Jump to content


Photo
- - - - -

Crashing Win7 64 bit

Crash

  • This topic is locked This topic is locked
8 replies to this topic

#1 afendrich

afendrich

    New Member

  • Members
  • Pip
  • 4 posts

Posted 27 August 2012 - 01:16 AM

I am using MS Security essentials on Win 7 64 bit machine. Have excluded Malwarebytes files EXCEPT C:\WINDOWS\SysWOW64\drivers\mbamswissarmy.sys which does not seem to be present

Full scan crashes the system (not freezes)

Here are the log files:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1
Run by Alan at 2:07:15 on 2012-08-27
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.7988.5601 [GMT -4:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\PROGRA~1\Lenovo\HOTKEY\tpnumlk.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\GManager.exe
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
C:\Program Files (x86)\Common Files\DesktopUtil\MCTDesktopSvr.exe
C:\Program Files\Macrium\Reflect\ReflectService.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Lenovo\System Update\SUService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\taskhost.exe
C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe
C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\TpShocks.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files (x86)\Common Files\DesktopUtil\FDispPos.exe
C:\Program Files (x86)\Common Files\DesktopUtil\MCTDUtil.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files (x86)\Clownfish\Clownfish.exe
C:\Program Files (x86)\Affixa\AffixaTray.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Digital Line Detect\DLG.exe
C:\Program Files (x86)\TechSmith\Snagit 9\Snagit32.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files (x86)\Mindjet\MindManager 10\MmReminderService.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Program Files (x86)\TechSmith\Snagit 9\TSCHelp.exe
C:\Program Files (x86)\TechSmith\Snagit 9\SnagPriv.exe
C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe
C:\Windows\system32\igfxext.exe
C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
C:\Program Files (x86)\TechSmith\Snagit 9\snagiteditor.exe
C:\Windows\splwow64.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE
C:\Program Files\Classic Shell\ClassicStartMenu.exe
C:\Windows\explorer.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - C:\Program Files (x86)\TechSmith\Snagit 9\SnagitBHO.dll
BHO: EasyPark.Homeloading.ActiveX.CommunicationControl: {082ae893-dcf4-4dcf-9a01-5ea5d680b832} - mscoree.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: ExplorerBHO Class: {449d0d6e-2412-4e61-b68f-1cb625cd9e52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
BHO: AffixaHandlerLib.BHO: {5adefb9e-b824-45e6-86e2-2b7941f5d6a3} - mscoree.dll
BHO: CmjBrowserHelperObject Object: {6fe6a929-59d1-4763-91ad-29b61cffb35b} - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
BHO: ClassicIE9BHO Class: {ea801577-e6ad-4bd5-8f71-4be0154331a4} - C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - C:\Program Files (x86)\TechSmith\Snagit 9\SnagitIEAddin.dll
TB: Classic Explorer Bar: {553891b7-a0d5-4526-be18-d3ce461d6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
TB: {687578B9-7132-4A7A-80E4-30EE31099E03} - No File
uRun: [Clownfish] "C:\Program Files (x86)\Clownfish\Clownfish.exe"
uRun: [Affixa] C:\Program Files (x86)\Affixa\AffixaTray.exe
uRun: [Google Update] "C:\Users\Alan\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
mRun: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
mRun: [IMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"
mRun: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [<NO NAME>]
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun: [MMReminderService] C:\Program Files (x86)\Mindjet\MindManager 10\MMReminderService.exe
mRun: [AffixaPersonalSettings] "C:\Program Files (x86)\Affixa\AffixaHandler.exe" /APPLYPERSONAL
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\DIGITA~1.LNK - C:\Program Files (x86)\Digital Line Detect\DLG.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SNAGIT~1.LNK - C:\Program Files (x86)\TechSmith\Snagit 9\Snagit32.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE:
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send Image To MindManager - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll/201
IE: Send Link To MindManager - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll/203
IE: Send Page To MindManager - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll/204
IE: Send Text To MindManager - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll/202
IE: {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE9_32.exe
IE: {2F72393D-2472-4F82-B600-ED77F354B7FF} - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll
IE: {64964764-1101-4bbd-8891-B56B1A53B9B3} - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL
DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77} - hxxp://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect2.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{4953C4C4-2DC8-424C-88BB-58DE6537C051} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{BA44D90C-B88F-436D-858D-7B5E1695BF46} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{BA44D90C-B88F-436D-858D-7B5E1695BF46}\2474D21353 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{E9DA7350-AA86-4266-B2AB-1057C2AE36C2} : DhcpNameServer = 192.168.42.129
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
LSA: Notification Packages = scecli ACGina
mASetup: {90EF4A5E-85DB-4825-96F5-1AB93C2A8EEB} - C:\Program Files (x86)\Mindjet\MindManager 10\sys\MmInternetExplorerActiveSetup.vbs
BHO-X64: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 9\SnagitBHO.dll
BHO-X64: EasyPark.Homeloading.ActiveX.CommunicationControl: {082AE893-DCF4-4dcf-9A01-5EA5D680B832} - mscoree.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: ExplorerBHO Class: {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
BHO-X64: AffixaHandlerLib.BHO: {5adefb9e-b824-45e6-86e2-2b7941f5d6a3} - mscoree.dll
BHO-X64: CmjBrowserHelperObject Object: {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
BHO-X64: ClassicIE9BHO Class: {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll
BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: SmartSelect - No File
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB-X64: Snagit: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 9\SnagitIEAddin.dll
TB-X64: Classic Explorer Bar: {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
TB-X64: {687578B9-7132-4A7A-80E4-30EE31099E03} - No File
mRun-x64: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
mRun-x64: [IMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"
mRun-x64: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [(Default)]
mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun-x64: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun-x64: [MMReminderService] C:\Program Files (x86)\Mindjet\MindManager 10\MMReminderService.exe
mRun-x64: [AffixaPersonalSettings] "C:\Program Files (x86)\Affixa\AffixaHandler.exe" /APPLYPERSONAL
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
IE-X64: {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE9_32.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\jtu6ryl0.default\
FF - prefs.js: browser.startup.homepage - hxxp://advancedhiring.com/|http://www.advancedhiring.com/blog/|http://mail.advancedhiring.com/Default.aspx#page=L01haW4vZnJtTWVzc2FnZXMuYXNweD8_&section=UserEmail&lbh=false
FF - prefs.js: keyword.URL - hxxp://search.toolbars.alexa.com/?ver=spkyf-1.7.0&src=ab&aid=mXu8g1i553002V&q=
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Parx\Parx.Homeloading\NPEasyPark.dll
FF - plugin: C:\Users\Alan\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 DzHDD64;DzHDD64;C:\Windows\system32\DRIVERS\DzHDD64.sys --> C:\Windows\system32\DRIVERS\DzHDD64.sys [?]
R0 fltsrv;Acronis Storage Filter Management;C:\Windows\system32\DRIVERS\fltsrv.sys --> C:\Windows\system32\DRIVERS\fltsrv.sys [?]
R0 mctkmdldr;mctkmdldr;C:\Windows\system32\drivers\mctkmdldr64.sys --> C:\Windows\system32\drivers\mctkmdldr64.sys [?]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R0 TPDIGIMN;TPDIGIMN;C:\Windows\system32\DRIVERS\ApsHM64.sys --> C:\Windows\system32\DRIVERS\ApsHM64.sys [?]
R0 vidsflt61;Acronis Disk Storage Filter (61);C:\Windows\system32\DRIVERS\vsflt61.sys --> C:\Windows\system32\DRIVERS\vsflt61.sys [?]
R1 lenovo.smi;Lenovo System Interface Driver;C:\Windows\system32\DRIVERS\smiifx64.sys --> C:\Windows\system32\DRIVERS\smiifx64.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]
R2 GManager;GManager;C:\Windows\system32\GManager.exe --> C:\Windows\system32\GManager.exe [?]
R2 HsfXAudioService;HsfXAudioService;C:\Windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992]
R2 LENOVO.CAMMUTE;Lenovo Camera Mute;C:\Program Files\Lenovo\Communications Utility\CamMute.exe [2012-8-14 50536]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute;C:\Program Files\Lenovo\HOTKEY\micmute.exe [2012-8-3 101736]
R2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe [2012-8-14 74088]
R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe [2012-8-3 133992]
R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-7-5 375208]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2012-6-8 15928]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\C:\Windows\system32\drivers\LMIRfsDriver.sys --> C:\Windows\system32\drivers\LMIRfsDriver.sys [?]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-8-26 655944]
R2 MCTDesktopSvr;MCTDesktopSvr;C:\Program Files (x86)\Common Files\DesktopUtil\MCTDesktopSvr.exe [2012-8-6 199296]
R2 ReflectService.exe;Macrium Reflect Image Mounting Service;C:\Program Files\Macrium\Reflect\ReflectService.exe [2012-7-29 301760]
R2 rimspci;rimspci;C:\Windows\system32\DRIVERS\rimspe64.sys --> C:\Windows\system32\DRIVERS\rimspe64.sys [?]
R2 TPHKLOAD;Lenovo Hotkey Client Loader;C:\Program Files\Lenovo\HOTKEY\tphkload.exe [2012-8-3 145256]
R2 TPHKSVC;On Screen Display;C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe [2012-8-3 142696]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-8-3 2533400]
R3 5U877;USB Video Device;C:\Windows\system32\DRIVERS\5U877.sys --> C:\Windows\system32\DRIVERS\5U877.sys [?]
R3 CAXHWAZL;CAXHWAZL;C:\Windows\system32\DRIVERS\CAXHWAZL.sys --> C:\Windows\system32\DRIVERS\CAXHWAZL.sys [?]
R3 DozeSvc;Lenovo Doze Mode Service;C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2012-8-3 320576]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;C:\Windows\system32\DRIVERS\e1k62x64.sys --> C:\Windows\system32\DRIVERS\e1k62x64.sys [?]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 LenovoRd;LenovoRd;C:\Windows\system32\Drivers\LenovoRd.sys --> C:\Windows\system32\Drivers\LenovoRd.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 mctkmd;mctkmd;C:\Windows\system32\drivers\mctkmd64.sys --> C:\Windows\system32\drivers\mctkmd64.sys [?]
R3 t1pusb64;Trigger 1+ Graphics Card;C:\Windows\system32\drivers\t1pusb64.sys --> C:\Windows\system32\drivers\t1pusb64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-8-3 250056]
S3 CompFilter64;UVCCompositeFilter;C:\Windows\system32\DRIVERS\lvbflt64.sys --> C:\Windows\system32\DRIVERS\lvbflt64.sys [?]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudbus.sys --> C:\Windows\system32\DRIVERS\ssudbus.sys [?]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]
S3 LVUVC64;Logitech HD Pro Webcam C910(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-8-3 113120]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 Power Manager DBC Service;Power Manager DBC Service;C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe [2012-8-3 1662560]
S3 PwmEWSvc;Cisco EnergyWise Enabler;C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.exe [2012-8-3 1665120]
S3 silabenm;Silicon Labs CP210x USB to UART Bridge Serial Port Enumerator Driver;C:\Windows\system32\DRIVERS\silabenm.sys --> C:\Windows\system32\DRIVERS\silabenm.sys [?]
S3 silabser;Silicon Labs CP210x USB to UART Bridge Driver;C:\Windows\system32\DRIVERS\silabser.sys --> C:\Windows\system32\DRIVERS\silabser.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudmdm.sys --> C:\Windows\system32\DRIVERS\ssudmdm.sys [?]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-08-27 04:52:37 -------- d-----w- C:\Program Files\Classic Shell
2012-08-26 21:50:37 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A47EACE5-6CFE-4FA8-823C-917CA1DBD5F9}\offreg.dll
2012-08-26 21:49:57 9309624 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A47EACE5-6CFE-4FA8-823C-917CA1DBD5F9}\mpengine.dll
2012-08-26 17:39:34 -------- d-----w- C:\Users\Alan\AppData\Roaming\Malwarebytes
2012-08-26 17:39:28 -------- d-----w- C:\ProgramData\Malwarebytes
2012-08-26 17:39:27 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-08-26 17:39:27 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-08-25 21:52:03 9309624 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-08-24 08:34:52 71680 ----a-w- C:\Windows\System32\drivers\silabser.sys
2012-08-24 08:34:52 27336 ----a-w- C:\Windows\System32\drivers\silabenm.sys
2012-08-24 08:34:52 -------- d-----w- C:\SiLabs
2012-08-24 08:33:35 -------- d-----w- C:\Program Files (x86)\Silabs
2012-08-24 08:33:17 -------- d-----w- C:\Program Files (x86)\Parx
2012-08-24 04:18:28 -------- d-----w- C:\Program Files\ThinkVantage
2012-08-24 04:17:28 98496 ----a-w- C:\Windows\System32\NicInstK.dll
2012-08-24 04:17:28 68264 ----a-w- C:\Windows\System32\e1kmsg.dll
2012-08-24 04:17:28 342704 ----a-w- C:\Windows\System32\drivers\e1k62x64.sys
2012-08-22 20:46:26 -------- d-----w- C:\Program Files\SAMSUNG
2012-08-22 20:45:42 -------- d-----w- C:\ProgramData\Samsung
2012-08-22 14:41:10 60304 ----a-w- C:\Users\Alan\g2mdlhlpx.exe
2012-08-22 06:04:36 -------- d-----w- C:\Users\Alan\AppData\Roaming\The Journal 5
2012-08-22 06:04:36 -------- d-----w- C:\Users\Alan\AppData\Local\The Journal 5
2012-08-22 06:04:36 -------- d-----w- C:\ProgramData\The Journal
2012-08-22 06:04:36 -------- d-----w- C:\Program Files (x86)\DavidRM Software
2012-08-20 18:17:26 -------- d-----w- C:\Users\Alan\AppData\Roaming\Mapi2Xml
2012-08-20 09:17:23 -------- d-----w- C:\Users\Alan\AppData\Local\Apps
2012-08-20 09:17:22 -------- d-----w- C:\Users\Alan\AppData\Local\Deployment
2012-08-16 14:29:49 -------- d-----w- C:\Program Files (x86)\Lame For Audacity
2012-08-16 14:27:21 -------- d-----w- C:\Program Files (x86)\Audacity
2012-08-16 04:51:46 737072 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2012-08-16 04:51:30 4283672 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-08-16 04:51:16 42776 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-08-16 04:51:07 539984 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-08-15 18:04:02 -------- d-----w- C:\Program Files (x86)\Citrix
2012-08-15 18:03:10 -------- d-----w- C:\Program Files (x86)\Oracle
2012-08-15 18:02:54 772544 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-08-15 18:02:54 687544 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-08-15 17:25:50 -------- d-----w- C:\Users\Alan\AppData\Roaming\Affixa
2012-08-15 17:23:14 -------- d-----w- C:\Program Files (x86)\Affixa
2012-08-15 08:53:32 -------- d-----w- C:\Program Files (x86)\Clownfish
2012-08-14 14:34:46 53248 ----a-r- C:\Users\Alan\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2012-08-14 14:34:33 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys
2012-08-14 14:33:20 -------- d-----w- C:\Users\Alan\AppData\Roaming\Logishrd
2012-08-14 07:50:35 68864 ----a-w- C:\Windows\System32\drivers\stream.sys
2012-08-14 07:46:00 951680 ----a-w- C:\Windows\System32\drivers\ndis.sys
2012-08-14 07:34:56 99328 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2012-08-14 07:34:56 7936 ----a-w- C:\Windows\System32\drivers\usbd.sys
2012-08-14 07:34:56 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2012-08-14 07:34:56 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2012-08-14 07:34:55 52736 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2012-08-14 07:34:55 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2012-08-14 07:34:55 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2012-08-14 04:33:33 6656 ----a-w- C:\Windows\System32\pxc35pm.dll
2012-08-14 04:33:01 -------- d-----w- C:\ProgramData\Mindjet
2012-08-14 04:31:01 -------- d-----w- C:\Users\Alan\AppData\Local\{8162AB6F-3DB1-4988-9EE4-D2A7861BD300}
2012-08-12 07:45:44 -------- d-----w- C:\Program Files (x86)\KeyWallet
2012-08-09 05:36:32 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2012-08-09 05:36:32 366592 ----a-w- C:\Windows\System32\qdvd.dll
2012-08-07 18:52:43 -------- d-----w- C:\Users\Alan\AppData\Roaming\Desktop Apps
2012-08-07 18:50:16 -------- d-----w- C:\Program Files (x86)\Mioplanet
2012-08-06 16:05:45 55808 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\ZIMFPRNT.DLL
2012-08-06 15:55:27 -------- d-----w- C:\Program Files\HP
2012-08-06 15:55:22 61952 ----a-w- C:\Windows\System32\ZIMF.DLL
2012-08-06 15:55:22 567296 ----a-w- C:\Windows\System32\ZSHP1018.EXE
2012-08-06 15:55:22 49664 ----a-w- C:\Windows\System32\ZTAG.DLL
2012-08-06 15:55:22 127488 ----a-w- C:\Windows\System32\ZSPOOL.DLL
2012-08-06 15:55:22 115200 ----a-w- C:\Windows\System32\ZLhp1018.DLL
2012-08-06 14:31:22 230400 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\hpzppw71.dll
2012-08-06 09:22:49 -------- d-----w- C:\Program Files (x86)\DisplayFusion
2012-08-06 09:00:24 -------- d-----w- C:\ProgramData\Conexant
2012-08-06 09:00:23 -------- d-----w- C:\Users\Alan\AppData\Local\Conexant
2012-08-06 07:08:54 -------- d-----w- C:\Program Files (x86)\MCT Corp
2012-08-05 15:09:42 -------- d-----w- C:\Program Files (x86)\OnyakTech
2012-08-05 13:19:07 -------- d-----w- C:\Program Files (x86)\Microsoft ActiveSync
2012-08-05 13:18:43 -------- d-----w- C:\Windows\PCHEALTH
2012-08-05 10:40:55 -------- d-----w- C:\Program Files (x86)\VideoLAN
2012-08-05 10:04:36 -------- d-----w- C:\ProgramData\Macrium
2012-08-05 10:03:05 -------- d-----w- C:\Program Files\Macrium
2012-08-05 09:18:39 -------- d-----w- C:\Users\Alan\AppData\Local\LogMeIn
2012-08-05 09:18:37 59808 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\LMIproc.dll
2012-08-05 09:18:37 34720 ----a-w- C:\Windows\System32\LMIport.dll
2012-08-05 09:18:36 87488 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll
2012-08-05 09:18:36 72216 ----a-w- C:\Windows\System32\drivers\LMIRfsDriver.sys
2012-08-05 09:18:33 80800 ----a-w- C:\Windows\System32\LMIinit.dll
2012-08-05 09:18:30 -------- d-----w- C:\ProgramData\LogMeIn
2012-08-05 09:18:20 -------- d-----w- C:\Program Files (x86)\LogMeIn
2012-08-05 07:53:59 -------- d-----w- C:\Program Files (x86)\Future Systems Solutions
2012-08-05 07:09:54 1580576 ----a-w- C:\Windows\System32\drivers\tdrpm147.sys
2012-08-05 07:09:45 83488 ----a-w- C:\Windows\System32\drivers\tifsfilt.sys
2012-08-05 07:09:42 237600 ----a-w- C:\Windows\System32\drivers\snman380.sys
2012-08-05 04:05:47 -------- d-----w- C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
2012-08-05 03:49:13 -------- d-----w- C:\Windows\System32\SPReview
2012-08-05 03:48:35 -------- d-----w- C:\Windows\System32\EventProviders
2012-08-04 19:50:03 -------- d-sh--w- C:\Users\Alan\AppData\Roaming\Common
2012-08-04 19:39:42 3 ----a-w- C:\Windows\System32\OutN64proc64.dll
2012-08-04 19:39:42 1 ----a-w- C:\Windows\System32\InN64proc64.dll
2012-08-04 18:47:55 -------- d-----w- C:\Users\Alan\AppData\Local\Logitech® Webcam Software
2012-08-04 18:44:30 -------- d-----w- C:\Program Files (x86)\Common Files\LWS
2012-08-04 11:48:39 880160 ----a-w- C:\Windows\System32\drivers\timntr.sys
2012-08-04 11:48:37 211040 ----a-w- C:\Windows\System32\drivers\vididr.sys
2012-08-04 11:48:37 142944 ----a-w- C:\Windows\System32\drivers\vsflt61.sys
2012-08-04 11:48:29 310368 ----a-w- C:\Windows\System32\drivers\snapman.sys
2012-08-04 05:10:59 732160 ----a-w- C:\Windows\SysWow64\imapi2fs.dll
2012-08-04 05:09:59 70656 ----a-w- C:\Windows\SysWow64\amstream.dll
2012-08-04 04:49:57 2565632 ----a-w- C:\Windows\System32\esent.dll
2012-08-04 04:49:57 1699328 ----a-w- C:\Windows\SysWow64\esent.dll
2012-08-04 04:49:57 1659776 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2012-08-04 04:49:56 410496 ----a-w- C:\Windows\System32\drivers\iaStorV.sys
2012-08-04 04:49:56 27008 ----a-w- C:\Windows\System32\drivers\amdxata.sys
2012-08-04 04:49:56 189824 ----a-w- C:\Windows\System32\drivers\storport.sys
2012-08-04 04:49:56 166272 ----a-w- C:\Windows\System32\drivers\nvstor.sys
2012-08-04 04:49:56 148352 ----a-w- C:\Windows\System32\drivers\nvraid.sys
2012-08-04 04:49:56 107904 ----a-w- C:\Windows\System32\drivers\amdsata.sys
2012-08-04 04:49:55 96768 ----a-w- C:\Windows\System32\fsutil.exe
2012-08-04 04:49:55 74240 ----a-w- C:\Windows\SysWow64\fsutil.exe
2012-08-04 03:53:07 -------- d-sh--r- C:\acroldr
2012-08-04 03:44:38 1285216 ----a-w- C:\Windows\System32\drivers\tdrpman.sys
2012-08-04 03:44:31 142944 ----a-w- C:\Windows\System32\drivers\vsflt58.sys
2012-08-04 03:44:28 133728 ----a-w- C:\Windows\System32\drivers\fltsrv.sys
2012-08-03 15:53:39 -------- d-----w- C:\Users\Alan\AppData\Local\Google
2012-08-03 15:53:37 -------- d-----w- C:\Users\Alan\AppData\Local\CRE
2012-08-03 15:53:29 -------- d-----w- C:\Program Files (x86)\Conduit
2012-08-03 15:53:28 -------- d-----w- C:\Users\Alan\AppData\Local\Conduit
2012-08-03 15:53:19 -------- d-----w- C:\Program Files (x86)\uTorrent
2012-08-03 15:52:47 -------- d-----w- C:\Users\Alan\AppData\Roaming\uTorrent
2012-08-03 15:51:12 -------- d-----w- C:\Program Files\PeerBlock
2012-08-03 15:35:22 -------- d-----w- C:\Windows\System32\appmgmt
2012-08-03 15:34:32 -------- d-----r- C:\Program Files (x86)\Skype
2012-08-03 15:23:20 -------- d-----w- C:\Users\Alan\AppData\Local\Macromedia
2012-08-03 15:09:43 -------- d-----w- C:\Program Files (x86)\MSECache
2012-08-03 13:38:35 -------- d-----w- C:\Users\Alan\AppData\Local\TechSmith
2012-08-03 13:37:51 -------- d-----w- C:\Program Files (x86)\Banner Maker Pro 8
2012-08-03 13:37:10 -------- d-----w- C:\Windows\SysWow64\QuickTime
2012-08-03 13:36:53 -------- d-----w- C:\Program Files (x86)\Common Files\TechSmith Shared
2012-08-03 13:11:30 -------- d-----w- C:\ProgramData\regid.1986-12.com.adobe
2012-08-03 13:03:04 -------- d-----w- C:\Users\Alan\AppData\Local\Adobe
2012-08-03 12:49:54 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-03 12:49:54 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-08-03 12:47:28 -------- d-----w- C:\Users\Alan\AppData\Local\Mindjet
2012-08-03 12:42:01 -------- d-----w- C:\Program Files (x86)\Mindjet
2012-08-03 12:41:10 -------- d-----w- C:\Users\Alan\AppData\Local\{8027227F-E033-40AD-8B3F-C0658D596D0B}
2012-08-03 12:25:02 1139200 ----a-w- C:\Windows\System32\FntCache.dll
2012-08-03 12:25:01 902656 ----a-w- C:\Windows\System32\d2d1.dll
2012-08-03 12:25:01 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2012-08-03 10:33:08 -------- d-----w- C:\Windows\Panther
2012-08-03 10:17:36 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{13369C94-4FC9-4FA6-82AE-72735FF81386}\gapaengine.dll
2012-08-03 10:12:19 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-08-03 10:12:13 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-08-03 10:08:19 -------- d--h--w- C:\Windows\System32\WLANProfiles
2012-08-03 10:04:34 163840 ----a-w- C:\Windows\System32\umpo.dll
2012-08-03 09:56:15 -------- d-----w- C:\Users\Alan\AppData\Roaming\PwrMgr
2012-08-03 09:54:42 -------- d-----w- C:\Users\Alan\AppData\Local\Lenovo
2012-08-03 09:49:42 48704 ----a-w- C:\Windows\System32\ibmpmsvc.exe
2012-08-03 09:49:42 42312 ----a-w- C:\Windows\System32\drivers\ibmpmdrv.sys
2012-08-03 09:49:42 41024 ----a-w- C:\Windows\System32\tpinspm.dll
2012-08-03 09:49:09 337608 ----a-w- C:\Windows\System32\PROUnstl.exe
2012-08-03 09:48:47 118016 ----a-w- C:\Windows\System32\drivers\LenovoRd.sys
2012-08-03 09:47:04 53248 ----a-r- C:\Users\Alan\AppData\Roaming\Microsoft\Installer\{0369F866-2CE0-4EB9-B426-88FA122C6E82}\ARPPRODUCTICON.exe
2012-08-03 09:47:04 -------- d-----w- C:\ProgramData\Lenovo
2012-08-03 09:47:04 -------- d-----w- C:\Program Files\Common Files\Lenovo
2012-08-03 09:47:01 53248 ----a-r- C:\Users\Alan\AppData\Roaming\Microsoft\Installer\{6E6E7725-C7BC-4C39-8B3F-14B67331A120}\ARPPRODUCTICON.exe
2012-08-03 09:45:25 2693728 ------w- C:\Windows\PWMBTHLV.EXE
2012-08-03 09:45:23 29512 ----a-w- C:\Windows\System32\drivers\DZHDD64.SYS
2012-08-03 09:45:23 2806880 ----a-w- C:\Windows\System32\PWMCP64V.cpl
2012-08-03 09:45:23 19784 ----a-w- C:\Windows\System32\drivers\TPPWR64V.SYS
2012-08-03 09:45:23 -------- d-----w- C:\Program Files (x86)\ThinkPad
2012-08-03 09:44:51 77824 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2012-08-03 09:44:51 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2012-08-03 09:44:51 225280 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\IScript\iscript.dll
2012-08-03 09:44:51 176128 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2012-08-03 09:44:47 614532 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
2012-08-03 09:43:59 148264 ----a-w- C:\Windows\System32\SynTPCo4.dll
2012-08-03 09:43:58 736528 ----a-w- C:\Windows\System32\SynCOM.dll
2012-08-03 09:43:21 -------- d-----w- C:\Windows\Downloaded Installations
2012-08-03 09:43:10 -------- d-----w- C:\Program Files (x86)\Common Files\Lenovo
2012-08-03 09:43:00 15472 ----a-w- C:\Windows\System32\drivers\smiifx64.sys
2012-08-03 09:42:47 -------- d-----w- C:\SWTOOLS
2012-08-03 09:42:28 -------- d-----w- C:\Program Files (x86)\Common Files\postureAgent
2012-08-03 09:41:22 682624 ----a-w- C:\Windows\System32\drivers\CHDRT64.sys
2012-08-03 09:41:22 426040 ----a-w- C:\Windows\System32\UCI64A52.dll
2012-08-03 09:41:22 1830016 ----a-w- C:\Windows\System32\CX64AQ17.dll
2012-08-03 09:40:07 -------- d-----w- C:\Program Files (x86)\Digital Line Detect
2012-08-03 09:40:03 -------- d-----w- C:\Users\Alan\AppData\Local\BVRP Software
2012-08-03 09:39:22 -------- d-----w- C:\Program Files (x86)\NetWaiting
2012-08-03 09:39:01 -------- d-----w- C:\Program Files\CONEXANT
2012-08-03 09:38:47 94208 ----a-w- C:\Windows\SysWow64\mdmxsdk.dll
2012-08-03 09:38:47 740864 ----a-w- C:\Windows\System32\drivers\CAX_CNXT.sys
2012-08-03 09:38:47 436736 ----a-w- C:\Windows\SysWow64\XAudio64.dll
2012-08-03 09:38:47 394752 ----a-w- C:\Windows\System32\UCI64M41.dll
2012-08-03 09:38:47 292864 ----a-w- C:\Windows\System32\drivers\CAXHWAZL.sys
2012-08-03 09:38:47 17024 ----a-w- C:\Windows\System32\drivers\mdmxsdk.sys
2012-08-03 09:38:47 1486848 ----a-w- C:\Windows\System32\drivers\CAX_DPV.sys
2012-08-03 09:38:47 10240 ----a-w- C:\Windows\System32\drivers\XAudio64.sys
2012-08-03 09:37:19 -------- d-----w- C:\Program Files\Lenovo
2012-08-03 09:37:17 -------- d-----w- C:\Program Files (x86)\Integrated Camera Driver
2012-08-03 09:37:15 167040 ----a-w- C:\Windows\System32\drivers\5U877.sys
2012-08-03 09:37:15 142848 ----a-w- C:\Windows\System32\5U877.ax
2012-08-03 09:37:15 126976 ----a-w- C:\Windows\SysWow64\5U877.ax
2012-08-03 09:37:15 123904 ----a-w- C:\Windows\System32\5U877.dll
2012-08-03 09:34:27 317440 ----a-w- C:\Windows\System32\drivers\IntcDAud.sys
2012-08-03 09:18:42 40248 ----a-w- C:\Windows\System32\drivers\psadd.sys
2012-08-03 09:10:55 -------- d-----w- C:\Windows\SysWow64\Wat
2012-08-03 09:10:55 -------- d-----w- C:\Windows\System32\Wat
2012-08-03 09:10:37 -------- d-----w- C:\Program Files (x86)\Lenovo
2012-08-03 07:47:26 -------- d-----w- C:\Intel
2012-08-03 07:46:52 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-08-03 07:46:52 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-08-03 07:46:52 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-08-03 07:46:51 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-08-03 07:46:51 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-08-03 07:46:51 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-08-03 07:46:51 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-08-03 07:42:57 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll
2012-08-03 07:41:50 591872 ----a-w- C:\Windows\System32\SearchIndexer.exe
2012-08-03 07:40:38 642944 ----a-w- C:\Windows\System32\winload.efi
2012-08-03 07:39:50 64512 ----a-w- C:\Windows\SysWow64\devobj.dll
2012-08-03 07:38:57 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-08-03 07:30:52 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{45C852D5-B7E7-4021-ADFE-F901E40D3D26}\mpengine.dll
2012-08-03 07:30:51 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-08-03 07:29:57 77312 ----a-w- C:\Windows\System32\packager.dll
2012-08-03 07:29:57 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2012-08-03 07:29:05 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-08-03 07:29:05 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-08-03 07:29:05 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-08-03 07:24:22 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-08-03 07:24:16 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-08-03 07:24:10 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-08-03 07:24:10 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-08-03 07:21:54 -------- d-----w- C:\Users\Alan\AppData\Roaming\Intel
2012-08-03 07:21:46 -------- d-----w- C:\Users\Alan\Roaming
2012-08-03 07:21:46 -------- d-----w- C:\ProgramData\Roaming
2012-08-03 07:21:06 -------- d-----w- C:\Program Files\Common Files\Intel
2012-08-03 07:21:06 -------- d-----w- C:\Program Files (x86)\Cisco
2012-08-03 07:20:32 -------- d-sh--w- C:\Windows\Installer
2012-08-03 07:19:50 -------- d-----w- C:\DRIVERS
2012-08-03 07:01:00 -------- d-----w- C:\Users\Alan\AppData\Local\Diagnostics
2012-07-30 17:32:08 203104 ----a-w- C:\Windows\System32\drivers\ssudmdm.sys
2012-07-30 17:32:08 102240 ----a-w- C:\Windows\System32\drivers\ssudbus.sys
2012-07-29 16:52:52 13504 ----a-w- C:\Windows\System32\drivers\PSVolAcc.sys
2012-07-29 16:52:32 57536 ----a-w- C:\Windows\System32\drivers\psmounter.sys
.
==================== Find3M ====================
.
2012-08-05 03:56:58 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2012-08-05 03:56:57 175616 ----a-w- C:\Windows\System32\msclmd.dll
2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-04 22:13:27 59392 ----a-w- C:\Windows\System32\browcli.dll
2012-07-04 22:13:27 136704 ----a-w- C:\Windows\System32\browser.dll
2012-07-04 21:14:34 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
2012-06-29 03:56:34 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-29 03:49:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-29 03:48:07 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-29 03:43:49 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-29 03:39:48 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-29 00:16:58 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-29 00:09:01 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-29 00:08:59 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-29 00:04:43 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-29 00:00:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-21 19:30:02 122368 ----a-w- C:\Windows\System32\TpShEvUI.exe
2012-06-21 19:29:58 260608 ----a-w- C:\Windows\System32\TpShCPL.cpl
2012-06-21 19:29:54 478208 ----a-w- C:\Windows\System32\TpShCPL.dll
2012-06-21 19:29:50 222720 ----a-w- C:\Windows\System32\TpShocks.exe
2012-06-08 16:05:56 35616 ----a-w- C:\Windows\System32\lmimirr.dll
2012-06-08 16:05:56 14624 ----a-w- C:\Windows\System32\lmimirr2.dll
2012-06-08 16:05:56 11552 ----a-w- C:\Windows\System32\drivers\lmimirr.sys
2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-05-30 17:42:10 569152 ----a-w- C:\Windows\System32\drivers\iaStor.sys
.
============= FINISH: 2:07:46.92 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 8/3/2012 2:39:09 AM
System Uptime: 8/26/2012 3:43:57 PM (11 hours ago)
.
Motherboard: LENOVO | | 2537FE7
Processor: Intel® Core™ i5 CPU M 520 @ 2.40GHz | None | 2400/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 298 GiB total, 201.58 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Intel® Centrino® Advanced-N 6200 AGN
Device ID: PCI\VEN_8086&DEV_4239&SUBSYS_13118086&REV_35\4&3934E41C&0&00E1
Manufacturer: Intel Corporation
Name: Intel® Centrino® Advanced-N 6200 AGN
PNP Device ID: PCI\VEN_8086&DEV_4239&SUBSYS_13118086&REV_35\4&3934E41C&0&00E1
Service: NETwNs64
.
==== System Restore Points ===================
.
RP78: 8/26/2012 12:00:01 AM - Scheduled Checkpoint
RP79: 8/27/2012 12:45:21 AM - Configured Silicon Laboratories CP210x VCP Drivers for Windows X­šÂV
RP80: 8/27/2012 12:52:09 AM - Installed Classic Shell
.
==== Installed Programs ======================
.
µTorrent
Access Help
Adobe Acrobat X Pro - English, Français, Deutsch
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Affixa
Affixa 3.2012.6.24
Audacity 2.0
Banner Maker Pro Version 8
CameraHelperMsi
Camtasia Studio 7
Clownfish for Skype
Compatibility Pack for the 2007 Office system
eReg
Google Chrome
GoToMeeting 5.2.0.952
Integrated Camera Driver Installer Package Ver.1.1.0.48
Intel PROSet Wireless
Intel® Control Center
Intel® Management Engine Components
Intel® Processor Graphics
Java Auto Updater
Java™ 7 Update 5
JavaFX 2.1.1
KeyWallet
LAME v3.99.3 (for Windows)
Lenovo Patch Utility
Logitech Webcam Software
LogMeIn
LWS Facebook
LWS Gallery
LWS Help_main
LWS Launcher
LWS Motion Detection
LWS Pictures And Video
LWS Twitter
LWS Video Mask Maker
LWS Webcam Software
LWS WLM Plugin
LWS YouTube Plugin
Malwarebytes Anti-Malware version 1.62.0.1300
Microsoft Office File Validation Add-In
Microsoft Office Professional Edition 2003
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mindjet MindManager 2012
Mozilla Firefox 14.0.1 (x86 en-US)
Mozilla Maintenance Service
Parx.Homeloading
Pixel Ruler
Power Manager
RICOH R5U230 Media Driver ver.2.06.02.02
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
SigmaLive
Silicon Laboratories CP210x USB to UART Bridge (Driver Removal)
Silicon Laboratories CP210x VCP Drivers for Windows XP/2003 Server/Vista/7
Skype™ 5.10
Snagit 9.1
System Update
The Journal 5
ThinkPad UltraNav Utility
ThinkVantage Access Connections
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
USB Display Device (Trigger Family) 12.01.0315.3679
VLC media player 2.0.3
.
==== Event Viewer Messages From Past Week ========
.
8/25/2012 5:56:31 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
8/20/2012 5:44:24 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
.
==== End Of File ===========================

#2 Maurice Naggar

Maurice Naggar

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 14,550 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

Posted 27 August 2012 - 06:31 AM

Hello afendrich.

Your logs showed some peer-to-peer filesharing apps: µTorrent. You must uninstall it and confirm having done so. Filesharing/downloading from unknown sources is one of the leading causes of transmission of malware.
Risks of File-Sharing Technology.
P2P file sharing: Know the risks

What is the STOP code that you get ?

I would recommend you have a full backup of the system very soon, as your system may be having a serious HDD problem ---- as noted in your log ----
8/20/2012 5:44:24 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
Maurice Naggar
Product Support

staff.png

Follow us: Twitter, Become a fan: Facebook

I close my threads if there is 5 days without a response.

#3 afendrich

afendrich

    New Member

  • Members
  • Pip
  • 4 posts

Posted 27 August 2012 - 07:54 AM

Wow that was fast. Thanks for the response.

OK Utorrent gone -- had installed it to grab a copy of copy of Linux and forgot to unistall.

Log Name: System
Source: Microsoft-Windows-Kernel-Power
Date: 8/26/2012 3:44:04 PM
Event ID: 41
Task Category: (63)
Level: Critical
Keywords: (2)
User: SYSTEM
Computer: AlanQuad
Description:
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
Event Xml:
<Event xmlns="http://schemas.micro.../events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-Power" Guid="{331C3B3A-2005-44C2-AC5E-77220C37D6B4}" />
<EventID>41</EventID>
<Version>2</Version>
<Level>1</Level>
<Task>63</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000002</Keywords>
<TimeCreated SystemTime="2012-08-26T19:44:04.052011500Z" />
<EventRecordID>15958</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="8" />
<Channel>System</Channel>
<Computer>AlanQuad</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="BugcheckCode">0</Data>
<Data Name="BugcheckParameter1">0x0</Data>
<Data Name="BugcheckParameter2">0x0</Data>
<Data Name="BugcheckParameter3">0x0</Data>
<Data Name="BugcheckParameter4">0x0</Data>
<Data Name="SleepInProgress">false</Data>
<Data Name="PowerButtonTimestamp">0</Data>
</EventData>
</Event>

#4 Maurice Naggar

Maurice Naggar

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 14,550 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

Posted 27 August 2012 - 08:10 AM

Please do the following:

Step 1
1. Go >> Here << and download ERUNT
(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)
2. Install ERUNT by following the prompts
(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)
3. Start ERUNT
(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)
4. Choose a location for the backup
(the default location is C:\WINDOWS\ERDNT which is acceptable).
5. Make sure that at least the first two check boxes are ticked
6. Press OK
7. Press YES to create the folder.

Step 2
To show all files:
  • Go to your Desktop
  • Double-Click the Computer icon.
  • From the menu options, Select Tools, then Folder Options.
  • Next click the View tab.
  • Locate and uncheck Hide file extensions for known file types.
  • Locate and uncheck Hide protected operating system files (Recommended).
  • Locate and click Show hidden files and folders and drives.
  • Click Apply > OK.
Step 3
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
Do NOT turn off the firewall

Download aswMBR.exe ( 511KB ) to your desktop.
On Windows 7 or Vista, RIGHT click on aswMBR.exe and select Run As Administrator to start.
On Windows XP, double click the exe to start.

change the a-v scan to None.

uncheck trace disk IO calls


Click the "Scan" button to start scan
On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply
Do not click any FIX button. We just need an initial report.

Step 4
Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Double-Click on TDSSKiller.exe to run the application, then on Start Scan.
    If running Vista or Windows 7, do a RIGHT-Click and select Run as Administrator to start TDSSKILLER.exe.

  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image

  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
    Skip and click on Continue
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
Step 5
  • Download & SAVE to your Desktop >> Tigzy's RogueKillerfrom here << or
    >> from here <<
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.
    For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on Scan button at upper right of screen.
  • Wait until the Status box shows "Scan Finished"
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller
Do NOT click any FIX buttons !

Step 6

RE-Enable your antivirus program. Posted Image

Then copy/paste the following into your post (in order):
  • the contents of aswMBR report;
  • the contents of TDSSKILLER log;
  • the contents of RKReport log;
Be sure to do a Preview prior to pressing Submit because all reports may not fit into 1 single reply. You may have to do more than 1 reply.
Do not use the attachment feature to place any of your reports. Always put them in-line inside the body of reply.
Maurice Naggar
Product Support

staff.png

Follow us: Twitter, Become a fan: Facebook

I close my threads if there is 5 days without a response.

#5 afendrich

afendrich

    New Member

  • Members
  • Pip
  • 4 posts

Posted 27 August 2012 - 09:19 AM

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-27 09:43:43
-----------------------------
09:43:43.482 OS Version: Windows x64 6.1.7601 Service Pack 1
09:43:43.482 Number of processors: 4 586 0x2505
09:43:43.482 ComputerName: ALANQUAD UserName: Alan
09:43:47.062 Initialize success
09:45:05.965 AVAST engine defs: 12082700
09:45:22.188 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
09:45:22.190 Disk 0 Vendor: ST932042 0003 Size: 305245MB BusType: 3
09:45:22.200 Disk 0 MBR read successfully
09:45:22.202 Disk 0 MBR scan
09:45:22.206 Disk 0 Windows 7 default MBR code
09:45:22.217 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
09:45:22.230 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 305143 MB offset 206848
09:45:22.254 Disk 0 scanning C:\Windows\system32\drivers
09:45:35.166 Service scanning
09:45:56.127 Modules scanning
09:45:58.776 AVAST engine scan C:\Windows
09:46:00.599 AVAST engine scan C:\Windows\system32
09:48:38.526 AVAST engine scan C:\Windows\system32\drivers
09:48:56.826 AVAST engine scan C:\Users\Alan
10:00:36.501 AVAST engine scan C:\ProgramData
10:01:19.910 Scan finished successfully
10:02:40.921 Disk 0 MBR has been saved successfully to "C:\Users\Alan\Desktop\MBR.dat"


10:03:04.0495 5000 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
10:03:04.0756 5000 ============================================================
10:03:04.0756 5000 Current date / time: 2012/08/27 10:03:04.0756
10:03:04.0756 5000 SystemInfo:
10:03:04.0756 5000
10:03:04.0756 5000 OS Version: 6.1.7601 ServicePack: 1.0
10:03:04.0756 5000 Product type: Workstation
10:03:04.0756 5000 ComputerName: ALANQUAD
10:03:04.0756 5000 UserName: Alan
10:03:04.0756 5000 Windows directory: C:\Windows
10:03:04.0756 5000 System windows directory: C:\Windows
10:03:04.0756 5000 Running under WOW64
10:03:04.0756 5000 Processor architecture: Intel x64
10:03:04.0756 5000 Number of processors: 4
10:03:04.0756 5000 Page size: 0x1000
10:03:04.0756 5000 Boot type: Normal boot
10:03:04.0756 5000 ============================================================
10:03:05.0185 5000 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0xA181, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
10:03:05.0285 5000 ============================================================
10:03:05.0285 5000 \Device\Harddisk0\DR0:
10:03:05.0285 5000 MBR partitions:
10:03:05.0285 5000 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
10:03:05.0285 5000 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x253FB800
10:03:05.0285 5000 ============================================================
10:03:05.0311 5000 C: <-> \Device\Harddisk0\DR0\Partition2
10:03:05.0311 5000 ============================================================
10:03:05.0311 5000 Initialize success
10:03:05.0311 5000 ============================================================
10:03:13.0781 6532 ============================================================
10:03:13.0781 6532 Scan started
10:03:13.0781 6532 Mode: Manual;
10:03:13.0781 6532 ============================================================
10:03:14.0505 6532 ================ Scan system memory ========================
10:03:14.0505 6532 System memory - ok
10:03:14.0506 6532 ================ Scan services =============================
10:03:14.0647 6532 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
10:03:14.0651 6532 1394ohci - ok
10:03:14.0684 6532 [ 0839005949EA2DA7E9420A66614C6649 ] 5U877 C:\Windows\system32\DRIVERS\5U877.sys
10:03:14.0687 6532 5U877 - ok
10:03:14.0710 6532 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
10:03:14.0716 6532 ACPI - ok
10:03:14.0729 6532 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
10:03:14.0730 6532 AcpiPmi - ok
10:03:14.0800 6532 [ 1933DB4808793F3BD7AB34A39A809425 ] AcPrfMgrSvc C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
10:03:14.0803 6532 AcPrfMgrSvc - ok
10:03:14.0817 6532 [ E7AF543334B21D84124709061A9AE4D7 ] AcSvc C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
10:03:14.0822 6532 AcSvc - ok
10:03:14.0935 6532 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
10:03:14.0936 6532 AdobeARMservice - ok
10:03:15.0080 6532 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
10:03:15.0084 6532 AdobeFlashPlayerUpdateSvc - ok
10:03:15.0126 6532 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
10:03:15.0133 6532 adp94xx - ok
10:03:15.0155 6532 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
10:03:15.0176 6532 adpahci - ok
10:03:15.0183 6532 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
10:03:15.0185 6532 adpu320 - ok
10:03:15.0205 6532 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
10:03:15.0206 6532 AeLookupSvc - ok
10:03:15.0252 6532 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
10:03:15.0258 6532 AFD - ok
10:03:15.0297 6532 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
10:03:15.0299 6532 agp440 - ok
10:03:15.0318 6532 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
10:03:15.0320 6532 ALG - ok
10:03:15.0332 6532 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
10:03:15.0334 6532 aliide - ok
10:03:15.0342 6532 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
10:03:15.0342 6532 amdide - ok
10:03:15.0357 6532 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
10:03:15.0358 6532 AmdK8 - ok
10:03:15.0369 6532 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
10:03:15.0371 6532 AmdPPM - ok
10:03:15.0404 6532 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
10:03:15.0407 6532 amdsata - ok
10:03:15.0413 6532 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
10:03:15.0415 6532 amdsbs - ok
10:03:15.0434 6532 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
10:03:15.0436 6532 amdxata - ok
10:03:15.0475 6532 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
10:03:15.0476 6532 AppID - ok
10:03:15.0494 6532 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
10:03:15.0494 6532 AppIDSvc - ok
10:03:15.0537 6532 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
10:03:15.0538 6532 Appinfo - ok
10:03:15.0558 6532 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
10:03:15.0560 6532 AppMgmt - ok
10:03:15.0564 6532 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
10:03:15.0565 6532 arc - ok
10:03:15.0569 6532 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
10:03:15.0571 6532 arcsas - ok
10:03:15.0713 6532 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
10:03:15.0715 6532 aspnet_state - ok
10:03:15.0737 6532 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
10:03:15.0739 6532 AsyncMac - ok
10:03:15.0782 6532 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
10:03:15.0784 6532 atapi - ok
10:03:15.0831 6532 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
10:03:15.0839 6532 AudioEndpointBuilder - ok
10:03:15.0856 6532 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
10:03:15.0860 6532 AudioSrv - ok
10:03:15.0925 6532 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
10:03:15.0927 6532 AxInstSV - ok
10:03:15.0958 6532 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
10:03:15.0964 6532 b06bdrv - ok
10:03:15.0981 6532 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
10:03:15.0985 6532 b57nd60a - ok
10:03:16.0012 6532 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
10:03:16.0013 6532 BDESVC - ok
10:03:16.0035 6532 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
10:03:16.0037 6532 Beep - ok
10:03:16.0098 6532 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
10:03:16.0107 6532 BFE - ok
10:03:16.0129 6532 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
10:03:16.0149 6532 BITS - ok
10:03:16.0171 6532 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
10:03:16.0173 6532 blbdrive - ok
10:03:16.0193 6532 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
10:03:16.0196 6532 bowser - ok
10:03:16.0214 6532 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
10:03:16.0216 6532 BrFiltLo - ok
10:03:16.0230 6532 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
10:03:16.0232 6532 BrFiltUp - ok
10:03:16.0258 6532 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
10:03:16.0261 6532 Browser - ok
10:03:16.0282 6532 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
10:03:16.0287 6532 Brserid - ok
10:03:16.0298 6532 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
10:03:16.0300 6532 BrSerWdm - ok
10:03:16.0324 6532 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
10:03:16.0326 6532 BrUsbMdm - ok
10:03:16.0340 6532 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
10:03:16.0340 6532 BrUsbSer - ok
10:03:16.0357 6532 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
10:03:16.0358 6532 BTHMODEM - ok
10:03:16.0373 6532 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
10:03:16.0375 6532 bthserv - ok
10:03:16.0405 6532 [ 48360B88C4BF45850653BB7C86888ED4 ] CAXHWAZL C:\Windows\system32\DRIVERS\CAXHWAZL.sys
10:03:16.0410 6532 CAXHWAZL - ok
10:03:16.0430 6532 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
10:03:16.0433 6532 cdfs - ok
10:03:16.0485 6532 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
10:03:16.0488 6532 cdrom - ok
10:03:16.0532 6532 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
10:03:16.0536 6532 CertPropSvc - ok
10:03:16.0549 6532 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
10:03:16.0550 6532 circlass - ok
10:03:16.0567 6532 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
10:03:16.0573 6532 CLFS - ok
10:03:16.0618 6532 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:03:16.0620 6532 clr_optimization_v2.0.50727_32 - ok
10:03:16.0649 6532 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
10:03:16.0651 6532 clr_optimization_v2.0.50727_64 - ok
10:03:16.0758 6532 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:03:16.0761 6532 clr_optimization_v4.0.30319_32 - ok
10:03:16.0774 6532 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
10:03:16.0777 6532 clr_optimization_v4.0.30319_64 - ok
10:03:16.0803 6532 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
10:03:16.0804 6532 CmBatt - ok
10:03:16.0845 6532 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
10:03:16.0845 6532 cmdide - ok
10:03:16.0873 6532 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
10:03:16.0880 6532 CNG - ok
10:03:16.0917 6532 [ 22BC1C27274D1CB1C3A8C14CDBA0CDF2 ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT64.sys
10:03:16.0926 6532 CnxtHdAudService - ok
10:03:16.0946 6532 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
10:03:16.0948 6532 Compbatt - ok
10:03:16.0984 6532 [ 59D203C3F46F3CA536ECAC0E084CD887 ] CompFilter64 C:\Windows\system32\DRIVERS\lvbflt64.sys
10:03:16.0984 6532 CompFilter64 - ok
10:03:17.0027 6532 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
10:03:17.0029 6532 CompositeBus - ok
10:03:17.0037 6532 COMSysApp - ok
10:03:17.0057 6532 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
10:03:17.0059 6532 crcdisk - ok
10:03:17.0097 6532 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
10:03:17.0101 6532 CryptSvc - ok
10:03:17.0134 6532 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
10:03:17.0141 6532 CSC - ok
10:03:17.0181 6532 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
10:03:17.0197 6532 CscService - ok
10:03:17.0237 6532 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
10:03:17.0245 6532 DcomLaunch - ok
10:03:17.0273 6532 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
10:03:17.0278 6532 defragsvc - ok
10:03:17.0311 6532 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
10:03:17.0313 6532 DfsC - ok
10:03:17.0351 6532 [ 105373D52E71D2D1355AD3ACD18259C3 ] dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys
10:03:17.0354 6532 dg_ssudbus - ok
10:03:17.0398 6532 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
10:03:17.0403 6532 Dhcp - ok
10:03:17.0421 6532 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
10:03:17.0423 6532 discache - ok
10:03:17.0439 6532 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
10:03:17.0441 6532 Disk - ok
10:03:17.0465 6532 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
10:03:17.0469 6532 Dnscache - ok
10:03:17.0504 6532 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
10:03:17.0508 6532 dot3svc - ok
10:03:17.0547 6532 [ 9597BCB69286FF017DB1A0FB8144408D ] DozeSvc C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE
10:03:17.0548 6532 DozeSvc - ok
10:03:17.0585 6532 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
10:03:17.0588 6532 DPS - ok
10:03:17.0611 6532 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
10:03:17.0611 6532 drmkaud - ok
10:03:17.0668 6532 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
10:03:17.0694 6532 DXGKrnl - ok
10:03:17.0709 6532 [ 3CE83D7EE95D9C9F03323810A2E747DF ] DzHDD64 C:\Windows\system32\DRIVERS\DzHDD64.sys
10:03:17.0711 6532 DzHDD64 - ok
10:03:17.0742 6532 [ BF3AF22106627DFF3EF7BAB133C969EA ] e1kexpress C:\Windows\system32\DRIVERS\e1k62x64.sys
10:03:17.0747 6532 e1kexpress - ok
10:03:17.0763 6532 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
10:03:17.0764 6532 EapHost - ok
10:03:17.0901 6532 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
10:03:17.0969 6532 ebdrv - ok
10:03:17.0996 6532 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
10:03:17.0998 6532 EFS - ok
10:03:18.0039 6532 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
10:03:18.0056 6532 ehRecvr - ok
10:03:18.0075 6532 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
10:03:18.0078 6532 ehSched - ok
10:03:18.0096 6532 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
10:03:18.0104 6532 elxstor - ok
10:03:18.0123 6532 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
10:03:18.0124 6532 ErrDev - ok
10:03:18.0152 6532 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
10:03:18.0159 6532 EventSystem - ok
10:03:18.0266 6532 [ 532B8FF8E07F3772B086620377654F95 ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
10:03:18.0308 6532 EvtEng - ok
10:03:18.0322 6532 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
10:03:18.0325 6532 exfat - ok
10:03:18.0339 6532 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
10:03:18.0342 6532 fastfat - ok
10:03:18.0403 6532 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
10:03:18.0413 6532 Fax - ok
10:03:18.0430 6532 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
10:03:18.0431 6532 fdc - ok
10:03:18.0448 6532 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
10:03:18.0449 6532 fdPHost - ok
10:03:18.0453 6532 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
10:03:18.0454 6532 FDResPub - ok
10:03:18.0464 6532 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
10:03:18.0466 6532 FileInfo - ok
10:03:18.0478 6532 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
10:03:18.0481 6532 Filetrace - ok
10:03:18.0490 6532 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
10:03:18.0491 6532 flpydisk - ok
10:03:18.0536 6532 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
10:03:18.0540 6532 FltMgr - ok
10:03:18.0599 6532 [ E94E042BC24BB301767A8125D529B705 ] fltsrv C:\Windows\system32\DRIVERS\fltsrv.sys
10:03:18.0602 6532 fltsrv - ok
10:03:18.0654 6532 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
10:03:18.0679 6532 FontCache - ok
10:03:18.0727 6532 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
10:03:18.0729 6532 FontCache3.0.0.0 - ok
10:03:18.0738 6532 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
10:03:18.0739 6532 FsDepends - ok
10:03:18.0761 6532 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
10:03:18.0763 6532 Fs_Rec - ok
10:03:18.0814 6532 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
10:03:18.0818 6532 fvevol - ok
10:03:18.0829 6532 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
10:03:18.0830 6532 gagp30kx - ok
10:03:18.0874 6532 [ CE87068806FF90AC53C5ED1E13889B3B ] GManager C:\Windows\system32\GManager.exe
10:03:18.0879 6532 GManager - ok
10:03:18.0928 6532 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
10:03:18.0944 6532 gpsvc - ok
10:03:18.0955 6532 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
10:03:18.0958 6532 hcw85cir - ok
10:03:19.0005 6532 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
10:03:19.0009 6532 HdAudAddService - ok
10:03:19.0032 6532 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
10:03:19.0035 6532 HDAudBus - ok
10:03:19.0057 6532 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
10:03:19.0059 6532 HECIx64 - ok
10:03:19.0070 6532 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
10:03:19.0070 6532 HidBatt - ok
10:03:19.0080 6532 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
10:03:19.0083 6532 HidBth - ok
10:03:19.0106 6532 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
10:03:19.0107 6532 HidIr - ok
10:03:19.0127 6532 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
10:03:19.0128 6532 hidserv - ok
10:03:19.0146 6532 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys
10:03:19.0147 6532 HidUsb - ok
10:03:19.0177 6532 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
10:03:19.0180 6532 hkmsvc - ok
10:03:19.0224 6532 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
10:03:19.0228 6532 HomeGroupListener - ok
10:03:19.0268 6532 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
10:03:19.0272 6532 HomeGroupProvider - ok
10:03:19.0286 6532 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
10:03:19.0287 6532 HpSAMD - ok
10:03:19.0365 6532 [ 447256D1C026654C5CD3CC17E7B20631 ] HsfXAudioService C:\Windows\SysWOW64\XAudio64.dll
10:03:19.0372 6532 HsfXAudioService - ok
10:03:19.0403 6532 [ F6AC1087A131FBB385400667BEA64FBE ] HSF_DPV C:\Windows\system32\DRIVERS\CAX_DPV.sys
10:03:19.0429 6532 HSF_DPV - ok
10:03:19.0473 6532 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
10:03:19.0489 6532 HTTP - ok
10:03:19.0503 6532 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
10:03:19.0503 6532 hwpolicy - ok
10:03:19.0529 6532 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
10:03:19.0531 6532 i8042prt - ok
10:03:19.0574 6532 [ CCFA835960E35F30D28A868E0B3B8722 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
10:03:19.0577 6532 iaStor - ok
10:03:19.0602 6532 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
10:03:19.0608 6532 iaStorV - ok
10:03:19.0634 6532 [ 72B253CDBCAA10E88AAD0BA39CC83BCD ] IBMPMDRV C:\Windows\system32\DRIVERS\ibmpmdrv.sys
10:03:19.0636 6532 IBMPMDRV - ok
10:03:19.0644 6532 [ 4925FFB084C9AD02E8EEF01FB18BF5AC ] IBMPMSVC C:\Windows\system32\ibmpmsvc.exe
10:03:19.0645 6532 IBMPMSVC - ok
10:03:19.0684 6532 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
10:03:19.0705 6532 idsvc - ok
10:03:19.0916 6532 [ F4F91789C7C7A159CE8215C1F69F2A85 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
10:03:20.0109 6532 igfx - ok
10:03:20.0147 6532 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
10:03:20.0148 6532 iirsp - ok
10:03:20.0195 6532 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
10:03:20.0215 6532 IKEEXT - ok
10:03:20.0251 6532 [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd C:\Windows\system32\DRIVERS\Impcd.sys
10:03:20.0255 6532 Impcd - ok
10:03:20.0279 6532 [ AE594CC17C33AC146739494615E14851 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
10:03:20.0285 6532 IntcDAud - ok
10:03:20.0293 6532 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
10:03:20.0295 6532 intelide - ok
10:03:20.0308 6532 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
10:03:20.0310 6532 intelppm - ok
10:03:20.0331 6532 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
10:03:20.0334 6532 IPBusEnum - ok
10:03:20.0371 6532 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:03:20.0373 6532 IpFilterDriver - ok
10:03:20.0397 6532 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
10:03:20.0405 6532 iphlpsvc - ok
10:03:20.0436 6532 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
10:03:20.0438 6532 IPMIDRV - ok
10:03:20.0456 6532 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
10:03:20.0457 6532 IPNAT - ok
10:03:20.0480 6532 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
10:03:20.0481 6532 IRENUM - ok
10:03:20.0495 6532 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
10:03:20.0495 6532 isapnp - ok
10:03:20.0530 6532 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
10:03:20.0535 6532 iScsiPrt - ok
10:03:20.0560 6532 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
10:03:20.0562 6532 kbdclass - ok
10:03:20.0605 6532 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
10:03:20.0606 6532 kbdhid - ok
10:03:20.0621 6532 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
10:03:20.0622 6532 KeyIso - ok
10:03:20.0649 6532 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
10:03:20.0651 6532 KSecDD - ok
10:03:20.0662 6532 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
10:03:20.0665 6532 KSecPkg - ok
10:03:20.0677 6532 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
10:03:20.0677 6532 ksthunk - ok
10:03:20.0707 6532 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
10:03:20.0713 6532 KtmRm - ok
10:03:20.0765 6532 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
10:03:20.0770 6532 LanmanServer - ok
10:03:20.0809 6532 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
10:03:20.0813 6532 LanmanWorkstation - ok
10:03:20.0935 6532 [ 7772DFAB22611050B79504E671B06E6E ] LBTServ C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
10:03:20.0940 6532 LBTServ - ok
10:03:20.0995 6532 [ CAB9C6C37FD0F9612B269349116504B6 ] LENOVO.CAMMUTE C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
10:03:20.0996 6532 LENOVO.CAMMUTE - ok
10:03:21.0043 6532 [ 340288B3B2EDC8AFD5FF127DF85142A7 ] LENOVO.MICMUTE C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
10:03:21.0045 6532 LENOVO.MICMUTE - ok
10:03:21.0057 6532 [ 2B9D8555DC004E240082D18E7725CE20 ] lenovo.smi C:\Windows\system32\DRIVERS\smiifx64.sys
10:03:21.0059 6532 lenovo.smi - ok
10:03:21.0083 6532 [ 04B5F7F44CCB2FAB615C67ED0E6C8323 ] LENOVO.TPKNRSVC C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
10:03:21.0085 6532 LENOVO.TPKNRSVC - ok
10:03:21.0109 6532 [ F7DE50781DC4D162C1005EB30D98F931 ] Lenovo.VIRTSCRLSVC C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
10:03:21.0112 6532 Lenovo.VIRTSCRLSVC - ok
10:03:21.0151 6532 [ 606DA892A53FA863B67F8D3F8FF016A0 ] LenovoRd C:\Windows\system32\Drivers\LenovoRd.sys
10:03:21.0154 6532 LenovoRd - ok
10:03:21.0194 6532 [ 241F2648ADF090E2A10095BD6D6F5DCB ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys
10:03:21.0197 6532 LHidFilt - ok
10:03:21.0233 6532 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
10:03:21.0234 6532 lltdio - ok
10:03:21.0254 6532 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
10:03:21.0259 6532 lltdsvc - ok
10:03:21.0281 6532 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
10:03:21.0284 6532 lmhosts - ok
10:03:21.0332 6532 [ 98B0FCC176DFB711B67651BECB88C445 ] LMIGuardianSvc C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
10:03:21.0338 6532 LMIGuardianSvc - ok
10:03:21.0354 6532 [ 0317335B15FF3BDA8E10197E3434CFC0 ] LMIInfo C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys
10:03:21.0356 6532 LMIInfo - ok
10:03:21.0369 6532 [ B712511029CBD68645A90A241FD6AE43 ] LMIMaint C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
10:03:21.0372 6532 LMIMaint - ok
10:03:21.0395 6532 [ 413ECDCFAD9A82804D3674C8D7EEC24E ] lmimirr C:\Windows\system32\DRIVERS\lmimirr.sys
10:03:21.0397 6532 lmimirr - ok
10:03:21.0420 6532 LMIRfsClientNP - ok
10:03:21.0439 6532 [ C57D3FAA50E6F395759FFB7C709BD944 ] LMIRfsDriver C:\Windows\system32\drivers\LMIRfsDriver.sys
10:03:21.0441 6532 LMIRfsDriver - ok
10:03:21.0473 6532 [ 342ED5A4B3326014438F36D22D803737 ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys
10:03:21.0474 6532 LMouFilt - ok
10:03:21.0553 6532 [ 25884CA77F8D926B69167BC231D3726E ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
10:03:21.0558 6532 LMS - ok
10:03:21.0571 6532 [ D3760BC17E1755091B7120CF32DBF56B ] LogMeIn C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
10:03:21.0577 6532 LogMeIn - ok
10:03:21.0597 6532 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
10:03:21.0598 6532 LSI_FC - ok
10:03:21.0615 6532 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
10:03:21.0617 6532 LSI_SAS - ok
10:03:21.0621 6532 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
10:03:21.0622 6532 LSI_SAS2 - ok
10:03:21.0627 6532 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
10:03:21.0628 6532 LSI_SCSI - ok
10:03:21.0639 6532 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
10:03:21.0640 6532 luafv - ok
10:03:21.0698 6532 [ 0C85B2B6FB74B36A251792D45E0EF860 ] LVRS64 C:\Windows\system32\DRIVERS\lvrs64.sys
10:03:21.0703 6532 LVRS64 - ok
10:03:21.0819 6532 [ FF3A488924B0032B1A9CA6948C1FA9E8 ] LVUVC64 C:\Windows\system32\DRIVERS\lvuvc64.sys
10:03:21.0924 6532 LVUVC64 - ok
10:03:21.0975 6532 [ DC8490812A3B72811AE534F423B4C206 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
10:03:21.0977 6532 MBAMProtector - ok
10:03:22.0027 6532 [ 43683E970F008C93C9429EF428147A54 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
10:03:22.0035 6532 MBAMService - ok
10:03:22.0113 6532 [ 3E23A0792D5EE0A072961E9E9F347368 ] MCTDesktopSvr C:\Program Files (x86)\Common Files\DesktopUtil\MCTDesktopSvr.exe
10:03:22.0117 6532 MCTDesktopSvr - ok
10:03:22.0129 6532 [ 76CE15DFBEC1FEDBBAF065768591CF2E ] mctkmd C:\Windows\system32\drivers\mctkmd64.sys
10:03:22.0133 6532 mctkmd - ok
10:03:22.0152 6532 [ 7E622C16CA2798B352C0B31DBB208CBD ] mctkmdldr C:\Windows\system32\drivers\mctkmdldr64.sys
10:03:22.0153 6532 mctkmdldr - ok
10:03:22.0190 6532 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
10:03:22.0193 6532 Mcx2Svc - ok
10:03:22.0215 6532 [ E4F44EC214B3E381E1FC844A02926666 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys
10:03:22.0217 6532 mdmxsdk - ok
10:03:22.0235 6532 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
10:03:22.0236 6532 megasas - ok
10:03:22.0252 6532 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
10:03:22.0256 6532 MegaSR - ok
10:03:22.0288 6532 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
10:03:22.0290 6532 MMCSS - ok
10:03:22.0303 6532 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
10:03:22.0306 6532 Modem - ok
10:03:22.0318 6532 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
10:03:22.0319 6532 monitor - ok
10:03:22.0363 6532 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
10:03:22.0365 6532 mouclass - ok
10:03:22.0390 6532 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
10:03:22.0390 6532 mouhid - ok
10:03:22.0419 6532 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
10:03:22.0421 6532 mountmgr - ok
10:03:22.0478 6532 [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
10:03:22.0481 6532 MozillaMaintenance - ok
10:03:22.0527 6532 [ 94C66EDEDCDB6A126880472F9A704D8E ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
10:03:22.0531 6532 MpFilter - ok
10:03:22.0565 6532 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
10:03:22.0568 6532 mpio - ok
10:03:22.0578 6532 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
10:03:22.0580 6532 mpsdrv - ok
10:03:22.0630 6532 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
10:03:22.0651 6532 MpsSvc - ok
10:03:22.0689 6532 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
10:03:22.0692 6532 MRxDAV - ok
10:03:22.0714 6532 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
10:03:22.0718 6532 mrxsmb - ok
10:03:22.0734 6532 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:03:22.0739 6532 mrxsmb10 - ok
10:03:22.0761 6532 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:03:22.0764 6532 mrxsmb20 - ok
10:03:22.0800 6532 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
10:03:22.0802 6532 msahci - ok
10:03:22.0840 6532 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
10:03:22.0842 6532 msdsm - ok
10:03:22.0861 6532 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
10:03:22.0864 6532 MSDTC - ok
10:03:22.0880 6532 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
10:03:22.0882 6532 Msfs - ok
10:03:22.0895 6532 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
10:03:22.0895 6532 mshidkmdf - ok
10:03:22.0910 6532 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
10:03:22.0912 6532 msisadrv - ok
10:03:22.0946 6532 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
10:03:22.0949 6532 MSiSCSI - ok
10:03:22.0954 6532 msiserver - ok
10:03:22.0980 6532 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
10:03:22.0981 6532 MSKSSRV - ok
10:03:23.0033 6532 [ 59FAAF2C83C8169EA20F9E335E418907 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
10:03:23.0034 6532 MsMpSvc - ok
10:03:23.0043 6532 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
10:03:23.0044 6532 MSPCLOCK - ok
10:03:23.0053 6532 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
10:03:23.0054 6532 MSPQM - ok
10:03:23.0091 6532 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
10:03:23.0097 6532 MsRPC - ok
10:03:23.0107 6532 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
10:03:23.0107 6532 mssmbios - ok
10:03:23.0122 6532 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
10:03:23.0123 6532 MSTEE - ok
10:03:23.0132 6532 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
10:03:23.0135 6532 MTConfig - ok
10:03:23.0146 6532 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
10:03:23.0149 6532 Mup - ok
10:03:23.0164 6532 mvvideodemo - ok
10:03:23.0208 6532 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
10:03:23.0216 6532 napagent - ok
10:03:23.0253 6532 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
10:03:23.0258 6532 NativeWifiP - ok
10:03:23.0302 6532 [ C38B8AE57F78915905064A9A24DC1586 ] NDIS C:\Windows\system32\drivers\ndis.sys
10:03:23.0323 6532 NDIS - ok
10:03:23.0333 6532 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
10:03:23.0335 6532 NdisCap - ok
10:03:23.0356 6532 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
10:03:23.0357 6532 NdisTapi - ok
10:03:23.0402 6532 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
10:03:23.0404 6532 Ndisuio - ok
10:03:23.0435 6532 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
10:03:23.0439 6532 NdisWan - ok
10:03:23.0471 6532 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
10:03:23.0473 6532 NDProxy - ok
10:03:23.0488 6532 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
10:03:23.0489 6532 NetBIOS - ok
10:03:23.0535 6532 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
10:03:23.0539 6532 NetBT - ok
10:03:23.0549 6532 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
10:03:23.0550 6532 Netlogon - ok
10:03:23.0586 6532 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
10:03:23.0592 6532 Netman - ok
10:03:23.0719 6532 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:03:23.0721 6532 NetMsmqActivator - ok
10:03:23.0735 6532 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:03:23.0736 6532 NetPipeActivator - ok
10:03:23.0756 6532 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
10:03:23.0777 6532 netprofm - ok
10:03:23.0792 6532 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:03:23.0793 6532 NetTcpActivator - ok
10:03:23.0797 6532 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:03:23.0799 6532 NetTcpPortSharing - ok
10:03:23.0964 6532 [ 774C9ECCEF83AB8A3D1466F19809C95F ] NETwNs64 C:\Windows\system32\DRIVERS\NETwNs64.sys
10:03:24.0115 6532 NETwNs64 - ok
10:03:24.0137 6532 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
10:03:24.0137 6532 nfrd960 - ok
10:03:24.0174 6532 [ 91B4E0273D2F6C24EF845F2B41311289 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
10:03:24.0176 6532 NisDrv - ok
10:03:24.0212 6532 [ 10A43829A9E606AF3EEF25A1C1665923 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
10:03:24.0218 6532 NisSrv - ok
10:03:24.0268 6532 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
10:03:24.0274 6532 NlaSvc - ok
10:03:24.0281 6532 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
10:03:24.0283 6532 Npfs - ok
10:03:24.0297 6532 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
10:03:24.0299 6532 nsi - ok
10:03:24.0308 6532 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
10:03:24.0308 6532 nsiproxy - ok
10:03:24.0369 6532 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
10:03:24.0402 6532 Ntfs - ok
10:03:24.0415 6532 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
10:03:24.0416 6532 Null - ok
10:03:24.0450 6532 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
10:03:24.0452 6532 nvraid - ok
10:03:24.0462 6532 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
10:03:24.0465 6532 nvstor - ok
10:03:24.0493 6532 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
10:03:24.0496 6532 nv_agp - ok
10:03:24.0530 6532 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
10:03:24.0530 6532 ohci1394 - ok
10:03:24.0569 6532 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:03:24.0571 6532 ose - ok
10:03:24.0597 6532 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
10:03:24.0603 6532 p2pimsvc - ok
10:03:24.0618 6532 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
10:03:24.0625 6532 p2psvc - ok
10:03:24.0638 6532 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
10:03:24.0640 6532 Parport - ok
10:03:24.0663 6532 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
10:03:24.0665 6532 partmgr - ok
10:03:24.0682 6532 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
10:03:24.0686 6532 PcaSvc - ok
10:03:24.0702 6532 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
10:03:24.0706 6532 pci - ok
10:03:24.0713 6532 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
10:03:24.0715 6532 pciide - ok
10:03:24.0733 6532 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
10:03:24.0737 6532 pcmcia - ok
10:03:24.0754 6532 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
10:03:24.0756 6532 pcw - ok
10:03:24.0777 6532 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
10:03:24.0785 6532 PEAUTH - ok
10:03:24.0823 6532 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
10:03:24.0856 6532 PeerDistSvc - ok
10:03:24.0929 6532 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
10:03:24.0931 6532 PerfHost - ok
10:03:25.0000 6532 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
10:03:25.0026 6532 pla - ok
10:03:25.0063 6532 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
10:03:25.0070 6532 PlugPlay - ok
10:03:25.0077 6532 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
10:03:25.0080 6532 PNRPAutoReg - ok
10:03:25.0093 6532 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
10:03:25.0095 6532 PNRPsvc - ok
10:03:25.0113 6532 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
10:03:25.0121 6532 PolicyAgent - ok
10:03:25.0148 6532 [ A2CCA4FB273E6050F17A0A416CFF2FCD ] Power C:\Windows\system32\umpo.dll
10:03:25.0152 6532 Power - ok
10:03:25.0217 6532 [ DEED60F99C5B8E386D507860F600D509 ] Power Manager DBC Service C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
10:03:25.0250 6532 Power Manager DBC Service - ok
10:03:25.0287 6532 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
10:03:25.0287 6532 PptpMiniport - ok
10:03:25.0313 6532 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
10:03:25.0313 6532 Processor - ok
10:03:25.0342 6532 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
10:03:25.0347 6532 ProfSvc - ok
10:03:25.0356 6532 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
10:03:25.0357 6532 ProtectedStorage - ok
10:03:25.0391 6532 [ 05A4779E4994B21473EDBE85AABE8030 ] psadd C:\Windows\system32\DRIVERS\psadd.sys
10:03:25.0392 6532 psadd - ok
10:03:25.0428 6532 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
10:03:25.0431 6532 Psched - ok
10:03:25.0477 6532 [ 68DCE950DCD2ABBB82362D383EC5836E ] PwmEWSvc C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE
10:03:25.0510 6532 PwmEWSvc - ok
10:03:25.0547 6532 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
10:03:25.0573 6532 ql2300 - ok
10:03:25.0579 6532 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
10:03:25.0581 6532 ql40xx - ok
10:03:25.0603 6532 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
10:03:25.0608 6532 QWAVE - ok
10:03:25.0618 6532 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
10:03:25.0619 6532 QWAVEdrv - ok
10:03:25.0635 6532 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
10:03:25.0635 6532 RasAcd - ok
10:03:25.0658 6532 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
10:03:25.0659 6532 RasAgileVpn - ok
10:03:25.0675 6532 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
10:03:25.0677 6532 RasAuto - ok
10:03:25.0720 6532 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
10:03:25.0722 6532 Rasl2tp - ok
10:03:25.0755 6532 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
10:03:25.0761 6532 RasMan - ok
10:03:25.0766 6532 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
10:03:25.0766 6532 RasPppoe - ok
10:03:25.0779 6532 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
10:03:25.0780 6532 RasSstp - ok
10:03:25.0800 6532 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
10:03:25.0805 6532 rdbss - ok
10:03:25.0820 6532 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
10:03:25.0822 6532 rdpbus - ok
10:03:25.0847 6532 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
10:03:25.0847 6532 RDPCDD - ok
10:03:25.0883 6532 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
10:03:25.0885 6532 RDPDR - ok
10:03:25.0893 6532 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
10:03:25.0894 6532 RDPENCDD - ok
10:03:25.0919 6532 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
10:03:25.0920 6532 RDPREFMP - ok
10:03:25.0968 6532 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
10:03:25.0972 6532 RDPWD - ok
10:03:26.0003 6532 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
10:03:26.0007 6532 rdyboost - ok
10:03:26.0046 6532 [ B4A80F3942A920D0044D789C3AF7A932 ] ReflectService.exe C:\Program Files\Macrium\Reflect\ReflectService.exe
10:03:26.0051 6532 ReflectService.exe - ok
10:03:26.0119 6532 [ 7196BE857E29007470FF9B689C7F29A7 ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
10:03:26.0139 6532 RegSrvc - ok
10:03:26.0165 6532 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
10:03:26.0166 6532 RemoteAccess - ok
10:03:26.0187 6532 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
10:03:26.0191 6532 RemoteRegistry - ok
10:03:26.0219 6532 [ 3DCA561AAF776AA2E356FB5B142AA5F8 ] rimspci C:\Windows\system32\DRIVERS\rimspe64.sys
10:03:26.0222 6532 rimspci - ok
10:03:26.0243 6532 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
10:03:26.0244 6532 RpcEptMapper - ok
10:03:26.0265 6532 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
10:03:26.0267 6532 RpcLocator - ok
10:03:26.0305 6532 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
10:03:26.0308 6532 RpcSs - ok
10:03:26.0324 6532 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
10:03:26.0327 6532 rspndr - ok
10:03:26.0362 6532 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
10:03:26.0364 6532 s3cap - ok
10:03:26.0379 6532 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
10:03:26.0380 6532 SamSs - ok
10:03:26.0420 6532 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
10:03:26.0422 6532 sbp2port - ok
10:03:26.0433 6532 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
10:03:26.0438 6532 SCardSvr - ok
10:03:26.0471 6532 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
10:03:26.0472 6532 scfilter - ok
10:03:26.0530 6532 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
10:03:26.0556 6532 Schedule - ok
10:03:26.0590 6532 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
10:03:26.0591 6532 SCPolicySvc - ok
10:03:26.0614 6532 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\drivers\sdbus.sys
10:03:26.0617 6532 sdbus - ok
10:03:26.0630 6532 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
10:03:26.0634 6532 SDRSVC - ok
10:03:26.0649 6532 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
10:03:26.0651 6532 secdrv - ok
10:03:26.0684 6532 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
10:03:26.0685 6532 seclogon - ok
10:03:26.0696 6532 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
10:03:26.0699 6532 SENS - ok
10:03:26.0708 6532 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
10:03:26.0711 6532 SensrSvc - ok
10:03:26.0721 6532 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
10:03:26.0721 6532 Serenum - ok
10:03:26.0739 6532 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
10:03:26.0740 6532 Serial - ok
10:03:26.0757 6532 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
10:03:26.0758 6532 sermouse - ok
10:03:26.0807 6532 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
10:03:26.0810 6532 SessionEnv - ok
10:03:26.0833 6532 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
10:03:26.0834 6532 sffdisk - ok
10:03:26.0844 6532 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
10:03:26.0845 6532 sffp_mmc - ok
10:03:26.0857 6532 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
10:03:26.0858 6532 sffp_sd - ok
10:03:26.0870 6532 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
10:03:26.0871 6532 sfloppy - ok
10:03:26.0893 6532 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
10:03:26.0900 6532 SharedAccess - ok
10:03:26.0946 6532 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
10:03:26.0953 6532 ShellHWDetection - ok
10:03:26.0976 6532 [ 7AC6FBFC13ABA3F15B05986412D10E10 ] Shockprf C:\Windows\system32\DRIVERS\Apsx64.sys
10:03:26.0979 6532 Shockprf - ok
10:03:27.0020 6532 [ 7799106FEE728B907A86D9C9751E02D5 ] silabenm C:\Windows\system32\DRIVERS\silabenm.sys
10:03:27.0020 6532 silabenm - ok
10:03:27.0047 6532 [ 300ACF1ABD7A8E6D5FA553CA462226EE ] silabser C:\Windows\system32\DRIVERS\silabser.sys
10:03:27.0049 6532 silabser - ok
10:03:27.0071 6532 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
10:03:27.0074 6532 SiSRaid2 - ok
10:03:27.0078 6532 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
10:03:27.0080 6532 SiSRaid4 - ok
10:03:27.0163 6532 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
10:03:27.0166 6532 SkypeUpdate - ok
10:03:27.0193 6532 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
10:03:27.0195 6532 Smb - ok
10:03:27.0226 6532 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
10:03:27.0229 6532 SNMPTRAP - ok
10:03:27.0239 6532 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
10:03:27.0241 6532 spldr - ok
10:03:27.0270 6532 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
10:03:27.0278 6532 Spooler - ok
10:03:27.0368 6532 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
10:03:27.0435 6532 sppsvc - ok
10:03:27.0452 6532 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
10:03:27.0454 6532 sppuinotify - ok
10:03:27.0472 6532 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
10:03:27.0479 6532 srv - ok
10:03:27.0499 6532 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
10:03:27.0504 6532 srv2 - ok
10:03:27.0542 6532 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS
10:03:27.0547 6532 SrvHsfHDA - ok
10:03:27.0584 6532 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS
10:03:27.0618 6532 SrvHsfV92 - ok
10:03:27.0639 6532 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
10:03:27.0648 6532 SrvHsfWinac - ok
10:03:27.0674 6532 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
10:03:27.0678 6532 srvnet - ok
10:03:27.0690 6532 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
10:03:27.0693 6532 SSDPSRV - ok
10:03:27.0706 6532 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
10:03:27.0709 6532 SstpSvc - ok
10:03:27.0745 6532 [ 74425FFA11C133D045E1C3BE2EAD481D ] ssudmdm C:\Windows\system32\DRIVERS\ssudmdm.sys
10:03:27.0749 6532 ssudmdm - ok
10:03:27.0767 6532 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
10:03:27.0768 6532 stexstor - ok
10:03:27.0808 6532 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
10:03:27.0817 6532 stisvc - ok
10:03:27.0857 6532 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
10:03:27.0859 6532 storflt - ok
10:03:27.0872 6532 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
10:03:27.0876 6532 StorSvc - ok
10:03:27.0889 6532 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
10:03:27.0889 6532 storvsc - ok
10:03:27.0961 6532 [ 59B5A060A31BD4BAB030C4FCD1048292 ] SUService C:\Program Files (x86)\Lenovo\System Update\SUService.exe
10:03:27.0963 6532 SUService - ok
10:03:27.0972 6532 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
10:03:27.0974 6532 swenum - ok
10:03:27.0995 6532 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
10:03:28.0003 6532 swprv - ok
10:03:28.0040 6532 [ 883D2880144FD3ED9F1C04B5B5B9B562 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
10:03:28.0047 6532 SynTP - ok
10:03:28.0115 6532 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
10:03:28.0148 6532 SysMain - ok
10:03:28.0190 6532 [ 6820E296D9F517B7BC7387E93B1FF8BE ] t1pusb64 C:\Windows\system32\drivers\t1pusb64.sys
10:03:28.0193 6532 t1pusb64 - ok
10:03:28.0236 6532 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
10:03:28.0239 6532 TabletInputService - ok
10:03:28.0251 6532 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
10:03:28.0258 6532 TapiSrv - ok
10:03:28.0272 6532 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
10:03:28.0275 6532 TBS - ok
10:03:28.0323 6532 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
10:03:28.0365 6532 Tcpip - ok
10:03:28.0414 6532 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
10:03:28.0423 6532 TCPIP6 - ok
10:03:28.0470 6532 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
10:03:28.0471 6532 tcpipreg - ok
10:03:28.0500 6532 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
10:03:28.0500 6532 TDPIPE - ok
10:03:28.0524 6532 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
10:03:28.0525 6532 TDTCP - ok
10:03:28.0567 6532 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
10:03:28.0570 6532 tdx - ok
10:03:28.0603 6532 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
10:03:28.0605 6532 TermDD - ok
10:03:28.0622 6532 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
10:03:28.0631 6532 TermService - ok
10:03:28.0649 6532 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
10:03:28.0650 6532 Themes - ok
10:03:28.0674 6532 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
10:03:28.0675 6532 THREADORDER - ok
10:03:28.0683 6532 [ BC148E3415BF8A9DE83364966F75044F ] TPDIGIMN C:\Windows\system32\DRIVERS\ApsHM64.sys
10:03:28.0685 6532 TPDIGIMN - ok
10:03:28.0722 6532 [ BBD91008BEC4A2BA5D383BC9A15D6F9E ] TPHDEXLGSVC C:\Windows\system32\TPHDEXLG64.exe
10:03:28.0723 6532 TPHDEXLGSVC - ok
10:03:28.0771 6532 [ 83415782D47F8064FCAFEA308ABB2246 ] TPHKLOAD C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
10:03:28.0775 6532 TPHKLOAD - ok
10:03:28.0804 6532 [ C04BB65441913AB621C58A8BD3169B23 ] TPHKSVC C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
10:03:28.0808 6532 TPHKSVC - ok
10:03:28.0831 6532 [ DBCC20C02E8A3E43B03C304A4E40A84F ] TPM C:\Windows\system32\drivers\tpm.sys
10:03:28.0832 6532 TPM - ok
10:03:28.0858 6532 [ 1DF6E6C026AD1D428687FE3B427A87BC ] TPPWRIF C:\Windows\system32\drivers\Tppwr64v.sys
10:03:28.0860 6532 TPPWRIF - ok
10:03:28.0871 6532 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
10:03:28.0875 6532 TrkWks - ok
10:03:28.0927 6532 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
10:03:28.0931 6532 TrustedInstaller - ok
10:03:28.0975 6532 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
10:03:28.0976 6532 tssecsrv - ok
10:03:29.0030 6532 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
10:03:29.0032 6532 TsUsbFlt - ok
10:03:29.0080 6532 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
10:03:29.0083 6532 tunnel - ok
10:03:29.0109 6532 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
10:03:29.0111 6532 uagp35 - ok
10:03:29.0129 6532 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
10:03:29.0134 6532 udfs - ok
10:03:29.0146 6532 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
10:03:29.0148 6532 UI0Detect - ok
10:03:29.0176 6532 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
10:03:29.0178 6532 uliagpkx - ok
10:03:29.0216 6532 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
10:03:29.0216 6532 umbus - ok
10:03:29.0235 6532 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
10:03:29.0235 6532 UmPass - ok
10:03:29.0274 6532 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
10:03:29.0279 6532 UmRdpService - ok
10:03:29.0342 6532 [ 67A95B9D129ED5399E7965CD09CF30E7 ] UMVPFSrv C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
10:03:29.0348 6532 UMVPFSrv - ok
10:03:29.0445 6532 [ 2B971A72C0D6BD8A710E2748353773DD ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
10:03:29.0496 6532 UNS - ok
10:03:29.0517 6532 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
10:03:29.0524 6532 upnphost - ok
10:03:29.0543 6532 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
10:03:29.0546 6532 usbaudio - ok
10:03:29.0569 6532 [ EBF228A52517042DE4F38A40285BC8D9 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
10:03:29.0569 6532 usbccgp - ok
10:03:29.0605 6532 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
10:03:29.0607 6532 usbcir - ok
10:03:29.0631 6532 [ 6B3D5E6A9DA786EC755B00BC180C700B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
10:03:29.0633 6532 usbehci - ok
10:03:29.0656 6532 [ 94ABE9DA48E466BBE84C73E0C6652ED1 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
10:03:29.0661 6532 usbhub - ok
10:03:29.0673 6532 [ 660B2C08CE7103E71EAA26F85B0B0A56 ] usbohci C:\Windows\system32\drivers\usbohci.sys
10:03:29.0675 6532 usbohci - ok
10:03:29.0714 6532 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
10:03:29.0716 6532 usbprint - ok
10:03:29.0730 6532 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:03:29.0733 6532 USBSTOR - ok
10:03:29.0747 6532 [ 1529632FC96032D337B298F8A285D640 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
10:03:29.0749 6532 usbuhci - ok
10:03:29.0766 6532 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
10:03:29.0770 6532 usbvideo - ok
10:03:29.0824 6532 [ 70D05EE263568A742D14E1876DF80532 ] usb_rndisx C:\Windows\system32\DRIVERS\usb8023x.sys
10:03:29.0825 6532 usb_rndisx - ok
10:03:29.0838 6532 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
10:03:29.0841 6532 UxSms - ok
10:03:29.0860 6532 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
10:03:29.0862 6532 VaultSvc - ok
10:03:29.0883 6532 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
10:03:29.0885 6532 vdrvroot - ok
10:03:29.0931 6532 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
10:03:29.0940 6532 vds - ok
10:03:29.0954 6532 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
10:03:29.0956 6532 vga - ok
10:03:29.0972 6532 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
10:03:29.0974 6532 VgaSave - ok
10:03:29.0989 6532 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
10:03:29.0992 6532 vhdmp - ok
10:03:30.0007 6532 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
10:03:30.0009 6532 viaide - ok
10:03:30.0053 6532 [ 2DFD1EB9DE564460003DE1605A275E8D ] vidsflt61 C:\Windows\system32\DRIVERS\vsflt61.sys
10:03:30.0057 6532 vidsflt61 - ok
10:03:30.0071 6532 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
10:03:30.0075 6532 vmbus - ok
10:03:30.0095 6532 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
10:03:30.0097 6532 VMBusHID - ok
10:03:30.0114 6532 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
10:03:30.0116 6532 volmgr - ok
10:03:30.0158 6532 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
10:03:30.0164 6532 volmgrx - ok
10:03:30.0176 6532 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
10:03:30.0182 6532 volsnap - ok
10:03:30.0194 6532 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
10:03:30.0198 6532 vsmraid - ok
10:03:30.0254 6532 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
10:03:30.0288 6532 VSS - ok
10:03:30.0297 6532 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
10:03:30.0300 6532 vwifibus - ok
10:03:30.0320 6532 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
10:03:30.0322 6532 vwififlt - ok
10:03:30.0346 6532 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
10:03:30.0352 6532 W32Time - ok
10:03:30.0358 6532 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
10:03:30.0359 6532 WacomPen - ok
10:03:30.0377 6532 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
10:03:30.0378 6532 WANARP - ok
10:03:30.0382 6532 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
10:03:30.0383 6532 Wanarpv6 - ok
10:03:30.0436 6532 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
10:03:30.0461 6532 WatAdminSvc - ok
10:03:30.0524 6532 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
10:03:30.0558 6532 wbengine - ok
10:03:30.0575 6532 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
10:03:30.0579 6532 WbioSrvc - ok
10:03:30.0617 6532 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
10:03:30.0624 6532 wcncsvc - ok
10:03:30.0628 6532 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
10:03:30.0631 6532 WcsPlugInService - ok
10:03:30.0641 6532 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
10:03:30.0642 6532 Wd - ok
10:03:30.0665 6532 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
10:03:30.0682 6532 Wdf01000 - ok
10:03:30.0699 6532 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
10:03:30.0702 6532 WdiServiceHost - ok
10:03:30.0707 6532 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
10:03:30.0709 6532 WdiSystemHost - ok
10:03:30.0753 6532 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
10:03:30.0758 6532 WebClient - ok
10:03:30.0772 6532 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
10:03:30.0778 6532 Wecsvc - ok
10:03:30.0790 6532 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
10:03:30.0792 6532 wercplsupport - ok
10:03:30.0806 6532 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
10:03:30.0808 6532 WerSvc - ok
10:03:30.0824 6532 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
10:03:30.0825 6532 WfpLwf - ok
10:03:30.0843 6532 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
10:03:30.0845 6532 WIMMount - ok
10:03:30.0874 6532 [ 1EDBBF412A382550AF6EB35F5E46928E ] winachsf C:\Windows\system32\DRIVERS\CAX_CNXT.sys
10:03:30.0883 6532 winachsf - ok
10:03:30.0896 6532 WinDefend - ok
10:03:30.0911 6532 WinHttpAutoProxySvc - ok
10:03:30.0960 6532 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
10:03:30.0982 6532 Winmgmt - ok
10:03:31.0045 6532 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
10:03:31.0095 6532 WinRM - ok
10:03:31.0140 6532 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
10:03:31.0141 6532 WinUsb - ok
10:03:31.0168 6532 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
10:03:31.0193 6532 Wlansvc - ok
10:03:31.0207 6532 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
10:03:31.0208 6532 WmiAcpi - ok
10:03:31.0220 6532 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
10:03:31.0225 6532 wmiApSrv - ok
10:03:31.0234 6532 WMPNetworkSvc - ok
10:03:31.0261 6532 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
10:03:31.0262 6532 WPCSvc - ok
10:03:31.0299 6532 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
10:03:31.0303 6532 WPDBusEnum - ok
10:03:31.0324 6532 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
10:03:31.0325 6532 ws2ifsl - ok
10:03:31.0337 6532 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
10:03:31.0341 6532 wscsvc - ok
10:03:31.0346 6532 WSearch - ok
10:03:31.0407 6532 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
10:03:31.0457 6532 wuauserv - ok
10:03:31.0474 6532 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
10:03:31.0477 6532 WudfPf - ok
10:03:31.0514 6532 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
10:03:31.0517 6532 WUDFRd - ok
10:03:31.0554 6532 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
10:03:31.0558 6532 wudfsvc - ok
10:03:31.0574 6532 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
10:03:31.0579 6532 WwanSvc - ok
10:03:31.0601 6532 [ E8F3FA126A06F8E7088F63757112A186 ] XAudio C:\Windows\system32\DRIVERS\XAudio64.sys
10:03:31.0601 6532 XAudio - ok
10:03:31.0626 6532 ================ Scan global ===============================
10:03:31.0649 6532 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
10:03:31.0677 6532 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
10:03:31.0685 6532 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
10:03:31.0710 6532 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
10:03:31.0732 6532 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
10:03:31.0737 6532 [Global] - ok
10:03:31.0737 6532 ================ Scan MBR ==================================
10:03:31.0748 6532 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
10:03:32.0110 6532 \Device\Harddisk0\DR0 - ok
10:03:32.0111 6532 ================ Scan VBR ==================================
10:03:32.0114 6532 [ 8D4D48765063EC814B28A6EA9F494418 ] \Device\Harddisk0\DR0\Partition1
10:03:32.0118 6532 \Device\Harddisk0\DR0\Partition1 - ok
10:03:32.0151 6532 [ DBE9AC19D238DADCF2D13D9913647A18 ] \Device\Harddisk0\DR0\Partition2
10:03:32.0153 6532 \Device\Harddisk0\DR0\Partition2 - ok
10:03:32.0154 6532 ============================================================
10:03:32.0154 6532 Scan finished
10:03:32.0154 6532 ============================================================
10:03:32.0164 6228 Detected object count: 0
10:03:32.0164 6228 Actual detected object count: 0


RogueKiller V8.0.0 [08/26/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Alan [Admin rights]
Mode : Scan -- Date : 08/27/2012 10:13:08

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : Root.MBR ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

C:Windowssystem32driversetchosts: 127.0.0.1 activate.adobe.com
127.0.0.1 3dns.adobe.com
127.0.0.1 3dns-1.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-4.adobe.com
127.0.0.1 3dns-5.adobe.com
127.0.0.1 activate.adobe.com
127.0.0.1 activate.wip1.adobe.com
127.0.0.1 activate.wip2.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 activate.wip4.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-1.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 adobe-dns-4.adobe.com
127.0.0.1 adobeereg.com
[...]


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST9320423AS +++++
--- User ---
[MBR] d38edd2fc83a07372bac0cbb2c68e7f8
[BSP] 90d9e6187ab41ab5be14759072ef77b9 : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 305143 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] a6ad9e8af510f7688b38d17eac094bf0
[BSP] 86374c7127b8f4bd42b092c40866ef58 : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 299442 Mo
1 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 613259264 | Size: 5801 Mo

Finished : << RKreport[1].txt >>
RKreport[1].txt

#6 Maurice Naggar

Maurice Naggar

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 14,550 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

Posted 27 August 2012 - 09:30 AM

Step 1
Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Step 2
Temporarily turn off your Antivirus program.

  • Close any/all open internet browsers. Save any open documents you have open & close programs you started.
  • Click on START>All Programs>Malwarebytes' Anti-Malware>Tools>Malwarebytes Anti-Malware Chameleon

    On Windows 7, press Windows-key, then start typing in text box
    Malwarebytes
    then select/click Malwarebytes Anti-Malware Chameleon
  • Once the Help file opens, click on a Chameleon button (starting with #1)
  • If running on Vista, Windows 7, press the Yes button when prompted at the UAC prompt to allow to run.

  • You should see a black Command-prompt-window that remains open and says MBAM-chameleon ver. 1.62 at the top
  • Press any key to continue as it says in the window {space-bar will do}
  • If the Chameleon button you tried does not work, try the next Chameleon button shown. (There are 12 in all).
  • Have infinite patience during this process
  • Malwarebytes Chameleon will proceed to update Malwarebytes Anti-Malware, so ensure that you are connected to the internet if possible
  • Once the update completes and it says your database is updated, click on OK button so that process can continue :excl:
  • Malwarebytes Chameleon will then terminate any threats running in memory, which may take a while, so please be patient.
  • After that, Malwarebytes Anti-Malware will open automatically and perform a Quick scan
  • A quick scan will take a few minutes, possibly 5 or so minutes. Have infinite patience.
  • Once the scan is complete, click on Show Results and remove any threats that are found by clicking Remove Selected
  • If prompted to restart your computer to complete the removal process, click Yes :excl:
  • If no threats are found, press OK button & press EXIT to end MBAM. Press the space-bar (or another key) to exit the command-prompt-window.
  • After your computer restarts, open Malwarebytes Anti-Malware and perform one last Quick scan to verify that there are no remaining threats

Copy and Paste the MBAM scan logs.

When all done, Re-Enable your Antivirus.
Maurice Naggar
Product Support

staff.png

Follow us: Twitter, Become a fan: Facebook

I close my threads if there is 5 days without a response.

#7 afendrich

afendrich

    New Member

  • Members
  • Pip
  • 4 posts

Posted 27 August 2012 - 11:39 AM

Hi Maurice

I am going to presume that with all the tests we didn't find anything that was infecting the system. Is that correct?

A

Results of screen317's Security Check version 0.99.46
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.62.0.1300
JavaFX 2.1.1
Java™ 7 Update 5
Java version out of Date!
Mozilla Firefox (14.0.1)
Google Chrome 21.0.1180.79
Google Chrome 21.0.1180.83
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````


Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.26.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Alan :: ALANQUAD [administrator]

Protection: Enabled

8/27/2012 12:20:21 AM
mbam-log-2012-08-27 (00-20-21).txt

Scan type: Flash scan
Scan options enabled: Memory | Startup | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: Registry | File System | P2P
Objects scanned: 158111
Time elapsed: 14 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#8 Maurice Naggar

Maurice Naggar

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 14,550 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

Posted 27 August 2012 - 12:25 PM

Correct. No malware found. I will close this after the cleanups of tools.

Given that you have MSE, I suggest you review section I of the MBAM F.A.Q. and put into place "trust settings" in both MSE and MBAM.
http://forums.malwar...post&pid=181018

You should remove Java 7 update 5 and get Java 7 update 6:
Posted Image Your Java runtime is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.
  • Accept the EULA & Download the latest version of >> Windows Offline << from here and save it to your desktop.
  • Get the Offline version that corresponds to your "bit-tedness" of your Windows (32-bit or 64-bit)
    How to determine whether a computer is running a 32-bit version or 64-bit version of the Windows operating system
  • Close any programs you may have running - especially your web browser(s).
  • Go to Start > Settings > Control Panel, select Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7u6-windows-i586.exe to install the newest version.
    ( jre-7u6-windows-x64.exe if this is a 64-bit Windows o.s.)
  • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup) Posted Image
  • On the General tab, under Temporary Internet Files, click the Settings button.
  • Next, click on the Delete Files button
  • There are two options in the window to clear the cache - Leave BOTH Checked

    Applications and Applets
    Trace and Log Files
[*]Click OK on Delete Temporary Files Window
Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
[*]Click OK to leave the Temporary Files Window
[/list]Small tweaks for Java runtime, since most all users do not need to load Java at each Windows startup:
Click Advanced Tab. Expand the Miscellaneous item.
UN-check the line Java quick starter
Press Apply then OK. Close the applet when done.
  • Download OTC to your desktop and run it
  • Click Yes to beginning the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.
ERUNT you should keep and use periodically to backup Windows registry.

Delete the following if still present:
aswMBR.exe
RogueKiller.exe
TDSSKILLER.exe
If you purchased MBAM , you may contact the consumer help desk here for MBAM issues.
Otherwise, for general issues with MBAM (non-malware related), please use the MBAM General sub-forum http://forums.malwar...hp?showforum=41

Cheers.
Maurice Naggar
Product Support

staff.png

Follow us: Twitter, Become a fan: Facebook

I close my threads if there is 5 days without a response.

#9 Maurice Naggar

Maurice Naggar

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 14,550 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

Posted 30 August 2012 - 07:44 AM

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!
Maurice Naggar
Product Support

staff.png

Follow us: Twitter, Become a fan: Facebook

I close my threads if there is 5 days without a response.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users