 MegaSR - ok 21:01:33.0313 7096 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys 21:01:33.0314 7096 MEIx64 - ok 21:01:33.0387 7096 Microsoft SharePoint Workspace Audit Service - ok 21:01:33.0411 7096 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 21:01:33.0412 7096 MMCSS - ok 21:01:33.0430 7096 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys 21:01:33.0430 7096 Modem - ok 21:01:33.0457 7096 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 21:01:33.0458 7096 monitor - ok 21:01:33.0492 7096 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys 21:01:33.0493 7096 mouclass - ok 21:01:33.0534 7096 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys 21:01:33.0534 7096 mouhid - ok 21:01:33.0551 7096 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys 21:01:33.0552 7096 mountmgr - ok 21:01:33.0648 7096 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 21:01:33.0649 7096 MozillaMaintenance - ok 21:01:33.0689 7096 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys 21:01:33.0692 7096 mpio - ok 21:01:33.0709 7096 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 21:01:33.0711 7096 mpsdrv - ok 21:01:33.0724 7096 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys 21:01:33.0726 7096 MRxDAV - ok 21:01:33.0781 7096 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys 21:01:33.0783 7096 mrxsmb - ok 21:01:33.0831 7096 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys 21:01:33.0836 7096 mrxsmb10 - ok 21:01:33.0859 7096 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 21:01:33.0861 7096 mrxsmb20 - ok 21:01:33.0918 7096 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys 21:01:33.0921 7096 msahci - ok 21:01:33.0942 7096 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys 21:01:33.0946 7096 msdsm - ok 21:01:33.0989 7096 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe 21:01:33.0991 7096 MSDTC - ok 21:01:34.0006 7096 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 21:01:34.0006 7096 Msfs - ok 21:01:34.0024 7096 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 21:01:34.0025 7096 mshidkmdf - ok 21:01:34.0040 7096 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys 21:01:34.0040 7096 msisadrv - ok 21:01:34.0068 7096 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll 21:01:34.0070 7096 MSiSCSI - ok 21:01:34.0074 7096 msiserver - ok 21:01:34.0106 7096 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 21:01:34.0107 7096 MSKSSRV - ok 21:01:34.0120 7096 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 21:01:34.0120 7096 MSPCLOCK - ok 21:01:34.0124 7096 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 21:01:34.0125 7096 MSPQM - ok 21:01:34.0156 7096 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys 21:01:34.0160 7096 MsRPC - ok 21:01:34.0173 7096 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys 21:01:34.0173 7096 mssmbios - ok 21:01:34.0195 7096 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 21:01:34.0195 7096 MSTEE - ok 21:01:34.0221 7096 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys 21:01:34.0221 7096 MTConfig - ok 21:01:34.0234 7096 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 21:01:34.0235 7096 Mup - ok 21:01:34.0290 7096 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll 21:01:34.0297 7096 napagent - ok 21:01:34.0360 7096 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 21:01:34.0364 7096 NativeWifiP - ok 21:01:34.0427 7096 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys 21:01:34.0435 7096 NDIS - ok 21:01:34.0453 7096 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 21:01:34.0454 7096 NdisCap - ok 21:01:34.0484 7096 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 21:01:34.0485 7096 NdisTapi - ok 21:01:34.0513 7096 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys 21:01:34.0514 7096 Ndisuio - ok 21:01:34.0527 7096 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys 21:01:34.0529 7096 NdisWan - ok 21:01:34.0556 7096 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys 21:01:34.0557 7096 NDProxy - ok 21:01:34.0591 7096 Netaapl (6f4607e2333fe21e9e3ff8133a88b35b) C:\Windows\system32\DRIVERS\netaapl64.sys 21:01:34.0592 7096 Netaapl - ok 21:01:34.0618 7096 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 21:01:34.0618 7096 NetBIOS - ok 21:01:34.0650 7096 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys 21:01:34.0653 7096 NetBT - ok 21:01:34.0685 7096 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 21:01:34.0686 7096 Netlogon - ok 21:01:34.0740 7096 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll 21:01:34.0744 7096 Netman - ok 21:01:34.0765 7096 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll 21:01:34.0770 7096 netprofm - ok 21:01:34.0889 7096 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 21:01:34.0893 7096 NetTcpPortSharing - ok 21:01:34.0934 7096 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys 21:01:34.0935 7096 nfrd960 - ok 21:01:34.0995 7096 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll 21:01:35.0001 7096 NlaSvc - ok 21:01:35.0016 7096 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 21:01:35.0017 7096 Npfs - ok 21:01:35.0053 7096 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll 21:01:35.0055 7096 nsi - ok 21:01:35.0068 7096 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 21:01:35.0068 7096 nsiproxy - ok 21:01:35.0177 7096 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys 21:01:35.0197 7096 Ntfs - ok 21:01:35.0317 7096 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 21:01:35.0317 7096 Null - ok 21:01:35.0349 7096 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys 21:01:35.0351 7096 nvraid - ok 21:01:35.0378 7096 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys 21:01:35.0380 7096 nvstor - ok 21:01:35.0398 7096 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys 21:01:35.0399 7096 nv_agp - ok 21:01:35.0417 7096 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys 21:01:35.0418 7096 ohci1394 - ok 21:01:35.0486 7096 ose64 (4965b005492cba7719e82b71e3245495) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 21:01:35.0488 7096 ose64 - ok 21:01:35.0726 7096 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EX E 21:01:35.0810 7096 osppsvc - ok 21:01:35.0918 7096 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 21:01:35.0922 7096 p2pimsvc - ok 21:01:35.0953 7096 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll 21:01:35.0957 7096 p2psvc - ok 21:01:36.0010 7096 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys 21:01:36.0013 7096 Parport - ok 21:01:36.0045 7096 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys 21:01:36.0048 7096 partmgr - ok 21:01:36.0080 7096 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll 21:01:36.0084 7096 PcaSvc - ok 21:01:36.0116 7096 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys 21:01:36.0118 7096 pci - ok 21:01:36.0135 7096 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys 21:01:36.0136 7096 pciide - ok 21:01:36.0150 7096 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys 21:01:36.0152 7096 pcmcia - ok 21:01:36.0169 7096 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 21:01:36.0170 7096 pcw - ok 21:01:36.0218 7096 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 21:01:36.0224 7096 PEAUTH - ok 21:01:36.0306 7096 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe 21:01:36.0308 7096 PerfHost - ok 21:01:36.0406 7096 PHCORE (18eea095af22ac5fa16fc27fb98c82d3) C:\Program Files\Lenovo\RapidBoot\PHCORE64.SYS 21:01:36.0407 7096 PHCORE - ok 21:01:36.0553 7096 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll 21:01:36.0569 7096 pla - ok 21:01:36.0614 7096 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll 21:01:36.0620 7096 PlugPlay - ok 21:01:36.0665 7096 pmxdrv (0bee791c7c7ace453c134e73633c497d) C:\Windows\system32\drivers\pmxdrv.sys 21:01:36.0666 7096 pmxdrv - ok 21:01:36.0694 7096 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll 21:01:36.0695 7096 PNRPAutoReg - ok 21:01:36.0721 7096 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 21:01:36.0723 7096 PNRPsvc - ok 21:01:36.0771 7096 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll 21:01:36.0776 7096 PolicyAgent - ok 21:01:36.0811 7096 Power (a2cca4fb273e6050f17a0a416cff2fcd) C:\Windows\system32\umpo.dll 21:01:36.0814 7096 Power - ok 21:01:36.0972 7096 Power Manager DBC Service (af7186cf9909bef0d86097175175178f) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE 21:01:36.0975 7096 Power Manager DBC Service - ok 21:01:37.0020 7096 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys 21:01:37.0024 7096 PptpMiniport - ok 21:01:37.0060 7096 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys 21:01:37.0060 7096 Processor - ok 21:01:37.0098 7096 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll 21:01:37.0101 7096 ProfSvc - ok 21:01:37.0129 7096 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 21:01:37.0130 7096 ProtectedStorage - ok 21:01:37.0155 7096 psadd (b8035af9cc0ccba9a09ac0a0d9801797) C:\Windows\system32\DRIVERS\psadd.sys 21:01:37.0155 7096 psadd - ok 21:01:37.0193 7096 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys 21:01:37.0195 7096 Psched - ok 21:01:37.0274 7096 PxHlpa64 (bc08f7f3c53cbee68670ed1314e290fd) C:\Windows\system32\Drivers\PxHlpa64.sys 21:01:37.0274 7096 PxHlpa64 - ok 21:01:37.0357 7096 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys 21:01:37.0370 7096 ql2300 - ok 21:01:37.0491 7096 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys 21:01:37.0493 7096 ql40xx - ok 21:01:37.0540 7096 qrkis (e92ca234469cc386ad81b9db924fe9d4) C:\Windows\system32\DRIVERS\qrkis.sys 21:01:37.0541 7096 qrkis - ok 21:01:37.0594 7096 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll 21:01:37.0601 7096 QWAVE - ok 21:01:37.0625 7096 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 21:01:37.0627 7096 QWAVEdrv - ok 21:01:37.0643 7096 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 21:01:37.0644 7096 RasAcd - ok 21:01:37.0676 7096 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 21:01:37.0677 7096 RasAgileVpn - ok 21:01:37.0715 7096 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll 21:01:37.0718 7096 RasAuto - ok 21:01:37.0758 7096 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys 21:01:37.0761 7096 Rasl2tp - ok 21:01:37.0804 7096 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll 21:01:37.0809 7096 RasMan - ok 21:01:37.0834 7096 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 21:01:37.0835 7096 RasPppoe - ok 21:01:37.0849 7096 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 21:01:37.0850 7096 RasSstp - ok 21:01:37.0886 7096 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys 21:01:37.0892 7096 rdbss - ok 21:01:37.0905 7096 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys 21:01:37.0906 7096 rdpbus - ok 21:01:37.0921 7096 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 21:01:37.0921 7096 RDPCDD - ok 21:01:37.0937 7096 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
|
|
#8
August 11th, 2012, 03:04 AM
|
||||
|
||||
|
Continued...
21:01:37.0937 7096 RDPENCDD - ok 21:01:37.0970 7096 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 21:01:37.0970 7096 RDPREFMP - ok 21:01:38.0014 7096 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys 21:01:38.0017 7096 RDPWD - ok 21:01:38.0053 7096 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys 21:01:38.0055 7096 rdyboost - ok 21:01:38.0088 7096 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll 21:01:38.0090 7096 RemoteAccess - ok 21:01:38.0128 7096 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll 21:01:38.0131 7096 RemoteRegistry - ok 21:01:38.0170 7096 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys 21:01:38.0172 7096 RFCOMM - ok 21:01:38.0210 7096 risdxc (819fe65ae1c0312b535b7aa54d30cfda) C:\Windows\system32\DRIVERS\risdxc64.sys 21:01:38.0211 7096 risdxc - ok 21:01:38.0244 7096 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll 21:01:38.0246 7096 RpcEptMapper - ok 21:01:38.0275 7096 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe 21:01:38.0277 7096 RpcLocator - ok 21:01:38.0311 7096 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll 21:01:38.0317 7096 RpcSs - ok 21:01:38.0347 7096 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 21:01:38.0348 7096 rspndr - ok 21:01:38.0431 7096 RTL8192Ce (fa088015155c4c6dab5d1d9e68eb9d6b) C:\Windows\system32\DRIVERS\rtl8192Ce.sys 21:01:38.0440 7096 RTL8192Ce - ok 21:01:38.0475 7096 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 21:01:38.0476 7096 SamSs - ok 21:01:38.0478 7096 SAService - ok 21:01:38.0500 7096 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys 21:01:38.0501 7096 sbp2port - ok 21:01:38.0532 7096 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll 21:01:38.0535 7096 SCardSvr - ok 21:01:38.0555 7096 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys 21:01:38.0556 7096 scfilter - ok 21:01:38.0627 7096 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll 21:01:38.0638 7096 Schedule - ok 21:01:38.0663 7096 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll 21:01:38.0664 7096 SCPolicySvc - ok 21:01:38.0696 7096 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll 21:01:38.0699 7096 SDRSVC - ok 21:01:38.0749 7096 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 21:01:38.0750 7096 secdrv - ok 21:01:38.0794 7096 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll 21:01:38.0796 7096 seclogon - ok 21:01:38.0860 7096 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll 21:01:38.0861 7096 SENS - ok 21:01:38.0884 7096 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll 21:01:38.0885 7096 SensrSvc - ok 21:01:38.0903 7096 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys 21:01:38.0904 7096 Serenum - ok 21:01:38.0929 7096 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys 21:01:38.0931 7096 Serial - ok 21:01:38.0934 7096 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys 21:01:38.0934 7096 sermouse - ok 21:01:38.0953 7096 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll 21:01:38.0955 7096 SessionEnv - ok 21:01:38.0957 7096 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys 21:01:38.0958 7096 sffdisk - ok 21:01:38.0961 7096 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys 21:01:38.0961 7096 sffp_mmc - ok 21:01:38.0973 7096 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys 21:01:38.0974 7096 sffp_sd - ok 21:01:38.0976 7096 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys 21:01:38.0977 7096 sfloppy - ok 21:01:39.0018 7096 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll 21:01:39.0023 7096 ShellHWDetection - ok 21:01:39.0058 7096 Shockprf (380b52126e62c6c2d3c8ba805aadfdc7) C:\Windows\system32\DRIVERS\Apsx64.sys 21:01:39.0060 7096 Shockprf - ok 21:01:39.0086 7096 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys 21:01:39.0087 7096 SiSRaid2 - ok 21:01:39.0095 7096 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys 21:01:39.0096 7096 SiSRaid4 - ok 21:01:39.0114 7096 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 21:01:39.0116 7096 Smb - ok 21:01:39.0167 7096 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe 21:01:39.0168 7096 SNMPTRAP - ok 21:01:39.0180 7096 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 21:01:39.0181 7096 spldr - ok 21:01:39.0213 7096 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe 21:01:39.0218 7096 Spooler - ok 21:01:39.0367 7096 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe 21:01:39.0425 7096 sppsvc - ok 21:01:39.0527 7096 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll 21:01:39.0529 7096 sppuinotify - ok 21:01:39.0623 7096 SROSVC (47118a04b1d4dccce3a1cda3c10095b9) C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe 21:01:39.0630 7096 SROSVC - ok 21:01:39.0697 7096 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys 21:01:39.0703 7096 srv - ok 21:01:39.0738 7096 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys 21:01:39.0743 7096 srv2 - ok 21:01:39.0761 7096 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys 21:01:39.0762 7096 srvnet - ok 21:01:39.0814 7096 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll 21:01:39.0818 7096 SSDPSRV - ok 21:01:39.0839 7096 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll 21:01:39.0841 7096 SstpSvc - ok 21:01:39.0869 7096 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys 21:01:39.0869 7096 stexstor - ok 21:01:39.0901 7096 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys 21:01:39.0902 7096 StillCam - ok 21:01:39.0963 7096 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll 21:01:39.0974 7096 stisvc - ok 21:01:40.0069 7096 SUService (266d6be20b40b7dc0949f5108e838b5e) C:\Program Files (x86)\Lenovo\System Update\SUService.exe 21:01:40.0070 7096 SUService - ok 21:01:40.0096 7096 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys 21:01:40.0097 7096 swenum - ok 21:01:40.0231 7096 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe 21:01:40.0237 7096 SwitchBoard - ok 21:01:40.0295 7096 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll 21:01:40.0301 7096 swprv - ok 21:01:40.0404 7096 SynTP (ffdd13b42d4b106ac9fafbb0e1f7faa5) C:\Windows\system32\DRIVERS\SynTP.sys 21:01:40.0411 7096 SynTP - ok 21:01:40.0616 7096 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll 21:01:40.0645 7096 SysMain - ok 21:01:40.0749 7096 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll 21:01:40.0752 7096 TabletInputService - ok 21:01:41.0199 7096 TabletServiceISD (833ff7b720e16ef7b3a49eae2bffaee5) C:\Program Files\Tablet\ISD\ISD_Tablet.exe 21:01:41.0294 7096 TabletServiceISD - ok 21:01:41.0363 7096 TabletSVC (5042d5f44275b8eedf0deb95693e84ed) C:\Program Files (x86)\ThinkPad\Tablet Shortcut\TSMService.exe 21:01:41.0364 7096 TabletSVC - ok 21:01:41.0477 7096 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll 21:01:41.0481 7096 TapiSrv - ok 21:01:41.0497 7096 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll 21:01:41.0499 7096 TBS - ok 21:01:41.0611 7096 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys 21:01:41.0627 7096 Tcpip - ok 21:01:41.0843 7096 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys 21:01:41.0852 7096 TCPIP6 - ok 21:01:41.0986 7096 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys 21:01:41.0988 7096 tcpipreg - ok 21:01:42.0009 7096 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 21:01:42.0011 7096 TDPIPE - ok 21:01:42.0049 7096 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys 21:01:42.0051 7096 TDTCP - ok 21:01:42.0084 7096 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys 21:01:42.0086 7096 tdx - ok 21:01:42.0106 7096 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys 21:01:42.0106 7096 TermDD - ok 21:01:42.0168 7096 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll 21:01:42.0176 7096 TermService - ok 21:01:42.0254 7096 Tether (6749c00ea7eb969e45b8de5369175d83) C:\Program Files (x86)\Tether\TBService.exe 21:01:42.0255 7096 Tether - ok 21:01:42.0279 7096 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll 21:01:42.0280 7096 Themes - ok 21:01:42.0301 7096 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 21:01:42.0304 7096 THREADORDER - ok 21:01:42.0408 7096 TouchServiceISD (27b82c07f519218a8d891768b55bd474) C:\Program Files\Tablet\ISD\ISD_TouchService.exe 21:01:42.0416 7096 TouchServiceISD - ok 21:01:42.0465 7096 TPDIGIMN (5523c729f1ed31b63c88490af3d220fa) C:\Windows\system32\DRIVERS\ApsHM64.sys 21:01:42.0465 7096 TPDIGIMN - ok 21:01:42.0484 7096 TPHDEXLGSVC (ecb098a3404acb8a05f0673dc086bb43) C:\Windows\system32\TPHDEXLG64.exe 21:01:42.0486 7096 TPHDEXLGSVC - ok 21:01:42.0541 7096 TPHKLOAD (63626012e44caaa162677b57b6dcb542) C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe 21:01:42.0543 7096 TPHKLOAD - ok 21:01:42.0562 7096 TPHKSVC (9e6e4a9789f76593cc5a6a5af8fc5929) C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe 21:01:42.0563 7096 TPHKSVC - ok 21:01:42.0597 7096 TPM (dbcc20c02e8a3e43b03c304a4e40a84f) C:\Windows\system32\drivers\tpm.sys 21:01:42.0597 7096 TPM - ok 21:01:42.0645 7096 TPPWRIF (7165b5a9b4867f64a6d6935f57d4196b) C:\Windows\system32\drivers\Tppwr64v.sys 21:01:42.0645 7096 TPPWRIF - ok 21:01:42.0676 7096 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll 21:01:42.0678 7096 TrkWks - ok 21:01:42.0720 7096 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe 21:01:42.0725 7096 TrustedInstaller - ok 21:01:42.0747 7096 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys 21:01:42.0748 7096 tssecsrv - ok 21:01:42.0775 7096 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys 21:01:42.0776 7096 TsUsbFlt - ok 21:01:42.0810 7096 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys 21:01:42.0811 7096 TsUsbGD - ok 21:01:43.0220 7096 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys 21:01:43.0221 7096 tunnel - ok 21:01:43.0251 7096 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys 21:01:43.0253 7096 uagp35 - ok 21:01:43.0287 7096 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys 21:01:43.0290 7096 udfs - ok 21:01:43.0342 7096 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe 21:01:43.0345 7096 UI0Detect - ok 21:01:43.0401 7096 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys 21:01:43.0402 7096 uliagpkx - ok 21:01:43.0444 7096 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys 21:01:43.0446 7096 umbus - ok 21:01:43.0543 7096 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys 21:01:43.0544 7096 UmPass - ok 21:01:43.0722 7096 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll 21:01:43.0733 7096 upnphost - ok 21:01:43.0811 7096 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys 21:01:43.0812 7096 USBAAPL64 - ok 21:01:43.0853 7096 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys 21:01:43.0855 7096 usbccgp - ok 21:01:43.0931 7096 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys 21:01:43.0932 7096 usbcir - ok 21:01:43.0945 7096 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys 21:01:43.0946 7096 usbehci - ok 21:01:44.0001 7096 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys 21:01:44.0005 7096 usbhub - ok 21:01:44.0023 7096 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys 21:01:44.0024 7096 usbohci - ok 21:01:44.0061 7096 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys 21:01:44.0062 7096 usbprint - ok 21:01:44.0099 7096 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys 21:01:44.0100 7096 usbscan - ok 21:01:44.0131 7096 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS 21:01:44.0132 7096 USBSTOR - ok 21:01:44.0147 7096 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys 21:01:44.0147 7096 usbuhci - ok 21:01:44.0186 7096 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys 21:01:44.0188 7096 usbvideo - ok 21:01:44.0214 7096 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll 21:01:44.0216 7096 UxSms - ok 21:01:44.0242 7096 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 21:01:44.0243 7096 VaultSvc - ok 21:01:44.0278 7096 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys 21:01:44.0278 7096 vdrvroot - ok 21:01:44.0328 7096 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe 21:01:44.0334 7096 vds - ok 21:01:44.0350 7096 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 21:01:44.0351 7096 vga - ok 21:01:44.0367 7096 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 21:01:44.0368 7096 VgaSave - ok 21:01:44.0381 7096 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys 21:01:44.0383 7096 vhdmp - ok 21:01:44.0393 7096 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys 21:01:44.0393 7096 viaide - ok 21:01:44.0469 7096 VIPAppService (6ad85f32ea4aa65bb2ea652f2b9d4005) C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe 21:01:44.0470 7096 VIPAppService - ok 21:01:44.0498 7096 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys 21:01:44.0499 7096 volmgr - ok 21:01:44.0526 7096 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys 21:01:44.0529 7096 volmgrx - ok 21:01:44.0550 7096 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys 21:01:44.0553 7096 volsnap - ok 21:01:44.0665 7096 vpnagent (3b98ab9849754cb88265111422441df7) C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe 21:01:44.0671 7096 vpnagent - ok 21:01:44.0703 7096 vpnva (13e6d95e7ac67abb7a1196557ef8849f) C:\Windows\system32\DRIVERS\vpnva64.sys 21:01:44.0704 7096 vpnva - ok 21:01:44.0740 7096 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys 21:01:44.0742 7096 vsmraid - ok 21:01:44.0882 7096 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe 21:01:44.0905 7096 VSS - ok 21:01:45.0097 7096 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys 21:01:45.0100 7096 vwifibus - ok 21:01:45.0180 7096 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys 21:01:45.0181 7096 vwififlt - ok 21:01:45.0244 7096 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys 21:01:45.0245 7096 vwifimp - ok 21:01:45.0316 7096 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll 21:01:45.0320 7096 W32Time - ok 21:01:45.0344 7096 wacommousefilter (e04d43c7d1641e95d35cae6086c7e350) C:\Windows\system32\DRIVERS\wacommousefilter.sys 21:01:45.0345 7096 wacommousefilter - ok 21:01:45.0372 7096 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys 21:01:45.0372 7096 WacomPen - ok 21:01:45.0421 7096 wacomvhid (ec1ceb237e365330c1fcfc4876aa0ac0) C:\Windows\system32\DRIVERS\wacomvhid.sys 21:01:45.0421 7096 wacomvhid - ok 21:01:45.0440 7096 wacomvthid (ef4d5242c0e2f74ba8e74c31f57a11cb) C:\Windows\system32\DRIVERS\WacomVTHid.sys 21:01:45.0440 7096 wacomvthid - ok 21:01:45.0466 7096 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 21:01:45.0468 7096 WANARP - ok 21:01:45.0473 7096 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 21:01:45.0473 7096 Wanarpv6 - ok 21:01:45.0584 7096 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe 21:01:45.0599 7096 WatAdminSvc - ok 21:01:45.0690 7096 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe 21:01:45.0704 7096 wbengine - ok 21:01:45.0821 7096 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll 21:01:45.0827 7096 WbioSrvc - ok 21:01:45.0865 7096 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll 21:01:45.0875 7096 wcncsvc - ok 21:01:45.0908 7096 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll 21:01:45.0912 7096 WcsPlugInService - ok 21:01:45.0963 7096 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys 21:01:45.0964 7096 Wd - ok 21:01:46.0010 7096 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 21:01:46.0018 7096 Wdf01000 - ok 21:01:46.0036 7096 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 21:01:46.0039 7096 WdiServiceHost - ok 21:01:46.0042 7096 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 21:01:46.0044 7096 WdiSystemHost - ok 21:01:46.0083 7096 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll 21:01:46.0086 7096 WebClient - ok 21:01:46.0107 7096 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll 21:01:46.0111 7096 Wecsvc - ok 21:01:46.0128 7096 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll 21:01:46.0131 7096 wercplsupport - ok 21:01:46.0166 7096 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll 21:01:46.0169 7096 WerSvc - ok 21:01:46.0220 7096 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 21:01:46.0220 7096 WfpLwf - ok 21:01:46.0239 7096 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 21:01:46.0240 7096 WIMMount - ok 21:01:46.0244 7096 WinHttpAutoProxySvc - ok 21:01:46.0309 7096 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll 21:01:46.0313 7096 Winmgmt - ok 21:01:46.0453 7096 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll 21:01:46.0482 7096 WinRM - ok 21:01:46.0648 7096 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys 21:01:46.0650 7096 WinUsb - ok 21:01:46.0725 7096 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll 21:01:46.0738 7096 Wlansvc - ok 21:01:46.0765 7096 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys 21:01:46.0766 7096 WmiAcpi - ok 21:01:46.0953 7096 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe 21:01:46.0955 7096 wmiApSrv - ok 21:01:47.0047 7096 WMPNetworkSvc - ok 21:01:47.0111 7096 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll 21:01:47.0115 7096 WPCSvc - ok 21:01:47.0149 7096 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll 21:01:47.0153 7096 WPDBusEnum - ok 21:01:47.0203 7096 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 21:01:47.0204 7096 ws2ifsl - ok 21:01:47.0207 7096 WSearch - ok 21:01:47.0233 7096 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys 21:01:47.0235 7096 WudfPf - ok 21:01:47.0266 7096 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys 21:01:47.0268 7096 WUDFRd - ok 21:01:47.0302 7096 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll 21:01:47.0305 7096 wudfsvc - ok 21:01:47.0334 7096 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll 21:01:47.0338 7096 WwanSvc - ok 21:01:47.0410 7096 MBR (0x1B8) (d76734da8809f25c22bf596bc581ec6e) \Device\Harddisk0\DR0 21:01:47.0655 7096 \Device\Harddisk0\DR0 - ok 21:01:47.0668 7096 Boot (0x1200) (2ebb995c5fb3f6213db153a68c2d9039) \Device\Harddisk0\DR0\Partition0 21:01:47.0669 7096 \Device\Harddisk0\DR0\Partition0 - ok 21:01:47.0678 7096 Boot (0x1200) (dd56d60a3b1bd1e72e4af050735486e8) \Device\Harddisk0\DR0\Partition1 21:01:47.0680 7096 \Device\Harddisk0\DR0\Partition1 - ok 21:01:47.0712 7096 Boot (0x1200) (24403d73d81d97a6232339590ccb5fca) \Device\Harddisk0\DR0\Partition2 21:01:47.0713 7096 \Device\Harddisk0\DR0\Partition2 - ok 21:01:47.0714 7096 ================================================== ========== 21:01:47.0714 7096 Scan finished 21:01:47.0714 7096 ================================================== ========== 21:01:47.0723 4476 Detected object count: 0 21:01:47.0723 4476 Actual detected object count: 0
|
|
#9
August 12th, 2012, 02:16 AM
|
||||
|
||||
|
Didn't pick it up in that.
Be sure to continue to temporarily disable any protective software when running the scan tools we use here. Download ComboFix.exe from here to your desktop, then click that to run that scan. Agree to any warnings you might receive. A caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Allow the scan to run. When completed a text window will appear - please copy/paste the contents back here. This log can also be found at C:\ComboFix.txt.
|
|
#10
August 12th, 2012, 09:21 PM
|
||||
|
||||
|
ComboFix 12-08-10.02 - Andrew 08/12/2012 14:44:01.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8079.6656 [GMT -5:00] Running from: c:\users\Andrew\Desktop\ComboFix.exe SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Andrew\AppData\Local\{725f6c39-7974-175c-52fc-7de7996e4e3f} c:\users\Andrew\AppData\Local\{725f6c39-7974-175c-52fc-7de7996e4e3f}\@ c:\users\Andrew\AppData\Local\{725f6c39-7974-175c-52fc-7de7996e4e3f}\n c:\users\Andrew\AppData\Local\Microsoft\Windows\Te mporary Internet Files\{5C8B0C87-2D85-440F-98E2-E14E9055BC40}.xps c:\users\Andrew\AppData\Local\Microsoft\Windows\Te mporary Internet Files\{6F759402-F59E-4B71-ADBC-742EC5957A02}.xps c:\users\Andrew\AppData\Local\Microsoft\Windows\Te mporary Internet Files\{BD65A00F-3111-4018-8835-6AADB4308384}.xps c:\users\Andrew\AppData\Local\Microsoft\Windows\Te mporary Internet Files\{D3E6BE93-8155-4582-AE1E-C21F8AFC1DA9}.xps c:\users\Andrew\AppData\Local\Microsoft\Windows\Te mporary Internet Files\{DAA3482E-D044-4EB9-A915-930A25264668}.xps c:\users\Andrew\AppData\Local\Microsoft\Windows\Te mporary Internet Files\{EE26A546-A7B7-4577-953B-443177C16956}.xps c:\windows\assembly\GAC_32\Desktop.ini c:\windows\assembly\GAC_64\Desktop.ini c:\windows\Installer\{725f6c39-7974-175c-52fc-7de7996e4e3f} c:\windows\Installer\{725f6c39-7974-175c-52fc-7de7996e4e3f}\@ c:\windows\Installer\{725f6c39-7974-175c-52fc-7de7996e4e3f}\L\00000004.@ c:\windows\Installer\{725f6c39-7974-175c-52fc-7de7996e4e3f}\L\201d3dde c:\windows\Installer\{725f6c39-7974-175c-52fc-7de7996e4e3f}\n c:\windows\Installer\{725f6c39-7974-175c-52fc-7de7996e4e3f}\U\00000004.@ c:\windows\Installer\{725f6c39-7974-175c-52fc-7de7996e4e3f}\U\00000008.@ c:\windows\Installer\{725f6c39-7974-175c-52fc-7de7996e4e3f}\U\000000cb.@ c:\windows\Installer\{725f6c39-7974-175c-52fc-7de7996e4e3f}\U\80000000.@ c:\windows\Installer\{725f6c39-7974-175c-52fc-7de7996e4e3f}\U\80000032.@ c:\windows\Installer\{725f6c39-7974-175c-52fc-7de7996e4e3f}\U\80000064.@ c:\windows\SysWow64\pt c:\windows\SysWow64\pt\Lagoon.resources.dll Q:\Autorun.inf . Infected copy of c:\windows\system32\services.exe was found and disinfected Restored copy from - c:\32788r22fwjfw\HarddiskVolumeShadowCopy7_!Window s!System32!services.exe . . ((((((((((((((((((((((((( Files Created from 2012-07-12 to 2012-08-12 ))))))))))))))))))))))))))))))) . . 2012-08-12 19:52 . 2012-08-12 19:52 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-08-11 02:23 . 2012-08-11 02:56 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2012-08-11 02:23 . 2012-08-11 02:23 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2012-08-08 21:58 . 2012-08-08 21:58 -------- d-----w- c:\users\Andrew\AppData\Roaming\AdobeMuse 2012-08-08 00:49 . 2012-08-08 00:49 -------- d-sh--w- c:\windows\SysWow64\%APPDATA% 2012-08-08 00:44 . 2012-08-08 00:44 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-08-07 19:37 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8BBCE404-421D-4600-AD2A-29232EC839A8}\mpengine.dll 2012-08-03 18:26 . 2012-08-03 18:26 -------- d-----w- c:\programdata\RIBS 2012-08-01 16:14 . 2012-08-02 18:35 -------- d-----w- c:\users\Andrew\AppData\Roaming\Apple Computer 2012-08-01 15:57 . 2012-08-01 15:57 -------- d-----w- c:\program files (x86)\WinDirStat . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )) . 2012-08-08 00:44 . 2011-07-22 18:01 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-07-11 22:55 . 2011-08-01 05:34 59701280 ----a-w- c:\windows\system32\MRT.exe 2012-06-12 03:08 . 2012-07-11 22:57 3148800 ----a-w- c:\windows\system32\win32k.sys 2012-06-09 05:43 . 2012-07-11 17:20 14172672 ----a-w- c:\windows\system32\shell32.dll 2012-06-06 06:06 . 2012-07-11 17:20 2004480 ----a-w- c:\windows\system32\msxml6.dll 2012-06-06 06:06 . 2012-07-11 17:20 1881600 ----a-w- c:\windows\system32\msxml3.dll 2012-06-06 06:02 . 2012-07-11 17:20 1133568 ----a-w- c:\windows\system32\cdosys.dll 2012-06-06 05:05 . 2012-07-11 17:20 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll 2012-06-06 05:05 . 2012-07-11 17:20 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll 2012-06-06 05:03 . 2012-07-11 17:20 805376 ----a-w- c:\windows\SysWow64\cdosys.dll 2012-06-02 22:19 . 2012-06-25 17:55 38424 ----a-w- c:\windows\system32\wups.dll 2012-06-02 22:19 . 2012-06-25 17:55 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-02 22:19 . 2012-06-25 17:55 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-02 22:19 . 2012-06-25 17:55 44056 ----a-w- c:\windows\system32\wups2.dll 2012-06-02 22:19 . 2012-06-25 17:55 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-06-02 22:15 . 2012-06-25 17:55 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-06-02 22:15 . 2012-06-25 17:55 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-06-02 20:19 . 2012-06-25 17:55 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-02 20:15 . 2012-06-25 17:55 36864 ----a-w- c:\windows\system32\wuapp.exe 2012-06-02 12:49 . 2012-07-11 22:54 17807360 ----a-w- c:\windows\system32\mshtml.dll 2012-06-02 12:17 . 2012-07-11 22:54 10924032 ----a-w- c:\windows\system32\ieframe.dll 2012-06-02 12:12 . 2012-07-11 22:54 2311680 ----a-w- c:\windows\system32\jscript9.dll 2012-06-02 12:05 . 2012-07-11 22:54 1346048 ----a-w- c:\windows\system32\urlmon.dll 2012-06-02 12:05 . 2012-07-11 22:54 1392128 ----a-w- c:\windows\system32\wininet.dll 2012-06-02 12:04 . 2012-07-11 22:54 1494528 ----a-w- c:\windows\system32\inetcpl.cpl 2012-06-02 12:04 . 2012-07-11 22:54 237056 ----a-w- c:\windows\system32\url.dll 2012-06-02 12:03 . 2012-07-11 22:54 85504 ----a-w- c:\windows\system32\jsproxy.dll 2012-06-02 12:01 . 2012-07-11 22:54 173056 ----a-w- c:\windows\system32\ieUnatt.exe 2012-06-02 12:00 . 2012-07-11 22:54 818688 ----a-w- c:\windows\system32\jscript.dll 2012-06-02 11:59 . 2012-07-11 22:54 2144768 ----a-w- c:\windows\system32\iertutil.dll 2012-06-02 11:57 . 2012-07-11 22:54 96768 ----a-w- c:\windows\system32\mshtmled.dll 2012-06-02 11:57 . 2012-07-11 22:54 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-06-02 11:54 . 2012-07-11 22:54 248320 ----a-w- c:\windows\system32\ieui.dll 2012-06-02 08:33 . 2012-07-11 22:54 1800192 ----a-w- c:\windows\SysWow64\jscript9.dll 2012-06-02 08:25 . 2012-07-11 22:54 1129472 ----a-w- c:\windows\SysWow64\wininet.dll 2012-06-02 08:25 . 2012-07-11 22:54 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2012-06-02 08:20 . 2012-07-11 22:54 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2012-06-02 08:16 . 2012-07-11 22:54 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb 2012-06-02 05:50 . 2012-07-11 17:20 458704 ----a-w- c:\windows\system32\drivers\cng.sys 2012-06-02 05:48 . 2012-07-11 17:20 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys 2012-06-02 05:48 . 2012-07-11 17:20 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2012-06-02 05:45 . 2012-07-11 17:20 340992 ----a-w- c:\windows\system32\schannel.dll 2012-06-02 05:44 . 2012-07-11 17:20 307200 ----a-w- c:\windows\system32\ncrypt.dll 2012-06-02 04:40 . 2012-07-11 17:20 22016 ----a-w- c:\windows\SysWow64\secur32.dll 2012-06-02 04:40 . 2012-07-11 17:20 225280 ----a-w- c:\windows\SysWow64\schannel.dll 2012-06-02 04:39 . 2012-07-11 17:20 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll 2012-06-02 04:34 . 2012-07-11 17:20 96768 ----a-w- c:\windows\SysWow64\sspicli.dll 2012-05-31 17:25 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run] "ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM .exe" [2011-06-04 222496] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\ Windows\CurrentVersion\Run] "RotateImage"="c:\program files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe" [2008-10-30 55808] "TSMResident"="c:\program files (x86)\ThinkPad\Tablet Shortcut\TSMRESIDENT.EXE" [2011-05-09 484856] "AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.ex e" [2008-08-14 611712] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-11-13 421736] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888] "DNS7reminder"="c:\program files (x86)\Nuance\NaturallySpeaking11\Ereg\Ereg.exe" [2010-10-27 328992] "ScanSnap WIA Service Checker"="c:\windows\SSDriver\fi5110\SsWiaChecker. exe" [2009-09-30 86016] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-04-04 36760] "Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-04-04 815512] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.ex e" [2012-03-09 1073312] . c:\users\Andrew\AppData\Roaming\Microsoft\Windows\ Start Menu\Programs\Startup\ EvernoteClipper.lnk - c:\users\Andrew\AppData\Local\Apps\Evernote\Everno te\EvernoteClipper.exe [2012-1-23 1014112] OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 245120] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ CardMinder Viewer.lnk - c:\program files (x86)\SnanSnap\PFU\ScanSnap\CardMinder\CardLaunche r.exe [2012-1-7 77824] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework6 4\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 HyperW7Svc;HyperW7 Service;c:\program files\Lenovo\RapidBoot\HyperW7Svc64.exe [2010-12-03 116072] R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwa mpfl.sys [2010-12-18 425000] R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-12-18 39464] R3 DozeSvc;Lenovo Doze Mode Service;c:\program files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2011-03-23 477032] R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-08-02 1038088] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-31 113120] R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2011-05-10 22528] R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EX E [2010-01-10 4925184] R3 pmxdrv;pmxdrv;c:\windows\system32\drivers\pmxdrv.s ys [2011-07-17 31152] R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2011-03-23 79208] R3 qrkis;Tether Miniport;c:\windows\system32\DRIVERS\qrkis.sys [2009-10-16 50856] R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsus bflt.sys [2010-11-21 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-05-10 51712] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-07-26 1255736] S0 DzHDD64;DzHDD64;c:\windows\System32\DRIVERS\DzHDD6 4.sys [2011-03-23 31344] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHl pa64.sys [2011-11-03 56208] S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsH M64.sys [2011-01-13 23664] S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys [2010-09-07 15472] S1 PHCORE;PHCORE;c:\program files\Lenovo\RapidBoot\PHCORE64.SYS [2010-12-03 31592] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 ASRSVC;ASR Service;c:\program files (x86)\ThinkPad\Tablet Shortcut\ASR\ASRSVC.exe [2010-10-28 79136] S2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg64.exe [2010-12-17 198784] S2 DragonSvc;Dragon Service;c:\program files (x86)\Common Files\Nuance\dgnsvc.exe [2011-06-04 296808] S2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2011-02-24 212944] S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [2011-04-05 40808] S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2010-11-24 45496] S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [2011-04-05 59240] S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2010-04-07 93032] S2 risdxc;risdxc;c:\windows\system32\DRIVERS\risdxc64 .sys [2011-03-23 101376] S2 SAService;Conexant SmartAudio service;c:\windows\system32\SAsrv.exe [x] S2 SROSVC;Screen Reading Optimizer Service Program;c:\program files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe [2011-03-02 443240] S2 TabletServiceISD;TabletServiceISD;c:\program files\Tablet\ISD\ISD_Tablet.exe [2011-02-02 5638000] S2 TabletSVC;TABLET Service;c:\program files (x86)\ThinkPad\Tablet Shortcut\TSMService.exe [2011-05-09 83440] S2 Tether;Tether;c:\program files (x86)\Tether\TBService.exe [2011-11-25 52664] S2 TouchServiceISD;Wacom ISD Touch Service;c:\program files\Tablet\ISD\ISD_TouchService.exe [2011-02-02 449904] S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [2010-12-03 114024] S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2010-12-02 64440] S2 VIPAppService;VIPAppService;c:\program files (x86)\Symantec\VIP Access Client\VIPAppService.exe [2011-04-13 84088] S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2011-09-22 645048] S3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys [2011-03-05 166016] S3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [2011-06-23 341680] S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-03-11 317440] S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344] S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [2011-02-23 1142376] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920] S3 wacomvthid;Virtual Touch Driver;c:\windows\system32\DRIVERS\WacomVTHid.sys [2010-12-02 16368] . . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] "ForteConfig"="c:\program files\Conexant\ForteConfig\fmapp.exe" [2010-10-26 49056] "SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2011-03-15 316032] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-11 167960] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-11 391704] "Persistence"="c:\windows\system32\igfxpers.ex e" [2011-03-11 418840] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512] "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.e xe" [2012-05-31 446392] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://lenovo.msn.com mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: Add to Evernote 4.0 - c:\users\Andrew\AppData\Local\Apps\Evernote\Everno te\EvernoteIE.dll/204 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105 IE: Send image to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm TCP: DhcpNameServer = 192.168.1.1 209.55.5.10 209.55.5.11 TCP: Interfaces\{D8669281-776F-4710-83F1-9A1DFB7D08E2}: NameServer = 208.67.222.222,208.67.220.220 FF - ProfilePath - c:\users\Andrew\AppData\Roaming\Mozilla\Firefox\Pr ofiles\vd56xmj0.default\ . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) Wow6432Node-HKCU-Run-iCloudServices - c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe Wow6432Node-HKCU-Run-AdobeBridge - (no file) Toolbar-Locked - (no file) HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macrome d\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUt il32_11_3_300_257_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32 _11_3_300_257.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32 _11_3_300_257.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32 _11_3_300_257.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32 _11_3_300_257.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\In terface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\In terface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\In terface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PC W\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe c:\progra~1\LENOVO\VIRTSCRL\virtscrl.exe c:\windows\SysWOW64\SAsrv.exe c:\progra~1\Lenovo\Zoom\TPSCREX.EXE c:\progra~1\Lenovo\HOTKEY\TPONSCR.EXE c:\program files (x86)\Lenovo\System Update\SUService.exe . ************************************************** ************************ . Completion time: 2012-08-12 14:58:59 - machine was rebooted ComboFix-quarantined-files.txt 2012-08-12 19:58 . Pre-Run: 71,326,179,328 bytes free Post-Run: 71,359,455,232 bytes free . - - End Of File - - 9B961AFDB3FCFF627D289F991EEC5A38
|
|
#12
August 14th, 2012, 05:02 AM
|
||||
|
||||
|
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-08-13 23:01:04 Windows 6.1.7601 Service Pack 1 Running: c5u0bgg5.exe ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Par ameters\Keys\ec55f9f0891e Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Paramet ers\Keys\ec55f9f0891e (not active ControlSet) ---- EOF - GMER 1.0.15 ---- ComboFix 12-08-10.02 - Andrew 08/13/2012 20:06:46.2.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8079.6431 [GMT -5:00] Running from: c:\users\Andrew\Desktop\ComboFix.exe SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2012-07-14 to 2012-08-14 ))))))))))))))))))))))))))))))) . . 2012-08-14 01:12 . 2012-08-14 01:12 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-08-11 02:23 . 2012-08-11 02:56 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2012-08-11 02:23 . 2012-08-11 02:23 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2012-08-08 21:58 . 2012-08-08 21:58 -------- d-----w- c:\users\Andrew\AppData\Roaming\AdobeMuse 2012-08-08 00:49 . 2012-08-08 00:49 -------- d-sh--w- c:\windows\SysWow64\%APPDATA% 2012-08-08 00:44 . 2012-08-08 00:44 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-08-07 19:37 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8BBCE404-421D-4600-AD2A-29232EC839A8}\mpengine.dll 2012-08-03 18:26 . 2012-08-03 18:26 -------- d-----w- c:\programdata\RIBS 2012-08-01 16:14 . 2012-08-02 18:35 -------- d-----w- c:\users\Andrew\AppData\Roaming\Apple Computer 2012-08-01 15:57 . 2012-08-01 15:57 -------- d-----w- c:\program files (x86)\WinDirStat . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )) . 2012-08-08 00:44 . 2011-07-22 18:01 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-07-11 22:55 . 2011-08-01 05:34 59701280 ----a-w- c:\windows\system32\MRT.exe 2012-06-19 19:13 . 2012-06-19 19:13 10720 ----a-w- c:\windows\SysWow64\vpncategories.dll 2012-06-19 19:13 . 2012-06-19 19:13 30688 ----a-w- c:\windows\SysWow64\vpnevents.dll 2012-06-12 03:08 . 2012-07-11 22:57 3148800 ----a-w- c:\windows\system32\win32k.sys 2012-06-09 05:43 . 2012-07-11 17:20 14172672 ----a-w- c:\windows\system32\shell32.dll 2012-06-06 06:06 . 2012-07-11 17:20 2004480 ----a-w- c:\windows\system32\msxml6.dll 2012-06-06 06:06 . 2012-07-11 17:20 1881600 ----a-w- c:\windows\system32\msxml3.dll 2012-06-06 06:02 . 2012-07-11 17:20 1133568 ----a-w- c:\windows\system32\cdosys.dll 2012-06-06 05:05 . 2012-07-11 17:20 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll 2012-06-06 05:05 . 2012-07-11 17:20 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll 2012-06-06 05:03 . 2012-07-11 17:20 805376 ----a-w- c:\windows\SysWow64\cdosys.dll 2012-06-02 22:19 . 2012-06-25 17:55 38424 ----a-w- c:\windows\system32\wups.dll 2012-06-02 22:19 . 2012-06-25 17:55 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-02 22:19 . 2012-06-25 17:55 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-02 22:19 . 2012-06-25 17:55 44056 ----a-w- c:\windows\system32\wups2.dll 2012-06-02 22:19 . 2012-06-25 17:55 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-06-02 22:15 . 2012-06-25 17:55 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-06-02 22:15 . 2012-06-25 17:55 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-06-02 20:19 . 2012-06-25 17:55 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-02 20:15 . 2012-06-25 17:55 36864 ----a-w- c:\windows\system32\wuapp.exe 2012-06-02 12:49 . 2012-07-11 22:54 17807360 ----a-w- c:\windows\system32\mshtml.dll 2012-06-02 12:17 . 2012-07-11 22:54 10924032 ----a-w- c:\windows\system32\ieframe.dll 2012-06-02 12:12 . 2012-07-11 22:54 2311680 ----a-w- c:\windows\system32\jscript9.dll 2012-06-02 12:05 . 2012-07-11 22:54 1346048 ----a-w- c:\windows\system32\urlmon.dll 2012-06-02 12:05 . 2012-07-11 22:54 1392128 ----a-w- c:\windows\system32\wininet.dll 2012-06-02 12:04 . 2012-07-11 22:54 1494528 ----a-w- c:\windows\system32\inetcpl.cpl 2012-06-02 12:04 . 2012-07-11 22:54 237056 ----a-w- c:\windows\system32\url.dll 2012-06-02 12:03 . 2012-07-11 22:54 85504 ----a-w- c:\windows\system32\jsproxy.dll 2012-06-02 12:01 . 2012-07-11 22:54 173056 ----a-w- c:\windows\system32\ieUnatt.exe 2012-06-02 12:00 . 2012-07-11 22:54 818688 ----a-w- c:\windows\system32\jscript.dll 2012-06-02 11:59 . 2012-07-11 22:54 2144768 ----a-w- c:\windows\system32\iertutil.dll 2012-06-02 11:57 . 2012-07-11 22:54 96768 ----a-w- c:\windows\system32\mshtmled.dll 2012-06-02 11:57 . 2012-07-11 22:54 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-06-02 11:54 . 2012-07-11 22:54 248320 ----a-w- c:\windows\system32\ieui.dll 2012-06-02 08:33 . 2012-07-11 22:54 1800192 ----a-w- c:\windows\SysWow64\jscript9.dll 2012-06-02 08:25 . 2012-07-11 22:54 1129472 ----a-w- c:\windows\SysWow64\wininet.dll 2012-06-02 08:25 . 2012-07-11 22:54 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2012-06-02 08:20 . 2012-07-11 22:54 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2012-06-02 08:16 . 2012-07-11 22:54 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb 2012-06-02 05:50 . 2012-07-11 17:20 458704 ----a-w- c:\windows\system32\drivers\cng.sys 2012-06-02 05:48 . 2012-07-11 17:20 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys 2012-06-02 05:48 . 2012-07-11 17:20 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2012-06-02 05:45 . 2012-07-11 17:20 340992 ----a-w- c:\windows\system32\schannel.dll 2012-06-02 05:44 . 2012-07-11 17:20 307200 ----a-w- c:\windows\system32\ncrypt.dll 2012-06-02 04:40 . 2012-07-11 17:20 22016 ----a-w- c:\windows\SysWow64\secur32.dll 2012-06-02 04:40 . 2012-07-11 17:20 225280 ----a-w- c:\windows\SysWow64\schannel.dll 2012-06-02 04:39 . 2012-07-11 17:20 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll 2012-06-02 04:34 . 2012-07-11 17:20 96768 ----a-w- c:\windows\SysWow64\sspicli.dll 2012-05-31 17:25 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe . . ((((((((((((((((((((((((((((( SnapShot@2012-08-12_19.53.29 ))))))))))))))))))))))))))))))))))))))))) . + 2010-11-21 03:09 . 2012-08-12 20:18 54034 c:\windows\system32\wdi\ShutdownPerformanceDiagnos tics_SystemData.bin + 2009-07-14 05:10 . 2012-08-14 00:39 39628 c:\windows\system32\wdi\BootPerformanceDiagnostics _SystemData.bin + 2011-07-22 18:24 . 2012-08-14 00:39 12006 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3337292661-3892445894-1563625469-1000_UserData.bin - 2009-07-14 05:30 . 2012-04-30 00:16 86016 c:\windows\system32\DriverStore\infpub.dat + 2009-07-14 05:30 . 2012-08-13 01:49 86016 c:\windows\system32\DriverStore\infpub.dat - 2011-07-17 03:23 . 2012-07-12 12:35 61356 c:\windows\system32\config\systemprofile\AppData\R oaming\WTablet\ISD_Tablet.dat + 2011-07-17 03:23 . 2012-08-13 13:22 61356 c:\windows\system32\config\systemprofile\AppData\R oaming\WTablet\ISD_Tablet.dat + 2012-08-14 00:37 . 2012-08-14 00:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive1.dat - 2012-08-12 19:52 . 2012-08-12 19:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive1.dat - 2012-08-12 19:52 . 2012-08-12 19:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive0.dat + 2012-08-14 00:37 . 2012-08-14 00:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive0.dat + 2011-07-26 03:57 . 2012-08-14 01:00 315756 c:\windows\system32\wdi\SuspendPerformanceDiagnost ics_SystemData_S3.bin + 2009-07-14 02:36 . 2012-08-12 19:57 624412 c:\windows\system32\perfh009.dat - 2009-07-14 02:36 . 2012-08-10 19:40 624412 c:\windows\system32\perfh009.dat + 2009-07-14 02:36 . 2012-08-12 19:57 106756 c:\windows\system32\perfc009.dat - 2009-07-14 02:36 . 2012-08-10 19:40 106756 c:\windows\system32\perfc009.dat + 2009-07-14 05:30 . 2012-08-13 01:49 143360 c:\windows\system32\DriverStore\infstrng.dat - 2009-07-14 05:30 . 2012-04-30 00:16 143360 c:\windows\system32\DriverStore\infstrng.dat - 2009-07-14 05:01 . 2012-08-12 19:52 484356 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\FontCache-System.dat + 2009-07-14 05:01 . 2012-08-14 00:37 484356 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\FontCache-System.dat + 2012-06-19 19:13 . 2012-06-19 19:13 389120 c:\windows\Installer\aaa95e.msi - 2011-07-22 18:10 . 2012-08-12 19:52 5749232 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\FontCache3.0.0.0.dat + 2011-07-22 18:10 . 2012-08-14 00:37 5749232 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\FontCache3.0.0.0.dat + 2011-07-22 18:10 . 2012-08-14 00:37 50582532 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\FontCache-S-1-5-21-3337292661-3892445894-1563625469-1000-8192.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run] "ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM .exe" [2011-06-04 222496] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\ Windows\CurrentVersion\Run] "RotateImage"="c:\program files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe" [2008-10-30 55808] "TSMResident"="c:\program files (x86)\ThinkPad\Tablet Shortcut\TSMRESIDENT.EXE" [2011-05-09 484856] "AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.ex e" [2008-08-14 611712] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-11-13 421736] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888] "DNS7reminder"="c:\program files (x86)\Nuance\NaturallySpeaking11\Ereg\Ereg.exe" [2010-10-27 328992] "ScanSnap WIA Service Checker"="c:\windows\SSDriver\fi5110\SsWiaChecker. exe" [2009-09-30 86016] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-04-04 36760] "Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-04-04 815512] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.ex e" [2012-03-09 1073312] . c:\users\Andrew\AppData\Roaming\Microsoft\Windows\ Start Menu\Programs\Startup\ EvernoteClipper.lnk - c:\users\Andrew\AppData\Local\Apps\Evernote\Everno te\EvernoteClipper.exe [2012-1-23 1014112] OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 245120] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ CardMinder Viewer.lnk - c:\program files (x86)\SnanSnap\PFU\ScanSnap\CardMinder\CardLaunche r.exe [2012-1-7 77824] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework6 4\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 HyperW7Svc;HyperW7 Service;c:\program files\Lenovo\RapidBoot\HyperW7Svc64.exe [2010-12-03 116072] R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwa mpfl.sys [2010-12-18 425000] R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-12-18 39464] R3 DozeSvc;Lenovo Doze Mode Service;c:\program files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2011-03-23 477032] R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-08-02 1038088] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-31 113120] R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2011-05-10 22528] R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EX E [2010-01-10 4925184] R3 pmxdrv;pmxdrv;c:\windows\system32\drivers\pmxdrv.s ys [2011-07-17 31152] R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2011-03-23 79208] R3 qrkis;Tether Miniport;c:\windows\system32\DRIVERS\qrkis.sys [2009-10-16 50856] R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsus bflt.sys [2010-11-21 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-05-10 51712] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-07-26 1255736] S0 DzHDD64;DzHDD64;c:\windows\System32\DRIVERS\DzHDD6 4.sys [2011-03-23 31344] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHl pa64.sys [2011-11-03 56208] S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsH M64.sys [2011-01-13 23664] S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys [2010-09-07 15472] S1 PHCORE;PHCORE;c:\program files\Lenovo\RapidBoot\PHCORE64.SYS [2010-12-03 31592] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 ASRSVC;ASR Service;c:\program files (x86)\ThinkPad\Tablet Shortcut\ASR\ASRSVC.exe [2010-10-28 79136] S2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg64.exe [2010-12-17 198784] S2 DragonSvc;Dragon Service;c:\program files (x86)\Common Files\Nuance\dgnsvc.exe [2011-06-04 296808] S2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2011-02-24 212944] S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [2011-04-05 40808] S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2010-11-24 45496] S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [2011-04-05 59240] S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2010-04-07 93032] S2 risdxc;risdxc;c:\windows\system32\DRIVERS\risdxc64 .sys [2011-03-23 101376] S2 SAService;Conexant SmartAudio service;c:\windows\system32\SAsrv.exe [x] S2 SROSVC;Screen Reading Optimizer Service Program;c:\program files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe [2011-03-02 443240] S2 TabletServiceISD;TabletServiceISD;c:\program files\Tablet\ISD\ISD_Tablet.exe [2011-02-02 5638000] S2 TabletSVC;TABLET Service;c:\program files (x86)\ThinkPad\Tablet Shortcut\TSMService.exe [2011-05-09 83440] S2 Tether;Tether;c:\program files (x86)\Tether\TBService.exe [2011-11-25 52664] S2 TouchServiceISD;Wacom ISD Touch Service;c:\program files\Tablet\ISD\ISD_TouchService.exe [2011-02-02 449904] S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [2010-12-03 114024] S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2010-12-02 64440] S2 VIPAppService;VIPAppService;c:\program files (x86)\Symantec\VIP Access Client\VIPAppService.exe [2011-04-13 84088] S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2012-06-19 645088] S3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys [2011-03-05 166016] S3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [2011-06-23 341680] S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-03-11 317440] S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344] S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [2011-02-23 1142376] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920] S3 wacomvthid;Virtual Touch Driver;c:\windows\system32\DRIVERS\WacomVTHid.sys [2010-12-02 16368] . . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU] "ForteConfig"="c:\program files\Conexant\ForteConfig\fmapp.exe" [2010-10-26 49056] "SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2011-03-15 316032] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-11 167960] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-11 391704] "Persistence"="c:\windows\system32\igfxpers.ex e" [2011-03-11 418840] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512] "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.e xe" [2012-07-31 446392] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://lenovo.msn.com mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: Add to Evernote 4.0 - c:\users\Andrew\AppData\Local\Apps\Evernote\Everno te\EvernoteIE.dll/204 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105 IE: Send image to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm TCP: DhcpNameServer = 192.168.1.1 209.55.5.10 209.55.5.11 TCP: Interfaces\{D8669281-776F-4710-83F1-9A1DFB7D08E2}: NameServer = 208.67.222.222,208.67.220.220 FF - ProfilePath - c:\users\Andrew\AppData\Roaming\Mozilla\Firefox\Pr ofiles\vd56xmj0.default\ . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macrome d\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUt il32_11_3_300_257_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32 _11_3_300_257.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32 _11_3_300_257.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32 _11_3_300_257.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32 _11_3_300_257.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\In terface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\In terface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\In terface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PC W\Security] @Denied: (Full) (Everyone) . Completion time: 2012-08-13 20:14:34 ComboFix-quarantined-files.txt 2012-08-14 01:14 ComboFix2.txt 2012-08-12 19:58 . Pre-Run: 74,943,684,608 bytes free Post-Run: 74,640,384,000 bytes free . - - End Of File - - 8EF3749FC84CCC448BE74830441EE6C5
|
|
#13
August 14th, 2012, 05:03 AM
|
||||
|
||||
|
19:35:09.0691 3972 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
19:35:11.0313 3972 ================================================== ========== 19:35:11.0313 3972 Current date / time: 2012/08/13 19:35:11.0313 19:35:11.0313 3972 SystemInfo: 19:35:11.0313 3972 19:35:11.0313 3972 OS Version: 6.1.7601 ServicePack: 1.0 19:35:11.0313 3972 Product type: Workstation 19:35:11.0313 3972 ComputerName: ANDREW-THINKPAD 19:35:11.0313 3972 UserName: Andrew 19:35:11.0313 3972 Windows directory: C:\Windows 19:35:11.0313 3972 System windows directory: C:\Windows 19:35:11.0313 3972 Running under WOW64 19:35:11.0313 3972 Processor architecture: Intel x64 19:35:11.0313 3972 Number of processors: 4 19:35:11.0313 3972 Page size: 0x1000 19:35:11.0313 3972 Boot type: Normal boot 19:35:11.0313 3972 ================================================== ========== 19:35:11.0766 3972 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 19:35:11.0766 3972 ================================================== ========== 19:35:11.0766 3972 \Device\Harddisk0\DR0: 19:35:11.0766 3972 MBR partitions: 19:35:11.0766 3972 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x258000 19:35:11.0766 3972 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x258800, BlocksNum 0x1BBE4800 19:35:11.0766 3972 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1BE3D000, BlocksNum 0x1388000 19:35:11.0766 3972 ================================================== ========== 19:35:11.0797 3972 C: <-> \Device\Harddisk0\DR0\Partition1 19:35:11.0828 3972 Q: <-> \Device\Harddisk0\DR0\Partition2 19:35:11.0828 3972 ================================================== ========== 19:35:11.0828 3972 Initialize success 19:35:11.0828 3972 ================================================== ========== 19:35:14.0636 1668 ================================================== ========== 19:35:14.0636 1668 Scan started 19:35:14.0636 1668 Mode: Manual; 19:35:14.0636 1668 ================================================== ========== 19:35:15.0557 1668 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys 19:35:15.0557 1668 1394ohci - ok 19:35:15.0635 1668 5U877 (f4af97702bad85bfef64b9a557f11b6f) C:\Windows\system32\DRIVERS\5U877.sys 19:35:15.0650 1668 5U877 - ok 19:35:15.0759 1668 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys 19:35:15.0759 1668 ACPI - ok 19:35:15.0791 1668 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys 19:35:15.0791 1668 AcpiPmi - ok 19:35:15.0837 1668 adfs (2f0683fd2df1d92e891caca14b45a8c1) C:\Windows\system32\drivers\adfs.sys 19:35:15.0837 1668 adfs - ok 19:35:15.0931 1668 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys 19:35:15.0947 1668 adp94xx - ok 19:35:16.0025 1668 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys 19:35:16.0025 1668 adpahci - ok 19:35:16.0071 1668 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys 19:35:16.0071 1668 adpu320 - ok 19:35:16.0118 1668 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll 19:35:16.0118 1668 AeLookupSvc - ok 19:35:16.0212 1668 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys 19:35:16.0227 1668 AFD - ok 19:35:16.0259 1668 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys 19:35:16.0259 1668 agp440 - ok 19:35:16.0305 1668 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe 19:35:16.0305 1668 ALG - ok 19:35:16.0352 1668 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys 19:35:16.0352 1668 aliide - ok 19:35:16.0368 1668 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys 19:35:16.0368 1668 amdide - ok 19:35:16.0383 1668 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys 19:35:16.0383 1668 AmdK8 - ok 19:35:16.0383 1668 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys 19:35:16.0399 1668 AmdPPM - ok 19:35:16.0430 1668 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys 19:35:16.0430 1668 amdsata - ok 19:35:16.0493 1668 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys 19:35:16.0508 1668 amdsbs - ok 19:35:16.0524 1668 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys 19:35:16.0524 1668 amdxata - ok 19:35:16.0571 1668 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys 19:35:16.0571 1668 AppID - ok 19:35:16.0602 1668 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll 19:35:16.0602 1668 AppIDSvc - ok 19:35:16.0617 1668 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll 19:35:16.0633 1668 Appinfo - ok 19:35:16.0773 1668 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 19:35:16.0773 1668 Apple Mobile Device - ok 19:35:16.0836 1668 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys 19:35:16.0836 1668 arc - ok 19:35:16.0867 1668 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys 19:35:16.0867 1668 arcsas - ok 19:35:16.0961 1668 ASRSVC (eae432a64924ce4e5afb128b92e4c78a) C:\Program Files (x86)\ThinkPad\Tablet Shortcut\ASR\ASRSVC.exe 19:35:16.0961 1668 ASRSVC - ok 19:35:17.0007 1668 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 19:35:17.0007 1668 AsyncMac - ok 19:35:17.0085 1668 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys 19:35:17.0085 1668 atapi - ok 19:35:17.0179 1668 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll 19:35:17.0195 1668 AudioEndpointBuilder - ok 19:35:17.0210 1668 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll 19:35:17.0226 1668 AudioSrv - ok 19:35:17.0273 1668 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll 19:35:17.0273 1668 AxInstSV - ok 19:35:17.0351 1668 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys 19:35:17.0351 1668 b06bdrv - ok 19:35:17.0413 1668 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 19:35:17.0429 1668 b57nd60a - ok 19:35:17.0491 1668 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll 19:35:17.0491 1668 BDESVC - ok 19:35:17.0507 1668 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 19:35:17.0507 1668 Beep - ok 19:35:17.0616 1668 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll 19:35:17.0631 1668 BFE - ok 19:35:17.0663 1668 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys 19:35:17.0663 1668 blbdrive - ok 19:35:17.0787 1668 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe 19:35:17.0803 1668 Bonjour Service - ok 19:35:17.0850 1668 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys 19:35:17.0850 1668 bowser - ok 19:35:17.0897 1668 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys 19:35:17.0897 1668 BrFiltLo - ok 19:35:17.0897 1668 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys 19:35:17.0897 1668 BrFiltUp - ok 19:35:17.0943 1668 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys 19:35:17.0943 1668 BridgeMP - ok 19:35:17.0990 1668 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll 19:35:17.0990 1668 Browser - ok 19:35:18.0037 1668 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 19:35:18.0037 1668 Brserid - ok 19:35:18.0053 1668 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 19:35:18.0053 1668 BrSerWdm - ok 19:35:18.0084 1668 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 19:35:18.0084 1668 BrUsbMdm - ok 19:35:18.0084 1668 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 19:35:18.0084 1668 BrUsbSer - ok 19:35:18.0131 1668 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys 19:35:18.0131 1668 BthEnum - ok 19:35:18.0162 1668 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys 19:35:18.0162 1668 BTHMODEM - ok 19:35:18.0224 1668 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys 19:35:18.0240 1668 BthPan - ok 19:35:18.0302 1668 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys 19:35:18.0318 1668 BTHPORT - ok 19:35:18.0365 1668 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll 19:35:18.0365 1668 bthserv - ok 19:35:18.0396 1668 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys 19:35:18.0396 1668 BTHUSB - ok 19:35:18.0489 1668 BTWAMPFL (8834f87a6a745872894df8223201a6c3) C:\Windows\system32\DRIVERS\btwampfl.sys 19:35:18.0489 1668 BTWAMPFL - ok 19:35:18.0521 1668 btwaudio (9863d82ecbec6106d377ed73680d99d8) C:\Windows\system32\drivers\btwaudio.sys 19:35:18.0536 1668 btwaudio - ok 19:35:18.0599 1668 btwavdt (3432dd66ae75ab2de6d0527ad78dbfc7) C:\Windows\system32\DRIVERS\btwavdt.sys 19:35:18.0599 1668 btwavdt - ok 19:35:18.0756 1668 btwdins (eb4afe08fb39bb444f221d7d501e0915) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe 19:35:18.0771 1668 btwdins - ok 19:35:18.0802 1668 btwl2cap (382dc5a631ced0462ea09b7eb898bdbf) C:\Windows\system32\DRIVERS\btwl2cap.sys 19:35:18.0818 1668 btwl2cap - ok 19:35:18.0834 1668 btwrchid (13a9c2cedd44c175e6ca39a536795ca6) C:\Windows\system32\DRIVERS\btwrchid.sys 19:35:18.0834 1668 btwrchid - ok 19:35:18.0849 1668 catchme - ok 19:35:18.0880 1668 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 19:35:18.0880 1668 cdfs - ok 19:35:18.0943 1668 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys 19:35:18.0943 1668 cdrom - ok 19:35:19.0005 1668 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll 19:35:19.0005 1668 CertPropSvc - ok 19:35:19.0021 1668 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys 19:35:19.0021 1668 circlass - ok 19:35:19.0083 1668 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 19:35:19.0099 1668 CLFS - ok 19:35:19.0177 1668 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\msco rsvw.exe 19:35:19.0192 1668 clr_optimization_v2.0.50727_32 - ok 19:35:19.0255 1668 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ms corsvw.exe 19:35:19.0255 1668 clr_optimization_v2.0.50727_64 - ok 19:35:19.0333 1668 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\msco rsvw.exe 19:35:19.0333 1668 clr_optimization_v4.0.30319_32 - ok 19:35:19.0411 1668 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ms corsvw.exe 19:35:19.0411 1668 clr_optimization_v4.0.30319_64 - ok 19:35:19.0458 1668 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys 19:35:19.0458 1668 CmBatt - ok 19:35:19.0473 1668 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys 19:35:19.0489 1668 cmdide - ok 19:35:19.0567 1668 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys 19:35:19.0582 1668 CNG - ok 19:35:19.0738 1668 CnxtHdAudService (db6f09464c57606892bf6d2458483417) C:\Windows\system32\drivers\CHDRT64.sys 19:35:19.0754 1668 CnxtHdAudService - ok 19:35:19.0894 1668 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys 19:35:19.0894 1668 Compbatt - ok 19:35:19.0941 1668 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys 19:35:19.0957 1668 CompositeBus - ok 19:35:19.0972 1668 COMSysApp - ok 19:35:19.0988 1668 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys 19:35:20.0004 1668 crcdisk - ok 19:35:20.0050 1668 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll 19:35:20.0066 1668 CryptSvc - ok 19:35:20.0113 1668 CxAudMsg (9d0d050170d47e778b624a28c90f23de) C:\Windows\system32\CxAudMsg64.exe 19:35:20.0113 1668 CxAudMsg - ok 19:35:20.0222 1668 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll 19:35:20.0238 1668 DcomLaunch - ok 19:35:20.0300 1668 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll 19:35:20.0300 1668 defragsvc - ok 19:35:20.0331 1668 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys 19:35:20.0347 1668 DfsC - ok 19:35:20.0425 1668 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll 19:35:20.0425 1668 Dhcp - ok 19:35:20.0456 1668 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 19:35:20.0456 1668 discache - ok 19:35:20.0503 1668 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys 19:35:20.0503 1668 Disk - ok 19:35:20.0550 1668 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll 19:35:20.0550 1668 Dnscache - ok 19:35:20.0596 1668 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll 19:35:20.0596 1668 dot3svc - ok 19:35:20.0737 1668 DozeSvc (e6987f7818154791a6937bcc6655599b) C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE 19:35:20.0737 1668 DozeSvc - ok 19:35:20.0784 1668 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll 19:35:20.0799 1668 DPS - ok 19:35:20.0908 1668 DragonSvc (b123656688d67df3a08fe5912203f71b) C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe 19:35:20.0908 1668 DragonSvc - ok 19:35:20.0971 1668 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 19:35:20.0971 1668 drmkaud - ok 19:35:21.0049 1668 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys 19:35:21.0080 1668 DXGKrnl - ok 19:35:21.0111 1668 DzHDD64 (ce4cffd9f64b86bceb1c343fc9924d72) C:\Windows\system32\DRIVERS\DzHDD64.sys 19:35:21.0111 1668 DzHDD64 - ok 19:35:21.0189 1668 e1cexpress (426a0ae0b9f4f1cf4ba6faf4ee28e5b0) C:\Windows\system32\DRIVERS\e1c62x64.sys 19:35:21.0189 1668 e1cexpress - ok 19:35:21.0236 1668 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll 19:35:21.0236 1668 EapHost - ok 19:35:21.0470 1668 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys 19:35:21.0517 1668 ebdrv - ok 19:35:21.0657 1668 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe 19:35:21.0657 1668 EFS - ok 19:35:21.0766 1668 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe 19:35:21.0782 1668 ehRecvr - ok 19:35:21.0798 1668 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe 19:35:21.0813 1668 ehSched - ok 19:35:21.0907 1668 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys 19:35:21.0907 1668 elxstor - ok 19:35:21.0922 1668 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys 19:35:21.0922 1668 ErrDev - ok 19:35:22.0000 1668 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll 19:35:22.0016 1668 EventSystem - ok 19:35:22.0047 1668 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 19:35:22.0047 1668 exfat - ok 19:35:22.0094 1668 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 19:35:22.0094 1668 fastfat - ok 19:35:22.0188 1668 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe 19:35:22.0203 1668 Fax - ok 19:35:22.0219 1668 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys 19:35:22.0219 1668 fdc - ok 19:35:22.0266 1668 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll 19:35:22.0281 1668 fdPHost - ok 19:35:22.0297 1668 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll 19:35:22.0297 1668 FDResPub - ok 19:35:22.0344 1668 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 19:35:22.0344 1668 FileInfo - ok 19:35:22.0359 1668 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 19:35:22.0359 1668 Filetrace - ok 19:35:22.0515 1668 FLEXnet Licensing Service (1f63900e2eb00101b9aca2b7a870704e) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe 19:35:22.0531 1668 FLEXnet Licensing Service - ok 19:35:22.0702 1668 FLEXnet Licensing Service 64 (1c3fb052a0bb72edaed90785c34d6eed) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe 19:35:22.0718 1668 FLEXnet Licensing Service 64 - ok 19:35:22.0874 1668 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys 19:35:22.0874 1668 flpydisk - ok 19:35:22.0921 1668 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys 19:35:22.0921 1668 FltMgr - ok 19:35:23.0014 1668 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll 19:35:23.0030 1668 FontCache - ok 19:35:23.0092 1668 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\Pres entationFontCache.exe 19:35:23.0092 1668 FontCache3.0.0.0 - ok 19:35:23.0155 1668 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 19:35:23.0155 1668 FsDepends - ok 19:35:23.0186 1668 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys 19:35:23.0202 1668 Fs_Rec - ok 19:35:23.0233 1668 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys 19:35:23.0248 1668 fvevol - ok 19:35:23.0280 1668 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys 19:35:23.0280 1668 gagp30kx - ok 19:35:23.0311 1668 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 19:35:23.0326 1668 GEARAspiWDM - ok 19:35:23.0420 1668 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll 19:35:23.0436 1668 gpsvc - ok 19:35:23.0467 1668 HBtnKey (943350b87bb0339bf61343e8ac3ef25e) C:\Windows\system32\DRIVERS\wstbtndb.sys 19:35:23.0467 1668 HBtnKey - ok 19:35:23.0498 1668 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 19:35:23.0498 1668 hcw85cir - ok 19:35:23.0560 1668 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys 19:35:23.0560 1668 HdAudAddService - ok 19:35:23.0607 1668 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys 19:35:23.0607 1668 HDAudBus - ok 19:35:23.0623 1668 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys 19:35:23.0623 1668 HidBatt - ok 19:35:23.0654 1668 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys 19:35:23.0654 1668 HidBth - ok 19:35:23.0685 1668 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys 19:35:23.0685 1668 HidIr - ok 19:35:23.0701 1668 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll 19:35:23.0701 1668 hidserv - ok 19:35:23.0748 1668 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys 19:35:23.0748 1668 HidUsb - ok 19:35:23.0794 1668 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll 19:35:23.0810 1668 hkmsvc - ok 19:35:23.0841 1668 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll 19:35:23.0857 1668 HomeGroupListener - ok 19:35:23.0904 1668 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll 19:35:23.0904 1668 HomeGroupProvider - ok 19:35:23.0950 1668 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys 19:35:23.0950 1668 HpSAMD - ok 19:35:24.0044 1668 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys 19:35:24.0060 1668 HTTP - ok 19:35:24.0091 1668 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys 19:35:24.0091 1668 hwpolicy - ok 19:35:24.0184 1668 HyperW7Svc (9149907ff8681ad6475607eebf62dd2f) C:\Program Files\Lenovo\RapidBoot\HyperW7Svc64.exe 19:35:24.0184 1668 HyperW7Svc - ok 19:35:24.0231 1668 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys 19:35:24.0231 1668 i8042prt - ok 19:35:24.0294 1668 iaStor (d7921d5a870b11cc1adab198a519d50a) C:\Windows\system32\drivers\iaStor.sys 19:35:24.0309 1668 iaStor - ok 19:35:24.0387 1668 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys 19:35:24.0403 1668 iaStorV - ok 19:35:24.0450 1668 IBMPMDRV (a9bd44426a69079240767fe4aee0ea71) C:\Windows\system32\DRIVERS\ibmpmdrv.sys 19:35:24.0450 1668 IBMPMDRV - ok 19:35:24.0465 1668 IBMPMSVC (57d4a3ed5497db0c5a53e680a9bdd1c6) C:\Windows\system32\ibmpmsvc.exe 19:35:24.0465 1668 IBMPMSVC - ok 19:35:24.0606 1668 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 19:35:24.0621 1668 idsvc - ok 19:35:25.0323 1668 igfx (66dc0ce2d1867b8178eaa0e11930dbd7) C:\Windows\system32\DRIVERS\igdkmd64.sys 19:35:25.0604 1668 igfx - ok 19:35:25.0744 1668 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys 19:35:25.0744 1668 iirsp - ok 19:35:25.0854 1668 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll 19:35:25.0869 1668 IKEEXT - ok 19:35:25.0947 1668 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys 19:35:25.0963 1668 IntcDAud - ok 19:35:25.0978 1668 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys 19:35:25.0978 1668 intelide - ok 19:35:26.0010 1668 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys 19:35:26.0025 1668 intelppm - ok 19:35:26.0056 1668 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll 19:35:26.0072 1668 IPBusEnum - ok 19:35:26.0088 1668 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys 19:35:26.0103 1668 IpFilterDriver - ok 19:35:26.0197 1668 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll 19:35:26.0197 1668 iphlpsvc - ok 19:35:26.0212 1668 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys 19:35:26.0212 1668 IPMIDRV - ok 19:35:26.0275 1668 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 19:35:26.0275 1668 IPNAT - ok 19:35:26.0431 1668 iPod Service (4472c8825b5e41d8697d5962f47ab1c9) C:\Program Files\iPod\bin\iPodService.exe 19:35:26.0446 1668 iPod Service - ok 19:35:26.0478 1668 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 19:35:26.0478 1668 IRENUM - ok 19:35:26.0509 1668 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys 19:35:26.0509 1668 isapnp - ok 19:35:26.0540 1668 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys 19:35:26.0556 1668 iScsiPrt - ok 19:35:26.0649 1668 jhi_service (6c85719a21b3f62c2c76280f4bd36c7b) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe 19:35:26.0649 1668 jhi_service - ok 19:35:26.0680 1668 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys 19:35:26.0680 1668 kbdclass - ok 19:35:26.0727 1668 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys 19:35:26.0727 1668 kbdhid - ok 19:35:26.0758 1668 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 19:35:26.0774 1668 KeyIso - ok 19:35:26.0805 1668 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys 19:35:26.0805 1668 KSecDD - ok 19:35:26.0836 1668 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys 19:35:26.0836 1668 KSecPkg - ok 19:35:26.0868 1668 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 19:35:26.0883 1668 ksthunk - ok 19:35:26.0946 1668 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll 19:35:26.0961 1668 KtmRm - ok 19:35:27.0039 1668 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll 19:35:27.0055 1668 LanmanServer - ok 19:35:27.0102 1668 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll 19:35:27.0102 1668 LanmanWorkstation - ok 19:35:27.0226 1668 LENOVO.CAMMUTE (1ef45f1bd62b8f4c19458326a3e91930) C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe 19:35:27.0226 1668 LENOVO.CAMMUTE - ok 19:35:27.0273 1668 LENOVO.MICMUTE (fce735941da27929dbfc1918f286ffd8) C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe 19:35:27.0273 1668 LENOVO.MICMUTE - ok 19:35:27.0289 1668 lenovo.smi (2b9d8555dc004e240082d18e7725ce20) C:\Windows\system32\DRIVERS\smiifx64.sys 19:35:27.0289 1668 lenovo.smi - ok 19:35:27.0320 1668 LENOVO.TPKNRSVC (448be3e001004a55e8a959c57e17f6d8) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe 19:35:27.0320 1668 LENOVO.TPKNRSVC - ok 19:35:27.0367 1668 Lenovo.VIRTSCRLSVC (6f2cc57eb5836d2ac9bd37f3554d55f8) C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe 19:35:27.0367 1668 Lenovo.VIRTSCRLSVC - ok 19:35:27.0398 1668 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 19:35:27.0398 1668 lltdio - ok 19:35:27.0460 1668 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll 19:35:27.0460 1668 lltdsvc - ok 19:35:27.0492 1668 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll 19:35:27.0507 1668 lmhosts - ok 19:35:27.0538 1668 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys 19:35:27.0538 1668 LSI_FC - ok 19:35:27.0570 1668 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys 19:35:27.0585 1668 LSI_SAS - ok 19:35:27.0585 1668 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys 19:35:27.0585 1668 LSI_SAS2 - ok 19:35:27.0616 1668 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys 19:35:27.0616 1668 LSI_SCSI - ok 19:35:27.0648 1668 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 19:35:27.0648 1668 luafv - ok 19:35:27.0679 1668 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll 19:35:27.0694 1668 Mcx2Svc - ok 19:35:27.0710 1668 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys 19:35:27.0710 1668 megasas - ok 19:35:27.0741 1668 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys 19:35:27.0757 1668 MegaSR - ok 19:35:27.0788 1668 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys 19:35:27.0788 1668 MEIx64 - ok 19:35:27.0882 1668 Microsoft SharePoint Workspace Audit Service - ok 19:35:27.0928 1668 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 19:35:27.0928 1668 MMCSS - ok 19:35:27.0960 1668 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys 19:35:27.0960 1668 Modem - ok 19:35:28.0006 1668 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 19:35:28.0006 1668 monitor - ok 19:35:28.0053 1668 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys 19:35:28.0053 1668 mouclass - ok 19:35:28.0084 1668 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys 19:35:28.0084 1668 mouhid - ok 19:35:28.0116 1668 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys 19:35:28.0116 1668 mountmgr - ok 19:35:28.0225 1668 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 19:35:28.0240 1668 MozillaMaintenance - ok 19:35:28.0272 1668 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys 19:35:28.0272 1668 mpio - ok 19:35:28.0318 1668 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 19:35:28.0318 1668 mpsdrv - ok 19:35:28.0412 1668 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll 19:35:28.0428 1668 MpsSvc - ok 19:35:28.0459 1668 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys 19:35:28.0459 1668 MRxDAV - ok 19:35:28.0506 1668 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys 19:35:28.0506 1668 mrxsmb - ok 19:35:28.0568 1668 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys 19:35:28.0584 1668 mrxsmb10 - ok 19:35:28.0615 1668 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 19:35:28.0615 1668 mrxsmb20 - ok 19:35:28.0646 1668 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys 19:35:28.0646 1668 msahci - ok 19:35:28.0662 1668 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys 19:35:28.0662 1668 msdsm - ok 19:35:28.0693 1668 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe 19:35:28.0708 1668 MSDTC - ok 19:35:28.0740 1668 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 19:35:28.0740 1668 Msfs - ok 19:35:28.0771 1668 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 19:35:28.0771 1668 mshidkmdf - ok 19:35:28.0786 1668 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys 19:35:28.0786 1668 msisadrv - ok 19:35:28.0833 1668 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll 19:35:28.0833 1668 MSiSCSI - ok 19:35:28.0849 1668 msiserver - ok 19:35:28.0880 1668 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 19:35:28.0880 1668 MSKSSRV - ok 19:35:28.0880 1668 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 19:35:28.0880 1668 MSPCLOCK - ok 19:35:28.0896 1668 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 19:35:28.0896 1668 MSPQM - ok 19:35:28.0942 1668 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys 19:35:28.0958 1668 MsRPC - ok 19:35:28.0974 1668 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys 19:35:28.0974 1668 mssmbios - ok 19:35:29.0005 1668 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 19:35:29.0005 1668 MSTEE - ok 19:35:29.0036 1668 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys 19:35:29.0052 1668 MTConfig - ok 19:35:29.0067 1668 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 19:35:29.0067 1668 Mup - ok 19:35:29.0130 1668 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll 19:35:29.0145 1668 napagent - ok 19:35:29.0223 1668 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 19:35:29.0223 1668 NativeWifiP - ok 19:35:29.0348 1668 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys 19:35:29.0364 1668 NDIS - ok 19:35:29.0395 1668 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 19:35:29.0395 1668 NdisCap - ok 19:35:29.0426 1668 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 19:35:29.0426 1668 NdisTapi - ok 19:35:29.0457 1668 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys 19:35:29.0457 1668 Ndisuio - ok 19:35:29.0488 1668 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys 19:35:29.0488 1668 NdisWan - ok 19:35:29.0520 1668 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys 19:35:29.0520 1668 NDProxy - ok 19:35:29.0551 1668 Netaapl (6f4607e2333fe21e9e3ff8133a88b35b) C:\Windows\system32\DRIVERS\netaapl64.sys 19:35:29.0551 1668 Netaapl - ok 19:35:29.0582 1668 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 19:35:29.0582 1668 NetBIOS - ok 19:35:29.0613 1668 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys 19:35:29.0629 1668 NetBT - ok 19:35:29.0660 1668 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 19:35:29.0660 1668 Netlogon - ok 19:35:29.0738 1668 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll 19:35:29.0754 1668 Netman - ok 19:35:29.0785 1668 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll 19:35:29.0800 1668 netprofm - ok 19:35:29.0878 1668 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 19:35:29.0878 1668 NetTcpPortSharing - ok 19:35:29.0925 1668 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys 19:35:29.0925 1668 nfrd960 - ok 19:35:29.0988 1668 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll 19:35:30.0003 1668 NlaSvc - ok 19:35:30.0019 1668 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 19:35:30.0019 1668 Npfs - ok 19:35:30.0050 1668 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll 19:35:30.0050 1668 nsi - ok 19:35:30.0066 1668 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 19:35:30.0066 1668 nsiproxy - ok 19:35:30.0253 1668 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys 19:35:30.0284 1668 Ntfs - ok 19:35:30.0424 1668 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 19:35:30.0424 1668 Null - ok 19:35:30.0471 1668 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys 19:35:30.0471 1668 nvraid - ok 19:35:30.0502 1668 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys 19:35:30.0502 1668 nvstor - ok 19:35:30.0549 1668 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys 19:35:30.0565 1668 nv_agp - ok 19:35:30.0565 1668 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys 19:35:30.0565 1668 ohci1394 - ok 19:35:30.0643 1668 ose64 (4965b005492cba7719e82b71e3245495) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 19:35:30.0643 1668 ose64 - ok 19:35:30.0970 1668 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EX E 19:35:31.0095 1668 osppsvc - ok 19:35:31.0251 1668 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 19:35:31.0267 1668 p2pimsvc - ok 19:35:31.0329 1668 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll 19:35:31.0329 1668 p2psvc - ok 19:35:31.0407 1668 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys 19:35:31.0407 1668 Parport - ok 19:35:31.0454 1668 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
|
|
#14
August 14th, 2012, 05:05 AM
|
||||
|
||||
|
19:35:31.0563 1668 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
19:35:31.0563 1668 pciide - ok 19:35:31.0594 1668 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys 19:35:31.0594 1668 pcmcia - ok 19:35:31.0610 1668 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 19:35:31.0610 1668 pcw - ok 19:35:31.0672 1668 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 19:35:31.0688 1668 PEAUTH - ok 19:35:31.0797 1668 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe 19:35:31.0797 1668 PerfHost - ok 19:35:31.0906 1668 PHCORE (18eea095af22ac5fa16fc27fb98c82d3) C:\Program Files\Lenovo\RapidBoot\PHCORE64.SYS 19:35:31.0906 1668 PHCORE - ok 19:35:32.0094 1668 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll 19:35:32.0125 1668 pla - ok 19:35:32.0172 1668 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll 19:35:32.0187 1668 PlugPlay - ok 19:35:32.0234 1668 pmxdrv (0bee791c7c7ace453c134e73633c497d) C:\Windows\system32\drivers\pmxdrv.sys 19:35:32.0234 1668 pmxdrv - ok 19:35:32.0265 1668 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll 19:35:32.0265 1668 PNRPAutoReg - ok 19:35:32.0312 1668 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 19:35:32.0328 1668 PNRPsvc - ok 19:35:32.0390 1668 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll 19:35:32.0406 1668 PolicyAgent - ok 19:35:32.0468 1668 Power (a2cca4fb273e6050f17a0a416cff2fcd) C:\Windows\system32\umpo.dll 19:35:32.0468 1668 Power - ok 19:35:32.0577 1668 Power Manager DBC Service (af7186cf9909bef0d86097175175178f) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE 19:35:32.0577 1668 Power Manager DBC Service - ok 19:35:32.0624 1668 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys 19:35:32.0624 1668 PptpMiniport - ok 19:35:32.0655 1668 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys 19:35:32.0655 1668 Processor - ok 19:35:32.0686 1668 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll 19:35:32.0702 1668 ProfSvc - ok 19:35:32.0733 1668 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 19:35:32.0733 1668 ProtectedStorage - ok 19:35:32.0749 1668 psadd (b8035af9cc0ccba9a09ac0a0d9801797) C:\Windows\system32\DRIVERS\psadd.sys 19:35:32.0764 1668 psadd - ok 19:35:32.0811 1668 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys 19:35:32.0811 1668 Psched - ok 19:35:32.0889 1668 PxHlpa64 (bc08f7f3c53cbee68670ed1314e290fd) C:\Windows\system32\Drivers\PxHlpa64.sys 19:35:32.0889 1668 PxHlpa64 - ok 19:35:33.0045 1668 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys 19:35:33.0076 1668 ql2300 - ok 19:35:33.0232 1668 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys 19:35:33.0232 1668 ql40xx - ok 19:35:33.0279 1668 qrkis (e92ca234469cc386ad81b9db924fe9d4) C:\Windows\system32\DRIVERS\qrkis.sys 19:35:33.0279 1668 qrkis - ok 19:35:33.0326 1668 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll 19:35:33.0342 1668 QWAVE - ok 19:35:33.0373 1668 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 19:35:33.0373 1668 QWAVEdrv - ok 19:35:33.0388 1668 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 19:35:33.0388 1668 RasAcd - ok 19:35:33.0420 1668 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 19:35:33.0420 1668 RasAgileVpn - ok 19:35:33.0466 1668 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll 19:35:33.0466 1668 RasAuto - ok 19:35:33.0513 1668 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys 19:35:33.0513 1668 Rasl2tp - ok 19:35:33.0576 1668 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll 19:35:33.0591 1668 RasMan - ok 19:35:33.0622 1668 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 19:35:33.0622 1668 RasPppoe - ok 19:35:33.0654 1668 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 19:35:33.0654 1668 RasSstp - ok 19:35:33.0700 1668 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys 19:35:33.0700 1668 rdbss - ok 19:35:33.0732 1668 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys 19:35:33.0732 1668 rdpbus - ok 19:35:33.0747 1668 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 19:35:33.0747 1668 RDPCDD - ok 19:35:33.0763 1668 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys 19:35:33.0763 1668 RDPENCDD - ok 19:35:33.0810 1668 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 19:35:33.0810 1668 RDPREFMP - ok 19:35:33.0856 1668 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys 19:35:33.0856 1668 RDPWD - ok 19:35:33.0919 1668 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys 19:35:33.0919 1668 rdyboost - ok 19:35:33.0966 1668 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll 19:35:33.0966 1668 RemoteAccess - ok 19:35:34.0012 1668 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll 19:35:34.0012 1668 RemoteRegistry - ok 19:35:34.0059 1668 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys 19:35:34.0059 1668 RFCOMM - ok 19:35:34.0106 1668 risdxc (819fe65ae1c0312b535b7aa54d30cfda) C:\Windows\system32\DRIVERS\risdxc64.sys 19:35:34.0122 1668 risdxc - ok 19:35:34.0153 1668 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll 19:35:34.0153 1668 RpcEptMapper - ok 19:35:34.0200 1668 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe 19:35:34.0200 1668 RpcLocator - ok 19:35:34.0262 1668 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\System32\rpcss.dll 19:35:34.0278 1668 RpcSs - ok 19:35:34.0309 1668 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 19:35:34.0309 1668 rspndr - ok 19:35:34.0418 1668 RTL8192Ce (fa088015155c4c6dab5d1d9e68eb9d6b) C:\Windows\system32\DRIVERS\rtl8192Ce.sys 19:35:34.0434 1668 RTL8192Ce - ok 19:35:34.0480 1668 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 19:35:34.0480 1668 SamSs - ok 19:35:34.0480 1668 SAService - ok 19:35:34.0512 1668 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys 19:35:34.0512 1668 sbp2port - ok 19:35:34.0574 1668 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll 19:35:34.0574 1668 SCardSvr - ok 19:35:34.0605 1668 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys 19:35:34.0621 1668 scfilter - ok 19:35:34.0714 1668 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll 19:35:34.0746 1668 Schedule - ok 19:35:34.0777 1668 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll 19:35:34.0777 1668 SCPolicySvc - ok 19:35:34.0808 1668 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll 19:35:34.0808 1668 SDRSVC - ok 19:35:34.0886 1668 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 19:35:34.0886 1668 secdrv - ok 19:35:34.0917 1668 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll 19:35:34.0917 1668 seclogon - ok 19:35:34.0948 1668 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll 19:35:34.0948 1668 SENS - ok 19:35:34.0980 1668 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll 19:35:34.0995 1668 SensrSvc - ok 19:35:34.0995 1668 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys 19:35:35.0011 1668 Serenum - ok 19:35:35.0042 1668 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys 19:35:35.0042 1668 Serial - ok 19:35:35.0058 1668 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys 19:35:35.0058 1668 sermouse - ok 19:35:35.0104 1668 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll 19:35:35.0104 1668 SessionEnv - ok 19:35:35.0136 1668 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys 19:35:35.0136 1668 sffdisk - ok 19:35:35.0151 1668 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys 19:35:35.0151 1668 sffp_mmc - ok 19:35:35.0151 1668 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys 19:35:35.0151 1668 sffp_sd - ok 19:35:35.0167 1668 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys 19:35:35.0167 1668 sfloppy - ok 19:35:35.0260 1668 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll 19:35:35.0260 1668 SharedAccess - ok 19:35:35.0338 1668 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll 19:35:35.0338 1668 ShellHWDetection - ok 19:35:35.0401 1668 Shockprf (380b52126e62c6c2d3c8ba805aadfdc7) C:\Windows\system32\DRIVERS\Apsx64.sys 19:35:35.0401 1668 Shockprf - ok 19:35:35.0448 1668 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys 19:35:35.0448 1668 SiSRaid2 - ok 19:35:35.0463 1668 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys 19:35:35.0463 1668 SiSRaid4 - ok 19:35:35.0479 1668 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 19:35:35.0494 1668 Smb - ok 19:35:35.0541 1668 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe 19:35:35.0557 1668 SNMPTRAP - ok 19:35:35.0572 1668 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 19:35:35.0572 1668 spldr - ok 19:35:35.0635 1668 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe 19:35:35.0650 1668 Spooler - ok 19:35:35.0884 1668 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe 19:35:35.0978 1668 sppsvc - ok 19:35:36.0087 1668 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll 19:35:36.0103 1668 sppuinotify - ok 19:35:36.0228 1668 SROSVC (47118a04b1d4dccce3a1cda3c10095b9) C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe 19:35:36.0228 1668 SROSVC - ok 19:35:36.0321 1668 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys 19:35:36.0337 1668 srv - ok 19:35:36.0384 1668 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys 19:35:36.0384 1668 srv2 - ok 19:35:36.0415 1668 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys 19:35:36.0415 1668 srvnet - ok 19:35:36.0462 1668 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll 19:35:36.0477 1668 SSDPSRV - ok 19:35:36.0493 1668 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll 19:35:36.0493 1668 SstpSvc - ok 19:35:36.0524 1668 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys 19:35:36.0524 1668 stexstor - ok 19:35:36.0571 1668 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys 19:35:36.0571 1668 StillCam - ok 19:35:36.0649 1668 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll 19:35:36.0664 1668 stisvc - ok 19:35:36.0758 1668 SUService (266d6be20b40b7dc0949f5108e838b5e) C:\Program Files (x86)\Lenovo\System Update\SUService.exe 19:35:36.0774 1668 SUService - ok 19:35:36.0789 1668 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys 19:35:36.0789 1668 swenum - ok 19:35:36.0946 1668 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe 19:35:36.0946 1668 SwitchBoard - ok 19:35:37.0009 1668 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll 19:35:37.0024 1668 swprv - ok 19:35:37.0180 1668 SynTP (ffdd13b42d4b106ac9fafbb0e1f7faa5) C:\Windows\system32\DRIVERS\SynTP.sys 19:35:37.0196 1668 SynTP - ok 19:35:37.0414 1668 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll 19:35:37.0461 1668 SysMain - ok 19:35:37.0570 1668 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll 19:35:37.0586 1668 TabletInputService - ok 19:35:37.0960 1668 TabletServiceISD (833ff7b720e16ef7b3a49eae2bffaee5) C:\Program Files\Tablet\ISD\ISD_Tablet.exe 19:35:38.0101 1668 TabletServiceISD - ok 19:35:38.0163 1668 TabletSVC (5042d5f44275b8eedf0deb95693e84ed) C:\Program Files (x86)\ThinkPad\Tablet Shortcut\TSMService.exe 19:35:38.0163 1668 TabletSVC - ok 19:35:38.0335 1668 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll 19:35:38.0350 1668 TapiSrv - ok 19:35:38.0366 1668 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll 19:35:38.0366 1668 TBS - ok 19:35:38.0553 1668 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys 19:35:38.0584 1668 Tcpip - ok 19:35:38.0849 1668 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys 19:35:38.0865 1668 TCPIP6 - ok 19:35:39.0021 1668 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys 19:35:39.0021 1668 tcpipreg - ok 19:35:39.0037 1668 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 19:35:39.0037 1668 TDPIPE - ok 19:35:39.0083 1668 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys 19:35:39.0083 1668 TDTCP - ok 19:35:39.0115 1668 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys 19:35:39.0130 1668 tdx - ok 19:35:39.0146 1668 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys 19:35:39.0146 1668 TermDD - ok 19:35:39.0239 1668 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll 19:35:39.0255 1668 TermService - ok 19:35:39.0333 1668 Tether (6749c00ea7eb969e45b8de5369175d83) C:\Program Files (x86)\Tether\TBService.exe 19:35:39.0333 1668 Tether - ok 19:35:39.0364 1668 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll 19:35:39.0364 1668 Themes - ok 19:35:39.0395 1668 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 19:35:39.0395 1668 THREADORDER - ok 19:35:39.0505 1668 TouchServiceISD (27b82c07f519218a8d891768b55bd474) C:\Program Files\Tablet\ISD\ISD_TouchService.exe 19:35:39.0505 1668 TouchServiceISD - ok 19:35:39.0567 1668 TPDIGIMN (5523c729f1ed31b63c88490af3d220fa) C:\Windows\system32\DRIVERS\ApsHM64.sys 19:35:39.0567 1668 TPDIGIMN - ok 19:35:39.0583 1668 TPHDEXLGSVC (ecb098a3404acb8a05f0673dc086bb43) C:\Windows\system32\TPHDEXLG64.exe 19:35:39.0598 1668 TPHDEXLGSVC - ok 19:35:39.0645 1668 TPHKLOAD (63626012e44caaa162677b57b6dcb542) C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe 19:35:39.0645 1668 TPHKLOAD - ok 19:35:39.0661 1668 TPHKSVC (9e6e4a9789f76593cc5a6a5af8fc5929) C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe 19:35:39.0661 1668 TPHKSVC - ok 19:35:39.0707 1668 TPM (dbcc20c02e8a3e43b03c304a4e40a84f) C:\Windows\system32\drivers\tpm.sys 19:35:39.0707 1668 TPM - ok 19:35:39.0754 1668 TPPWRIF (7165b5a9b4867f64a6d6935f57d4196b) C:\Windows\system32\drivers\Tppwr64v.sys 19:35:39.0754 1668 TPPWRIF - ok 19:35:39.0817 1668 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll 19:35:39.0817 1668 TrkWks - ok 19:35:39.0895 1668 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe 19:35:39.0895 1668 TrustedInstaller - ok 19:35:39.0926 1668 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys 19:35:39.0926 1668 tssecsrv - ok 19:35:39.0973 1668 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys 19:35:39.0973 1668 TsUsbFlt - ok 19:35:39.0988 1668 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys 19:35:39.0988 1668 TsUsbGD - ok 19:35:40.0035 1668 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys 19:35:40.0035 1668 tunnel - ok 19:35:40.0066 1668 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys 19:35:40.0066 1668 uagp35 - ok 19:35:40.0097 1668 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys 19:35:40.0113 1668 udfs - ok 19:35:40.0160 1668 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe 19:35:40.0160 1668 UI0Detect - ok 19:35:40.0207 1668 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys 19:35:40.0207 1668 uliagpkx - ok 19:35:40.0238 1668 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys 19:35:40.0253 1668 umbus - ok 19:35:40.0285 1668 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys 19:35:40.0285 1668 UmPass - ok 19:35:40.0347 1668 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll 19:35:40.0347 1668 upnphost - ok 19:35:40.0394 1668 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys 19:35:40.0394 1668 USBAAPL64 - ok 19:35:40.0425 1668 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys 19:35:40.0441 1668 usbccgp - ok 19:35:40.0472 1668 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys 19:35:40.0487 1668 usbcir - ok 19:35:40.0519 1668 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys 19:35:40.0519 1668 usbehci - ok 19:35:40.0565 1668 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys 19:35:40.0581 1668 usbhub - ok 19:35:40.0612 1668 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys 19:35:40.0612 1668 usbohci - ok 19:35:40.0659 1668 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys 19:35:40.0659 1668 usbprint - ok 19:35:40.0706 1668 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys 19:35:40.0706 1668 usbscan - ok 19:35:40.0753 1668 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS 19:35:40.0753 1668 USBSTOR - ok 19:35:40.0768 1668 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys 19:35:40.0768 1668 usbuhci - ok 19:35:40.0831 1668 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys 19:35:40.0831 1668 usbvideo - ok 19:35:40.0862 1668 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll 19:35:40.0862 1668 UxSms - ok 19:35:40.0909 1668 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 19:35:40.0909 1668 VaultSvc - ok 19:35:40.0940 1668 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys 19:35:40.0940 1668 vdrvroot - ok 19:35:41.0018 1668 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe 19:35:41.0018 1668 vds - ok 19:35:41.0065 1668 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 19:35:41.0065 1668 vga - ok 19:35:41.0080 1668 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 19:35:41.0080 1668 VgaSave - ok 19:35:41.0111 1668 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys 19:35:41.0111 1668 vhdmp - ok 19:35:41.0127 1668 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys 19:35:41.0127 1668 viaide - ok 19:35:41.0221 1668 VIPAppService (6ad85f32ea4aa65bb2ea652f2b9d4005) C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe 19:35:41.0221 1668 VIPAppService - ok 19:35:41.0252 1668 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys 19:35:41.0252 1668 volmgr - ok 19:35:41.0299 1668 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys 19:35:41.0299 1668 volmgrx - ok 19:35:41.0345 1668 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys 19:35:41.0345 1668 volsnap - ok 19:35:41.0470 1668 vpnagent (4f4125c8e7fb75fed141316e0dfebe4f) C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe 19:35:41.0486 1668 vpnagent - ok 19:35:41.0533 1668 vpnva (13e6d95e7ac67abb7a1196557ef8849f) C:\Windows\system32\DRIVERS\vpnva64.sys 19:35:41.0533 1668 vpnva - ok 19:35:41.0579 1668 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys 19:35:41.0579 1668 vsmraid - ok 19:35:41.0720 1668 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe 19:35:41.0751 1668 VSS - ok 19:35:41.0891 1668 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys 19:35:41.0891 1668 vwifibus - ok 19:35:41.0923 1668 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys 19:35:41.0923 1668 vwififlt - ok 19:35:41.0938 1668 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys 19:35:41.0954 1668 vwifimp - ok 19:35:42.0016 1668 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll 19:35:42.0032 1668 W32Time - ok 19:35:42.0063 1668 wacommousefilter (e04d43c7d1641e95d35cae6086c7e350) C:\Windows\system32\DRIVERS\wacommousefilter.sys 19:35:42.0063 1668 wacommousefilter - ok 19:35:42.0094 1668 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys 19:35:42.0094 1668 WacomPen - ok 19:35:42.0141 1668 wacomvhid (ec1ceb237e365330c1fcfc4876aa0ac0) C:\Windows\system32\DRIVERS\wacomvhid.sys 19:35:42.0141 1668 wacomvhid - ok 19:35:42.0157 1668 wacomvthid (ef4d5242c0e2f74ba8e74c31f57a11cb) C:\Windows\system32\DRIVERS\WacomVTHid.sys 19:35:42.0157 1668 wacomvthid - ok 19:35:42.0203 1668 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 19:35:42.0203 1668 WANARP - ok 19:35:42.0219 1668 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 19:35:42.0219 1668 Wanarpv6 - ok 19:35:42.0344 1668 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe 19:35:42.0359 1668 WatAdminSvc - ok 19:35:42.0484 1668 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe 19:35:42.0515 1668 wbengine - ok 19:35:42.0640 1668 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll 19:35:42.0656 1668 WbioSrvc - ok 19:35:42.0703 1668 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll 19:35:42.0718 1668 wcncsvc - ok 19:35:42.0734 1668 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll 19:35:42.0734 1668 WcsPlugInService - ok 19:35:42.0796 1668 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys 19:35:42.0796 1668 Wd - ok 19:35:42.0874 1668 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 19:35:42.0890 1668 Wdf01000 - ok 19:35:42.0921 1668 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 19:35:42.0921 1668 WdiServiceHost - ok 19:35:42.0937 1668 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 19:35:42.0937 1668 WdiSystemHost - ok 19:35:42.0983 1668 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll 19:35:42.0983 1668 WebClient - ok 19:35:43.0030 1668 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll 19:35:43.0030 1668 Wecsvc - ok 19:35:43.0046 1668 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll 19:35:43.0061 1668 wercplsupport - ok 19:35:43.0108 1668 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll 19:35:43.0124 1668 WerSvc - ok 19:35:43.0202 1668 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 19:35:43.0202 1668 WfpLwf - ok 19:35:43.0217 1668 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 19:35:43.0217 1668 WIMMount - ok 19:35:43.0264 1668 WinDefend - ok 19:35:43.0280 1668 WinHttpAutoProxySvc - ok 19:35:43.0358 1668 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll 19:35:43.0358 1668 Winmgmt - ok 19:35:43.0529 1668 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll 19:35:43.0576 1668 WinRM - ok 19:35:43.0763 1668 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys 19:35:43.0763 1668 WinUsb - ok 19:35:43.0857 1668 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll 19:35:43.0888 1668 Wlansvc - ok 19:35:43.0919 1668 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys 19:35:43.0919 1668 WmiAcpi - ok 19:35:44.0013 1668 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe 19:35:44.0013 1668 wmiApSrv - ok 19:35:44.0060 1668 WMPNetworkSvc - ok 19:35:44.0107 1668 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll 19:35:44.0107 1668 WPCSvc - ok 19:35:44.0122 1668 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll 19:35:44.0138 1668 WPDBusEnum - ok 19:35:44.0153 1668 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 19:35:44.0153 1668 ws2ifsl - ok 19:35:44.0247 1668 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll 19:35:44.0247 1668 wscsvc - ok 19:35:44.0263 1668 WSearch - ok 19:35:44.0450 1668 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll 19:35:44.0481 1668 wuauserv - ok 19:35:44.0621 1668 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys 19:35:44.0637 1668 WudfPf - ok 19:35:44.0668 1668 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys 19:35:44.0684 1668 WUDFRd - ok 19:35:44.0715 1668 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll 19:35:44.0715 1668 wudfsvc - ok 19:35:44.0762 1668 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll 19:35:44.0777 1668 WwanSvc - ok 19:35:44.0855 1668 MBR (0x1B8) (d76734da8809f25c22bf596bc581ec6e) \Device\Harddisk0\DR0 19:35:45.0167 1668 \Device\Harddisk0\DR0 - ok 19:35:45.0183 1668 Boot (0x1200) (2ebb995c5fb3f6213db153a68c2d9039) \Device\Harddisk0\DR0\Partition0 19:35:45.0183 1668 \Device\Harddisk0\DR0\Partition0 - ok 19:35:45.0199 1668 Boot (0x1200) (dd56d60a3b1bd1e72e4af050735486e8) \Device\Harddisk0\DR0\Partition1 19:35:45.0199 1668 \Device\Harddisk0\DR0\Partition1 - ok 19:35:45.0230 1668 Boot (0x1200) (24403d73d81d97a6232339590ccb5fca) \Device\Harddisk0\DR0\Partition2 19:35:45.0230 1668 \Device\Harddisk0\DR0\Partition2 - ok 19:35:45.0245 1668 ================================================== ========== 19:35:45.0245 1668 Scan finished 19:35:45.0245 1668 ================================================== ========== 19:35:45.0261 7024 Detected object count: 0 19:35:45.0261 7024 Actual detected object count: 0 19:36:48.0718 3400 Deinitialize success
|
|
#15
August 15th, 2012, 12:14 AM
|
||||
|
||||
|
Good to go. Now some follow-up scans.
Be sure to continue to temporarily disable any protective software when running the scan tools we use here. Download the latest version of Malwarebytes' Anti-Malware from Here. Double Click mbam-setup-1.62.0.1300.exe to install the application. Follow all prompts, and check off all boxes except the one to load the Trial version. I just expires and causes confusion in a few weeks. * If an update is found, it will download and install the latest version. * Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select "Perform quick scan", then click Scan. * The scan may take some time to finish,so please be patient. * When the scan is complete, click OK, then Show Results to view the results. * Make sure that everything is checked, and click Remove Selected. * When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. * The log is automatically saved by Malwarebytes and can be viewed by clicking the Logs tab in Malwarebytes. * Copy and Paste the entire report in your next reply. If it calls for a reboot to complete the repairs do that as well then. ---------- Disable your antivirus program and click here and download the esetsmartinstaller_enu.exe Eset installer. Then click that file to run the scanner. If you accept the Terms of Use, check the box and click Start. It will take a couple minutes for the scanner to get ready. When the Computer scan settings display shows, check the following boxes: Remove found threats Scan unwanted applications Next to "Current scan targets: Operating memory, Local drives", click the "Change" word. Make sure you place a check next to all disk drives, including any external drives that are attached (no need to check off the floppy or DVD/CD-Rom drives). Then click the Advanced option, the place a check next to the following (if it is not already checked): Enable Anti-Stealth technology Click Start. This scan may take a while, so please be patient. If infection is found, at the end of the scan click "List of found threats". In that display, at the bottom, select the option to save the results as a text file, and save that to your desktop. Post that back here please. Post that log and the Malwarebytes log please.
|
 |
| Bookmarks |
«
Previous Topic
|
Next Topic
»
| Topic Tools | |
|
|
All times are GMT +1. The time now is 12:39 AM.
