afendrich Posted August 27, 2012 ID:590385 Share Posted August 27, 2012 I am using MS Security essentials on Win 7 64 bit machine. Have excluded Malwarebytes files EXCEPT C:\WINDOWS\SysWOW64\drivers\mbamswissarmy.sys which does not seem to be presentFull scan crashes the system (not freezes)Here are the log files:.DDS (Ver_2011-08-26.01) - NTFSAMD64Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1Run by Alan at 2:07:15 on 2012-08-27Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.7988.5601 [GMT -4:00].AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}.============== Running Processes ===============.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\ibmpmsvc.exeC:\Windows\system32\svchost.exe -k RPCSSc:\Program Files\Microsoft Security Client\MsMpEng.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exeC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exeC:\Program Files\LENOVO\HOTKEY\TPHKSVC.exeC:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exeC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeC:\PROGRA~1\Lenovo\HOTKEY\tpnumlk.exeC:\Program Files\Intel\WiFi\bin\EvtEng.exeC:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exeC:\Windows\system32\GManager.exeC:\Windows\system32\svchost.exe -k HsfXAudioServiceC:\Program Files\Lenovo\Communications Utility\CAMMUTE.exeC:\Program Files\LENOVO\HOTKEY\MICMUTE.exeC:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exeC:\Program Files\LENOVO\VIRTSCRL\lvvsst.exeC:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exeC:\Program Files (x86)\LogMeIn\x64\RaMaint.exeC:\Program Files (x86)\LogMeIn\x64\LogMeIn.exeC:\Program Files (x86)\Common Files\DesktopUtil\MCTDesktopSvr.exeC:\Program Files\Macrium\Reflect\ReflectService.exeC:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exeC:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exeC:\Windows\system32\wbem\unsecapp.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exeC:\Program Files (x86)\Lenovo\System Update\SUService.exeC:\Windows\system32\SearchIndexer.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exeC:\Windows\system32\taskhost.exeC:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exeC:\Program Files\LENOVO\HOTKEY\tposdsvc.exeC:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exeC:\Windows\system32\Dwm.exeC:\Program Files\Lenovo\HOTKEY\TPONSCR.exeC:\Program Files\Lenovo\Zoom\TpScrex.exeC:\Windows\System32\hkcmd.exeC:\Windows\System32\igfxpers.exeC:\Windows\System32\TpShocks.exeC:\Program Files\Microsoft Security Client\msseces.exeC:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exeC:\Program Files\Lenovo\Communications Utility\TPKNRRES.exeC:\Program Files\Logitech\SetPointP\SetPoint.exeC:\Program Files (x86)\Common Files\DesktopUtil\FDispPos.exeC:\Program Files (x86)\Common Files\DesktopUtil\MCTDUtil.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\Synaptics\SynTP\SynTPLpr.exeC:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXEC:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXEC:\Program Files (x86)\Clownfish\Clownfish.exeC:\Program Files (x86)\Affixa\AffixaTray.exeC:\Program Files (x86)\Skype\Phone\Skype.exeC:\Program Files (x86)\Digital Line Detect\DLG.exeC:\Program Files (x86)\TechSmith\Snagit 9\Snagit32.exeC:\Windows\SysWOW64\DllHost.exeC:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exeC:\Windows\SysWOW64\rundll32.exeC:\Windows\system32\rundll32.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exeC:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exeC:\Program Files (x86)\Mindjet\MindManager 10\MmReminderService.exeC:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exeC:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exeC:\Program Files (x86)\TechSmith\Snagit 9\TSCHelp.exeC:\Program Files (x86)\TechSmith\Snagit 9\SnagPriv.exeC:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exeC:\Windows\system32\igfxext.exeC:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exeC:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exeC:\Program Files (x86)\TechSmith\Snagit 9\snagiteditor.exeC:\Windows\splwow64.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exeC:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXEC:\Program Files\Classic Shell\ClassicStartMenu.exeC:\Windows\explorer.exeC:\Program Files (x86)\Mozilla Firefox\firefox.exeC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exeC:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exec:\Program Files\Microsoft Security Client\MpCmdRun.exeC:\Windows\system32\igfxsrvc.exeC:\Windows\system32\DllHost.exeC:\Windows\system32\DllHost.exeC:\Windows\SysWOW64\cmd.exeC:\Windows\system32\conhost.exeC:\Windows\SysWOW64\cscript.exeC:\Windows\system32\wbem\wmiprvse.exe.============== Pseudo HJT Report ===============.uURLSearchHooks: H - No FilemWinlogon: Userinit=userinit.exeBHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - C:\Program Files (x86)\TechSmith\Snagit 9\SnagitBHO.dllBHO: EasyPark.Homeloading.ActiveX.CommunicationControl: {082ae893-dcf4-4dcf-9a01-5ea5d680b832} - mscoree.dllBHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllBHO: ExplorerBHO Class: {449d0d6e-2412-4e61-b68f-1cb625cd9e52} - C:\Program Files\Classic Shell\ClassicExplorer32.dllBHO: AffixaHandlerLib.BHO: {5adefb9e-b824-45e6-86e2-2b7941f5d6a3} - mscoree.dllBHO: CmjBrowserHelperObject Object: {6fe6a929-59d1-4763-91ad-29b61cffb35b} - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dllBHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dllBHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dllBHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dllBHO: ClassicIE9BHO Class: {ea801577-e6ad-4bd5-8f71-4be0154331a4} - C:\Program Files\Classic Shell\ClassicIE9DLL_32.dllBHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dllTB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dllTB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - C:\Program Files (x86)\TechSmith\Snagit 9\SnagitIEAddin.dllTB: Classic Explorer Bar: {553891b7-a0d5-4526-be18-d3ce461d6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dllTB: {687578B9-7132-4A7A-80E4-30EE31099E03} - No FileuRun: [Clownfish] "C:\Program Files (x86)\Clownfish\Clownfish.exe"uRun: [Affixa] C:\Program Files (x86)\Affixa\AffixaTray.exeuRun: [Google Update] "C:\Users\Alan\AppData\Local\Google\Update\GoogleUpdate.exe" /cuRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrunmRun: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exemRun: [iMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"mRun: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitormRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun: [<NO NAME>]mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hidemRun: [MMReminderService] C:\Program Files (x86)\Mindjet\MindManager 10\MMReminderService.exemRun: [AffixaPersonalSettings] "C:\Program Files (x86)\Affixa\AffixaHandler.exe" /APPLYPERSONALmRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttrayStartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\DIGITA~1.LNK - C:\Program Files (x86)\Digital Line Detect\DLG.exeStartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SNAGIT~1.LNK - C:\Program Files (x86)\TechSmith\Snagit 9\Snagit32.exemPolicies-explorer: NoActiveDesktop = 1 (0x1)mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)mPolicies-system: EnableUIADesktopToggle = 0 (0x0)mPolicies-system: EnableLinkedConnections = 1 (0x1)IE: IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.htmlIE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.htmlIE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.htmlIE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.htmlIE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000IE: Send Image To MindManager - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll/201IE: Send Link To MindManager - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll/203IE: Send Page To MindManager - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll/204IE: Send Text To MindManager - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll/202IE: {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE9_32.exeIE: {2F72393D-2472-4F82-B600-ED77F354B7FF} - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dllIE: {64964764-1101-4bbd-8891-B56B1A53B9B3} - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLLDPF: {816BE035-1450-40D0-8A3B-BA7825A83A77} - hxxp://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect2.cabTCP: DhcpNameServer = 192.168.2.1TCP: Interfaces\{4953C4C4-2DC8-424C-88BB-58DE6537C051} : DhcpNameServer = 192.168.2.1TCP: Interfaces\{BA44D90C-B88F-436D-858D-7B5E1695BF46} : DhcpNameServer = 192.168.2.1TCP: Interfaces\{BA44D90C-B88F-436D-858D-7B5E1695BF46}\2474D21353 : DhcpNameServer = 192.168.2.1TCP: Interfaces\{E9DA7350-AA86-4266-B2AB-1057C2AE36C2} : DhcpNameServer = 192.168.42.129Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLLLSA: Notification Packages = scecli ACGinamASetup: {90EF4A5E-85DB-4825-96F5-1AB93C2A8EEB} - C:\Program Files (x86)\Mindjet\MindManager 10\sys\MmInternetExplorerActiveSetup.vbsBHO-X64: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 9\SnagitBHO.dllBHO-X64: EasyPark.Homeloading.ActiveX.CommunicationControl: {082AE893-DCF4-4dcf-9A01-5EA5D680B832} - mscoree.dllBHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllBHO-X64: AcroIEHelperStub - No FileBHO-X64: ExplorerBHO Class: {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dllBHO-X64: AffixaHandlerLib.BHO: {5adefb9e-b824-45e6-86e2-2b7941f5d6a3} - mscoree.dllBHO-X64: CmjBrowserHelperObject Object: {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dllBHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dllBHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dllBHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dllBHO-X64: ClassicIE9BHO Class: {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_32.dllBHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dllBHO-X64: SmartSelect - No FileTB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dllTB-X64: Snagit: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 9\SnagitIEAddin.dllTB-X64: Classic Explorer Bar: {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dllTB-X64: {687578B9-7132-4A7A-80E4-30EE31099E03} - No FilemRun-x64: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exemRun-x64: [iMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"mRun-x64: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitormRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun-x64: [(Default)]mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"mRun-x64: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hidemRun-x64: [MMReminderService] C:\Program Files (x86)\Mindjet\MindManager 10\MMReminderService.exemRun-x64: [AffixaPersonalSettings] "C:\Program Files (x86)\Affixa\AffixaHandler.exe" /APPLYPERSONALmRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttrayIE-X64: {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE9_32.exe.================= FIREFOX ===================.FF - ProfilePath - C:\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\jtu6ryl0.default\FF - prefs.js: browser.startup.homepage - hxxp://advancedhiring.com/|http://www.advancedhiring.com/blog/|http://mail.advancedhiring.com/Default.aspx#page=L01haW4vZnJtTWVzc2FnZXMuYXNweD8_§ion=UserEmail&lbh=falseFF - prefs.js: keyword.URL - hxxp://search.toolbars.alexa.com/?ver=spkyf-1.7.0&src=ab&aid=mXu8g1i553002V&q=FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dllFF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dllFF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dllFF - plugin: C:\Program Files (x86)\Parx\Parx.Homeloading\NPEasyPark.dllFF - plugin: C:\Users\Alan\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dllFF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dllFF - plugin: C:\Windows\SysWOW64\npDeployJava1.dllFF - plugin: C:\Windows\SysWOW64\npmproxy.dll.============= SERVICES / DRIVERS ===============.R0 DzHDD64;DzHDD64;C:\Windows\system32\DRIVERS\DzHDD64.sys --> C:\Windows\system32\DRIVERS\DzHDD64.sys [?]R0 fltsrv;Acronis Storage Filter Management;C:\Windows\system32\DRIVERS\fltsrv.sys --> C:\Windows\system32\DRIVERS\fltsrv.sys [?]R0 mctkmdldr;mctkmdldr;C:\Windows\system32\drivers\mctkmdldr64.sys --> C:\Windows\system32\drivers\mctkmdldr64.sys [?]R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]R0 TPDIGIMN;TPDIGIMN;C:\Windows\system32\DRIVERS\ApsHM64.sys --> C:\Windows\system32\DRIVERS\ApsHM64.sys [?]R0 vidsflt61;Acronis Disk Storage Filter (61);C:\Windows\system32\DRIVERS\vsflt61.sys --> C:\Windows\system32\DRIVERS\vsflt61.sys [?]R1 lenovo.smi;Lenovo System Interface Driver;C:\Windows\system32\DRIVERS\smiifx64.sys --> C:\Windows\system32\DRIVERS\smiifx64.sys [?]R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]R2 GManager;GManager;C:\Windows\system32\GManager.exe --> C:\Windows\system32\GManager.exe [?]R2 HsfXAudioService;HsfXAudioService;C:\Windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992]R2 LENOVO.CAMMUTE;Lenovo Camera Mute;C:\Program Files\Lenovo\Communications Utility\CamMute.exe [2012-8-14 50536]R2 LENOVO.MICMUTE;Lenovo Microphone Mute;C:\Program Files\Lenovo\HOTKEY\micmute.exe [2012-8-3 101736]R2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe [2012-8-14 74088]R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe [2012-8-3 133992]R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-7-5 375208]R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2012-6-8 15928]R2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\C:\Windows\system32\drivers\LMIRfsDriver.sys --> C:\Windows\system32\drivers\LMIRfsDriver.sys [?]R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-8-26 655944]R2 MCTDesktopSvr;MCTDesktopSvr;C:\Program Files (x86)\Common Files\DesktopUtil\MCTDesktopSvr.exe [2012-8-6 199296]R2 ReflectService.exe;Macrium Reflect Image Mounting Service;C:\Program Files\Macrium\Reflect\ReflectService.exe [2012-7-29 301760]R2 rimspci;rimspci;C:\Windows\system32\DRIVERS\rimspe64.sys --> C:\Windows\system32\DRIVERS\rimspe64.sys [?]R2 TPHKLOAD;Lenovo Hotkey Client Loader;C:\Program Files\Lenovo\HOTKEY\tphkload.exe [2012-8-3 145256]R2 TPHKSVC;On Screen Display;C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe [2012-8-3 142696]R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-8-3 2533400]R3 5U877;USB Video Device;C:\Windows\system32\DRIVERS\5U877.sys --> C:\Windows\system32\DRIVERS\5U877.sys [?]R3 CAXHWAZL;CAXHWAZL;C:\Windows\system32\DRIVERS\CAXHWAZL.sys --> C:\Windows\system32\DRIVERS\CAXHWAZL.sys [?]R3 DozeSvc;Lenovo Doze Mode Service;C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2012-8-3 320576]R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;C:\Windows\system32\DRIVERS\e1k62x64.sys --> C:\Windows\system32\DRIVERS\e1k62x64.sys [?]R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]R3 LenovoRd;LenovoRd;C:\Windows\system32\Drivers\LenovoRd.sys --> C:\Windows\system32\Drivers\LenovoRd.sys [?]R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]R3 mctkmd;mctkmd;C:\Windows\system32\drivers\mctkmd64.sys --> C:\Windows\system32\drivers\mctkmd64.sys [?]R3 t1pusb64;Trigger 1+ Graphics Card;C:\Windows\system32\drivers\t1pusb64.sys --> C:\Windows\system32\drivers\t1pusb64.sys [?]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-8-3 250056]S3 CompFilter64;UVCCompositeFilter;C:\Windows\system32\DRIVERS\lvbflt64.sys --> C:\Windows\system32\DRIVERS\lvbflt64.sys [?]S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudbus.sys --> C:\Windows\system32\DRIVERS\ssudbus.sys [?]S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]S3 LVUVC64;Logitech HD Pro Webcam C910(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-8-3 113120]S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]S3 Power Manager DBC Service;Power Manager DBC Service;C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe [2012-8-3 1662560]S3 PwmEWSvc;Cisco EnergyWise Enabler;C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.exe [2012-8-3 1665120]S3 silabenm;Silicon Labs CP210x USB to UART Bridge Serial Port Enumerator Driver;C:\Windows\system32\DRIVERS\silabenm.sys --> C:\Windows\system32\DRIVERS\silabenm.sys [?]S3 silabser;Silicon Labs CP210x USB to UART Bridge Driver;C:\Windows\system32\DRIVERS\silabser.sys --> C:\Windows\system32\DRIVERS\silabser.sys [?]S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudmdm.sys --> C:\Windows\system32\DRIVERS\ssudmdm.sys [?]S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?].=============== Created Last 30 ================.2012-08-27 04:52:37 -------- d-----w- C:\Program Files\Classic Shell2012-08-26 21:50:37 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A47EACE5-6CFE-4FA8-823C-917CA1DBD5F9}\offreg.dll2012-08-26 21:49:57 9309624 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A47EACE5-6CFE-4FA8-823C-917CA1DBD5F9}\mpengine.dll2012-08-26 17:39:34 -------- d-----w- C:\Users\Alan\AppData\Roaming\Malwarebytes2012-08-26 17:39:28 -------- d-----w- C:\ProgramData\Malwarebytes2012-08-26 17:39:27 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys2012-08-26 17:39:27 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware2012-08-25 21:52:03 9309624 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll2012-08-24 08:34:52 71680 ----a-w- C:\Windows\System32\drivers\silabser.sys2012-08-24 08:34:52 27336 ----a-w- C:\Windows\System32\drivers\silabenm.sys2012-08-24 08:34:52 -------- d-----w- C:\SiLabs2012-08-24 08:33:35 -------- d-----w- C:\Program Files (x86)\Silabs2012-08-24 08:33:17 -------- d-----w- C:\Program Files (x86)\Parx2012-08-24 04:18:28 -------- d-----w- C:\Program Files\ThinkVantage2012-08-24 04:17:28 98496 ----a-w- C:\Windows\System32\NicInstK.dll2012-08-24 04:17:28 68264 ----a-w- C:\Windows\System32\e1kmsg.dll2012-08-24 04:17:28 342704 ----a-w- C:\Windows\System32\drivers\e1k62x64.sys2012-08-22 20:46:26 -------- d-----w- C:\Program Files\SAMSUNG2012-08-22 20:45:42 -------- d-----w- C:\ProgramData\Samsung2012-08-22 14:41:10 60304 ----a-w- C:\Users\Alan\g2mdlhlpx.exe2012-08-22 06:04:36 -------- d-----w- C:\Users\Alan\AppData\Roaming\The Journal 52012-08-22 06:04:36 -------- d-----w- C:\Users\Alan\AppData\Local\The Journal 52012-08-22 06:04:36 -------- d-----w- C:\ProgramData\The Journal2012-08-22 06:04:36 -------- d-----w- C:\Program Files (x86)\DavidRM Software2012-08-20 18:17:26 -------- d-----w- C:\Users\Alan\AppData\Roaming\Mapi2Xml2012-08-20 09:17:23 -------- d-----w- C:\Users\Alan\AppData\Local\Apps2012-08-20 09:17:22 -------- d-----w- C:\Users\Alan\AppData\Local\Deployment2012-08-16 14:29:49 -------- d-----w- C:\Program Files (x86)\Lame For Audacity2012-08-16 14:27:21 -------- d-----w- C:\Program Files (x86)\Audacity2012-08-16 04:51:46 737072 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll2012-08-16 04:51:30 4283672 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll2012-08-16 04:51:16 42776 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll2012-08-16 04:51:07 539984 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll2012-08-15 18:04:02 -------- d-----w- C:\Program Files (x86)\Citrix2012-08-15 18:03:10 -------- d-----w- C:\Program Files (x86)\Oracle2012-08-15 18:02:54 772544 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll2012-08-15 18:02:54 687544 ----a-w- C:\Windows\SysWow64\deployJava1.dll2012-08-15 17:25:50 -------- d-----w- C:\Users\Alan\AppData\Roaming\Affixa2012-08-15 17:23:14 -------- d-----w- C:\Program Files (x86)\Affixa2012-08-15 08:53:32 -------- d-----w- C:\Program Files (x86)\Clownfish2012-08-14 14:34:46 53248 ----a-r- C:\Users\Alan\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe2012-08-14 14:34:33 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys2012-08-14 14:33:20 -------- d-----w- C:\Users\Alan\AppData\Roaming\Logishrd2012-08-14 07:50:35 68864 ----a-w- C:\Windows\System32\drivers\stream.sys2012-08-14 07:46:00 951680 ----a-w- C:\Windows\System32\drivers\ndis.sys2012-08-14 07:34:56 99328 ----a-w- C:\Windows\System32\drivers\usbccgp.sys2012-08-14 07:34:56 7936 ----a-w- C:\Windows\System32\drivers\usbd.sys2012-08-14 07:34:56 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys2012-08-14 07:34:56 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys2012-08-14 07:34:55 52736 ----a-w- C:\Windows\System32\drivers\usbehci.sys2012-08-14 07:34:55 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys2012-08-14 07:34:55 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys2012-08-14 04:33:33 6656 ----a-w- C:\Windows\System32\pxc35pm.dll2012-08-14 04:33:01 -------- d-----w- C:\ProgramData\Mindjet2012-08-14 04:31:01 -------- d-----w- C:\Users\Alan\AppData\Local\{8162AB6F-3DB1-4988-9EE4-D2A7861BD300}2012-08-12 07:45:44 -------- d-----w- C:\Program Files (x86)\KeyWallet2012-08-09 05:36:32 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll2012-08-09 05:36:32 366592 ----a-w- C:\Windows\System32\qdvd.dll2012-08-07 18:52:43 -------- d-----w- C:\Users\Alan\AppData\Roaming\Desktop Apps2012-08-07 18:50:16 -------- d-----w- C:\Program Files (x86)\Mioplanet2012-08-06 16:05:45 55808 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\ZIMFPRNT.DLL2012-08-06 15:55:27 -------- d-----w- C:\Program Files\HP2012-08-06 15:55:22 61952 ----a-w- C:\Windows\System32\ZIMF.DLL2012-08-06 15:55:22 567296 ----a-w- C:\Windows\System32\ZSHP1018.EXE2012-08-06 15:55:22 49664 ----a-w- C:\Windows\System32\ZTAG.DLL2012-08-06 15:55:22 127488 ----a-w- C:\Windows\System32\ZSPOOL.DLL2012-08-06 15:55:22 115200 ----a-w- C:\Windows\System32\ZLhp1018.DLL2012-08-06 14:31:22 230400 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\hpzppw71.dll2012-08-06 09:22:49 -------- d-----w- C:\Program Files (x86)\DisplayFusion2012-08-06 09:00:24 -------- d-----w- C:\ProgramData\Conexant2012-08-06 09:00:23 -------- d-----w- C:\Users\Alan\AppData\Local\Conexant2012-08-06 07:08:54 -------- d-----w- C:\Program Files (x86)\MCT Corp2012-08-05 15:09:42 -------- d-----w- C:\Program Files (x86)\OnyakTech2012-08-05 13:19:07 -------- d-----w- C:\Program Files (x86)\Microsoft ActiveSync2012-08-05 13:18:43 -------- d-----w- C:\Windows\PCHEALTH2012-08-05 10:40:55 -------- d-----w- C:\Program Files (x86)\VideoLAN2012-08-05 10:04:36 -------- d-----w- C:\ProgramData\Macrium2012-08-05 10:03:05 -------- d-----w- C:\Program Files\Macrium2012-08-05 09:18:39 -------- d-----w- C:\Users\Alan\AppData\Local\LogMeIn2012-08-05 09:18:37 59808 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\LMIproc.dll2012-08-05 09:18:37 34720 ----a-w- C:\Windows\System32\LMIport.dll2012-08-05 09:18:36 87488 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll2012-08-05 09:18:36 72216 ----a-w- C:\Windows\System32\drivers\LMIRfsDriver.sys2012-08-05 09:18:33 80800 ----a-w- C:\Windows\System32\LMIinit.dll2012-08-05 09:18:30 -------- d-----w- C:\ProgramData\LogMeIn2012-08-05 09:18:20 -------- d-----w- C:\Program Files (x86)\LogMeIn2012-08-05 07:53:59 -------- d-----w- C:\Program Files (x86)\Future Systems Solutions2012-08-05 07:09:54 1580576 ----a-w- C:\Windows\System32\drivers\tdrpm147.sys2012-08-05 07:09:45 83488 ----a-w- C:\Windows\System32\drivers\tifsfilt.sys2012-08-05 07:09:42 237600 ----a-w- C:\Windows\System32\drivers\snman380.sys2012-08-05 04:05:47 -------- d-----w- C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.22012-08-05 03:49:13 -------- d-----w- C:\Windows\System32\SPReview2012-08-05 03:48:35 -------- d-----w- C:\Windows\System32\EventProviders2012-08-04 19:50:03 -------- d-sh--w- C:\Users\Alan\AppData\Roaming\Common2012-08-04 19:39:42 3 ----a-w- C:\Windows\System32\OutN64proc64.dll2012-08-04 19:39:42 1 ----a-w- C:\Windows\System32\InN64proc64.dll2012-08-04 18:47:55 -------- d-----w- C:\Users\Alan\AppData\Local\Logitech® Webcam Software2012-08-04 18:44:30 -------- d-----w- C:\Program Files (x86)\Common Files\LWS2012-08-04 11:48:39 880160 ----a-w- C:\Windows\System32\drivers\timntr.sys2012-08-04 11:48:37 211040 ----a-w- C:\Windows\System32\drivers\vididr.sys2012-08-04 11:48:37 142944 ----a-w- C:\Windows\System32\drivers\vsflt61.sys2012-08-04 11:48:29 310368 ----a-w- C:\Windows\System32\drivers\snapman.sys2012-08-04 05:10:59 732160 ----a-w- C:\Windows\SysWow64\imapi2fs.dll2012-08-04 05:09:59 70656 ----a-w- C:\Windows\SysWow64\amstream.dll2012-08-04 04:49:57 2565632 ----a-w- C:\Windows\System32\esent.dll2012-08-04 04:49:57 1699328 ----a-w- C:\Windows\SysWow64\esent.dll2012-08-04 04:49:57 1659776 ----a-w- C:\Windows\System32\drivers\ntfs.sys2012-08-04 04:49:56 410496 ----a-w- C:\Windows\System32\drivers\iaStorV.sys2012-08-04 04:49:56 27008 ----a-w- C:\Windows\System32\drivers\amdxata.sys2012-08-04 04:49:56 189824 ----a-w- C:\Windows\System32\drivers\storport.sys2012-08-04 04:49:56 166272 ----a-w- C:\Windows\System32\drivers\nvstor.sys2012-08-04 04:49:56 148352 ----a-w- C:\Windows\System32\drivers\nvraid.sys2012-08-04 04:49:56 107904 ----a-w- C:\Windows\System32\drivers\amdsata.sys2012-08-04 04:49:55 96768 ----a-w- C:\Windows\System32\fsutil.exe2012-08-04 04:49:55 74240 ----a-w- C:\Windows\SysWow64\fsutil.exe2012-08-04 03:53:07 -------- d-sh--r- C:\acroldr2012-08-04 03:44:38 1285216 ----a-w- C:\Windows\System32\drivers\tdrpman.sys2012-08-04 03:44:31 142944 ----a-w- C:\Windows\System32\drivers\vsflt58.sys2012-08-04 03:44:28 133728 ----a-w- C:\Windows\System32\drivers\fltsrv.sys2012-08-03 15:53:39 -------- d-----w- C:\Users\Alan\AppData\Local\Google2012-08-03 15:53:37 -------- d-----w- C:\Users\Alan\AppData\Local\CRE2012-08-03 15:53:29 -------- d-----w- C:\Program Files (x86)\Conduit2012-08-03 15:53:28 -------- d-----w- C:\Users\Alan\AppData\Local\Conduit2012-08-03 15:53:19 -------- d-----w- C:\Program Files (x86)\uTorrent2012-08-03 15:52:47 -------- d-----w- C:\Users\Alan\AppData\Roaming\uTorrent2012-08-03 15:51:12 -------- d-----w- C:\Program Files\PeerBlock2012-08-03 15:35:22 -------- d-----w- C:\Windows\System32\appmgmt2012-08-03 15:34:32 -------- d-----r- C:\Program Files (x86)\Skype2012-08-03 15:23:20 -------- d-----w- C:\Users\Alan\AppData\Local\Macromedia2012-08-03 15:09:43 -------- d-----w- C:\Program Files (x86)\MSECache2012-08-03 13:38:35 -------- d-----w- C:\Users\Alan\AppData\Local\TechSmith2012-08-03 13:37:51 -------- d-----w- C:\Program Files (x86)\Banner Maker Pro 82012-08-03 13:37:10 -------- d-----w- C:\Windows\SysWow64\QuickTime2012-08-03 13:36:53 -------- d-----w- C:\Program Files (x86)\Common Files\TechSmith Shared2012-08-03 13:11:30 -------- d-----w- C:\ProgramData\regid.1986-12.com.adobe2012-08-03 13:03:04 -------- d-----w- C:\Users\Alan\AppData\Local\Adobe2012-08-03 12:49:54 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2012-08-03 12:49:54 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe2012-08-03 12:47:28 -------- d-----w- C:\Users\Alan\AppData\Local\Mindjet2012-08-03 12:42:01 -------- d-----w- C:\Program Files (x86)\Mindjet2012-08-03 12:41:10 -------- d-----w- C:\Users\Alan\AppData\Local\{8027227F-E033-40AD-8B3F-C0658D596D0B}2012-08-03 12:25:02 1139200 ----a-w- C:\Windows\System32\FntCache.dll2012-08-03 12:25:01 902656 ----a-w- C:\Windows\System32\d2d1.dll2012-08-03 12:25:01 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll2012-08-03 10:33:08 -------- d-----w- C:\Windows\Panther2012-08-03 10:17:36 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{13369C94-4FC9-4FA6-82AE-72735FF81386}\gapaengine.dll2012-08-03 10:12:19 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client2012-08-03 10:12:13 -------- d-----w- C:\Program Files\Microsoft Security Client2012-08-03 10:08:19 -------- d--h--w- C:\Windows\System32\WLANProfiles2012-08-03 10:04:34 163840 ----a-w- C:\Windows\System32\umpo.dll2012-08-03 09:56:15 -------- d-----w- C:\Users\Alan\AppData\Roaming\PwrMgr2012-08-03 09:54:42 -------- d-----w- C:\Users\Alan\AppData\Local\Lenovo2012-08-03 09:49:42 48704 ----a-w- C:\Windows\System32\ibmpmsvc.exe2012-08-03 09:49:42 42312 ----a-w- C:\Windows\System32\drivers\ibmpmdrv.sys2012-08-03 09:49:42 41024 ----a-w- C:\Windows\System32\tpinspm.dll2012-08-03 09:49:09 337608 ----a-w- C:\Windows\System32\PROUnstl.exe2012-08-03 09:48:47 118016 ----a-w- C:\Windows\System32\drivers\LenovoRd.sys2012-08-03 09:47:04 53248 ----a-r- C:\Users\Alan\AppData\Roaming\Microsoft\Installer\{0369F866-2CE0-4EB9-B426-88FA122C6E82}\ARPPRODUCTICON.exe2012-08-03 09:47:04 -------- d-----w- C:\ProgramData\Lenovo2012-08-03 09:47:04 -------- d-----w- C:\Program Files\Common Files\Lenovo2012-08-03 09:47:01 53248 ----a-r- C:\Users\Alan\AppData\Roaming\Microsoft\Installer\{6E6E7725-C7BC-4C39-8B3F-14B67331A120}\ARPPRODUCTICON.exe2012-08-03 09:45:25 2693728 ------w- C:\Windows\PWMBTHLV.EXE2012-08-03 09:45:23 29512 ----a-w- C:\Windows\System32\drivers\DZHDD64.SYS2012-08-03 09:45:23 2806880 ----a-w- C:\Windows\System32\PWMCP64V.cpl2012-08-03 09:45:23 19784 ----a-w- C:\Windows\System32\drivers\TPPWR64V.SYS2012-08-03 09:45:23 -------- d-----w- C:\Program Files (x86)\ThinkPad2012-08-03 09:44:51 77824 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll2012-08-03 09:44:51 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll2012-08-03 09:44:51 225280 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\IScript\iscript.dll2012-08-03 09:44:51 176128 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll2012-08-03 09:44:47 614532 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe2012-08-03 09:43:59 148264 ----a-w- C:\Windows\System32\SynTPCo4.dll2012-08-03 09:43:58 736528 ----a-w- C:\Windows\System32\SynCOM.dll2012-08-03 09:43:21 -------- d-----w- C:\Windows\Downloaded Installations2012-08-03 09:43:10 -------- d-----w- C:\Program Files (x86)\Common Files\Lenovo2012-08-03 09:43:00 15472 ----a-w- C:\Windows\System32\drivers\smiifx64.sys2012-08-03 09:42:47 -------- d-----w- C:\SWTOOLS2012-08-03 09:42:28 -------- d-----w- C:\Program Files (x86)\Common Files\postureAgent2012-08-03 09:41:22 682624 ----a-w- C:\Windows\System32\drivers\CHDRT64.sys2012-08-03 09:41:22 426040 ----a-w- C:\Windows\System32\UCI64A52.dll2012-08-03 09:41:22 1830016 ----a-w- C:\Windows\System32\CX64AQ17.dll2012-08-03 09:40:07 -------- d-----w- C:\Program Files (x86)\Digital Line Detect2012-08-03 09:40:03 -------- d-----w- C:\Users\Alan\AppData\Local\BVRP Software2012-08-03 09:39:22 -------- d-----w- C:\Program Files (x86)\NetWaiting2012-08-03 09:39:01 -------- d-----w- C:\Program Files\CONEXANT2012-08-03 09:38:47 94208 ----a-w- C:\Windows\SysWow64\mdmxsdk.dll2012-08-03 09:38:47 740864 ----a-w- C:\Windows\System32\drivers\CAX_CNXT.sys2012-08-03 09:38:47 436736 ----a-w- C:\Windows\SysWow64\XAudio64.dll2012-08-03 09:38:47 394752 ----a-w- C:\Windows\System32\UCI64M41.dll2012-08-03 09:38:47 292864 ----a-w- C:\Windows\System32\drivers\CAXHWAZL.sys2012-08-03 09:38:47 17024 ----a-w- C:\Windows\System32\drivers\mdmxsdk.sys2012-08-03 09:38:47 1486848 ----a-w- C:\Windows\System32\drivers\CAX_DPV.sys2012-08-03 09:38:47 10240 ----a-w- C:\Windows\System32\drivers\XAudio64.sys2012-08-03 09:37:19 -------- d-----w- C:\Program Files\Lenovo2012-08-03 09:37:17 -------- d-----w- C:\Program Files (x86)\Integrated Camera Driver2012-08-03 09:37:15 167040 ----a-w- C:\Windows\System32\drivers\5U877.sys2012-08-03 09:37:15 142848 ----a-w- C:\Windows\System32\5U877.ax2012-08-03 09:37:15 126976 ----a-w- C:\Windows\SysWow64\5U877.ax2012-08-03 09:37:15 123904 ----a-w- C:\Windows\System32\5U877.dll2012-08-03 09:34:27 317440 ----a-w- C:\Windows\System32\drivers\IntcDAud.sys2012-08-03 09:18:42 40248 ----a-w- C:\Windows\System32\drivers\psadd.sys2012-08-03 09:10:55 -------- d-----w- C:\Windows\SysWow64\Wat2012-08-03 09:10:55 -------- d-----w- C:\Windows\System32\Wat2012-08-03 09:10:37 -------- d-----w- C:\Program Files (x86)\Lenovo2012-08-03 07:47:26 -------- d-----w- C:\Intel2012-08-03 07:46:52 81408 ----a-w- C:\Windows\System32\imagehlp.dll2012-08-03 07:46:52 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys2012-08-03 07:46:52 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll2012-08-03 07:46:51 5120 ----a-w- C:\Windows\SysWow64\wmi.dll2012-08-03 07:46:51 5120 ----a-w- C:\Windows\System32\wmi.dll2012-08-03 07:46:51 220672 ----a-w- C:\Windows\System32\wintrust.dll2012-08-03 07:46:51 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll2012-08-03 07:42:57 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll2012-08-03 07:41:50 591872 ----a-w- C:\Windows\System32\SearchIndexer.exe2012-08-03 07:40:38 642944 ----a-w- C:\Windows\System32\winload.efi2012-08-03 07:39:50 64512 ----a-w- C:\Windows\SysWow64\devobj.dll2012-08-03 07:38:57 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll2012-08-03 07:30:52 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{45C852D5-B7E7-4021-ADFE-F901E40D3D26}\mpengine.dll2012-08-03 07:30:51 279656 ------w- C:\Windows\System32\MpSigStub.exe2012-08-03 07:29:57 77312 ----a-w- C:\Windows\System32\packager.dll2012-08-03 07:29:57 67072 ----a-w- C:\Windows\SysWow64\packager.dll2012-08-03 07:29:05 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll2012-08-03 07:29:05 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys2012-08-03 07:29:05 1031680 ----a-w- C:\Windows\System32\rdpcore.dll2012-08-03 07:24:22 2622464 ----a-w- C:\Windows\System32\wucltux.dll2012-08-03 07:24:16 99840 ----a-w- C:\Windows\System32\wudriver.dll2012-08-03 07:24:10 36864 ----a-w- C:\Windows\System32\wuapp.exe2012-08-03 07:24:10 186752 ----a-w- C:\Windows\System32\wuwebv.dll2012-08-03 07:21:54 -------- d-----w- C:\Users\Alan\AppData\Roaming\Intel2012-08-03 07:21:46 -------- d-----w- C:\Users\Alan\Roaming2012-08-03 07:21:46 -------- d-----w- C:\ProgramData\Roaming2012-08-03 07:21:06 -------- d-----w- C:\Program Files\Common Files\Intel2012-08-03 07:21:06 -------- d-----w- C:\Program Files (x86)\Cisco2012-08-03 07:20:32 -------- d-sh--w- C:\Windows\Installer2012-08-03 07:19:50 -------- d-----w- C:\DRIVERS2012-08-03 07:01:00 -------- d-----w- C:\Users\Alan\AppData\Local\Diagnostics2012-07-30 17:32:08 203104 ----a-w- C:\Windows\System32\drivers\ssudmdm.sys2012-07-30 17:32:08 102240 ----a-w- C:\Windows\System32\drivers\ssudbus.sys2012-07-29 16:52:52 13504 ----a-w- C:\Windows\System32\drivers\PSVolAcc.sys2012-07-29 16:52:32 57536 ----a-w- C:\Windows\System32\drivers\psmounter.sys.==================== Find3M ====================.2012-08-05 03:56:58 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll2012-08-05 03:56:57 175616 ----a-w- C:\Windows\System32\msclmd.dll2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys2012-07-04 22:13:27 59392 ----a-w- C:\Windows\System32\browcli.dll2012-07-04 22:13:27 136704 ----a-w- C:\Windows\System32\browser.dll2012-07-04 21:14:34 41984 ----a-w- C:\Windows\SysWow64\browcli.dll2012-06-29 03:56:34 2312704 ----a-w- C:\Windows\System32\jscript9.dll2012-06-29 03:49:11 1392128 ----a-w- C:\Windows\System32\wininet.dll2012-06-29 03:48:07 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl2012-06-29 03:43:49 173056 ----a-w- C:\Windows\System32\ieUnatt.exe2012-06-29 03:39:48 2382848 ----a-w- C:\Windows\System32\mshtml.tlb2012-06-29 00:16:58 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll2012-06-29 00:09:01 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll2012-06-29 00:08:59 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl2012-06-29 00:04:43 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe2012-06-29 00:00:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb2012-06-21 19:30:02 122368 ----a-w- C:\Windows\System32\TpShEvUI.exe2012-06-21 19:29:58 260608 ----a-w- C:\Windows\System32\TpShCPL.cpl2012-06-21 19:29:54 478208 ----a-w- C:\Windows\System32\TpShCPL.dll2012-06-21 19:29:50 222720 ----a-w- C:\Windows\System32\TpShocks.exe2012-06-08 16:05:56 35616 ----a-w- C:\Windows\System32\lmimirr.dll2012-06-08 16:05:56 14624 ----a-w- C:\Windows\System32\lmimirr2.dll2012-06-08 16:05:56 11552 ----a-w- C:\Windows\System32\drivers\lmimirr.sys2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll2012-05-30 17:42:10 569152 ----a-w- C:\Windows\System32\drivers\iaStor.sys.============= FINISH: 2:07:46.92 ===============.UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2011-08-26.01).Microsoft Windows 7 ProfessionalBoot Device: \Device\HarddiskVolume1Install Date: 8/3/2012 2:39:09 AMSystem Uptime: 8/26/2012 3:43:57 PM (11 hours ago).Motherboard: LENOVO | | 2537FE7Processor: Intel® Core i5 CPU M 520 @ 2.40GHz | None | 2400/133mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 298 GiB total, 201.58 GiB free.D: is CDROM ().==== Disabled Device Manager Items =============.Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}Description: Intel® Centrino® Advanced-N 6200 AGNDevice ID: PCI\VEN_8086&DEV_4239&SUBSYS_13118086&REV_35\4&3934E41C&0&00E1Manufacturer: Intel CorporationName: Intel® Centrino® Advanced-N 6200 AGNPNP Device ID: PCI\VEN_8086&DEV_4239&SUBSYS_13118086&REV_35\4&3934E41C&0&00E1Service: NETwNs64.==== System Restore Points ===================.RP78: 8/26/2012 12:00:01 AM - Scheduled CheckpointRP79: 8/27/2012 12:45:21 AM - Configured Silicon Laboratories CP210x VCP Drivers for Windows XšÂVRP80: 8/27/2012 12:52:09 AM - Installed Classic Shell.==== Installed Programs ======================.µTorrentAccess HelpAdobe Acrobat X Pro - English, Français, DeutschAdobe Flash Player 11 ActiveXAdobe Flash Player 11 PluginAffixaAffixa 3.2012.6.24Audacity 2.0Banner Maker Pro Version 8CameraHelperMsiCamtasia Studio 7Clownfish for SkypeCompatibility Pack for the 2007 Office systemeRegGoogle ChromeGoToMeeting 5.2.0.952Integrated Camera Driver Installer Package Ver.1.1.0.48Intel PROSet WirelessIntel® Control CenterIntel® Management Engine ComponentsIntel® Processor GraphicsJava Auto UpdaterJava 7 Update 5JavaFX 2.1.1KeyWalletLAME v3.99.3 (for Windows)Lenovo Patch UtilityLogitech Webcam SoftwareLogMeInLWS FacebookLWS GalleryLWS Help_mainLWS LauncherLWS Motion DetectionLWS Pictures And VideoLWS TwitterLWS Video Mask MakerLWS Webcam SoftwareLWS WLM PluginLWS YouTube PluginMalwarebytes Anti-Malware version 1.62.0.1300Microsoft Office File Validation Add-InMicrosoft Office Professional Edition 2003Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Mindjet MindManager 2012Mozilla Firefox 14.0.1 (x86 en-US)Mozilla Maintenance ServiceParx.HomeloadingPixel RulerPower ManagerRICOH R5U230 Media Driver ver.2.06.02.02Security Update for CAPICOM (KB931906)Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)SigmaLiveSilicon Laboratories CP210x USB to UART Bridge (Driver Removal)Silicon Laboratories CP210x VCP Drivers for Windows XP/2003 Server/Vista/7Skype™ 5.10Snagit 9.1System UpdateThe Journal 5ThinkPad UltraNav UtilityThinkVantage Access ConnectionsUpdate for Microsoft .NET Framework 4 Client Profile (KB2468871)Update for Microsoft .NET Framework 4 Client Profile (KB2533523)Update for Microsoft .NET Framework 4 Client Profile (KB2600217)USB Display Device (Trigger Family) 12.01.0315.3679VLC media player 2.0.3.==== Event Viewer Messages From Past Week ========.8/25/2012 5:56:31 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.8/20/2012 5:44:24 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1..==== End Of File =========================== Link to post Share on other sites More sharing options...
Maurice Naggar Posted August 27, 2012 ID:590439 Share Posted August 27, 2012 Hello afendrich.Your logs showed some peer-to-peer filesharing apps: µTorrent. You must uninstall it and confirm having done so. Filesharing/downloading from unknown sources is one of the leading causes of transmission of malware.Risks of File-Sharing Technology.P2P file sharing: Know the risksWhat is the STOP code that you get ?I would recommend you have a full backup of the system very soon, as your system may be having a serious HDD problem ---- as noted in your log ----8/20/2012 5:44:24 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1. Link to post Share on other sites More sharing options...
afendrich Posted August 27, 2012 Author ID:590451 Share Posted August 27, 2012 Wow that was fast. Thanks for the response.OK Utorrent gone -- had installed it to grab a copy of copy of Linux and forgot to unistall.Log Name: SystemSource: Microsoft-Windows-Kernel-PowerDate: 8/26/2012 3:44:04 PMEvent ID: 41Task Category: (63)Level: CriticalKeywords: (2)User: SYSTEMComputer: AlanQuadDescription:The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.Event Xml:<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="Microsoft-Windows-Kernel-Power" Guid="{331C3B3A-2005-44C2-AC5E-77220C37D6B4}" /> <EventID>41</EventID> <Version>2</Version> <Level>1</Level> <Task>63</Task> <Opcode>0</Opcode> <Keywords>0x8000000000000002</Keywords> <TimeCreated SystemTime="2012-08-26T19:44:04.052011500Z" /> <EventRecordID>15958</EventRecordID> <Correlation /> <Execution ProcessID="4" ThreadID="8" /> <Channel>System</Channel> <Computer>AlanQuad</Computer> <Security UserID="S-1-5-18" /> </System> <EventData> <Data Name="BugcheckCode">0</Data> <Data Name="BugcheckParameter1">0x0</Data> <Data Name="BugcheckParameter2">0x0</Data> <Data Name="BugcheckParameter3">0x0</Data> <Data Name="BugcheckParameter4">0x0</Data> <Data Name="SleepInProgress">false</Data> <Data Name="PowerButtonTimestamp">0</Data> </EventData></Event> Link to post Share on other sites More sharing options...
Maurice Naggar Posted August 27, 2012 ID:590453 Share Posted August 27, 2012 Please do the following:Step 11. Go >> Here << and download ERUNT (ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)2. Install ERUNT by following the prompts (use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)3. Start ERUNT (either by double clicking on the desktop icon or choosing to start the program at the end of the setup)4. Choose a location for the backup (the default location is C:\WINDOWS\ERDNT which is acceptable).5. Make sure that at least the first two check boxes are ticked 6. Press OK7. Press YES to create the folder.Step 2To show all files:Go to your DesktopDouble-Click the Computer icon. From the menu options, Select Tools, then Folder Options. Next click the View tab. Locate and uncheck Hide file extensions for known file types. Locate and uncheck Hide protected operating system files (Recommended). Locate and click Show hidden files and folders and drives. Click Apply > OK. Step 3Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our toolsFor directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware ProgramsDo NOT turn off the firewallDownload aswMBR.exe ( 511KB ) to your desktop.On Windows 7 or Vista, RIGHT click on aswMBR.exe and select Run As Administrator to start.On Windows XP, double click the exe to start.change the a-v scan to None.uncheck trace disk IO callsClick the "Scan" button to start scanOn completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next replyDo not click any FIX button. We just need an initial report.Step 4Please read carefully and follow these steps.Download TDSSKiller and save it to your Desktop.Double-Click on TDSSKiller.exe to run the application, then on Start Scan.If running Vista or Windows 7, do a RIGHT-Click and select Run as Administrator to start TDSSKILLER.exe.If an infected file is detected, the default action will be Cure, click on Continue.If a suspicious file is detected, the default action will be Skip, click on Continue.If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please chooseSkip and click on ContinueIt may ask you to reboot the computer to complete the process. Click on Reboot Now.If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here. Step 5 Download & SAVE to your Desktop >> Tigzy's RogueKillerfrom here << or >> from here << Quit all programs that you may have started. Please disconnect any USB or external drives from the computer before you run this scan! For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.For Windows XP, double-click to start. Wait until Prescan has finished ... Then Click on Scan button at upper right of screen. Wait until the Status box shows "Scan Finished" Click on Report and copy/paste the content of the Notepad into your next reply.The log should be found in RKreport[1].txt on your Desktop Exit/Close RogueKillerDo NOT click any FIX buttons !Step 6RE-Enable your antivirus program. Then copy/paste the following into your post (in order):the contents of aswMBR report;the contents of TDSSKILLER log;the contents of RKReport log;Be sure to do a Preview prior to pressing Submit because all reports may not fit into 1 single reply. You may have to do more than 1 reply.Do not use the attachment feature to place any of your reports. Always put them in-line inside the body of reply. Link to post Share on other sites More sharing options...
afendrich Posted August 27, 2012 Author ID:590471 Share Posted August 27, 2012 aswMBR version 0.9.9.1665 Copyright© 2011 AVAST SoftwareRun date: 2012-08-27 09:43:43-----------------------------09:43:43.482 OS Version: Windows x64 6.1.7601 Service Pack 109:43:43.482 Number of processors: 4 586 0x250509:43:43.482 ComputerName: ALANQUAD UserName: Alan09:43:47.062 Initialize success09:45:05.965 AVAST engine defs: 1208270009:45:22.188 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-109:45:22.190 Disk 0 Vendor: ST932042 0003 Size: 305245MB BusType: 309:45:22.200 Disk 0 MBR read successfully09:45:22.202 Disk 0 MBR scan09:45:22.206 Disk 0 Windows 7 default MBR code09:45:22.217 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 204809:45:22.230 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 305143 MB offset 20684809:45:22.254 Disk 0 scanning C:\Windows\system32\drivers09:45:35.166 Service scanning09:45:56.127 Modules scanning09:45:58.776 AVAST engine scan C:\Windows09:46:00.599 AVAST engine scan C:\Windows\system3209:48:38.526 AVAST engine scan C:\Windows\system32\drivers09:48:56.826 AVAST engine scan C:\Users\Alan10:00:36.501 AVAST engine scan C:\ProgramData10:01:19.910 Scan finished successfully10:02:40.921 Disk 0 MBR has been saved successfully to "C:\Users\Alan\Desktop\MBR.dat"10:03:04.0495 5000 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:4810:03:04.0756 5000 ============================================================10:03:04.0756 5000 Current date / time: 2012/08/27 10:03:04.075610:03:04.0756 5000 SystemInfo:10:03:04.0756 5000 10:03:04.0756 5000 OS Version: 6.1.7601 ServicePack: 1.010:03:04.0756 5000 Product type: Workstation10:03:04.0756 5000 ComputerName: ALANQUAD10:03:04.0756 5000 UserName: Alan10:03:04.0756 5000 Windows directory: C:\Windows10:03:04.0756 5000 System windows directory: C:\Windows10:03:04.0756 5000 Running under WOW6410:03:04.0756 5000 Processor architecture: Intel x6410:03:04.0756 5000 Number of processors: 410:03:04.0756 5000 Page size: 0x100010:03:04.0756 5000 Boot type: Normal boot10:03:04.0756 5000 ============================================================10:03:05.0185 5000 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0xA181, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x0000004010:03:05.0285 5000 ============================================================10:03:05.0285 5000 \Device\Harddisk0\DR0:10:03:05.0285 5000 MBR partitions:10:03:05.0285 5000 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3200010:03:05.0285 5000 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x253FB80010:03:05.0285 5000 ============================================================10:03:05.0311 5000 C: <-> \Device\Harddisk0\DR0\Partition210:03:05.0311 5000 ============================================================10:03:05.0311 5000 Initialize success10:03:05.0311 5000 ============================================================10:03:13.0781 6532 ============================================================10:03:13.0781 6532 Scan started10:03:13.0781 6532 Mode: Manual;10:03:13.0781 6532 ============================================================10:03:14.0505 6532 ================ Scan system memory ========================10:03:14.0505 6532 System memory - ok10:03:14.0506 6532 ================ Scan services =============================10:03:14.0647 6532 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys10:03:14.0651 6532 1394ohci - ok10:03:14.0684 6532 [ 0839005949EA2DA7E9420A66614C6649 ] 5U877 C:\Windows\system32\DRIVERS\5U877.sys10:03:14.0687 6532 5U877 - ok10:03:14.0710 6532 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys10:03:14.0716 6532 ACPI - ok10:03:14.0729 6532 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys10:03:14.0730 6532 AcpiPmi - ok10:03:14.0800 6532 [ 1933DB4808793F3BD7AB34A39A809425 ] AcPrfMgrSvc C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe10:03:14.0803 6532 AcPrfMgrSvc - ok10:03:14.0817 6532 [ E7AF543334B21D84124709061A9AE4D7 ] AcSvc C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe10:03:14.0822 6532 AcSvc - ok10:03:14.0935 6532 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe10:03:14.0936 6532 AdobeARMservice - ok10:03:15.0080 6532 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe10:03:15.0084 6532 AdobeFlashPlayerUpdateSvc - ok10:03:15.0126 6532 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys10:03:15.0133 6532 adp94xx - ok10:03:15.0155 6532 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys10:03:15.0176 6532 adpahci - ok10:03:15.0183 6532 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys10:03:15.0185 6532 adpu320 - ok10:03:15.0205 6532 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll10:03:15.0206 6532 AeLookupSvc - ok10:03:15.0252 6532 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys10:03:15.0258 6532 AFD - ok10:03:15.0297 6532 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys10:03:15.0299 6532 agp440 - ok10:03:15.0318 6532 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe10:03:15.0320 6532 ALG - ok10:03:15.0332 6532 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys10:03:15.0334 6532 aliide - ok10:03:15.0342 6532 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys10:03:15.0342 6532 amdide - ok10:03:15.0357 6532 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys10:03:15.0358 6532 AmdK8 - ok10:03:15.0369 6532 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys10:03:15.0371 6532 AmdPPM - ok10:03:15.0404 6532 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys10:03:15.0407 6532 amdsata - ok10:03:15.0413 6532 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys10:03:15.0415 6532 amdsbs - ok10:03:15.0434 6532 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys10:03:15.0436 6532 amdxata - ok10:03:15.0475 6532 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys10:03:15.0476 6532 AppID - ok10:03:15.0494 6532 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll10:03:15.0494 6532 AppIDSvc - ok10:03:15.0537 6532 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll10:03:15.0538 6532 Appinfo - ok10:03:15.0558 6532 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll10:03:15.0560 6532 AppMgmt - ok10:03:15.0564 6532 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys10:03:15.0565 6532 arc - ok10:03:15.0569 6532 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys10:03:15.0571 6532 arcsas - ok10:03:15.0713 6532 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe10:03:15.0715 6532 aspnet_state - ok10:03:15.0737 6532 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys10:03:15.0739 6532 AsyncMac - ok10:03:15.0782 6532 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys10:03:15.0784 6532 atapi - ok10:03:15.0831 6532 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll10:03:15.0839 6532 AudioEndpointBuilder - ok10:03:15.0856 6532 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll10:03:15.0860 6532 AudioSrv - ok10:03:15.0925 6532 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll10:03:15.0927 6532 AxInstSV - ok10:03:15.0958 6532 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys10:03:15.0964 6532 b06bdrv - ok10:03:15.0981 6532 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys10:03:15.0985 6532 b57nd60a - ok10:03:16.0012 6532 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll10:03:16.0013 6532 BDESVC - ok10:03:16.0035 6532 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys10:03:16.0037 6532 Beep - ok10:03:16.0098 6532 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll10:03:16.0107 6532 BFE - ok10:03:16.0129 6532 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll10:03:16.0149 6532 BITS - ok10:03:16.0171 6532 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys10:03:16.0173 6532 blbdrive - ok10:03:16.0193 6532 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys10:03:16.0196 6532 bowser - ok10:03:16.0214 6532 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys10:03:16.0216 6532 BrFiltLo - ok10:03:16.0230 6532 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys10:03:16.0232 6532 BrFiltUp - ok10:03:16.0258 6532 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll10:03:16.0261 6532 Browser - ok10:03:16.0282 6532 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys10:03:16.0287 6532 Brserid - ok10:03:16.0298 6532 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys10:03:16.0300 6532 BrSerWdm - ok10:03:16.0324 6532 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys10:03:16.0326 6532 BrUsbMdm - ok10:03:16.0340 6532 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys10:03:16.0340 6532 BrUsbSer - ok10:03:16.0357 6532 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys10:03:16.0358 6532 BTHMODEM - ok10:03:16.0373 6532 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll10:03:16.0375 6532 bthserv - ok10:03:16.0405 6532 [ 48360B88C4BF45850653BB7C86888ED4 ] CAXHWAZL C:\Windows\system32\DRIVERS\CAXHWAZL.sys10:03:16.0410 6532 CAXHWAZL - ok10:03:16.0430 6532 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys10:03:16.0433 6532 cdfs - ok10:03:16.0485 6532 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys10:03:16.0488 6532 cdrom - ok10:03:16.0532 6532 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll10:03:16.0536 6532 CertPropSvc - ok10:03:16.0549 6532 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys10:03:16.0550 6532 circlass - ok10:03:16.0567 6532 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys10:03:16.0573 6532 CLFS - ok10:03:16.0618 6532 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe10:03:16.0620 6532 clr_optimization_v2.0.50727_32 - ok10:03:16.0649 6532 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe10:03:16.0651 6532 clr_optimization_v2.0.50727_64 - ok10:03:16.0758 6532 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe10:03:16.0761 6532 clr_optimization_v4.0.30319_32 - ok10:03:16.0774 6532 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe10:03:16.0777 6532 clr_optimization_v4.0.30319_64 - ok10:03:16.0803 6532 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys10:03:16.0804 6532 CmBatt - ok10:03:16.0845 6532 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys10:03:16.0845 6532 cmdide - ok10:03:16.0873 6532 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys10:03:16.0880 6532 CNG - ok10:03:16.0917 6532 [ 22BC1C27274D1CB1C3A8C14CDBA0CDF2 ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT64.sys10:03:16.0926 6532 CnxtHdAudService - ok10:03:16.0946 6532 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys10:03:16.0948 6532 Compbatt - ok10:03:16.0984 6532 [ 59D203C3F46F3CA536ECAC0E084CD887 ] CompFilter64 C:\Windows\system32\DRIVERS\lvbflt64.sys10:03:16.0984 6532 CompFilter64 - ok10:03:17.0027 6532 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys10:03:17.0029 6532 CompositeBus - ok10:03:17.0037 6532 COMSysApp - ok10:03:17.0057 6532 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys10:03:17.0059 6532 crcdisk - ok10:03:17.0097 6532 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll10:03:17.0101 6532 CryptSvc - ok10:03:17.0134 6532 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys10:03:17.0141 6532 CSC - ok10:03:17.0181 6532 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll10:03:17.0197 6532 CscService - ok10:03:17.0237 6532 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll10:03:17.0245 6532 DcomLaunch - ok10:03:17.0273 6532 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll10:03:17.0278 6532 defragsvc - ok10:03:17.0311 6532 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys10:03:17.0313 6532 DfsC - ok10:03:17.0351 6532 [ 105373D52E71D2D1355AD3ACD18259C3 ] dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys10:03:17.0354 6532 dg_ssudbus - ok10:03:17.0398 6532 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll10:03:17.0403 6532 Dhcp - ok10:03:17.0421 6532 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys10:03:17.0423 6532 discache - ok10:03:17.0439 6532 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys10:03:17.0441 6532 Disk - ok10:03:17.0465 6532 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll10:03:17.0469 6532 Dnscache - ok10:03:17.0504 6532 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll10:03:17.0508 6532 dot3svc - ok10:03:17.0547 6532 [ 9597BCB69286FF017DB1A0FB8144408D ] DozeSvc C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE10:03:17.0548 6532 DozeSvc - ok10:03:17.0585 6532 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll10:03:17.0588 6532 DPS - ok10:03:17.0611 6532 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys10:03:17.0611 6532 drmkaud - ok10:03:17.0668 6532 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys10:03:17.0694 6532 DXGKrnl - ok10:03:17.0709 6532 [ 3CE83D7EE95D9C9F03323810A2E747DF ] DzHDD64 C:\Windows\system32\DRIVERS\DzHDD64.sys10:03:17.0711 6532 DzHDD64 - ok10:03:17.0742 6532 [ BF3AF22106627DFF3EF7BAB133C969EA ] e1kexpress C:\Windows\system32\DRIVERS\e1k62x64.sys10:03:17.0747 6532 e1kexpress - ok10:03:17.0763 6532 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll10:03:17.0764 6532 EapHost - ok10:03:17.0901 6532 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys10:03:17.0969 6532 ebdrv - ok10:03:17.0996 6532 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe10:03:17.0998 6532 EFS - ok10:03:18.0039 6532 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe10:03:18.0056 6532 ehRecvr - ok10:03:18.0075 6532 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe10:03:18.0078 6532 ehSched - ok10:03:18.0096 6532 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys10:03:18.0104 6532 elxstor - ok10:03:18.0123 6532 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys10:03:18.0124 6532 ErrDev - ok10:03:18.0152 6532 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll10:03:18.0159 6532 EventSystem - ok10:03:18.0266 6532 [ 532B8FF8E07F3772B086620377654F95 ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe10:03:18.0308 6532 EvtEng - ok10:03:18.0322 6532 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys10:03:18.0325 6532 exfat - ok10:03:18.0339 6532 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys10:03:18.0342 6532 fastfat - ok10:03:18.0403 6532 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe10:03:18.0413 6532 Fax - ok10:03:18.0430 6532 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys10:03:18.0431 6532 fdc - ok10:03:18.0448 6532 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll10:03:18.0449 6532 fdPHost - ok10:03:18.0453 6532 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll10:03:18.0454 6532 FDResPub - ok10:03:18.0464 6532 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys10:03:18.0466 6532 FileInfo - ok10:03:18.0478 6532 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys10:03:18.0481 6532 Filetrace - ok10:03:18.0490 6532 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys10:03:18.0491 6532 flpydisk - ok10:03:18.0536 6532 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys10:03:18.0540 6532 FltMgr - ok10:03:18.0599 6532 [ E94E042BC24BB301767A8125D529B705 ] fltsrv C:\Windows\system32\DRIVERS\fltsrv.sys10:03:18.0602 6532 fltsrv - ok10:03:18.0654 6532 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll10:03:18.0679 6532 FontCache - ok10:03:18.0727 6532 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe10:03:18.0729 6532 FontCache3.0.0.0 - ok10:03:18.0738 6532 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys10:03:18.0739 6532 FsDepends - ok10:03:18.0761 6532 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys10:03:18.0763 6532 Fs_Rec - ok10:03:18.0814 6532 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys10:03:18.0818 6532 fvevol - ok10:03:18.0829 6532 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys10:03:18.0830 6532 gagp30kx - ok10:03:18.0874 6532 [ CE87068806FF90AC53C5ED1E13889B3B ] GManager C:\Windows\system32\GManager.exe10:03:18.0879 6532 GManager - ok10:03:18.0928 6532 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll10:03:18.0944 6532 gpsvc - ok10:03:18.0955 6532 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys10:03:18.0958 6532 hcw85cir - ok10:03:19.0005 6532 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys10:03:19.0009 6532 HdAudAddService - ok10:03:19.0032 6532 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys10:03:19.0035 6532 HDAudBus - ok10:03:19.0057 6532 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys10:03:19.0059 6532 HECIx64 - ok10:03:19.0070 6532 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys10:03:19.0070 6532 HidBatt - ok10:03:19.0080 6532 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys10:03:19.0083 6532 HidBth - ok10:03:19.0106 6532 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys10:03:19.0107 6532 HidIr - ok10:03:19.0127 6532 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll10:03:19.0128 6532 hidserv - ok10:03:19.0146 6532 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys10:03:19.0147 6532 HidUsb - ok10:03:19.0177 6532 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll10:03:19.0180 6532 hkmsvc - ok10:03:19.0224 6532 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll10:03:19.0228 6532 HomeGroupListener - ok10:03:19.0268 6532 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll10:03:19.0272 6532 HomeGroupProvider - ok10:03:19.0286 6532 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys10:03:19.0287 6532 HpSAMD - ok10:03:19.0365 6532 [ 447256D1C026654C5CD3CC17E7B20631 ] HsfXAudioService C:\Windows\SysWOW64\XAudio64.dll10:03:19.0372 6532 HsfXAudioService - ok10:03:19.0403 6532 [ F6AC1087A131FBB385400667BEA64FBE ] HSF_DPV C:\Windows\system32\DRIVERS\CAX_DPV.sys10:03:19.0429 6532 HSF_DPV - ok10:03:19.0473 6532 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys10:03:19.0489 6532 HTTP - ok10:03:19.0503 6532 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys10:03:19.0503 6532 hwpolicy - ok10:03:19.0529 6532 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys10:03:19.0531 6532 i8042prt - ok10:03:19.0574 6532 [ CCFA835960E35F30D28A868E0B3B8722 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys10:03:19.0577 6532 iaStor - ok10:03:19.0602 6532 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys10:03:19.0608 6532 iaStorV - ok10:03:19.0634 6532 [ 72B253CDBCAA10E88AAD0BA39CC83BCD ] IBMPMDRV C:\Windows\system32\DRIVERS\ibmpmdrv.sys10:03:19.0636 6532 IBMPMDRV - ok10:03:19.0644 6532 [ 4925FFB084C9AD02E8EEF01FB18BF5AC ] IBMPMSVC C:\Windows\system32\ibmpmsvc.exe10:03:19.0645 6532 IBMPMSVC - ok10:03:19.0684 6532 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe10:03:19.0705 6532 idsvc - ok10:03:19.0916 6532 [ F4F91789C7C7A159CE8215C1F69F2A85 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys10:03:20.0109 6532 igfx - ok10:03:20.0147 6532 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys10:03:20.0148 6532 iirsp - ok10:03:20.0195 6532 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll10:03:20.0215 6532 IKEEXT - ok10:03:20.0251 6532 [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd C:\Windows\system32\DRIVERS\Impcd.sys10:03:20.0255 6532 Impcd - ok10:03:20.0279 6532 [ AE594CC17C33AC146739494615E14851 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys10:03:20.0285 6532 IntcDAud - ok10:03:20.0293 6532 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys10:03:20.0295 6532 intelide - ok10:03:20.0308 6532 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys10:03:20.0310 6532 intelppm - ok10:03:20.0331 6532 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll10:03:20.0334 6532 IPBusEnum - ok10:03:20.0371 6532 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys10:03:20.0373 6532 IpFilterDriver - ok10:03:20.0397 6532 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll10:03:20.0405 6532 iphlpsvc - ok10:03:20.0436 6532 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys10:03:20.0438 6532 IPMIDRV - ok10:03:20.0456 6532 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys10:03:20.0457 6532 IPNAT - ok10:03:20.0480 6532 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys10:03:20.0481 6532 IRENUM - ok10:03:20.0495 6532 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys10:03:20.0495 6532 isapnp - ok10:03:20.0530 6532 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys10:03:20.0535 6532 iScsiPrt - ok10:03:20.0560 6532 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys10:03:20.0562 6532 kbdclass - ok10:03:20.0605 6532 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys10:03:20.0606 6532 kbdhid - ok10:03:20.0621 6532 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe10:03:20.0622 6532 KeyIso - ok10:03:20.0649 6532 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys10:03:20.0651 6532 KSecDD - ok10:03:20.0662 6532 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys10:03:20.0665 6532 KSecPkg - ok10:03:20.0677 6532 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys10:03:20.0677 6532 ksthunk - ok10:03:20.0707 6532 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll10:03:20.0713 6532 KtmRm - ok10:03:20.0765 6532 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll10:03:20.0770 6532 LanmanServer - ok10:03:20.0809 6532 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll10:03:20.0813 6532 LanmanWorkstation - ok10:03:20.0935 6532 [ 7772DFAB22611050B79504E671B06E6E ] LBTServ C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe10:03:20.0940 6532 LBTServ - ok10:03:20.0995 6532 [ CAB9C6C37FD0F9612B269349116504B6 ] LENOVO.CAMMUTE C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe10:03:20.0996 6532 LENOVO.CAMMUTE - ok10:03:21.0043 6532 [ 340288B3B2EDC8AFD5FF127DF85142A7 ] LENOVO.MICMUTE C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe10:03:21.0045 6532 LENOVO.MICMUTE - ok10:03:21.0057 6532 [ 2B9D8555DC004E240082D18E7725CE20 ] lenovo.smi C:\Windows\system32\DRIVERS\smiifx64.sys10:03:21.0059 6532 lenovo.smi - ok10:03:21.0083 6532 [ 04B5F7F44CCB2FAB615C67ED0E6C8323 ] LENOVO.TPKNRSVC C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe10:03:21.0085 6532 LENOVO.TPKNRSVC - ok10:03:21.0109 6532 [ F7DE50781DC4D162C1005EB30D98F931 ] Lenovo.VIRTSCRLSVC C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe10:03:21.0112 6532 Lenovo.VIRTSCRLSVC - ok10:03:21.0151 6532 [ 606DA892A53FA863B67F8D3F8FF016A0 ] LenovoRd C:\Windows\system32\Drivers\LenovoRd.sys10:03:21.0154 6532 LenovoRd - ok10:03:21.0194 6532 [ 241F2648ADF090E2A10095BD6D6F5DCB ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys10:03:21.0197 6532 LHidFilt - ok10:03:21.0233 6532 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys10:03:21.0234 6532 lltdio - ok10:03:21.0254 6532 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll10:03:21.0259 6532 lltdsvc - ok10:03:21.0281 6532 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll10:03:21.0284 6532 lmhosts - ok10:03:21.0332 6532 [ 98B0FCC176DFB711B67651BECB88C445 ] LMIGuardianSvc C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe10:03:21.0338 6532 LMIGuardianSvc - ok10:03:21.0354 6532 [ 0317335B15FF3BDA8E10197E3434CFC0 ] LMIInfo C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys10:03:21.0356 6532 LMIInfo - ok10:03:21.0369 6532 [ B712511029CBD68645A90A241FD6AE43 ] LMIMaint C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe10:03:21.0372 6532 LMIMaint - ok10:03:21.0395 6532 [ 413ECDCFAD9A82804D3674C8D7EEC24E ] lmimirr C:\Windows\system32\DRIVERS\lmimirr.sys10:03:21.0397 6532 lmimirr - ok10:03:21.0420 6532 LMIRfsClientNP - ok10:03:21.0439 6532 [ C57D3FAA50E6F395759FFB7C709BD944 ] LMIRfsDriver C:\Windows\system32\drivers\LMIRfsDriver.sys10:03:21.0441 6532 LMIRfsDriver - ok10:03:21.0473 6532 [ 342ED5A4B3326014438F36D22D803737 ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys10:03:21.0474 6532 LMouFilt - ok10:03:21.0553 6532 [ 25884CA77F8D926B69167BC231D3726E ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe10:03:21.0558 6532 LMS - ok10:03:21.0571 6532 [ D3760BC17E1755091B7120CF32DBF56B ] LogMeIn C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe10:03:21.0577 6532 LogMeIn - ok10:03:21.0597 6532 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys10:03:21.0598 6532 LSI_FC - ok10:03:21.0615 6532 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys10:03:21.0617 6532 LSI_SAS - ok10:03:21.0621 6532 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys10:03:21.0622 6532 LSI_SAS2 - ok10:03:21.0627 6532 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys10:03:21.0628 6532 LSI_SCSI - ok10:03:21.0639 6532 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys10:03:21.0640 6532 luafv - ok10:03:21.0698 6532 [ 0C85B2B6FB74B36A251792D45E0EF860 ] LVRS64 C:\Windows\system32\DRIVERS\lvrs64.sys10:03:21.0703 6532 LVRS64 - ok10:03:21.0819 6532 [ FF3A488924B0032B1A9CA6948C1FA9E8 ] LVUVC64 C:\Windows\system32\DRIVERS\lvuvc64.sys10:03:21.0924 6532 LVUVC64 - ok10:03:21.0975 6532 [ DC8490812A3B72811AE534F423B4C206 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys10:03:21.0977 6532 MBAMProtector - ok10:03:22.0027 6532 [ 43683E970F008C93C9429EF428147A54 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe10:03:22.0035 6532 MBAMService - ok10:03:22.0113 6532 [ 3E23A0792D5EE0A072961E9E9F347368 ] MCTDesktopSvr C:\Program Files (x86)\Common Files\DesktopUtil\MCTDesktopSvr.exe10:03:22.0117 6532 MCTDesktopSvr - ok10:03:22.0129 6532 [ 76CE15DFBEC1FEDBBAF065768591CF2E ] mctkmd C:\Windows\system32\drivers\mctkmd64.sys10:03:22.0133 6532 mctkmd - ok10:03:22.0152 6532 [ 7E622C16CA2798B352C0B31DBB208CBD ] mctkmdldr C:\Windows\system32\drivers\mctkmdldr64.sys10:03:22.0153 6532 mctkmdldr - ok10:03:22.0190 6532 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll10:03:22.0193 6532 Mcx2Svc - ok10:03:22.0215 6532 [ E4F44EC214B3E381E1FC844A02926666 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys10:03:22.0217 6532 mdmxsdk - ok10:03:22.0235 6532 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys10:03:22.0236 6532 megasas - ok10:03:22.0252 6532 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys10:03:22.0256 6532 MegaSR - ok10:03:22.0288 6532 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll10:03:22.0290 6532 MMCSS - ok10:03:22.0303 6532 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys10:03:22.0306 6532 Modem - ok10:03:22.0318 6532 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys10:03:22.0319 6532 monitor - ok10:03:22.0363 6532 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys10:03:22.0365 6532 mouclass - ok10:03:22.0390 6532 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys10:03:22.0390 6532 mouhid - ok10:03:22.0419 6532 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys10:03:22.0421 6532 mountmgr - ok10:03:22.0478 6532 [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe10:03:22.0481 6532 MozillaMaintenance - ok10:03:22.0527 6532 [ 94C66EDEDCDB6A126880472F9A704D8E ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys10:03:22.0531 6532 MpFilter - ok10:03:22.0565 6532 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys10:03:22.0568 6532 mpio - ok10:03:22.0578 6532 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys10:03:22.0580 6532 mpsdrv - ok10:03:22.0630 6532 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll10:03:22.0651 6532 MpsSvc - ok10:03:22.0689 6532 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys10:03:22.0692 6532 MRxDAV - ok10:03:22.0714 6532 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys10:03:22.0718 6532 mrxsmb - ok10:03:22.0734 6532 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys10:03:22.0739 6532 mrxsmb10 - ok10:03:22.0761 6532 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys10:03:22.0764 6532 mrxsmb20 - ok10:03:22.0800 6532 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys10:03:22.0802 6532 msahci - ok10:03:22.0840 6532 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys10:03:22.0842 6532 msdsm - ok10:03:22.0861 6532 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe10:03:22.0864 6532 MSDTC - ok10:03:22.0880 6532 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys10:03:22.0882 6532 Msfs - ok10:03:22.0895 6532 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys10:03:22.0895 6532 mshidkmdf - ok10:03:22.0910 6532 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys10:03:22.0912 6532 msisadrv - ok10:03:22.0946 6532 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll10:03:22.0949 6532 MSiSCSI - ok10:03:22.0954 6532 msiserver - ok10:03:22.0980 6532 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys10:03:22.0981 6532 MSKSSRV - ok10:03:23.0033 6532 [ 59FAAF2C83C8169EA20F9E335E418907 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe10:03:23.0034 6532 MsMpSvc - ok10:03:23.0043 6532 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys10:03:23.0044 6532 MSPCLOCK - ok10:03:23.0053 6532 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys10:03:23.0054 6532 MSPQM - ok10:03:23.0091 6532 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys10:03:23.0097 6532 MsRPC - ok10:03:23.0107 6532 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys10:03:23.0107 6532 mssmbios - ok10:03:23.0122 6532 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys10:03:23.0123 6532 MSTEE - ok10:03:23.0132 6532 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys10:03:23.0135 6532 MTConfig - ok10:03:23.0146 6532 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys10:03:23.0149 6532 Mup - ok10:03:23.0164 6532 mvvideodemo - ok10:03:23.0208 6532 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll10:03:23.0216 6532 napagent - ok10:03:23.0253 6532 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys10:03:23.0258 6532 NativeWifiP - ok10:03:23.0302 6532 [ C38B8AE57F78915905064A9A24DC1586 ] NDIS C:\Windows\system32\drivers\ndis.sys10:03:23.0323 6532 NDIS - ok10:03:23.0333 6532 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys10:03:23.0335 6532 NdisCap - ok10:03:23.0356 6532 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys10:03:23.0357 6532 NdisTapi - ok10:03:23.0402 6532 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys10:03:23.0404 6532 Ndisuio - ok10:03:23.0435 6532 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys10:03:23.0439 6532 NdisWan - ok10:03:23.0471 6532 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys10:03:23.0473 6532 NDProxy - ok10:03:23.0488 6532 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys10:03:23.0489 6532 NetBIOS - ok10:03:23.0535 6532 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys10:03:23.0539 6532 NetBT - ok10:03:23.0549 6532 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe10:03:23.0550 6532 Netlogon - ok10:03:23.0586 6532 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll10:03:23.0592 6532 Netman - ok10:03:23.0719 6532 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe10:03:23.0721 6532 NetMsmqActivator - ok10:03:23.0735 6532 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe10:03:23.0736 6532 NetPipeActivator - ok10:03:23.0756 6532 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll10:03:23.0777 6532 netprofm - ok10:03:23.0792 6532 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe10:03:23.0793 6532 NetTcpActivator - ok10:03:23.0797 6532 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe10:03:23.0799 6532 NetTcpPortSharing - ok10:03:23.0964 6532 [ 774C9ECCEF83AB8A3D1466F19809C95F ] NETwNs64 C:\Windows\system32\DRIVERS\NETwNs64.sys10:03:24.0115 6532 NETwNs64 - ok10:03:24.0137 6532 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys10:03:24.0137 6532 nfrd960 - ok10:03:24.0174 6532 [ 91B4E0273D2F6C24EF845F2B41311289 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys10:03:24.0176 6532 NisDrv - ok10:03:24.0212 6532 [ 10A43829A9E606AF3EEF25A1C1665923 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe10:03:24.0218 6532 NisSrv - ok10:03:24.0268 6532 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll10:03:24.0274 6532 NlaSvc - ok10:03:24.0281 6532 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys10:03:24.0283 6532 Npfs - ok10:03:24.0297 6532 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll10:03:24.0299 6532 nsi - ok10:03:24.0308 6532 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys10:03:24.0308 6532 nsiproxy - ok10:03:24.0369 6532 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys10:03:24.0402 6532 Ntfs - ok10:03:24.0415 6532 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys10:03:24.0416 6532 Null - ok10:03:24.0450 6532 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys10:03:24.0452 6532 nvraid - ok10:03:24.0462 6532 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys10:03:24.0465 6532 nvstor - ok10:03:24.0493 6532 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys10:03:24.0496 6532 nv_agp - ok10:03:24.0530 6532 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys10:03:24.0530 6532 ohci1394 - ok10:03:24.0569 6532 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE10:03:24.0571 6532 ose - ok10:03:24.0597 6532 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll10:03:24.0603 6532 p2pimsvc - ok10:03:24.0618 6532 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll10:03:24.0625 6532 p2psvc - ok10:03:24.0638 6532 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys10:03:24.0640 6532 Parport - ok10:03:24.0663 6532 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys10:03:24.0665 6532 partmgr - ok10:03:24.0682 6532 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll10:03:24.0686 6532 PcaSvc - ok10:03:24.0702 6532 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys10:03:24.0706 6532 pci - ok10:03:24.0713 6532 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys10:03:24.0715 6532 pciide - ok10:03:24.0733 6532 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys10:03:24.0737 6532 pcmcia - ok10:03:24.0754 6532 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys10:03:24.0756 6532 pcw - ok10:03:24.0777 6532 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys10:03:24.0785 6532 PEAUTH - ok10:03:24.0823 6532 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll10:03:24.0856 6532 PeerDistSvc - ok10:03:24.0929 6532 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe10:03:24.0931 6532 PerfHost - ok10:03:25.0000 6532 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll10:03:25.0026 6532 pla - ok10:03:25.0063 6532 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll10:03:25.0070 6532 PlugPlay - ok10:03:25.0077 6532 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll10:03:25.0080 6532 PNRPAutoReg - ok10:03:25.0093 6532 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll10:03:25.0095 6532 PNRPsvc - ok10:03:25.0113 6532 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll10:03:25.0121 6532 PolicyAgent - ok10:03:25.0148 6532 [ A2CCA4FB273E6050F17A0A416CFF2FCD ] Power C:\Windows\system32\umpo.dll10:03:25.0152 6532 Power - ok10:03:25.0217 6532 [ DEED60F99C5B8E386D507860F600D509 ] Power Manager DBC Service C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE10:03:25.0250 6532 Power Manager DBC Service - ok10:03:25.0287 6532 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys10:03:25.0287 6532 PptpMiniport - ok10:03:25.0313 6532 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys10:03:25.0313 6532 Processor - ok10:03:25.0342 6532 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll10:03:25.0347 6532 ProfSvc - ok10:03:25.0356 6532 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe10:03:25.0357 6532 ProtectedStorage - ok10:03:25.0391 6532 [ 05A4779E4994B21473EDBE85AABE8030 ] psadd C:\Windows\system32\DRIVERS\psadd.sys10:03:25.0392 6532 psadd - ok10:03:25.0428 6532 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys10:03:25.0431 6532 Psched - ok10:03:25.0477 6532 [ 68DCE950DCD2ABBB82362D383EC5836E ] PwmEWSvc C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE10:03:25.0510 6532 PwmEWSvc - ok10:03:25.0547 6532 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys10:03:25.0573 6532 ql2300 - ok10:03:25.0579 6532 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys10:03:25.0581 6532 ql40xx - ok10:03:25.0603 6532 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll10:03:25.0608 6532 QWAVE - ok10:03:25.0618 6532 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys10:03:25.0619 6532 QWAVEdrv - ok10:03:25.0635 6532 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys10:03:25.0635 6532 RasAcd - ok10:03:25.0658 6532 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys10:03:25.0659 6532 RasAgileVpn - ok10:03:25.0675 6532 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll10:03:25.0677 6532 RasAuto - ok10:03:25.0720 6532 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys10:03:25.0722 6532 Rasl2tp - ok10:03:25.0755 6532 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll10:03:25.0761 6532 RasMan - ok10:03:25.0766 6532 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys10:03:25.0766 6532 RasPppoe - ok10:03:25.0779 6532 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys10:03:25.0780 6532 RasSstp - ok10:03:25.0800 6532 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys10:03:25.0805 6532 rdbss - ok10:03:25.0820 6532 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys10:03:25.0822 6532 rdpbus - ok10:03:25.0847 6532 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys10:03:25.0847 6532 RDPCDD - ok10:03:25.0883 6532 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys10:03:25.0885 6532 RDPDR - ok10:03:25.0893 6532 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys10:03:25.0894 6532 RDPENCDD - ok10:03:25.0919 6532 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys10:03:25.0920 6532 RDPREFMP - ok10:03:25.0968 6532 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys10:03:25.0972 6532 RDPWD - ok10:03:26.0003 6532 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys10:03:26.0007 6532 rdyboost - ok10:03:26.0046 6532 [ B4A80F3942A920D0044D789C3AF7A932 ] ReflectService.exe C:\Program Files\Macrium\Reflect\ReflectService.exe10:03:26.0051 6532 ReflectService.exe - ok10:03:26.0119 6532 [ 7196BE857E29007470FF9B689C7F29A7 ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe10:03:26.0139 6532 RegSrvc - ok10:03:26.0165 6532 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll10:03:26.0166 6532 RemoteAccess - ok10:03:26.0187 6532 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll10:03:26.0191 6532 RemoteRegistry - ok10:03:26.0219 6532 [ 3DCA561AAF776AA2E356FB5B142AA5F8 ] rimspci C:\Windows\system32\DRIVERS\rimspe64.sys10:03:26.0222 6532 rimspci - ok10:03:26.0243 6532 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll10:03:26.0244 6532 RpcEptMapper - ok10:03:26.0265 6532 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe10:03:26.0267 6532 RpcLocator - ok10:03:26.0305 6532 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll10:03:26.0308 6532 RpcSs - ok10:03:26.0324 6532 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys10:03:26.0327 6532 rspndr - ok10:03:26.0362 6532 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys10:03:26.0364 6532 s3cap - ok10:03:26.0379 6532 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe10:03:26.0380 6532 SamSs - ok10:03:26.0420 6532 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys10:03:26.0422 6532 sbp2port - ok10:03:26.0433 6532 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll10:03:26.0438 6532 SCardSvr - ok10:03:26.0471 6532 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys10:03:26.0472 6532 scfilter - ok10:03:26.0530 6532 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll10:03:26.0556 6532 Schedule - ok10:03:26.0590 6532 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll10:03:26.0591 6532 SCPolicySvc - ok10:03:26.0614 6532 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\drivers\sdbus.sys10:03:26.0617 6532 sdbus - ok10:03:26.0630 6532 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll10:03:26.0634 6532 SDRSVC - ok10:03:26.0649 6532 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys10:03:26.0651 6532 secdrv - ok10:03:26.0684 6532 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll10:03:26.0685 6532 seclogon - ok10:03:26.0696 6532 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll10:03:26.0699 6532 SENS - ok10:03:26.0708 6532 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll10:03:26.0711 6532 SensrSvc - ok10:03:26.0721 6532 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys10:03:26.0721 6532 Serenum - ok10:03:26.0739 6532 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys10:03:26.0740 6532 Serial - ok10:03:26.0757 6532 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys10:03:26.0758 6532 sermouse - ok10:03:26.0807 6532 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll10:03:26.0810 6532 SessionEnv - ok10:03:26.0833 6532 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys10:03:26.0834 6532 sffdisk - ok10:03:26.0844 6532 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys10:03:26.0845 6532 sffp_mmc - ok10:03:26.0857 6532 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys10:03:26.0858 6532 sffp_sd - ok10:03:26.0870 6532 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys10:03:26.0871 6532 sfloppy - ok10:03:26.0893 6532 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll10:03:26.0900 6532 SharedAccess - ok10:03:26.0946 6532 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll10:03:26.0953 6532 ShellHWDetection - ok10:03:26.0976 6532 [ 7AC6FBFC13ABA3F15B05986412D10E10 ] Shockprf C:\Windows\system32\DRIVERS\Apsx64.sys10:03:26.0979 6532 Shockprf - ok10:03:27.0020 6532 [ 7799106FEE728B907A86D9C9751E02D5 ] silabenm C:\Windows\system32\DRIVERS\silabenm.sys10:03:27.0020 6532 silabenm - ok10:03:27.0047 6532 [ 300ACF1ABD7A8E6D5FA553CA462226EE ] silabser C:\Windows\system32\DRIVERS\silabser.sys10:03:27.0049 6532 silabser - ok10:03:27.0071 6532 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys10:03:27.0074 6532 SiSRaid2 - ok10:03:27.0078 6532 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys10:03:27.0080 6532 SiSRaid4 - ok10:03:27.0163 6532 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe10:03:27.0166 6532 SkypeUpdate - ok10:03:27.0193 6532 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys10:03:27.0195 6532 Smb - ok10:03:27.0226 6532 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe10:03:27.0229 6532 SNMPTRAP - ok10:03:27.0239 6532 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys10:03:27.0241 6532 spldr - ok10:03:27.0270 6532 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe10:03:27.0278 6532 Spooler - ok10:03:27.0368 6532 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe10:03:27.0435 6532 sppsvc - ok10:03:27.0452 6532 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll10:03:27.0454 6532 sppuinotify - ok10:03:27.0472 6532 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys10:03:27.0479 6532 srv - ok10:03:27.0499 6532 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys10:03:27.0504 6532 srv2 - ok10:03:27.0542 6532 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS10:03:27.0547 6532 SrvHsfHDA - ok10:03:27.0584 6532 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS10:03:27.0618 6532 SrvHsfV92 - ok10:03:27.0639 6532 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS10:03:27.0648 6532 SrvHsfWinac - ok10:03:27.0674 6532 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys10:03:27.0678 6532 srvnet - ok10:03:27.0690 6532 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll10:03:27.0693 6532 SSDPSRV - ok10:03:27.0706 6532 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll10:03:27.0709 6532 SstpSvc - ok10:03:27.0745 6532 [ 74425FFA11C133D045E1C3BE2EAD481D ] ssudmdm C:\Windows\system32\DRIVERS\ssudmdm.sys10:03:27.0749 6532 ssudmdm - ok10:03:27.0767 6532 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys10:03:27.0768 6532 stexstor - ok10:03:27.0808 6532 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll10:03:27.0817 6532 stisvc - ok10:03:27.0857 6532 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys10:03:27.0859 6532 storflt - ok10:03:27.0872 6532 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll10:03:27.0876 6532 StorSvc - ok10:03:27.0889 6532 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys10:03:27.0889 6532 storvsc - ok10:03:27.0961 6532 [ 59B5A060A31BD4BAB030C4FCD1048292 ] SUService C:\Program Files (x86)\Lenovo\System Update\SUService.exe10:03:27.0963 6532 SUService - ok10:03:27.0972 6532 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys10:03:27.0974 6532 swenum - ok10:03:27.0995 6532 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll10:03:28.0003 6532 swprv - ok10:03:28.0040 6532 [ 883D2880144FD3ED9F1C04B5B5B9B562 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys10:03:28.0047 6532 SynTP - ok10:03:28.0115 6532 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll10:03:28.0148 6532 SysMain - ok10:03:28.0190 6532 [ 6820E296D9F517B7BC7387E93B1FF8BE ] t1pusb64 C:\Windows\system32\drivers\t1pusb64.sys10:03:28.0193 6532 t1pusb64 - ok10:03:28.0236 6532 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll10:03:28.0239 6532 TabletInputService - ok10:03:28.0251 6532 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll10:03:28.0258 6532 TapiSrv - ok10:03:28.0272 6532 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll10:03:28.0275 6532 TBS - ok10:03:28.0323 6532 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys10:03:28.0365 6532 Tcpip - ok10:03:28.0414 6532 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys10:03:28.0423 6532 TCPIP6 - ok10:03:28.0470 6532 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys10:03:28.0471 6532 tcpipreg - ok10:03:28.0500 6532 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys10:03:28.0500 6532 TDPIPE - ok10:03:28.0524 6532 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys10:03:28.0525 6532 TDTCP - ok10:03:28.0567 6532 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys10:03:28.0570 6532 tdx - ok10:03:28.0603 6532 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys10:03:28.0605 6532 TermDD - ok10:03:28.0622 6532 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll10:03:28.0631 6532 TermService - ok10:03:28.0649 6532 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll10:03:28.0650 6532 Themes - ok10:03:28.0674 6532 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll10:03:28.0675 6532 THREADORDER - ok10:03:28.0683 6532 [ BC148E3415BF8A9DE83364966F75044F ] TPDIGIMN C:\Windows\system32\DRIVERS\ApsHM64.sys10:03:28.0685 6532 TPDIGIMN - ok10:03:28.0722 6532 [ BBD91008BEC4A2BA5D383BC9A15D6F9E ] TPHDEXLGSVC C:\Windows\system32\TPHDEXLG64.exe10:03:28.0723 6532 TPHDEXLGSVC - ok10:03:28.0771 6532 [ 83415782D47F8064FCAFEA308ABB2246 ] TPHKLOAD C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe10:03:28.0775 6532 TPHKLOAD - ok10:03:28.0804 6532 [ C04BB65441913AB621C58A8BD3169B23 ] TPHKSVC C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe10:03:28.0808 6532 TPHKSVC - ok10:03:28.0831 6532 [ DBCC20C02E8A3E43B03C304A4E40A84F ] TPM C:\Windows\system32\drivers\tpm.sys10:03:28.0832 6532 TPM - ok10:03:28.0858 6532 [ 1DF6E6C026AD1D428687FE3B427A87BC ] TPPWRIF C:\Windows\system32\drivers\Tppwr64v.sys10:03:28.0860 6532 TPPWRIF - ok10:03:28.0871 6532 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll10:03:28.0875 6532 TrkWks - ok10:03:28.0927 6532 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe10:03:28.0931 6532 TrustedInstaller - ok10:03:28.0975 6532 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys10:03:28.0976 6532 tssecsrv - ok10:03:29.0030 6532 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys10:03:29.0032 6532 TsUsbFlt - ok10:03:29.0080 6532 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys10:03:29.0083 6532 tunnel - ok10:03:29.0109 6532 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys10:03:29.0111 6532 uagp35 - ok10:03:29.0129 6532 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys10:03:29.0134 6532 udfs - ok10:03:29.0146 6532 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe10:03:29.0148 6532 UI0Detect - ok10:03:29.0176 6532 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys10:03:29.0178 6532 uliagpkx - ok10:03:29.0216 6532 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys10:03:29.0216 6532 umbus - ok10:03:29.0235 6532 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys10:03:29.0235 6532 UmPass - ok10:03:29.0274 6532 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll10:03:29.0279 6532 UmRdpService - ok10:03:29.0342 6532 [ 67A95B9D129ED5399E7965CD09CF30E7 ] UMVPFSrv C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe10:03:29.0348 6532 UMVPFSrv - ok10:03:29.0445 6532 [ 2B971A72C0D6BD8A710E2748353773DD ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe10:03:29.0496 6532 UNS - ok10:03:29.0517 6532 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll10:03:29.0524 6532 upnphost - ok10:03:29.0543 6532 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys10:03:29.0546 6532 usbaudio - ok10:03:29.0569 6532 [ EBF228A52517042DE4F38A40285BC8D9 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys10:03:29.0569 6532 usbccgp - ok10:03:29.0605 6532 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys10:03:29.0607 6532 usbcir - ok10:03:29.0631 6532 [ 6B3D5E6A9DA786EC755B00BC180C700B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys10:03:29.0633 6532 usbehci - ok10:03:29.0656 6532 [ 94ABE9DA48E466BBE84C73E0C6652ED1 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys10:03:29.0661 6532 usbhub - ok10:03:29.0673 6532 [ 660B2C08CE7103E71EAA26F85B0B0A56 ] usbohci C:\Windows\system32\drivers\usbohci.sys10:03:29.0675 6532 usbohci - ok10:03:29.0714 6532 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys10:03:29.0716 6532 usbprint - ok10:03:29.0730 6532 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS10:03:29.0733 6532 USBSTOR - ok10:03:29.0747 6532 [ 1529632FC96032D337B298F8A285D640 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys10:03:29.0749 6532 usbuhci - ok10:03:29.0766 6532 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys10:03:29.0770 6532 usbvideo - ok10:03:29.0824 6532 [ 70D05EE263568A742D14E1876DF80532 ] usb_rndisx C:\Windows\system32\DRIVERS\usb8023x.sys10:03:29.0825 6532 usb_rndisx - ok10:03:29.0838 6532 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll10:03:29.0841 6532 UxSms - ok10:03:29.0860 6532 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe10:03:29.0862 6532 VaultSvc - ok10:03:29.0883 6532 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys10:03:29.0885 6532 vdrvroot - ok10:03:29.0931 6532 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe10:03:29.0940 6532 vds - ok10:03:29.0954 6532 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys10:03:29.0956 6532 vga - ok10:03:29.0972 6532 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys10:03:29.0974 6532 VgaSave - ok10:03:29.0989 6532 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys10:03:29.0992 6532 vhdmp - ok10:03:30.0007 6532 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys10:03:30.0009 6532 viaide - ok10:03:30.0053 6532 [ 2DFD1EB9DE564460003DE1605A275E8D ] vidsflt61 C:\Windows\system32\DRIVERS\vsflt61.sys10:03:30.0057 6532 vidsflt61 - ok10:03:30.0071 6532 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys10:03:30.0075 6532 vmbus - ok10:03:30.0095 6532 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys10:03:30.0097 6532 VMBusHID - ok10:03:30.0114 6532 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys10:03:30.0116 6532 volmgr - ok10:03:30.0158 6532 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys10:03:30.0164 6532 volmgrx - ok10:03:30.0176 6532 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys10:03:30.0182 6532 volsnap - ok10:03:30.0194 6532 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys10:03:30.0198 6532 vsmraid - ok10:03:30.0254 6532 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe10:03:30.0288 6532 VSS - ok10:03:30.0297 6532 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys10:03:30.0300 6532 vwifibus - ok10:03:30.0320 6532 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys10:03:30.0322 6532 vwififlt - ok10:03:30.0346 6532 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll10:03:30.0352 6532 W32Time - ok10:03:30.0358 6532 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys10:03:30.0359 6532 WacomPen - ok10:03:30.0377 6532 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys10:03:30.0378 6532 WANARP - ok10:03:30.0382 6532 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys10:03:30.0383 6532 Wanarpv6 - ok10:03:30.0436 6532 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe10:03:30.0461 6532 WatAdminSvc - ok10:03:30.0524 6532 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe10:03:30.0558 6532 wbengine - ok10:03:30.0575 6532 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll10:03:30.0579 6532 WbioSrvc - ok10:03:30.0617 6532 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll10:03:30.0624 6532 wcncsvc - ok10:03:30.0628 6532 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll10:03:30.0631 6532 WcsPlugInService - ok10:03:30.0641 6532 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys10:03:30.0642 6532 Wd - ok10:03:30.0665 6532 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys10:03:30.0682 6532 Wdf01000 - ok10:03:30.0699 6532 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll10:03:30.0702 6532 WdiServiceHost - ok10:03:30.0707 6532 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll10:03:30.0709 6532 WdiSystemHost - ok10:03:30.0753 6532 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll10:03:30.0758 6532 WebClient - ok10:03:30.0772 6532 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll10:03:30.0778 6532 Wecsvc - ok10:03:30.0790 6532 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll10:03:30.0792 6532 wercplsupport - ok10:03:30.0806 6532 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll10:03:30.0808 6532 WerSvc - ok10:03:30.0824 6532 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys10:03:30.0825 6532 WfpLwf - ok10:03:30.0843 6532 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys10:03:30.0845 6532 WIMMount - ok10:03:30.0874 6532 [ 1EDBBF412A382550AF6EB35F5E46928E ] winachsf C:\Windows\system32\DRIVERS\CAX_CNXT.sys10:03:30.0883 6532 winachsf - ok10:03:30.0896 6532 WinDefend - ok10:03:30.0911 6532 WinHttpAutoProxySvc - ok10:03:30.0960 6532 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll10:03:30.0982 6532 Winmgmt - ok10:03:31.0045 6532 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll10:03:31.0095 6532 WinRM - ok10:03:31.0140 6532 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys10:03:31.0141 6532 WinUsb - ok10:03:31.0168 6532 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll10:03:31.0193 6532 Wlansvc - ok10:03:31.0207 6532 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys10:03:31.0208 6532 WmiAcpi - ok10:03:31.0220 6532 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe10:03:31.0225 6532 wmiApSrv - ok10:03:31.0234 6532 WMPNetworkSvc - ok10:03:31.0261 6532 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll10:03:31.0262 6532 WPCSvc - ok10:03:31.0299 6532 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll10:03:31.0303 6532 WPDBusEnum - ok10:03:31.0324 6532 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys10:03:31.0325 6532 ws2ifsl - ok10:03:31.0337 6532 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll10:03:31.0341 6532 wscsvc - ok10:03:31.0346 6532 WSearch - ok10:03:31.0407 6532 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll10:03:31.0457 6532 wuauserv - ok10:03:31.0474 6532 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys10:03:31.0477 6532 WudfPf - ok10:03:31.0514 6532 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys10:03:31.0517 6532 WUDFRd - ok10:03:31.0554 6532 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll10:03:31.0558 6532 wudfsvc - ok10:03:31.0574 6532 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll10:03:31.0579 6532 WwanSvc - ok10:03:31.0601 6532 [ E8F3FA126A06F8E7088F63757112A186 ] XAudio C:\Windows\system32\DRIVERS\XAudio64.sys10:03:31.0601 6532 XAudio - ok10:03:31.0626 6532 ================ Scan global ===============================10:03:31.0649 6532 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll10:03:31.0677 6532 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll10:03:31.0685 6532 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll10:03:31.0710 6532 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll10:03:31.0732 6532 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe10:03:31.0737 6532 [Global] - ok10:03:31.0737 6532 ================ Scan MBR ==================================10:03:31.0748 6532 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR010:03:32.0110 6532 \Device\Harddisk0\DR0 - ok10:03:32.0111 6532 ================ Scan VBR ==================================10:03:32.0114 6532 [ 8D4D48765063EC814B28A6EA9F494418 ] \Device\Harddisk0\DR0\Partition110:03:32.0118 6532 \Device\Harddisk0\DR0\Partition1 - ok10:03:32.0151 6532 [ DBE9AC19D238DADCF2D13D9913647A18 ] \Device\Harddisk0\DR0\Partition210:03:32.0153 6532 \Device\Harddisk0\DR0\Partition2 - ok10:03:32.0154 6532 ============================================================10:03:32.0154 6532 Scan finished10:03:32.0154 6532 ============================================================10:03:32.0164 6228 Detected object count: 010:03:32.0164 6228 Actual detected object count: 0RogueKiller V8.0.0 [08/26/2012] by Tigzymail: tigzyRK<at>gmail<dot>comFeedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/Blog: http://tigzyrk.blogspot.comOperating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits versionStarted in : Normal modeUser : Alan [Admin rights]Mode : Scan -- Date : 08/27/2012 10:13:08¤¤¤ Bad processes : 0 ¤¤¤¤¤¤ Registry Entries : 3 ¤¤¤[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND¤¤¤ Particular Files / Folders: ¤¤¤¤¤¤ Driver : [NOT LOADED] ¤¤¤¤¤¤ Infection : Root.MBR ¤¤¤¤¤¤ HOSTS File: ¤¤¤--> C:\Windows\system32\drivers\etc\hostsC:Windowssystem32driversetchosts: 127.0.0.1 activate.adobe.com127.0.0.1 3dns.adobe.com127.0.0.1 3dns-1.adobe.com127.0.0.1 3dns-2.adobe.com127.0.0.1 3dns-3.adobe.com127.0.0.1 3dns-4.adobe.com127.0.0.1 3dns-5.adobe.com127.0.0.1 activate.adobe.com127.0.0.1 activate.wip1.adobe.com127.0.0.1 activate.wip2.adobe.com127.0.0.1 activate.wip3.adobe.com127.0.0.1 activate.wip4.adobe.com127.0.0.1 activate-sea.adobe.com127.0.0.1 activate-sjc0.adobe.com127.0.0.1 adobe-dns.adobe.com127.0.0.1 adobe-dns-1.adobe.com127.0.0.1 adobe-dns-2.adobe.com127.0.0.1 adobe-dns-3.adobe.com127.0.0.1 adobe-dns-4.adobe.com127.0.0.1 adobeereg.com[...]¤¤¤ MBR Check: ¤¤¤+++++ PhysicalDrive0: ST9320423AS +++++--- User ---[MBR] d38edd2fc83a07372bac0cbb2c68e7f8[bSP] 90d9e6187ab41ab5be14759072ef77b9 : Windows 7 MBR CodePartition table:0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 305143 MoUser = LL1 ... OK!User != LL2 ... KO!--- LL2 ---[MBR] a6ad9e8af510f7688b38d17eac094bf0[bSP] 86374c7127b8f4bd42b092c40866ef58 : Windows Vista MBR CodePartition table:0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 299442 Mo1 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 613259264 | Size: 5801 MoFinished : << RKreport[1].txt >>RKreport[1].txt Link to post Share on other sites More sharing options...
Maurice Naggar Posted August 27, 2012 ID:590475 Share Posted August 27, 2012 Step 1Download Security Check by screen317 from here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt; please post the contents of that document.Step 2Temporarily turn off your Antivirus program.Close any/all open internet browsers. Save any open documents you have open & close programs you started.Click on START>All Programs>Malwarebytes' Anti-Malware>Tools>Malwarebytes Anti-Malware ChameleonOn Windows 7, press Windows-key, then start typing in text box Malwarebytes then select/click Malwarebytes Anti-Malware ChameleonOnce the Help file opens, click on a Chameleon button (starting with #1) If running on Vista, Windows 7, press the Yes button when prompted at the UAC prompt to allow to run.You should see a black Command-prompt-window that remains open and says MBAM-chameleon ver. 1.62 at the topPress any key to continue as it says in the window {space-bar will do}If the Chameleon button you tried does not work, try the next Chameleon button shown. (There are 12 in all).Have infinite patience during this processMalwarebytes Chameleon will proceed to update Malwarebytes Anti-Malware, so ensure that you are connected to the internet if possibleOnce the update completes and it says your database is updated, click on OK button so that process can continue Malwarebytes Chameleon will then terminate any threats running in memory, which may take a while, so please be patient.After that, Malwarebytes Anti-Malware will open automatically and perform a Quick scanA quick scan will take a few minutes, possibly 5 or so minutes. Have infinite patience.Once the scan is complete, click on Show Results and remove any threats that are found by clicking Remove SelectedIf prompted to restart your computer to complete the removal process, click Yes If no threats are found, press OK button & press EXIT to end MBAM. Press the space-bar (or another key) to exit the command-prompt-window.After your computer restarts, open Malwarebytes Anti-Malware and perform one last Quick scan to verify that there are no remaining threatsCopy and Paste the MBAM scan logs.When all done, Re-Enable your Antivirus. Link to post Share on other sites More sharing options...
afendrich Posted August 27, 2012 Author ID:590517 Share Posted August 27, 2012 Hi MauriceI am going to presume that with all the tests we didn't find anything that was infecting the system. Is that correct?AResults of screen317's Security Check version 0.99.46 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Microsoft Security Essentials Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.62.0.1300 JavaFX 2.1.1 Java 7 Update 5 Java version out of Date! Mozilla Firefox (14.0.1) Google Chrome 21.0.1180.79 Google Chrome 21.0.1180.83 ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 1%````````````````````End of Log``````````````````````Malwarebytes Anti-Malware (Trial) 1.62.0.1300www.malwarebytes.orgDatabase version: v2012.08.26.04Windows 7 Service Pack 1 x64 NTFSInternet Explorer 9.0.8112.16421Alan :: ALANQUAD [administrator]Protection: Enabled8/27/2012 12:20:21 AMmbam-log-2012-08-27 (00-20-21).txtScan type: Flash scanScan options enabled: Memory | Startup | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: Registry | File System | P2PObjects scanned: 158111Time elapsed: 14 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 0(No malicious items detected)(end) Link to post Share on other sites More sharing options...
Maurice Naggar Posted August 27, 2012 ID:590530 Share Posted August 27, 2012 Correct. No malware found. I will close this after the cleanups of tools.Given that you have MSE, I suggest you review section I of the MBAM F.A.Q. and put into place "trust settings" in both MSE and MBAM.http://forums.malwar...post&pid=181018You should remove Java 7 update 5 and get Java 7 update 6:Your Java runtime is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.Accept the EULA & Download the latest version of >> Windows Offline << from here and save it to your desktop.Get the Offline version that corresponds to your "bit-tedness" of your Windows (32-bit or 64-bit)How to determine whether a computer is running a 32-bit version or 64-bit version of the Windows operating systemClose any programs you may have running - especially your web browser(s).Go to Start > Settings > Control Panel, select Add/Remove Programs and remove all older versions of Java.Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java) in the name.Click the Remove or Change/Remove button.Repeat as many times as necessary to remove each Java versions.Reboot your computer once all Java components are removed.Then from your desktop double-click on jre-7u6-windows-i586.exe to install the newest version.( jre-7u6-windows-x64.exe if this is a 64-bit Windows o.s.)After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup) On the General tab, under Temporary Internet Files, click the Settings button.Next, click on the Delete Files buttonThere are two options in the window to clear the cache - Leave BOTH CheckedApplications and AppletsTrace and Log Files[*]Click OK on Delete Temporary Files WindowNote: This deletes ALL the Downloaded Applications and Applets from the CACHE.[*]Click OK to leave the Temporary Files WindowSmall tweaks for Java runtime, since most all users do not need to load Java at each Windows startup:Click Advanced Tab. Expand the Miscellaneous item.UN-check the line Java quick starterPress Apply then OK. Close the applet when done. Download OTC to your desktop and run itClick Yes to beginning the Cleanup process and remove these components, including this application.You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.ERUNT you should keep and use periodically to backup Windows registry.Delete the following if still present:aswMBR.exeRogueKiller.exeTDSSKILLER.exeIf you purchased MBAM , you may contact the consumer help desk here for MBAM issues.Otherwise, for general issues with MBAM (non-malware related), please use the MBAM General sub-forum http://forums.malwar...hp?showforum=41Cheers. Link to post Share on other sites More sharing options...
Maurice Naggar Posted August 30, 2012 ID:591577 Share Posted August 30, 2012 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts