Jump to content

Spontaneous restarts


oatring
 Share

Recommended Posts

Running on a Thinkpad T60p XP sp3.

When doing various activities, the computer will restart.

Most of the time, I don't even get to see a BSOD.

It isn't an overheating problem, as it can happen within 1

minute of starting up for the day. Some days it happens

a lot, and other days ithe machine will behave the whole

time.

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_35

Run by Customer at 11:28:55 on 2012-09-17

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.1790 [GMT -4:00]

.

AV: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\ibmpmsvc.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\Program Files\Intel\WiFi\bin\S24EvMon.exe

svchost.exe

svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe

C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe

C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE

C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

C:\Program Files\Intel\WiFi\bin\EvtEng.exe

C:\WINDOWS\system32\inetsrv\inetinfo.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Google\Update\GoogleUpdate.exe

C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe

C:\Program Files\Lenovo\Zoom\TpScrex.exe

C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\Program Files\Palm, Inc\novacomd\x86\novacomd.exe

C:\Program Files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe

C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

C:\Program Files\Trend Micro\RUBotted\RUBotSrv.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Lenovo\System Update\SUService.exe

C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe

C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe

C:\Program Files\NetDrive\wdservice.exe

C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\ThinkPad\Utilities\PWMEWSVC.EXE

C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe

C:\WINDOWS\system32\TpShocks.exe

C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe

C:\PROGRA~1\THINKV~2\PrdCtr\LPMLCHK.exe

C:\Program Files\Sprint\Sprint SmartView\RDVCHG.exe

C:\Program Files\Notebook Hardware Control\nhc.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe

C:\Program Files\Trend Micro\RUBotted\RUBottedGUI.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\PROGRA~1\ThinkPad\UTILIT~1\SCHTASK.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\Drive\googledrivesync.exe

C:\Program Files\NetDrive\netdrive.exe

C:\Program Files\bmem\bmem.exe

C:\Program Files\pidgin\PidginPortable.exe

C:\Program Files\Samsung SSD Magician\Samsung SSD Magician.exe

C:\Program Files\Google\Drive\googledrivesync.exe

C:\Program Files\pidgin\App\Pidgin\pidgin-portable.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wuauclt.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [GoogleDriveSync] "c:\program files\google\drive\googledrivesync.exe" /autostart

uRun: [Netdrive] c:\program files\netdrive\netdrive.exe -tray

mRun: [soundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe

mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun

mRun: [PSQLLauncher] "c:\program files\thinkvantage fingerprint software\launcher.exe" /startup

mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe

mRun: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

mRun: [LenovoAutoScrollUtility] c:\program files\lenovo\virtscrl\virtscrl.exe

mRun: [<NO NAME>]

mRun: [TpShocks] TpShocks.exe

mRun: [LPManager] c:\progra~1\thinkv~2\prdctr\LPMGR.exe

mRun: [LPMailChecker] c:\progra~1\thinkv~2\prdctr\LPMLCHK.exe

mRun: [sprint SmartView] "c:\program files\sprint\sprint smartview\SprintSV.exe" -a

mRun: [RDVCHG] "c:\program files\sprint\sprint smartview\RDVCHG.exe"

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [NotebookHardwareControl] "c:\program files\notebook hardware control\nhc.exe" -quiet

mRun: [PWRMGRTR] rundll32 c:\progra~1\thinkpad\utilit~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor

mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup

mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start

mRun: [WebDriveTray] c:\program files\netdrive\webdrive.exe /trayicon

mRun: [TPFNF7] c:\program files\lenovo\npdirect\TPFNF7SP.exe /r

mRun: [Trend Micro RUBotted V2.0 Beta] c:\program files\trend micro\rubotted\RUBottedGUI.exe

StartupFolder: c:\docume~1\customer\startm~1\programs\startup\bmem.lnk - c:\program files\bmem\bmem.exe

StartupFolder: c:\docume~1\customer\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE

StartupFolder: c:\docume~1\customer\startm~1\programs\startup\pidgin.lnk - c:\program files\pidgin\PidginPortable.exe

StartupFolder: c:\docume~1\customer\startm~1\programs\startup\samsun~1.lnk - c:\program files\samsung ssd magician\Samsung SSD Magician.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: Open with KUSO EXIF Viewer - c:\program files\kuso exif viewer\EXIF.htm

IE: Send to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie_ctx.htm

IE: Send To Bluetooth - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

TCP: DhcpNameServer = 10.0.1.1

TCP: Interfaces\{88D665B9-B241-42C5-AC72-082E590386E2} : DhcpNameServer = 10.0.1.1

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

Handler: lbxfile - {56831180-F115-11d2-B6AA-00104B2B9943} - c:\program files\libronix dls\system\FileProt.dll

Handler: lbxres - {24508F1B-9E94-40EE-9759-9AF5795ADF52} - c:\program files\libronix dls\system\ResProt.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: AtiExtEvent - Ati2evxx.dll

Notify: psfus - c:\program files\thinkvantage fingerprint software\psqlpwd.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

LSA: Notification Packages = scecli c:\program files\thinkvantage fingerprint software\psqlpwd.dll

Hosts: 127.0.0.1 www.spywareinfo.com

Hosts: 173.203.13.74 appserver

Hosts: 173.203.13.75 dbserver

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\customer\application data\mozilla\firefox\profiles\a7zp1i7x.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - plugin: c:\documents and settings\customer\application data\mozilla\firefox\profiles\a7zp1i7x.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_265.dll

FF - plugin: c:\windows\system32\npdeployJava1.dll

FF - plugin: c:\windows\system32\npptools.dll

.

============= SERVICES / DRIVERS ===============

.

R0 DozeHDD;DozeHDD;c:\windows\system32\drivers\DOZEHDD.SYS [2011-11-16 25968]

R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2011-3-29 20592]

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2010-2-22 114984]

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2010-2-22 95872]

R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2011-10-20 13680]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2011-10-20 21992]

R2 DozeSvc;Lenovo Doze Mode Service;c:\program files\thinkpad\utilities\DOZESVC.EXE [2011-11-16 292200]

R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2010-2-22 810120]

R2 NovacomD;Palm Novacom;c:\program files\palm, inc\novacomd\x86\novacomd.exe [2011-3-15 61440]

R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 50704]

R2 NvtlService;NovaCore SDK Service;c:\program files\novatel wireless\novacore\server\NvtlSrvr.exe [2010-1-11 82944]

R2 PassThru Service;Internet Pass-Through Service;c:\program files\htc\internet pass-through\PassThruSvr.exe [2011-3-31 80896]

R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\thinkpad\utilities\PWMDBSVC.exe [2011-11-16 69632]

R2 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files\thinkpad\utilities\PWMEWSVC.exe [2011-11-16 175168]

R2 RUBotSrv;Trend Micro RUBotted Service;c:\program files\trend micro\rubotted\RUBotSrv.exe [2012-9-17 439632]

R2 smihlp;SMI Helper Driver (smihlp);c:\program files\thinkvantage fingerprint software\smihlp.sys [2009-3-13 12560]

R2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\lenovo\hotkey\tphkload.exe [2011-10-20 131432]

R2 TPHKSVC;On Screen Display;c:\program files\lenovo\hotkey\TPHKSVC.exe [2011-10-20 142696]

R2 WebDriveFSD;WebDrive File System Driver;c:\program files\netdrive\rffsd.sys [2012-7-11 67032]

R3 NETwLx32; Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit;c:\windows\system32\drivers\NETwLx32.sys [2011-10-20 6609920]

R3 VSBC;Virtual Serial Bus Enumerator (Eltima Software);c:\windows\system32\drivers\evsbc.sys [2012-4-3 27904]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-12-8 136176]

S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\lenovo\hotkey\micmute.exe [2011-10-20 101736]

S3 bcm;WiMAX Network Adapter;c:\windows\system32\drivers\drxvi314.sys [2010-3-26 319488]

S3 bcmbusctr;WiMAX Bus Driver;c:\windows\system32\drivers\BcmBusCtr.sys [2010-3-26 51456]

S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2012-8-8 13192]

S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2012-8-8 8456]

S3 evserial;Virtual Serial Ports Driver (Eltima Softwate);c:\windows\system32\drivers\evserial.sys [2012-4-3 53888]

S3 GenericMount Helper Service;GenericMount Helper Service;"c:\program files\norton ghost\shared\drivers\genericmounthelper.exe" --> c:\program files\norton ghost\shared\drivers\GenericMountHelper.exe [?]

S3 GenericMount;Generic Mount Driver;c:\windows\system32\drivers\genericmount.sys --> c:\windows\system32\drivers\GenericMount.sys [?]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-12-8 136176]

S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2012-9-6 24576]

S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [2010-6-22 21248]

S3 MongoDB;Mongo DB;c:\mongodb\bin\mongod.exe [2012-7-16 3908096]

S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-30 113120]

S3 SER2AT;ATEN USB to Serial port driver;c:\windows\system32\drivers\SER2AT.sys [2012-4-3 51200]

S3 SKYSCOUT;Celestron SkyScout driver;c:\windows\system32\drivers\UsbScout.sys [2012-1-27 20480]

S3 SymSnapService;SymSnapService;"c:\program files\norton ghost\shared\drivers\symsnapservice.exe" --> c:\program files\norton ghost\shared\drivers\SymSnapService.exe [?]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

S4 RFNP32;WebDrive Provider; [x]

.

=============== Created Last 30 ================

.

2012-09-17 15:28:25 607260 ------r- C:\dds.com

2012-09-17 15:01:55 11776 -c--a-w- c:\windows\system32\dllcache\bdasup.sys

2012-09-17 15:01:49 13696 -c--a-w- c:\windows\system32\dllcache\avcstrm.sys

2012-09-17 15:01:47 38912 -c--a-w- c:\windows\system32\dllcache\avc.sys

2012-09-17 15:01:19 48128 -c--a-w- c:\windows\system32\dllcache\61883.sys

2012-09-17 15:01:19 12288 -c--a-w- c:\windows\system32\dllcache\4mmdat.sys

2012-09-17 15:01:17 53376 -c--a-w- c:\windows\system32\dllcache\1394bus.sys

2012-09-17 15:01:10 2188928 -c--a-w- c:\windows\system32\dllcache\ntoskrnl.exe

2012-09-17 14:36:25 -------- d-----w- c:\documents and settings\all users\application data\Trend Micro

2012-09-17 14:26:34 256904 ----a-w- c:\windows\system32\drivers\tmcomm.sys

2012-09-17 14:26:34 131384 ----a-w- c:\windows\system32\drivers\tmrkb.sys

2012-09-17 14:26:19 -------- d-----w- c:\program files\WinPcap

2012-09-17 14:25:57 -------- d-----w- c:\program files\Trend Micro

2012-09-17 14:11:11 221184 ----a-w- c:\windows\system32\wmpns.dll

2012-09-17 14:07:00 79872 -c----w- c:\windows\system32\dllcache\msxml6r.dll

2012-09-17 14:07:00 1306624 -c----w- c:\windows\system32\dllcache\msxml6.dll

2012-09-17 14:05:39 73216 -c--a-w- c:\windows\system32\dllcache\atintuxx.sys

2012-09-17 13:42:15 -------- d-----w- C:\e888c916eb7ac54122

2012-09-12 18:09:26 -------- d-----w- c:\documents and settings\customer\application data\Malwarebytes

2012-09-12 18:09:20 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2012-09-12 18:09:19 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-09-12 18:09:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-09-12 13:21:51 -------- d-----w- c:\documents and settings\customer\application data\QuickScan

2012-09-11 21:44:59 30592 ----a-w- c:\windows\system32\drivers\rndismpx.sys

2012-09-11 21:44:59 12800 ----a-w- c:\windows\system32\drivers\usb8023x.sys

2012-09-11 13:51:29 -------- d-----w- c:\program files\pidgin

2012-09-10 22:34:35 -------- d-----w- c:\program files\KUSO EXIF Viewer

2012-09-10 21:43:40 273408 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\hpcpp6de.DLL

2012-09-10 21:43:40 149504 ----a-w- c:\windows\system32\hpcpn6de.dll

2012-09-06 17:53:44 24576 ----a-w- c:\windows\system32\drivers\ANDROIDUSB.sys

2012-09-06 17:53:43 -------- d-----w- c:\program files\Spirent Communications

2012-09-06 17:53:41 -------- d-----w- c:\program files\HTC

2012-09-06 17:52:48 -------- d-----w- C:\evo3D

2012-09-05 13:51:08 4608 ------w- c:\windows\system32\drivers\TSMAPIP.SYS

2012-09-05 13:45:14 -------- d-----w- c:\windows\pss

2012-09-04 19:45:19 -------- d-----w- c:\documents and settings\customer\application data\Spreadsheet Compare

2012-09-03 21:22:18 73728 ----a-w- c:\windows\system32\javacpl.cpl

2012-09-03 21:22:18 477168 ----a-w- c:\windows\system32\npdeployJava1.dll

2012-09-03 16:57:01 -------- d-----w- c:\documents and settings\customer\application data\WindSolutions

2012-09-03 16:57:01 -------- d-----w- c:\documents and settings\all users\application data\WindSolutions

2012-09-02 19:15:43 21456 ----a-w- c:\windows\system32\drivers\SilvrLnk.sys

2012-09-02 19:15:42 49536 ----a-w- c:\windows\system32\drivers\tiehdusb.sys

2012-09-02 19:15:31 -------- d-----w- c:\program files\TI Education

2012-09-02 19:15:31 -------- d-----w- c:\program files\common files\TI Shared

2012-09-02 19:14:44 -------- d-----w- c:\program files\common files\Wise Installation Wizard

2012-08-27 04:25:02 -------- d-----w- C:\Z

2012-08-24 15:50:00 -------- d-----w- c:\documents and settings\customer\temp

2012-08-24 15:49:59 -------- d-----w- c:\documents and settings\customer\application data\TeamViewer

2012-08-21 21:19:04 -------- d-----w- c:\program files\WhoCrashed

2012-08-21 20:43:33 -------- d-----w- C:\ldiag

2012-08-21 20:42:52 -------- d-----w- C:\SWTOOLS

.

==================== Find3M ====================

.

2012-09-17 15:23:02 22528 ----a-w- c:\windows\system32\drivers\nhcDriver.sys

2012-09-14 19:58:37 60864 ----a-w- c:\documents and settings\customer\g2mdlhlpx.exe

2012-09-03 21:22:13 473072 ----a-w- c:\windows\system32\deployJava1.dll

2012-09-03 02:50:04 12312 --sha-w- c:\windows\system32\KGyGaAvL.sys

2012-07-19 17:17:45 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-07-19 17:17:45 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-07-05 18:09:37 249856 ------w- c:\windows\Setup1.exe

2012-07-05 18:09:35 73216 ----a-w- c:\windows\ST6UNST.EXE

.

============= FINISH: 11:29:20.89 ===============

dds.txt

attach.txt

Link to post
Share on other sites

Thanks for replying to my post. Here is the updated DDS.log

(One thing I did do was to run the Memtext86+ It completed 9 passes

overnight. (So, I'm thinking the RAM is fine and the machine must

be okay to run that hard and not reboot during that time)

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_35

Run by Customer at 2:28:41 on 2012-09-24

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.1844 [GMT -4:00]

.

AV: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\ibmpmsvc.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\Program Files\Intel\WiFi\bin\S24EvMon.exe

svchost.exe

svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe

C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE

C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

C:\Program Files\Intel\WiFi\bin\EvtEng.exe

C:\WINDOWS\system32\inetsrv\inetinfo.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe

C:\Program Files\Google\Update\GoogleUpdate.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\Program Files\Palm, Inc\novacomd\x86\novacomd.exe

C:\Program Files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe

C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

C:\Program Files\Trend Micro\RUBotted\RUBotSrv.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Lenovo\System Update\SUService.exe

C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe

C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe

C:\Program Files\NetDrive\wdservice.exe

C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE

C:\Program Files\ThinkPad\Utilities\PWMEWSVC.EXE

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe

C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe

C:\Program Files\Lenovo\Zoom\TpScrex.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe

C:\WINDOWS\system32\TpShocks.exe

C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe

C:\PROGRA~1\THINKV~2\PrdCtr\LPMLCHK.exe

C:\Program Files\Sprint\Sprint SmartView\RDVCHG.exe

C:\Program Files\Notebook Hardware Control\nhc.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Trend Micro\RUBotted\RUBottedGUI.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\Drive\googledrivesync.exe

C:\Program Files\NetDrive\netdrive.exe

C:\Program Files\bmem\bmem.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Google\Drive\googledrivesync.exe

C:\PROGRA~1\ThinkPad\UTILIT~1\SCHTASK.exe

C:\Program Files\pidgin\PidginPortable.exe

C:\Program Files\Samsung SSD Magician\Samsung SSD Magician.exe

C:\Program Files\pidgin\App\Pidgin\pidgin-portable.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [GoogleDriveSync] "c:\program files\google\drive\googledrivesync.exe" /autostart

uRun: [Netdrive] c:\program files\netdrive\netdrive.exe -tray

mRun: [soundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe

mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun

mRun: [PSQLLauncher] "c:\program files\thinkvantage fingerprint software\launcher.exe" /startup

mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe

mRun: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

mRun: [LenovoAutoScrollUtility] c:\program files\lenovo\virtscrl\virtscrl.exe

mRun: [<NO NAME>]

mRun: [TpShocks] TpShocks.exe

mRun: [LPManager] c:\progra~1\thinkv~2\prdctr\LPMGR.exe

mRun: [LPMailChecker] c:\progra~1\thinkv~2\prdctr\LPMLCHK.exe

mRun: [sprint SmartView] "c:\program files\sprint\sprint smartview\SprintSV.exe" -a

mRun: [RDVCHG] "c:\program files\sprint\sprint smartview\RDVCHG.exe"

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [NotebookHardwareControl] "c:\program files\notebook hardware control\nhc.exe" -quiet

mRun: [PWRMGRTR] rundll32 c:\progra~1\thinkpad\utilit~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor

mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup

mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start

mRun: [WebDriveTray] c:\program files\netdrive\webdrive.exe /trayicon

mRun: [TPFNF7] c:\program files\lenovo\npdirect\TPFNF7SP.exe /r

mRun: [Trend Micro RUBotted V2.0 Beta] c:\program files\trend micro\rubotted\RUBottedGUI.exe

StartupFolder: c:\docume~1\customer\startm~1\programs\startup\bmem.lnk - c:\program files\bmem\bmem.exe

StartupFolder: c:\docume~1\customer\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE

StartupFolder: c:\docume~1\customer\startm~1\programs\startup\pidgin.lnk - c:\program files\pidgin\PidginPortable.exe

StartupFolder: c:\docume~1\customer\startm~1\programs\startup\samsun~1.lnk - c:\program files\samsung ssd magician\Samsung SSD Magician.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: Open with KUSO EXIF Viewer - c:\program files\kuso exif viewer\EXIF.htm

IE: Send to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie_ctx.htm

IE: Send To Bluetooth - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

TCP: Interfaces\{88D665B9-B241-42C5-AC72-082E590386E2} : DhcpNameServer = 205.152.144.23 205.152.132.23

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

Handler: lbxfile - {56831180-F115-11d2-B6AA-00104B2B9943} - c:\program files\libronix dls\system\FileProt.dll

Handler: lbxres - {24508F1B-9E94-40EE-9759-9AF5795ADF52} - c:\program files\libronix dls\system\ResProt.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: AtiExtEvent - Ati2evxx.dll

Notify: psfus - c:\program files\thinkvantage fingerprint software\psqlpwd.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

LSA: Notification Packages = scecli c:\program files\thinkvantage fingerprint software\psqlpwd.dll

Hosts: 127.0.0.1 www.spywareinfo.com

Hosts: 173.203.13.74 appserver

Hosts: 173.203.13.75 dbserver

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\customer\application data\mozilla\firefox\profiles\a7zp1i7x.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - plugin: c:\documents and settings\customer\application data\mozilla\firefox\profiles\a7zp1i7x.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_265.dll

FF - plugin: c:\windows\system32\npdeployJava1.dll

FF - plugin: c:\windows\system32\npptools.dll

.

============= SERVICES / DRIVERS ===============

.

R0 DozeHDD;DozeHDD;c:\windows\system32\drivers\DOZEHDD.SYS [2011-11-16 25968]

R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2011-3-29 20592]

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2010-2-22 114984]

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2010-2-22 95872]

R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2011-10-20 13680]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2011-10-20 21992]

R2 DozeSvc;Lenovo Doze Mode Service;c:\program files\thinkpad\utilities\DOZESVC.EXE [2011-11-16 292200]

R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2010-2-22 810120]

R2 NovacomD;Palm Novacom;c:\program files\palm, inc\novacomd\x86\novacomd.exe [2011-3-15 61440]

R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 50704]

R2 NvtlService;NovaCore SDK Service;c:\program files\novatel wireless\novacore\server\NvtlSrvr.exe [2010-1-11 82944]

R2 PassThru Service;Internet Pass-Through Service;c:\program files\htc\internet pass-through\PassThruSvr.exe [2011-3-31 80896]

R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\thinkpad\utilities\PWMDBSVC.exe [2011-11-16 69632]

R2 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files\thinkpad\utilities\PWMEWSVC.exe [2011-11-16 175168]

R2 RUBotSrv;Trend Micro RUBotted Service;c:\program files\trend micro\rubotted\RUBotSrv.exe [2012-9-17 439632]

R2 smihlp;SMI Helper Driver (smihlp);c:\program files\thinkvantage fingerprint software\smihlp.sys [2009-3-13 12560]

R2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\lenovo\hotkey\tphkload.exe [2011-10-20 131432]

R2 TPHKSVC;On Screen Display;c:\program files\lenovo\hotkey\TPHKSVC.exe [2011-10-20 142696]

R2 WebDriveFSD;WebDrive File System Driver;c:\program files\netdrive\rffsd.sys [2012-7-11 67032]

R3 NETwLx32; Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit;c:\windows\system32\drivers\NETwLx32.sys [2011-10-20 6609920]

R3 VSBC;Virtual Serial Bus Enumerator (Eltima Software);c:\windows\system32\drivers\evsbc.sys [2012-4-3 27904]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-12-8 136176]

S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\lenovo\hotkey\micmute.exe [2011-10-20 101736]

S3 bcm;WiMAX Network Adapter;c:\windows\system32\drivers\drxvi314.sys [2010-3-26 319488]

S3 bcmbusctr;WiMAX Bus Driver;c:\windows\system32\drivers\BcmBusCtr.sys [2010-3-26 51456]

S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2012-8-8 13192]

S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2012-8-8 8456]

S3 evserial;Virtual Serial Ports Driver (Eltima Softwate);c:\windows\system32\drivers\evserial.sys [2012-4-3 53888]

S3 GenericMount Helper Service;GenericMount Helper Service;"c:\program files\norton ghost\shared\drivers\genericmounthelper.exe" --> c:\program files\norton ghost\shared\drivers\GenericMountHelper.exe [?]

S3 GenericMount;Generic Mount Driver;c:\windows\system32\drivers\genericmount.sys --> c:\windows\system32\drivers\GenericMount.sys [?]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-12-8 136176]

S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2012-9-6 24576]

S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [2010-6-22 21248]

S3 MongoDB;Mongo DB;c:\mongodb\bin\mongod.exe [2012-7-16 3908096]

S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-30 113120]

S3 SER2AT;ATEN USB to Serial port driver;c:\windows\system32\drivers\SER2AT.sys [2012-4-3 51200]

S3 SKYSCOUT;Celestron SkyScout driver;c:\windows\system32\drivers\UsbScout.sys [2012-1-27 20480]

S3 SymSnapService;SymSnapService;"c:\program files\norton ghost\shared\drivers\symsnapservice.exe" --> c:\program files\norton ghost\shared\drivers\SymSnapService.exe [?]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

S4 RFNP32;WebDrive Provider; [x]

.

=============== Created Last 30 ================

.

2012-09-21 19:45:26 6784 -c--a-w- c:\windows\system32\dllcache\serscan.sys

2012-09-21 19:45:26 6784 ----a-w- c:\windows\system32\drivers\serscan.sys

2012-09-21 19:43:54 827392 ----a-w- c:\windows\system32\hpotiop2.dll

2012-09-21 19:43:54 659456 ----a-w- c:\windows\system32\hpowiax2.dll

2012-09-21 19:43:54 254026 ----a-w- c:\windows\system32\hpovst09.dll

2012-09-21 17:53:37 74240 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\hpzpp054.dll

2012-09-21 17:53:37 38400 ----a-w- c:\windows\system32\hpz3l054.dll

2012-09-21 17:47:04 -------- d-----w- c:\program files\common files\Hewlett-Packard

2012-09-21 17:46:56 69632 ----a-w- c:\windows\system32\HPZipm12.exe

2012-09-21 17:46:56 65536 ----a-w- c:\windows\system32\HPZinw12.exe

2012-09-21 17:46:47 -------- d-----w- c:\program files\HP

2012-09-21 17:46:13 98304 ----a-w- c:\windows\system32\hpzjsn01.dll

2012-09-21 17:46:13 77824 ----a-w- c:\windows\system32\HPZIDS01.dll

2012-09-20 18:37:16 2212440 ----a-w- C:\tdsskiller.exe

2012-09-18 05:17:33 53376 -c--a-w- c:\windows\system32\dllcache\OLD1DB.tmp

2012-09-18 05:17:33 11264 -c--a-w- c:\windows\system32\dllcache\OLD1DF.tmp

2012-09-18 05:17:28 32827 -c--a-w- c:\windows\system32\dllcache\OLD1D3.tmp

2012-09-18 05:17:28 16384 -c--a-w- c:\windows\system32\dllcache\OLD1D6.tmp

2012-09-18 05:17:27 20536 -c--a-w- c:\windows\system32\dllcache\OLD1CD.tmp

2012-09-18 05:17:27 16437 -c--a-w- c:\windows\system32\dllcache\OLD1D0.tmp

2012-09-18 05:17:26 66048 -c--a-w- c:\windows\system32\dllcache\OLD1CA.tmp

2012-09-18 05:14:58 6144 -c--a-w- c:\windows\system32\dllcache\OLD284C.tmp

2012-09-18 05:13:58 702845 -c--a-w- c:\windows\system32\dllcache\i81xdnt5.dll

2012-09-18 05:13:58 58592 -c--a-w- c:\windows\system32\dllcache\OLD2790.tmp

2012-09-18 05:13:58 161020 -c--a-w- c:\windows\system32\dllcache\OLD2796.tmp

2012-09-18 05:13:56 353184 -c--a-w- c:\windows\system32\dllcache\OLD278C.tmp

2012-09-18 05:13:53 18560 -c--a-w- c:\windows\system32\dllcache\i2omp.sys

2012-09-18 05:13:52 8576 -c--a-w- c:\windows\system32\dllcache\i2omgmt.sys

2012-09-18 05:13:50 10129408 -c--a-w- c:\windows\system32\dllcache\OLD2784.tmp

2012-09-18 05:13:49 13463552 -c--a-w- c:\windows\system32\dllcache\OLD2781.tmp

2012-09-18 05:13:41 10096640 -c--a-w- c:\windows\system32\dllcache\OLD277E.tmp

2012-09-18 05:12:38 20352 -c--a-w- c:\windows\system32\dllcache\hidbatt.sys

2012-09-18 05:12:33 28288 -c--a-w- c:\windows\system32\dllcache\grserial.sys

2012-09-18 05:12:29 59136 -c--a-w- c:\windows\system32\dllcache\gckernel.sys

2012-09-18 05:12:28 10624 -c--a-w- c:\windows\system32\dllcache\gameenum.sys

2012-09-18 05:10:31 206976 -c--a-w- c:\windows\system32\dllcache\dot4.sys

2012-09-18 05:10:28 8320 -c--a-w- c:\windows\system32\dllcache\dlttape.sys

2012-09-18 05:09:35 249856 -c--a-w- c:\windows\system32\dllcache\ctmasetp.dll

2012-09-18 05:09:10 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys

2012-09-18 05:09:05 17024 -c--a-w- c:\windows\system32\dllcache\ccdecode.sys

2012-09-18 05:09:00 121856 -c--a-w- c:\windows\system32\dllcache\camext30.dll

2012-09-17 15:28:25 607260 ------r- C:\dds.com

2012-09-17 15:01:55 11776 -c--a-w- c:\windows\system32\dllcache\bdasup.sys

2012-09-17 15:01:49 13696 -c--a-w- c:\windows\system32\dllcache\avcstrm.sys

2012-09-17 15:01:47 38912 -c--a-w- c:\windows\system32\dllcache\avc.sys

2012-09-17 15:01:19 48128 -c--a-w- c:\windows\system32\dllcache\61883.sys

2012-09-17 15:01:19 12288 -c--a-w- c:\windows\system32\dllcache\4mmdat.sys

2012-09-17 15:01:10 2188928 -c--a-w- c:\windows\system32\dllcache\ntoskrnl.exe

2012-09-17 14:36:25 -------- d-----w- c:\documents and settings\all users\application data\Trend Micro

2012-09-17 14:26:34 256904 ----a-w- c:\windows\system32\drivers\tmcomm.sys

2012-09-17 14:26:34 131384 ----a-w- c:\windows\system32\drivers\tmrkb.sys

2012-09-17 14:26:19 -------- d-----w- c:\program files\WinPcap

2012-09-17 14:25:57 -------- d-----w- c:\program files\Trend Micro

2012-09-17 14:11:11 221184 ----a-w- c:\windows\system32\wmpns.dll

2012-09-17 14:07:00 79872 -c----w- c:\windows\system32\dllcache\msxml6r.dll

2012-09-17 14:07:00 1306624 -c----w- c:\windows\system32\dllcache\msxml6.dll

2012-09-17 14:05:39 73216 -c--a-w- c:\windows\system32\dllcache\atintuxx.sys

2012-09-17 13:42:15 -------- d-----w- C:\e888c916eb7ac54122

2012-09-12 18:09:26 -------- d-----w- c:\documents and settings\customer\application data\Malwarebytes

2012-09-12 18:09:20 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2012-09-12 18:09:19 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-09-12 18:09:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-09-12 13:21:51 -------- d-----w- c:\documents and settings\customer\application data\QuickScan

2012-09-11 21:44:59 30592 ----a-w- c:\windows\system32\drivers\rndismpx.sys

2012-09-11 21:44:59 12800 ----a-w- c:\windows\system32\drivers\usb8023x.sys

2012-09-11 13:51:29 -------- d-----w- c:\program files\pidgin

2012-09-10 22:34:35 -------- d-----w- c:\program files\KUSO EXIF Viewer

2012-09-10 21:43:40 273408 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\hpcpp6de.DLL

2012-09-10 21:43:40 149504 ----a-w- c:\windows\system32\hpcpn6de.dll

2012-09-06 17:53:44 24576 ----a-w- c:\windows\system32\drivers\ANDROIDUSB.sys

2012-09-06 17:53:43 -------- d-----w- c:\program files\Spirent Communications

2012-09-06 17:53:41 -------- d-----w- c:\program files\HTC

2012-09-06 17:52:48 -------- d-----w- C:\evo3D

2012-09-05 13:51:08 4608 ------w- c:\windows\system32\drivers\TSMAPIP.SYS

2012-09-05 13:45:14 -------- d-----w- c:\windows\pss

2012-09-04 19:45:19 -------- d-----w- c:\documents and settings\customer\application data\Spreadsheet Compare

2012-09-03 21:22:18 73728 ----a-w- c:\windows\system32\javacpl.cpl

2012-09-03 21:22:18 477168 ----a-w- c:\windows\system32\npdeployJava1.dll

2012-09-03 16:57:01 -------- d-----w- c:\documents and settings\customer\application data\WindSolutions

2012-09-03 16:57:01 -------- d-----w- c:\documents and settings\all users\application data\WindSolutions

2012-09-02 19:15:43 21456 ----a-w- c:\windows\system32\drivers\SilvrLnk.sys

2012-09-02 19:15:42 49536 ----a-w- c:\windows\system32\drivers\tiehdusb.sys

2012-09-02 19:15:31 -------- d-----w- c:\program files\TI Education

2012-09-02 19:15:31 -------- d-----w- c:\program files\common files\TI Shared

2012-09-02 19:14:44 -------- d-----w- c:\program files\common files\Wise Installation Wizard

2012-08-27 04:25:02 -------- d-----w- C:\Z

.

==================== Find3M ====================

.

2012-09-24 06:23:09 22528 ----a-w- c:\windows\system32\drivers\nhcDriver.sys

2012-09-20 15:33:39 60304 ----a-w- c:\documents and settings\customer\g2mdlhlpx.exe

2012-09-03 21:22:13 473072 ----a-w- c:\windows\system32\deployJava1.dll

2012-09-03 02:50:04 12312 --sha-w- c:\windows\system32\KGyGaAvL.sys

2012-07-19 17:17:45 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-07-19 17:17:45 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-07-05 18:09:37 249856 ------w- c:\windows\Setup1.exe

2012-07-05 18:09:35 73216 ----a-w- c:\windows\ST6UNST.EXE

.

============= FINISH: 2:35:08.96 ===============

Link to post
Share on other sites

Hey oatring. :)

Please follow these instructions to run ComboFix.exe. Please visit this webpage for download links and instructions for running this tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix (CF).

Please go here to see a list of programs that need to be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall.**

**Note 2: If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.**

Please include the C:\ComboFix.txt in your next reply for further review.

==========

Then, please download to your Desktop:

  • TDSSKiller.zip from here and extract it (right click on it => "Extract here").

>>> TDSSKiller: Double-click on TDSSKiller.exe to run the application.

  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure. Instead, choose SKIP, then click on Continue tdsskiller2.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue tdsskiller3.png
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.

==========

In your reply I would like to see the following please:

  • ComboFix.txt.
  • TDSSKiller log.

How is the computer running now?

Link to post
Share on other sites

Thanks for replying back so quickly!

Here is the combofix log

ComboFix 12-09-23.03 - Customer 09/24/2012 8:49.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.1704 [GMT -4:00]

Running from: C:\ComboFix.exe

AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\docume~1\Customer\LOCALS~1\Temp\_MEI27122\_ctypes.pyd

c:\docume~1\Customer\LOCALS~1\Temp\_MEI27122\_elementtree.pyd

c:\docume~1\Customer\LOCALS~1\Temp\_MEI27122\_hashlib.pyd

c:\docume~1\Customer\LOCALS~1\Temp\_MEI27122\_socket.pyd

c:\docume~1\Customer\LOCALS~1\Temp\_MEI27122\_ssl.pyd

c:\docume~1\Customer\LOCALS~1\Temp\_MEI27122\pyexpat.pyd

c:\docume~1\Customer\LOCALS~1\Temp\_MEI27122\pysqlite2._sqlite.pyd

c:\docume~1\Customer\LOCALS~1\Temp\_MEI27122\python26.dll

c:\docume~1\Customer\LOCALS~1\Temp\_MEI27122\pythoncom26.dll

c:\docume~1\Customer\LOCALS~1\Temp\_MEI27122\pywintypes26.dll

c:\docume~1\Customer\LOCALS~1\Temp\_MEI27122\select.pyd

c:\docume~1\Customer\LOCALS~1\Temp\_MEI27122\unicodedata.pyd

c:\docume~1\Customer\LOCALS~1\Temp\_MEI27122\win32api.pyd

c:\docume~1\Customer\LOCALS~1\Temp\_MEI27122\win32com.shell.shell.pyd

c:\docume~1\Customer\LOCALS~1\Temp\_MEI27122\win32crypt.pyd

c:\docume~1\Customer\LOCALS~1\Temp\_MEI27122\win32event.pyd

c:\docume~1\Customer\LOCALS~1\Temp\_MEI27122\win32file.pyd

c:\docume~1\Customer\LOCALS~1\Temp\_MEI27122\win32inet.pyd

c:\docume~1\Customer\LOCALS~1\Temp\_MEI27122\win32pdh.pyd

c:\docume~1\Customer\LOCALS~1\Temp\_MEI27122\win32process.pyd

c:\docume~1\Customer\LOCALS~1\Temp\_MEI27122\win32security.pyd

c:\docume~1\Customer\LOCALS~1\Temp\_MEI27122\windows._cacheinvalidation.pyd

c:\docume~1\Customer\LOCALS~1\Temp\_MEI27122\wx._controls_.pyd

c:\docume~1\Customer\LOCALS~1\Temp\_MEI27122\wx._core_.pyd

c:\docume~1\Customer\LOCALS~1\Temp\_MEI27122\wx._gdi_.pyd

c:\docume~1\Customer\LOCALS~1\Temp\_MEI27122\wx._html2.pyd

c:\docume~1\Customer\LOCALS~1\Temp\_MEI27122\wx._misc_.pyd

c:\docume~1\Customer\LOCALS~1\Temp\_MEI27122\wx._windows_.pyd

c:\docume~1\Customer\LOCALS~1\Temp\_MEI27122\wx._wizard.pyd

c:\docume~1\Customer\LOCALS~1\Temp\_MEI27122\wxbase293u_net_vc.dll

c:\docume~1\Customer\LOCALS~1\Temp\_MEI27122\wxbase293u_vc.dll

c:\docume~1\Customer\LOCALS~1\Temp\_MEI27122\wxmsw293u_adv_vc.dll

c:\docume~1\Customer\LOCALS~1\Temp\_MEI27122\wxmsw293u_core_vc.dll

c:\docume~1\Customer\LOCALS~1\Temp\_MEI27122\wxmsw293u_html_vc.dll

c:\docume~1\Customer\LOCALS~1\Temp\_MEI27122\wxmsw293u_webview_vc.dll

c:\docume~1\Customer\LOCALS~1\Temp\nsx1BA.tmp\newadvsplash.dll

c:\docume~1\Customer\LOCALS~1\Temp\nsx1BA.tmp\System.dll

c:\documents and settings\All Users\Application Data\TEMP

c:\documents and settings\Customer\Application Data\.#

c:\documents and settings\Customer\g2mdlhlpx.exe

c:\documents and settings\Customer\Local Settings\Application Data\assembly\tmp

c:\documents and settings\Customer\Local Settings\Temp\_MEI27122\_ctypes.pyd

c:\documents and settings\Customer\Local Settings\Temp\_MEI27122\_elementtree.pyd

c:\documents and settings\Customer\Local Settings\Temp\_MEI27122\_hashlib.pyd

c:\documents and settings\Customer\Local Settings\Temp\_MEI27122\_socket.pyd

c:\documents and settings\Customer\Local Settings\Temp\_MEI27122\_ssl.pyd

c:\documents and settings\Customer\Local Settings\Temp\_MEI27122\pyexpat.pyd

c:\documents and settings\Customer\Local Settings\Temp\_MEI27122\pysqlite2._sqlite.pyd

c:\documents and settings\Customer\Local Settings\Temp\_MEI27122\python26.dll

c:\documents and settings\Customer\Local Settings\Temp\_MEI27122\pythoncom26.dll

c:\documents and settings\Customer\Local Settings\Temp\_MEI27122\pywintypes26.dll

c:\documents and settings\Customer\Local Settings\Temp\_MEI27122\select.pyd

c:\documents and settings\Customer\Local Settings\Temp\_MEI27122\unicodedata.pyd

c:\documents and settings\Customer\Local Settings\Temp\_MEI27122\win32api.pyd

c:\documents and settings\Customer\Local Settings\Temp\_MEI27122\win32com.shell.shell.pyd

c:\documents and settings\Customer\Local Settings\Temp\_MEI27122\win32crypt.pyd

c:\documents and settings\Customer\Local Settings\Temp\_MEI27122\win32event.pyd

c:\documents and settings\Customer\Local Settings\Temp\_MEI27122\win32file.pyd

c:\documents and settings\Customer\Local Settings\Temp\_MEI27122\win32inet.pyd

c:\documents and settings\Customer\Local Settings\Temp\_MEI27122\win32pdh.pyd

c:\documents and settings\Customer\Local Settings\Temp\_MEI27122\win32process.pyd

c:\documents and settings\Customer\Local Settings\Temp\_MEI27122\win32security.pyd

c:\documents and settings\Customer\Local Settings\Temp\_MEI27122\windows._cacheinvalidation.pyd

c:\documents and settings\Customer\Local Settings\Temp\_MEI27122\wx._controls_.pyd

c:\documents and settings\Customer\Local Settings\Temp\_MEI27122\wx._core_.pyd

c:\documents and settings\Customer\Local Settings\Temp\_MEI27122\wx._gdi_.pyd

c:\documents and settings\Customer\Local Settings\Temp\_MEI27122\wx._html2.pyd

c:\documents and settings\Customer\Local Settings\Temp\_MEI27122\wx._misc_.pyd

c:\documents and settings\Customer\Local Settings\Temp\_MEI27122\wx._windows_.pyd

c:\documents and settings\Customer\Local Settings\Temp\_MEI27122\wx._wizard.pyd

c:\documents and settings\Customer\Local Settings\Temp\_MEI27122\wxbase293u_net_vc.dll

c:\documents and settings\Customer\Local Settings\Temp\_MEI27122\wxbase293u_vc.dll

c:\documents and settings\Customer\Local Settings\Temp\_MEI27122\wxmsw293u_adv_vc.dll

c:\documents and settings\Customer\Local Settings\Temp\_MEI27122\wxmsw293u_core_vc.dll

c:\documents and settings\Customer\Local Settings\Temp\_MEI27122\wxmsw293u_html_vc.dll

c:\documents and settings\Customer\Local Settings\Temp\_MEI27122\wxmsw293u_webview_vc.dll

c:\documents and settings\Customer\Local Settings\Temp\nsx1BA.tmp\newadvsplash.dll

c:\documents and settings\Customer\Local Settings\Temp\nsx1BA.tmp\System.dll

c:\documents and settings\Customer\WINDOWS

C:\Install.exe

C:\Thumbs.db

c:\windows\system32\Cache

c:\windows\system32\dllcache\dlimport.exe

c:\windows\system32\drivers\etc\hosts.ics

c:\windows\system32\KGyGaAvL.sys

c:\windows\system32\wpcap.dll

C:\x

C:\x.txt

c:\x\DCIM\100MEDIA\IMAG0001.jpg

c:\x\DCIM\100MEDIA\IMAG0002.jpg

c:\x\DCIM\100MEDIA\IMAG0003.jpg

c:\x\DCIM\100MEDIA\IMAG0004.jpg

c:\x\DCIM\100MEDIA\IMAG0005.jpg

c:\x\DCIM\100MEDIA\IMAG0006.jpg

c:\x\DCIM\100MEDIA\IMAG0007.jpg

c:\x\DCIM\100MEDIA\IMAG0008.jpg

c:\x\DCIM\100MEDIA\IMAG0009.jpg

c:\x\DCIM\100MEDIA\IMAG0010.jpg

c:\x\DCIM\100MEDIA\IMAG0011.jpg

c:\x\DCIM\100MEDIA\IMAG0012.jpg

c:\x\DCIM\100MEDIA\IMAG0013.jpg

c:\x\DCIM\100MEDIA\IMAG0014.jpg

c:\x\DCIM\100MEDIA\IMAG0015.jpg

c:\x\DCIM\100MEDIA\IMAG0016.jpg

c:\x\DCIM\100MEDIA\IMAG0017.jpg

c:\x\DCIM\100MEDIA\IMAG0018.jpg

c:\x\DCIM\100MEDIA\IMAG0019.jpg

c:\x\DCIM\100MEDIA\IMAG0020.jpg

c:\x\DCIM\100MEDIA\IMAG0021.jpg

c:\x\DCIM\100MEDIA\IMAG0022.jpg

c:\x\DCIM\100MEDIA\IMAG0023.jpg

c:\x\DCIM\100MEDIA\IMAG0024.jpg

c:\x\DCIM\100MEDIA\IMAG0025.jpg

c:\x\DCIM\100MEDIA\IMAG0026.jpg

c:\x\DCIM\100MEDIA\IMAG0027.jpg

c:\x\DCIM\100MEDIA\IMAG0028.jpg

c:\x\DCIM\100MEDIA\IMAG0029.jpg

c:\x\DCIM\100MEDIA\IMAG0030.jpg

c:\x\DCIM\100MEDIA\IMAG0031.jpg

c:\x\DCIM\100MEDIA\IMAG0032.jpg

c:\x\DCIM\100MEDIA\IMAG0033.jpg

c:\x\DCIM\100MEDIA\IMAG0034.jpg

c:\x\DCIM\100MEDIA\IMAG0035.jpg

c:\x\DCIM\100MEDIA\IMAG0036.jpg

c:\x\DCIM\100MEDIA\Thumbs.db

c:\x\IMAG0204.jpg

c:\x\IMAG0222.jpg

c:\x\Inbox.mst30031894.3403061376\Mail Attachments\350033a7-3500339b.gif

c:\x\Inbox.mst30031894.3403061376\Mail Attachments\350033a7-3d0033dc.gif

c:\x\Inbox.mst30031894.3403061376\Mail Attachments\350033a7-3f0033da.gif

c:\x\Inbox.mst30031894.3403061376\Mail Attachments\35003497-3000348f.gif

c:\x\Inbox.mst30031894.3403061376\Mail Attachments\35003497-3200348d.gif

c:\x\Inbox.mst30031894.3403061376\Mail Attachments\35003497-3d003479.gif

c:\x\Inbox.mst30031894.3403061376\Mail Attachments\350034c6-300034b8.gif

c:\x\Inbox.mst30031894.3403061376\Mail Attachments\350034c6-370034c8.jpg

c:\x\Inbox.mst30031894.3403061376\Mail Attachments\350034c6-3c0034cc.gif

c:\x\Inbox.mst30031894.3403061376\Mail Attachments\350034c6-3d0034c9.gif

c:\x\Inbox.mst30031894.3403061376\Mail Attachments\350034c6-3e0034ca.gif

c:\x\Inbox.mst30031894.3403061376\Mail Attachments\Thumbs.db

c:\x\Inbox.mst30038711.3441004544\Mail Attachments\3000463e-35004611.jpg

c:\x\Inbox.mst30038711.3441004544\Mail Attachments\3000463e-37004640.jpg

c:\x\Inbox.mst30038711.3441004544\Mail Attachments\3000463e-38004609.jpg

c:\x\Inbox.mst30038711.3441004544\Mail Attachments\3000463e-39004646.jpg

c:\x\Inbox.mst30038711.3441004544\Mail Attachments\3000463e-39004647.jpg

c:\x\Inbox.mst30038711.3441004544\Mail Attachments\3000463e-39004648.jpg

c:\x\Inbox.mst30038711.3441004544\Mail Attachments\3000463e-39004649.jpg

c:\x\Inbox.mst30038711.3441004544\Mail Attachments\3000463e-3a004644.jpg

c:\x\Inbox.mst30038711.3441004544\Mail Attachments\3000463e-3b004641.jpg

c:\x\Inbox.mst30038711.3441004544\Mail Attachments\3000463e-3b004642.jpg

c:\x\Inbox.mst30038711.3441004544\Mail Attachments\36004220-3d00462c.jpg

c:\x\Inbox.mst30038711.3441004544\Mail Attachments\3e004653-36004655.jpg

c:\x\Inbox.mst30038711.3441004544\Mail Attachments\Thumbs.db

.

.

((((((((((((((((((((((((( Files Created from 2012-08-24 to 2012-09-24 )))))))))))))))))))))))))))))))

.

.

2012-09-23 21:14 . 2012-09-23 21:15 -------- d-----w- c:\documents and settings\Customer\Application Data\vlc

2012-09-21 19:45 . 2001-08-17 17:53 6784 -c--a-w- c:\windows\system32\dllcache\serscan.sys

2012-09-21 19:45 . 2001-08-17 17:53 6784 ----a-w- c:\windows\system32\drivers\serscan.sys

2012-09-21 19:43 . 2006-04-13 00:02 659456 ----a-w- c:\windows\system32\hpowiax2.dll

2012-09-21 19:43 . 2006-04-13 00:02 827392 ----a-w- c:\windows\system32\hpotiop2.dll

2012-09-21 19:43 . 2006-04-13 00:02 254026 ----a-w- c:\windows\system32\hpovst09.dll

2012-09-21 19:22 . 2012-09-21 19:45 -------- d-----w- c:\documents and settings\All Users\Application Data\HP

2012-09-21 17:53 . 2006-04-10 18:03 38400 ----a-w- c:\windows\system32\hpz3l054.dll

2012-09-21 17:53 . 2006-04-10 18:02 74240 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpzpp054.dll

2012-09-21 17:47 . 2012-09-21 17:47 -------- d-----w- c:\program files\Common Files\Hewlett-Packard

2012-09-21 17:46 . 2006-03-04 01:03 65536 ----a-w- c:\windows\system32\HPZinw12.exe

2012-09-21 17:46 . 2006-03-04 01:03 69632 ----a-w- c:\windows\system32\HPZipm12.exe

2012-09-21 17:46 . 2012-09-21 17:46 -------- d-----w- c:\program files\HP

2012-09-21 17:46 . 2006-01-04 08:12 77824 ----a-w- c:\windows\system32\HPZIDS01.dll

2012-09-21 17:46 . 2005-07-19 01:39 98304 ----a-w- c:\windows\system32\hpzjsn01.dll

2012-09-20 18:37 . 2012-09-20 18:37 2212440 ----a-w- C:\tdsskiller.exe

2012-09-18 05:17 . 2008-04-14 04:16 53376 -c--a-w- c:\windows\system32\dllcache\OLD1DB.tmp

2012-09-18 05:17 . 2001-08-17 18:06 11264 -c--a-w- c:\windows\system32\dllcache\OLD1DF.tmp

2012-09-18 05:17 . 2008-04-14 09:42 32827 -c--a-w- c:\windows\system32\dllcache\OLD1D3.tmp

2012-09-18 05:17 . 2007-04-03 02:06 16384 -c--a-w- c:\windows\system32\dllcache\OLD1D6.tmp

2012-09-18 05:17 . 2008-04-14 09:42 16437 -c--a-w- c:\windows\system32\dllcache\OLD1D0.tmp

2012-09-18 05:17 . 2008-04-14 09:42 20536 -c--a-w- c:\windows\system32\dllcache\OLD1CD.tmp

2012-09-18 05:17 . 2001-08-17 18:56 66048 -c--a-w- c:\windows\system32\dllcache\OLD1CA.tmp

2012-09-18 05:14 . 2001-08-17 18:55 6144 -c--a-w- c:\windows\system32\dllcache\OLD284C.tmp

2012-09-18 05:13 . 2008-04-14 09:41 702845 -c--a-w- c:\windows\system32\dllcache\i81xdnt5.dll

2012-09-18 05:13 . 2004-08-04 02:29 161020 -c--a-w- c:\windows\system32\dllcache\OLD2796.tmp

2012-09-18 05:13 . 2001-08-17 16:49 58592 -c--a-w- c:\windows\system32\dllcache\OLD2790.tmp

2012-09-18 05:13 . 2001-08-17 18:56 353184 -c--a-w- c:\windows\system32\dllcache\OLD278C.tmp

2012-09-18 05:13 . 2008-04-14 04:11 18560 -c--a-w- c:\windows\system32\dllcache\i2omp.sys

2012-09-18 05:13 . 2008-04-14 04:11 8576 -c--a-w- c:\windows\system32\dllcache\i2omgmt.sys

2012-09-18 05:13 . 2008-04-14 11:00 10129408 -c--a-w- c:\windows\system32\dllcache\OLD2784.tmp

2012-09-18 05:13 . 2008-04-14 09:39 13463552 -c--a-w- c:\windows\system32\dllcache\OLD2781.tmp

2012-09-18 05:13 . 2008-04-14 11:00 10096640 -c--a-w- c:\windows\system32\dllcache\OLD277E.tmp

2012-09-18 05:12 . 2008-04-14 04:06 20352 -c--a-w- c:\windows\system32\dllcache\hidbatt.sys

2012-09-18 05:12 . 2008-04-14 04:10 28288 -c--a-w- c:\windows\system32\dllcache\grserial.sys

2012-09-18 05:12 . 2008-04-14 04:15 59136 -c--a-w- c:\windows\system32\dllcache\gckernel.sys

2012-09-18 05:12 . 2008-04-14 04:15 10624 -c--a-w- c:\windows\system32\dllcache\gameenum.sys

2012-09-18 05:10 . 2008-04-14 04:09 206976 -c--a-w- c:\windows\system32\dllcache\dot4.sys

2012-09-18 05:10 . 2008-04-14 04:10 8320 -c--a-w- c:\windows\system32\dllcache\dlttape.sys

2012-09-18 05:09 . 2008-04-14 09:41 249856 -c--a-w- c:\windows\system32\dllcache\ctmasetp.dll

2012-09-18 05:09 . 2008-04-14 04:11 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys

2012-09-18 05:09 . 2008-04-14 04:16 17024 -c--a-w- c:\windows\system32\dllcache\ccdecode.sys

2012-09-18 05:09 . 2008-04-14 09:41 121856 -c--a-w- c:\windows\system32\dllcache\camext30.dll

2012-09-17 15:28 . 2012-09-17 15:28 607260 ------r- C:\dds.com

2012-09-17 15:01 . 2008-04-14 04:16 11776 -c--a-w- c:\windows\system32\dllcache\bdasup.sys

2012-09-17 15:01 . 2008-04-14 04:16 13696 -c--a-w- c:\windows\system32\dllcache\avcstrm.sys

2012-09-17 15:01 . 2008-04-14 04:16 38912 -c--a-w- c:\windows\system32\dllcache\avc.sys

2012-09-17 15:01 . 2008-04-14 04:16 48128 -c--a-w- c:\windows\system32\dllcache\61883.sys

2012-09-17 15:01 . 2008-04-14 04:10 12288 -c--a-w- c:\windows\system32\dllcache\4mmdat.sys

2012-09-17 15:01 . 2008-04-14 04:57 2188928 -c--a-w- c:\windows\system32\dllcache\ntoskrnl.exe

2012-09-17 14:36 . 2012-09-17 14:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Trend Micro

2012-09-17 14:26 . 2012-09-17 14:26 131384 ----a-w- c:\windows\system32\drivers\tmrkb.sys

2012-09-17 14:26 . 2012-06-05 07:37 256904 ----a-w- c:\windows\system32\drivers\tmcomm.sys

2012-09-17 14:26 . 2012-09-17 14:26 -------- d-----w- c:\program files\WinPcap

2012-09-17 14:25 . 2012-09-17 14:25 -------- d-----w- c:\program files\Trend Micro

2012-09-17 14:11 . 2008-04-14 09:42 221184 ----a-w- c:\windows\system32\wmpns.dll

2012-09-17 14:07 . 2008-04-14 09:42 1306624 -c----w- c:\windows\system32\dllcache\msxml6.dll

2012-09-17 14:07 . 2008-04-14 02:57 79872 -c----w- c:\windows\system32\dllcache\msxml6r.dll

2012-09-17 14:05 . 2008-04-14 09:41 25471 -c--a-w- c:\windows\system32\dllcache\atv04nt5.dll

2012-09-17 13:42 . 2012-09-17 13:42 -------- d-----w- C:\e888c916eb7ac54122

2012-09-12 18:09 . 2012-09-12 18:09 -------- d-----w- c:\documents and settings\Customer\Application Data\Malwarebytes

2012-09-12 18:09 . 2012-09-12 18:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2012-09-12 18:09 . 2012-09-12 18:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-09-12 18:09 . 2012-09-07 21:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-09-12 13:21 . 2012-09-12 13:24 -------- d-----w- c:\documents and settings\Customer\Application Data\QuickScan

2012-09-11 21:44 . 2008-04-14 04:26 30592 ----a-w- c:\windows\system32\drivers\rndismpx.sys

2012-09-11 21:44 . 2008-04-14 04:26 12800 ----a-w- c:\windows\system32\drivers\usb8023x.sys

2012-09-11 18:11 . 2012-09-24 12:22 -------- d-----w- c:\documents and settings\Customer\Application Data\gtk-2.0

2012-09-11 13:51 . 2012-09-11 14:47 -------- d-----w- c:\program files\pidgin

2012-09-10 22:34 . 2012-09-10 22:34 -------- d-----w- c:\program files\KUSO EXIF Viewer

2012-09-10 21:43 . 2008-11-06 15:13 273408 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpcpp6de.DLL

2012-09-10 21:43 . 2008-11-06 15:12 149504 ----a-w- c:\windows\system32\hpcpn6de.dll

2012-09-06 17:53 . 2009-06-10 04:49 24576 ----a-w- c:\windows\system32\drivers\ANDROIDUSB.sys

2012-09-06 17:53 . 2012-09-06 17:53 -------- d-----w- c:\program files\Spirent Communications

2012-09-06 17:53 . 2012-09-06 17:53 -------- d-----w- c:\program files\HTC

2012-09-06 17:52 . 2012-09-07 13:26 -------- d-----w- C:\evo3D

2012-09-05 13:51 . 2010-03-26 08:08 4608 ------w- c:\windows\system32\drivers\TSMAPIP.SYS

2012-09-04 19:45 . 2012-09-04 19:46 -------- d-----w- c:\documents and settings\Customer\Application Data\Spreadsheet Compare

2012-09-03 21:24 . 2012-09-03 21:24 -------- d-----w- c:\program files\Common Files\Java

2012-09-03 21:22 . 2012-09-03 21:22 73728 ----a-w- c:\windows\system32\javacpl.cpl

2012-09-03 21:22 . 2012-09-03 21:22 477168 ----a-w- c:\windows\system32\npdeployJava1.dll

2012-09-03 16:57 . 2012-09-03 17:00 -------- d-----w- c:\documents and settings\Customer\Application Data\WindSolutions

2012-09-03 16:57 . 2012-09-03 16:57 -------- d-----w- c:\documents and settings\All Users\Application Data\WindSolutions

2012-09-02 19:15 . 2004-01-28 19:03 21456 ----a-w- c:\windows\system32\drivers\SilvrLnk.sys

2012-09-02 19:15 . 2004-02-04 14:27 49536 ----a-w- c:\windows\system32\drivers\tiehdusb.sys

2012-09-02 19:15 . 2012-09-02 19:15 -------- d-----w- c:\program files\TI Education

2012-09-02 19:15 . 2012-09-02 19:15 -------- d-----w- c:\program files\Common Files\TI Shared

2012-09-02 19:14 . 2012-09-02 19:14 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard

2012-08-27 04:25 . 2012-08-27 08:36 -------- d-----w- C:\Z

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-09-24 12:57 . 2011-11-15 11:40 22528 ----a-w- c:\windows\system32\drivers\nhcDriver.sys

2012-09-19 15:19 . 2012-09-19 15:02 12319557 ----a-w- C:\iv_formats.zip

2012-09-19 14:59 . 2012-09-19 14:57 54312623 ----a-w- C:\5DIIand1DsIIIRaws.zip

2012-09-03 21:22 . 2011-11-25 07:31 473072 ----a-w- c:\windows\system32\deployJava1.dll

2012-07-19 17:17 . 2012-04-03 05:25 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-07-19 17:17 . 2011-10-20 08:54 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-07-05 18:09 . 2012-07-05 18:09 249856 ------w- c:\windows\Setup1.exe

2012-07-05 18:09 . 2012-07-05 18:09 73216 ----a-w- c:\windows\ST6UNST.EXE

2012-06-26 06:59 . 2011-10-20 08:48 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]

2012-09-06 19:51 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]

2012-09-06 19:51 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]

2012-09-06 19:51 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]

2012-09-06 19:51 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-07 21633320]

"GoogleDriveSync"="c:\program files\Google\Drive\googledrivesync.exe" [2012-09-06 15668432]

"Netdrive"="c:\program files\NetDrive\netdrive.exe" [2001-08-23 294912]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-10-29 925696]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-29 61440]

"PSQLLauncher"="c:\program files\ThinkVantage Fingerprint Software\launcher.exe" [2010-07-21 55120]

"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-03-04 487424]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-07-15 2282792]

"LenovoAutoScrollUtility"="c:\program files\Lenovo\VIRTSCRL\virtscrl.exe" [2011-10-20 101440]

"TpShocks"="TpShocks.exe" [2011-03-29 337256]

"LPManager"="c:\progra~1\THINKV~2\PrdCtr\LPMGR.exe" [2009-07-23 185688]

"LPMailChecker"="c:\progra~1\THINKV~2\PrdCtr\LPMLCHK.exe" [2009-07-23 124248]

"Sprint SmartView"="c:\program files\Sprint\Sprint SmartView\SprintSV.exe" [2010-12-15 75072]

"RDVCHG"="c:\program files\Sprint\Sprint SmartView\RDVCHG.exe" [2010-12-15 316736]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]

"NotebookHardwareControl"="c:\program files\Notebook Hardware Control\nhc.exe" [2007-05-04 2629632]

"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2011-10-04 818240]

"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-02-22 2140880]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-07 421160]

"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-06-16 221184]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]

"TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2010-03-26 62312]

"Trend Micro RUBotted V2.0 Beta"="c:\program files\Trend Micro\RUBotted\RUBottedGUI.exe" [2010-12-17 1103184]

.

c:\documents and settings\Customer\Start Menu\Programs\Startup\

bmem.lnk - c:\program files\bmem\bmem.exe [2011-11-10 18944]

OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

Pidgin.lnk - c:\program files\pidgin\PidginPortable.exe [2012-4-6 137328]

Samsung SSD Magician.lnk - c:\program files\Samsung SSD Magician\Samsung SSD Magician.exe [2012-8-16 2056192]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]

2010-07-22 00:28 100176 ----a-w- c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages REG_MULTI_SZ scecli c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background

"Pidgin"="c:\pidgin\App\Pidgin\pidgin.exe"

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"Nikon Message Center 2"=c:\program files\Nikon\Nikon Message Center 2\NkMC2.exe -s

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Sprint\\Sprint SmartView\\SwiApiMux.exe"=

"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\WINDOWS\\system32\\ftp.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\WINDOWS\\system32\\mmc.exe"=

"c:\\Books\\Stanza\\Calibre Portable\\Calibre\\calibre.exe"=

"c:\\mongodb\\bin\\mongod.exe"=

"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\Stanza.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

"c:\\DRIVERS\\HP Photosmart 3300\\setup\\HPZnet01.exe"=

"c:\\DRIVERS\\HP Photosmart 3300\\setup\\hponicifs01.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015

"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016

"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

.

R0 DozeHDD;DozeHDD;c:\windows\system32\drivers\DOZEHDD.SYS [11/16/2011 10:18 AM 25968]

R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [3/29/2011 10:12 PM 20592]

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2/22/2010 5:50 PM 114984]

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2/22/2010 5:51 PM 95872]

R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [10/20/2011 5:52 PM 13680]

R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [10/20/2011 4:33 AM 21992]

R2 DozeSvc;Lenovo Doze Mode Service;c:\program files\ThinkPad\Utilities\DOZESVC.EXE [11/16/2011 10:18 AM 292200]

R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2/22/2010 5:50 PM 810120]

R2 NovacomD;Palm Novacom;c:\program files\Palm, Inc\novacomd\x86\novacomd.exe [3/15/2011 5:35 PM 61440]

R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [10/20/2009 2:19 PM 50704]

R2 NvtlService;NovaCore SDK Service;c:\program files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe [1/11/2010 5:10 PM 82944]

R2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [3/31/2011 4:08 PM 80896]

R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.exe [11/16/2011 10:18 AM 69632]

R2 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files\ThinkPad\Utilities\PWMEWSVC.exe [11/16/2011 10:18 AM 175168]

R2 smihlp;SMI Helper Driver (smihlp);c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [3/13/2009 5:47 PM 12560]

R2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\Lenovo\HOTKEY\tphkload.exe [10/20/2011 5:52 PM 131432]

R2 TPHKSVC;On Screen Display;c:\program files\Lenovo\HOTKEY\TPHKSVC.exe [10/20/2011 5:52 PM 142696]

R2 WebDriveFSD;WebDrive File System Driver;c:\program files\NetDrive\rffsd.sys [7/11/2012 1:28 PM 67032]

R3 NETwLx32; Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit;c:\windows\system32\drivers\NETwLx32.sys [10/20/2011 8:20 PM 6609920]

R3 VSBC;Virtual Serial Bus Enumerator (Eltima Software);c:\windows\system32\drivers\evsbc.sys [4/3/2012 1:12 AM 27904]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/8/2011 4:49 PM 136176]

S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\Lenovo\HOTKEY\micmute.exe [10/20/2011 5:52 PM 101736]

S2 RUBotSrv;Trend Micro RUBotted Service;c:\program files\Trend Micro\RUBotted\RUBotSrv.exe [9/17/2012 10:25 AM 439632]

S3 bcm;WiMAX Network Adapter;c:\windows\system32\drivers\drxvi314.sys [3/26/2010 11:07 PM 319488]

S3 bcmbusctr;WiMAX Bus Driver;c:\windows\system32\drivers\BcmBusCtr.sys [3/26/2010 11:04 PM 51456]

S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [8/8/2012 4:24 PM 13192]

S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [8/8/2012 4:24 PM 8456]

S3 evserial;Virtual Serial Ports Driver (Eltima Softwate);c:\windows\system32\drivers\evserial.sys [4/3/2012 1:12 AM 53888]

S3 GenericMount Helper Service;GenericMount Helper Service;"c:\program files\Norton Ghost\Shared\Drivers\GenericMountHelper.exe" --> c:\program files\Norton Ghost\Shared\Drivers\GenericMountHelper.exe [?]

S3 GenericMount;Generic Mount Driver;c:\windows\system32\DRIVERS\GenericMount.sys --> c:\windows\system32\DRIVERS\GenericMount.sys [?]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [12/8/2011 4:49 PM 136176]

S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [9/6/2012 1:53 PM 24576]

S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [6/22/2010 6:01 PM 21248]

S3 MongoDB;Mongo DB;c:\mongodb\bin\mongod.exe [7/16/2012 9:54 AM 3908096]

S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [4/30/2012 10:09 AM 113120]

S3 SER2AT;ATEN USB to Serial port driver;c:\windows\system32\drivers\SER2AT.sys [4/3/2012 2:44 AM 51200]

S3 SKYSCOUT;Celestron SkyScout driver;c:\windows\system32\drivers\UsbScout.sys [1/27/2012 7:38 PM 20480]

S3 SymSnapService;SymSnapService;"c:\program files\Norton Ghost\Shared\Drivers\SymSnapService.exe" --> c:\program files\Norton Ghost\Shared\Drivers\SymSnapService.exe [?]

S4 RFNP32;WebDrive Provider; [x]

S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1/26/2012 3:29 AM 691696]

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - BMLoad

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

.

Contents of the 'Scheduled Tasks' folder

.

2012-06-12 c:\windows\Tasks\AOR Pacing.job

- c:\wwp\aor\aor.bat [2012-06-11 21:20]

.

2012-09-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-12-08 20:48]

.

2012-09-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-12-08 20:48]

.

2012-05-03 c:\windows\Tasks\Lead Alerts.job

- c:\perl\wwp.bat [2012-05-01 16:38]

.

2012-09-24 c:\windows\Tasks\PMTask.job

- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2011-11-16 06:39]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Open with KUSO EXIF Viewer - c:\program files\KUSO EXIF Viewer\EXIF.htm

IE: Send to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send To Bluetooth - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm

TCP: DhcpNameServer = 205.152.144.23 205.152.132.23

FF - ProfilePath - c:\documents and settings\Customer\Application Data\Mozilla\Firefox\Profiles\a7zp1i7x.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

.

- - - - ORPHANS REMOVED - - - -

.

HKLM-Run-WebDriveTray - c:\program files\NetDrive\webdrive.exe

AddRemove-{F7E1CA14-B39D-452A-960B-39423DDDD933} - f:\xml\Uninstall.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-09-24 08:57

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files:

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL]

"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.1\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.1\my.ini\" MySQL"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(620)

c:\windows\system32\vrlogon.dll

c:\windows\system32\Ati2evxx.dll

c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll

c:\program files\ThinkVantage Fingerprint Software\homefus2.dll

c:\program files\ThinkVantage Fingerprint Software\infql2.dll

c:\program files\ThinkVantage Fingerprint Software\homepass.dll

c:\program files\ThinkVantage Fingerprint Software\bio.dll

c:\program files\ThinkVantage Fingerprint Software\qlbase.dll

c:\program files\ThinkVantage Fingerprint Software\ps2css.dll

c:\windows\system32\RFNP32.DLL

c:\windows\system32\RFHelper.dll

c:\windows\system32\rfhres.dll

.

- - - - - - - > 'lsass.exe'(676)

c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll

c:\program files\ThinkVantage Fingerprint Software\homefus2.dll

c:\program files\ThinkVantage Fingerprint Software\infql2.dll

.

- - - - - - - > 'explorer.exe'(3680)

c:\program files\Google\Drive\googledrivesync32.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\OneX.DLL

c:\windows\system32\eappprxy.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\ibmpmsvc.exe

c:\windows\system32\Ati2evxx.exe

c:\program files\Intel\WiFi\bin\S24EvMon.exe

c:\windows\system32\Ati2evxx.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

c:\program files\Intel\WiFi\bin\EvtEng.exe

c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

c:\windows\system32\inetsrv\inetinfo.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\MySQL\MySQL Server 5.1\bin\mysqld.exe

c:\windows\system32\wbem\unsecapp.exe

c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe

c:\program files\Lenovo\System Update\SUService.exe

c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe

c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe

c:\program files\NetDrive\wdservice.exe

c:\program files\ThinkPad\Bluetooth Software\bin\btwdins.exe

c:\program files\LENOVO\HOTKEY\tposdsvc.exe

c:\windows\system32\wscntfy.exe

c:\program files\Lenovo\HOTKEY\TPONSCR.exe

c:\program files\Lenovo\Zoom\TpScrex.exe

c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

c:\windows\system32\TpShocks.exe

c:\windows\system32\rundll32.exe

c:\program files\Synaptics\SynTP\SynTPLpr.exe

c:\program files\iPod\bin\iPodService.exe

c:\progra~1\ThinkPad\UTILIT~1\SCHTASK.exe

c:\program files\Skype\Plugin Manager\skypePM.exe

c:\program files\pidgin\App\Pidgin\pidgin-portable.exe

c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

.

**************************************************************************

.

Completion time: 2012-09-24 09:00:01 - machine was rebooted

ComboFix-quarantined-files.txt 2012-09-24 12:59

.

Pre-Run: 7,785,623,552 bytes free

Post-Run: 15,865,167,872 bytes free

.

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

.

- - End Of File - - BCEF5E4D31FF867226D6CE7EB6F7B64B

Here is the TDSSKiller log file

09:12:58.0296 4116 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24

09:12:58.0578 4116 ============================================================

09:12:58.0578 4116 Current date / time: 2012/09/24 09:12:58.0578

09:12:58.0578 4116 SystemInfo:

09:12:58.0578 4116

09:12:58.0578 4116 OS Version: 5.1.2600 ServicePack: 3.0

09:12:58.0578 4116 Product type: Workstation

09:12:58.0578 4116 ComputerName: T60P

09:12:58.0578 4116 UserName: Customer

09:12:58.0578 4116 Windows directory: C:\WINDOWS

09:12:58.0578 4116 System windows directory: C:\WINDOWS

09:12:58.0578 4116 Processor architecture: Intel x86

09:12:58.0578 4116 Number of processors: 2

09:12:58.0578 4116 Page size: 0x1000

09:12:58.0578 4116 Boot type: Normal boot

09:12:58.0578 4116 ============================================================

09:12:59.0140 4116 Drive \Device\Harddisk0\DR0 - Size: 0x3B9E656000 (238.47 Gb), SectorSize: 0x200, Cylinders: 0x8134, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050

09:12:59.0140 4116 ============================================================

09:12:59.0140 4116 \Device\Harddisk0\DR0:

09:12:59.0140 4116 MBR partitions:

09:12:59.0140 4116 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C4191

09:12:59.0140 4116 ============================================================

09:12:59.0140 4116 C: <-> \Device\Harddisk0\DR0\Partition1

09:12:59.0156 4116 ============================================================

09:12:59.0156 4116 Initialize success

09:12:59.0156 4116 ============================================================

09:13:01.0265 4028 ============================================================

09:13:01.0265 4028 Scan started

09:13:01.0265 4028 Mode: Manual;

09:13:01.0265 4028 ============================================================

09:13:01.0468 4028 ================ Scan system memory ========================

09:13:01.0484 4028 System memory - ok

09:13:01.0484 4028 ================ Scan services =============================

09:13:01.0515 4028 Abiosdsk - ok

09:13:01.0531 4028 abp480n5 - ok

09:13:01.0531 4028 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys

09:13:01.0609 4028 ACPI - ok

09:13:01.0625 4028 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys

09:13:01.0656 4028 ACPIEC - ok

09:13:01.0671 4028 [ B7C4F2A40B7D2289EB944FFF30F385FF ] ADIHdAudAddService C:\WINDOWS\system32\drivers\ADIHdAud.sys

09:13:01.0703 4028 ADIHdAudAddService - ok

09:13:01.0703 4028 adpu160m - ok

09:13:01.0718 4028 [ C984DE22ED71414ABC42C1E03D412E33 ] AEAudioService C:\WINDOWS\system32\drivers\AEAudio.sys

09:13:01.0734 4028 AEAudioService - ok

09:13:01.0734 4028 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys

09:13:01.0765 4028 aec - ok

09:13:01.0765 4028 [ 322D0E36693D6E24A2398BEE62A268CD ] AFD C:\WINDOWS\System32\drivers\afd.sys

09:13:01.0765 4028 AFD - ok

09:13:01.0765 4028 Aha154x - ok

09:13:01.0781 4028 aic78u2 - ok

09:13:01.0781 4028 aic78xx - ok

09:13:01.0781 4028 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll

09:13:01.0796 4028 Alerter - ok

09:13:01.0796 4028 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe

09:13:01.0796 4028 ALG - ok

09:13:01.0796 4028 AliIde - ok

09:13:01.0796 4028 amsint - ok

09:13:01.0812 4028 ANIWZCSdService - ok

09:13:01.0812 4028 [ D8E18021F91AD79CA8491CB5A5DA22D4 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

09:13:01.0812 4028 Apple Mobile Device - ok

09:13:01.0812 4028 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll

09:13:01.0828 4028 AppMgmt - ok

09:13:01.0828 4028 asc - ok

09:13:01.0828 4028 asc3350p - ok

09:13:01.0828 4028 asc3550 - ok

09:13:01.0843 4028 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe

09:13:01.0843 4028 aspnet_state - ok

09:13:01.0859 4028 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys

09:13:01.0875 4028 AsyncMac - ok

09:13:01.0875 4028 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys

09:13:01.0890 4028 atapi - ok

09:13:01.0890 4028 Atdisk - ok

09:13:01.0906 4028 [ B921D1790A8EF84B2DBDEEEF4909FBA1 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe

09:13:01.0921 4028 Ati HotKey Poller - ok

09:13:01.0968 4028 [ 5A13723FB8BFDD2090DEFB2D0CB98A27 ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

09:13:02.0015 4028 ati2mtag - ok

09:13:02.0031 4028 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys

09:13:02.0046 4028 Atmarpc - ok

09:13:02.0046 4028 [ DBF0D7E2DF33B469EB55406FEA759350 ] atmeltpm C:\WINDOWS\system32\DRIVERS\atmeltpm.sys

09:13:02.0062 4028 atmeltpm - ok

09:13:02.0078 4028 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll

09:13:02.0078 4028 AudioSrv - ok

09:13:02.0078 4028 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys

09:13:02.0093 4028 audstub - ok

09:13:02.0109 4028 [ 54C533AE49CDF9C4630E80379A1090FE ] bcm C:\WINDOWS\system32\DRIVERS\drxvi314.sys

09:13:02.0140 4028 bcm - ok

09:13:02.0140 4028 [ 44A70E32615770A4EC60E0267C0C8408 ] bcmbusctr C:\WINDOWS\system32\DRIVERS\BcmBusCtr.sys

09:13:02.0171 4028 bcmbusctr - ok

09:13:02.0187 4028 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys

09:13:02.0203 4028 Beep - ok

09:13:02.0203 4028 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll

09:13:02.0218 4028 BITS - ok

09:13:02.0218 4028 [ 98F4630B5867D911AD6EAE79874BF5E6 ] BMLoad C:\WINDOWS\system32\drivers\BMLoad.sys

09:13:02.0218 4028 BMLoad - ok

09:13:02.0234 4028 [ F934D1B230F84E1D19DD00AC5A7A83ED ] Bridge C:\WINDOWS\system32\DRIVERS\bridge.sys

09:13:02.0265 4028 Bridge - ok

09:13:02.0265 4028 [ F934D1B230F84E1D19DD00AC5A7A83ED ] BridgeMP C:\WINDOWS\system32\DRIVERS\bridge.sys

09:13:02.0265 4028 BridgeMP - ok

09:13:02.0265 4028 [ A06CE3399D16DB864F55FAEB1F1927A9 ] Browser C:\WINDOWS\System32\browser.dll

09:13:02.0265 4028 Browser - ok

09:13:02.0281 4028 [ 2F9F111D31AA3FBBE5781D829A4524E6 ] BTDriver C:\WINDOWS\system32\DRIVERS\btport.sys

09:13:02.0296 4028 BTDriver - ok

09:13:02.0312 4028 [ D26B5B9A40A2B2191B35C76D5CBF5D2A ] BTKRNL C:\WINDOWS\system32\DRIVERS\btkrnl.sys

09:13:02.0328 4028 BTKRNL - ok

09:13:02.0343 4028 [ C261E704B5558BA04DD643A0D998327D ] btwdins C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe

09:13:02.0343 4028 btwdins - ok

09:13:02.0359 4028 [ 485020A1E1FC5C51A800CA69C618D881 ] BTWDNDIS C:\WINDOWS\system32\DRIVERS\btwdndis.sys

09:13:02.0375 4028 BTWDNDIS - ok

09:13:02.0375 4028 [ 7696F6F2E63086EEEDB76B71BB7BB455 ] BTWUSB C:\WINDOWS\system32\Drivers\btwusb.sys

09:13:02.0390 4028 BTWUSB - ok

09:13:02.0390 4028 catchme - ok

09:13:02.0390 4028 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys

09:13:02.0406 4028 cbidf2k - ok

09:13:02.0406 4028 cd20xrnt - ok

09:13:02.0421 4028 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys

09:13:02.0437 4028 Cdaudio - ok

09:13:02.0437 4028 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys

09:13:02.0453 4028 Cdfs - ok

09:13:02.0468 4028 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys

09:13:02.0484 4028 Cdrom - ok

09:13:02.0484 4028 Changer - ok

09:13:02.0484 4028 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe

09:13:02.0484 4028 CiSvc - ok

09:13:02.0500 4028 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe

09:13:02.0500 4028 ClipSrv - ok

09:13:02.0500 4028 [ 234B1BC2796483E1F5C3F26649FB3388 ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

09:13:02.0515 4028 clr_optimization_v2.0.50727_32 - ok

09:13:02.0515 4028 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

09:13:02.0515 4028 clr_optimization_v4.0.30319_32 - ok

09:13:02.0515 4028 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys

09:13:02.0531 4028 CmBatt - ok

09:13:02.0546 4028 CmdIde - ok

09:13:02.0546 4028 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys

09:13:02.0562 4028 Compbatt - ok

09:13:02.0562 4028 COMSysApp - ok

09:13:02.0578 4028 Cpqarray - ok

09:13:02.0578 4028 [ C2EB4539A4F6AB6EDD01BDC191619975 ] cpuz135 C:\WINDOWS\system32\drivers\cpuz135_x32.sys

09:13:02.0593 4028 cpuz135 - ok

09:13:02.0609 4028 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll

09:13:02.0609 4028 CryptSvc - ok

09:13:02.0609 4028 dac2w2k - ok

09:13:02.0609 4028 dac960nt - ok

09:13:02.0625 4028 [ 2589FE6015A316C0F5D5112B4DA7B509 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll

09:13:02.0625 4028 DcomLaunch - ok

09:13:02.0625 4028 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll

09:13:02.0640 4028 Dhcp - ok

09:13:02.0640 4028 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys

09:13:02.0656 4028 Disk - ok

09:13:02.0656 4028 dmadmin - ok

09:13:02.0671 4028 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys

09:13:02.0718 4028 dmboot - ok

09:13:02.0718 4028 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys

09:13:02.0734 4028 dmio - ok

09:13:02.0750 4028 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys

09:13:02.0765 4028 dmload - ok

09:13:02.0765 4028 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll

09:13:02.0765 4028 dmserver - ok

09:13:02.0765 4028 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys

09:13:02.0781 4028 DMusic - ok

09:13:02.0781 4028 [ 474B4DC3983173E4B4C9740B0DAC98A6 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll

09:13:02.0781 4028 Dnscache - ok

09:13:02.0781 4028 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll

09:13:02.0796 4028 Dot3svc - ok

09:13:02.0796 4028 [ 6D279BB0DE1D8E34F454E1B353F4D738 ] DozeHDD C:\WINDOWS\system32\DRIVERS\DozeHDD.sys

09:13:02.0796 4028 DozeHDD - ok

09:13:02.0812 4028 [ 21B364856DDBC03D1AFCF348528E5B49 ] DozeSvc C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE

09:13:02.0812 4028 DozeSvc - ok

09:13:02.0812 4028 dpti2o - ok

09:13:02.0812 4028 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys

09:13:02.0843 4028 drmkaud - ok

09:13:02.0843 4028 [ 06D94F4543671B497A5F4A0AEDD5E36A ] e1express C:\WINDOWS\system32\DRIVERS\e1e5132.sys

09:13:02.0859 4028 e1express - ok

09:13:02.0875 4028 [ 55E754E04C09DAF19FC0054E72713D80 ] eamon C:\WINDOWS\system32\DRIVERS\eamon.sys

09:13:02.0890 4028 eamon - ok

09:13:02.0890 4028 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll

09:13:02.0890 4028 EapHost - ok

09:13:02.0906 4028 [ 6F2441C26D74BDE88C25E240A2720EEB ] ehdrv C:\WINDOWS\system32\DRIVERS\ehdrv.sys

09:13:02.0921 4028 ehdrv - ok

09:13:02.0921 4028 [ EE0F138E023787DE4D3F1C86A6907CC4 ] EhttpSrv C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe

09:13:02.0921 4028 EhttpSrv - ok

09:13:02.0937 4028 [ CD76857C30BB34D5D9E02A7C9DE5FB9E ] ekrn C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

09:13:02.0953 4028 ekrn - ok

09:13:02.0953 4028 [ A8317313533E02D573E9DA4962CE1BAD ] epfwtdir C:\WINDOWS\system32\DRIVERS\epfwtdir.sys

09:13:02.0984 4028 epfwtdir - ok

09:13:03.0000 4028 [ F07BA56B0235F15EFF8F10DC6389C42E ] epmntdrv C:\WINDOWS\system32\epmntdrv.sys

09:13:03.0000 4028 epmntdrv - ok

09:13:03.0000 4028 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll

09:13:03.0000 4028 ERSvc - ok

09:13:03.0015 4028 [ 1F2F4AB15CE03ECC257FEB2F6DC5A013 ] EuGdiDrv C:\WINDOWS\system32\EuGdiDrv.sys

09:13:03.0015 4028 EuGdiDrv - ok

09:13:03.0015 4028 [ 0E776ED5F7CC9F94299E70461B7B8185 ] Eventlog C:\WINDOWS\system32\services.exe

09:13:03.0015 4028 Eventlog - ok

09:13:03.0031 4028 [ 19A799805B24990867B00C120D300C3A ] EventSystem C:\WINDOWS\system32\es.dll

09:13:03.0031 4028 EventSystem - ok

09:13:03.0031 4028 [ EA2BEE20E81C36C36FE2C29FDA145552 ] evserial C:\WINDOWS\system32\DRIVERS\evserial.sys

09:13:03.0046 4028 evserial - ok

09:13:03.0062 4028 [ 52859724EDD0EE282522225E056B6EB3 ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe

09:13:03.0078 4028 EvtEng - ok

09:13:03.0078 4028 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys

09:13:03.0093 4028 Fastfat - ok

09:13:03.0109 4028 [ 1926899BF9FFE2602B63074971700412 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll

09:13:03.0109 4028 FastUserSwitchingCompatibility - ok

09:13:03.0109 4028 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys

09:13:03.0125 4028 Fdc - ok

09:13:03.0140 4028 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys

09:13:03.0156 4028 Fips - ok

09:13:03.0156 4028 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys

09:13:03.0171 4028 Flpydisk - ok

09:13:03.0187 4028 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys

09:13:03.0203 4028 FltMgr - ok

09:13:03.0203 4028 [ 993883524AA9CF1C90E1545411A9AC9C ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

09:13:03.0203 4028 FontCache3.0.0.0 - ok

09:13:03.0218 4028 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys

09:13:03.0250 4028 Fs_Rec - ok

09:13:03.0265 4028 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys

09:13:03.0281 4028 Ftdisk - ok

09:13:03.0312 4028 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

09:13:03.0312 4028 GEARAspiWDM - ok

09:13:03.0312 4028 GenericMount - ok

09:13:03.0312 4028 GenericMount Helper Service - ok

09:13:03.0328 4028 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys

09:13:03.0343 4028 Gpc - ok

09:13:03.0343 4028 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe

09:13:03.0359 4028 gupdate - ok

09:13:03.0359 4028 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe

09:13:03.0359 4028 gupdatem - ok

09:13:03.0359 4028 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

09:13:03.0375 4028 HDAudBus - ok

09:13:03.0390 4028 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

09:13:03.0390 4028 helpsvc - ok

09:13:03.0390 4028 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll

09:13:03.0390 4028 HidServ - ok

09:13:03.0390 4028 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys

09:13:03.0421 4028 HidUsb - ok

09:13:03.0437 4028 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll

09:13:03.0437 4028 hkmsvc - ok

09:13:03.0437 4028 [ C5F00D15AA15CB7F55A027FF75E44BB7 ] HP Port Resolver C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPBPRO.EXE

09:13:03.0453 4028 HP Port Resolver - ok

09:13:03.0453 4028 [ C5A288E4CEEF5A26D105117BAA3763AB ] HP Status Server C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPBOID.EXE

09:13:03.0453 4028 HP Status Server - ok

09:13:03.0453 4028 hpn - ok

09:13:03.0468 4028 [ B1FC0B027DF4374F9E5B796CFDF797B3 ] HSF_DPV C:\WINDOWS\system32\DRIVERS\hsx_dpv.sys

09:13:03.0484 4028 HSF_DPV - ok

09:13:03.0484 4028 [ 3AF45F5B4157C88FFAE24D89BA408302 ] HSXHWAZL C:\WINDOWS\system32\DRIVERS\hsxhwazl.sys

09:13:03.0515 4028 HSXHWAZL - ok

09:13:03.0515 4028 [ CBD09ED9CF6822177EE85AEA4D8816A2 ] HTCAND32 C:\WINDOWS\system32\Drivers\ANDROIDUSB.sys

09:13:03.0515 4028 HTCAND32 - ok

09:13:03.0515 4028 [ 04E3B3554076B8192A668EFE88A682A1 ] htcnprot C:\WINDOWS\system32\DRIVERS\htcnprot.sys

09:13:03.0515 4028 htcnprot - ok

09:13:03.0531 4028 [ F6AACF5BCE2893E0C1754AFEB672E5C9 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys

09:13:03.0546 4028 HTTP - ok

09:13:03.0546 4028 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll

09:13:03.0562 4028 HTTPFilter - ok

09:13:03.0562 4028 i2omgmt - ok

09:13:03.0562 4028 i2omp - ok

09:13:03.0562 4028 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys

09:13:03.0593 4028 i8042prt - ok

09:13:03.0609 4028 [ 2358C53F30CB9DCD1D3843C4E2F299B2 ] iaStor C:\WINDOWS\system32\DRIVERS\iaStor.sys

09:13:03.0609 4028 iaStor - ok

09:13:03.0609 4028 [ E3FFC8CB45B3F55264EE10F084B2731B ] IBMPMDRV C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys

09:13:03.0625 4028 IBMPMDRV - ok

09:13:03.0625 4028 [ 5565982522EE9D4E8921FEB304D4226F ] IBMPMSVC C:\WINDOWS\system32\ibmpmsvc.exe

09:13:03.0625 4028 IBMPMSVC - ok

09:13:03.0625 4028 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

09:13:03.0625 4028 IDriverT - ok

09:13:03.0656 4028 [ E7CC3AEAED9893A88876744CD439F76C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

09:13:03.0656 4028 idsvc - ok

09:13:03.0671 4028 [ DB3C22745C0DA4666F3BE31F1AF36B2F ] IISADMIN C:\WINDOWS\system32\inetsrv\inetinfo.exe

09:13:03.0671 4028 IISADMIN - ok

09:13:03.0671 4028 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys

09:13:03.0687 4028 Imapi - ok

09:13:03.0703 4028 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe

09:13:03.0703 4028 ImapiService - ok

09:13:03.0703 4028 ini910u - ok

09:13:03.0718 4028 IntelIde - ok

09:13:03.0718 4028 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys

09:13:03.0734 4028 intelppm - ok

09:13:03.0734 4028 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys

09:13:03.0765 4028 Ip6Fw - ok

09:13:03.0781 4028 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

09:13:03.0812 4028 IpFilterDriver - ok

09:13:03.0828 4028 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys

09:13:03.0843 4028 IpInIp - ok

09:13:03.0843 4028 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys

09:13:03.0859 4028 IpNat - ok

09:13:03.0875 4028 [ B84A28B3984185EDA8867541AF14CDDB ] iPod Service C:\Program Files\iPod\bin\iPodService.exe

09:13:03.0890 4028 iPod Service - ok

09:13:03.0906 4028 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys

09:13:03.0921 4028 IPSec - ok

09:13:03.0921 4028 [ ACA5E7B54409F9CB5EED97ED0C81120E ] irda C:\WINDOWS\system32\DRIVERS\irda.sys

09:13:03.0937 4028 irda - ok

09:13:03.0953 4028 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys

09:13:03.0968 4028 IRENUM - ok

09:13:03.0968 4028 [ 49CC4533CE897CB2E93C1E84A818FDE5 ] Irmon C:\WINDOWS\System32\irmon.dll

09:13:03.0968 4028 Irmon - ok

09:13:03.0968 4028 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys

09:13:04.0000 4028 isapnp - ok

09:13:04.0000 4028 [ 0E410EDC8D0527801B899CF29E60597C ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe

09:13:04.0000 4028 JavaQuickStarterService - ok

09:13:04.0015 4028 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys

09:13:04.0031 4028 Kbdclass - ok

09:13:04.0031 4028 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys

09:13:04.0046 4028 kbdhid - ok

09:13:04.0062 4028 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys

09:13:04.0078 4028 kmixer - ok

09:13:04.0078 4028 [ 1705745D900DABF2D89F90EBADDC7517 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys

09:13:04.0093 4028 KSecDD - ok

09:13:04.0109 4028 [ F385F4B02C535BFFE1D70CAB80838123 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll

09:13:04.0109 4028 lanmanserver - ok

09:13:04.0109 4028 [ 1B67B632786FEF1C1BBAEF46C2F3F2E6 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll

09:13:04.0125 4028 lanmanworkstation - ok

09:13:04.0125 4028 lbrtfdc - ok

09:13:04.0125 4028 [ 340288B3B2EDC8AFD5FF127DF85142A7 ] LENOVO.MICMUTE C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe

09:13:04.0140 4028 LENOVO.MICMUTE - ok

09:13:04.0140 4028 [ 9AAC267A225F3CAEBB9E633F7EB16E4B ] lenovo.smi C:\WINDOWS\system32\DRIVERS\smiif32.sys

09:13:04.0140 4028 lenovo.smi - ok

09:13:04.0156 4028 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll

09:13:04.0156 4028 LmHosts - ok

09:13:04.0156 4028 [ E246A32C445056996074A397DA56E815 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

09:13:04.0156 4028 mdmxsdk - ok

09:13:04.0156 4028 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll

09:13:04.0171 4028 Messenger - ok

09:13:04.0171 4028 [ A7DA20AB18A1BDAE28B0F349E57DA0D1 ] mf C:\WINDOWS\system32\DRIVERS\mf.sys

09:13:04.0187 4028 mf - ok

09:13:04.0187 4028 [ 7C4C76B39D5525C4A465E0BE32528E19 ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe

09:13:04.0203 4028 Microsoft Office Groove Audit Service - ok

09:13:04.0203 4028 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys

09:13:04.0218 4028 mnmdd - ok

09:13:04.0218 4028 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe

09:13:04.0234 4028 mnmsrvc - ok

09:13:04.0234 4028 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys

09:13:04.0250 4028 Modem - ok

09:13:04.0328 4028 [ B9530A79218016DEFC55004E17C6FB77 ] MongoDB C:\mongodb\bin\mongod.exe

09:13:04.0390 4028 MongoDB - ok

09:13:04.0406 4028 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys

09:13:04.0421 4028 Mouclass - ok

09:13:04.0421 4028 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys

09:13:04.0437 4028 mouhid - ok

09:13:04.0453 4028 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys

09:13:04.0468 4028 MountMgr - ok

09:13:04.0468 4028 [ 15D5398EED42C2504BB3D4FC875C15D1 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

09:13:04.0484 4028 MozillaMaintenance - ok

09:13:04.0484 4028 mraid35x - ok

09:13:04.0484 4028 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys

09:13:04.0515 4028 MRxDAV - ok

09:13:04.0531 4028 [ 68755F0FF16070178B54674FE5B847B0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

09:13:04.0562 4028 MRxSmb - ok

09:13:04.0562 4028 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe

09:13:04.0562 4028 MSDTC - ok

09:13:04.0578 4028 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys

09:13:04.0593 4028 Msfs - ok

09:13:04.0593 4028 MSIServer - ok

09:13:04.0593 4028 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys

09:13:04.0609 4028 MSKSSRV - ok

09:13:04.0625 4028 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys

09:13:04.0640 4028 MSPCLOCK - ok

09:13:04.0640 4028 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys

09:13:04.0656 4028 MSPQM - ok

09:13:04.0656 4028 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys

09:13:04.0671 4028 mssmbios - ok

09:13:04.0687 4028 [ 2F625D11385B1A94360BFC70AAEFDEE1 ] Mup C:\WINDOWS\system32\drivers\Mup.sys

09:13:04.0703 4028 Mup - ok

09:13:04.0703 4028 MySQL - ok

09:13:04.0718 4028 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll

09:13:04.0718 4028 napagent - ok

09:13:04.0734 4028 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys

09:13:04.0734 4028 NDIS - ok

09:13:04.0734 4028 [ 1AB3D00C991AB086E69DB84B6C0ED78F ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys

09:13:04.0750 4028 NdisTapi - ok

09:13:04.0750 4028 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys

09:13:04.0765 4028 Ndisuio - ok

09:13:04.0781 4028 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys

09:13:04.0796 4028 NdisWan - ok

09:13:04.0796 4028 [ 6215023940CFD3702B46ABC304E1D45A ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys

09:13:04.0812 4028 NDProxy - ok

09:13:04.0828 4028 [ 2969D26EEE289BE7422AA46FC55F4E38 ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll

09:13:04.0828 4028 Net Driver HPZ12 - ok

09:13:04.0828 4028 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys

09:13:04.0843 4028 NetBIOS - ok

09:13:04.0859 4028 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys

09:13:04.0875 4028 NetBT - ok

09:13:04.0875 4028 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe

09:13:04.0890 4028 NetDDE - ok

09:13:04.0890 4028 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe

09:13:04.0890 4028 NetDDEdsdm - ok

09:13:04.0890 4028 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe

09:13:04.0906 4028 Netlogon - ok

09:13:04.0906 4028 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll

09:13:04.0906 4028 Netman - ok

09:13:04.0921 4028 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

09:13:04.0921 4028 NetTcpPortSharing - ok

09:13:04.0968 4028 [ 05743FFFC2BC88CC8E426321BC6A762E ] NETw5x32 C:\WINDOWS\system32\DRIVERS\NETw5x32.sys

09:13:05.0031 4028 NETw5x32 - ok

09:13:05.0140 4028 [ 72062B53186E4A3F5FCBC41EBB62B905 ] NETwLx32 C:\WINDOWS\system32\DRIVERS\NETwLx32.sys

09:13:05.0250 4028 NETwLx32 - ok

09:13:05.0250 4028 [ 37260A293B6A89373AE76791E6CC5A12 ] nhcDriverDevice C:\WINDOWS\system32\drivers\nhcDriver.sys

09:13:05.0281 4028 nhcDriverDevice - ok

09:13:05.0281 4028 [ B4138E99236F0F57D4CF49BAE98A0746 ] Nla C:\WINDOWS\System32\mswsock.dll

09:13:05.0281 4028 Nla - ok

09:13:05.0296 4028 [ B0D5188E282DC4EDAE7020F333427BC8 ] Nmea C:\WINDOWS\system32\DRIVERS\pctnullport.sys

09:13:05.0296 4028 Nmea - ok

09:13:05.0296 4028 [ 085440078813949C51C33589557BFD29 ] NovacomD C:\Program Files\Palm, Inc\novacomd\x86\novacomd.exe

09:13:05.0296 4028 NovacomD - ok

09:13:05.0312 4028 [ B9730495E0CF674680121E34BD95A73B ] NPF C:\WINDOWS\system32\drivers\npf.sys

09:13:05.0312 4028 NPF - ok

09:13:05.0312 4028 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys

09:13:05.0328 4028 Npfs - ok

09:13:05.0343 4028 [ 2ADC0CA9945C65284B3D19BC18765974 ] NSCIRDA C:\WINDOWS\system32\DRIVERS\nscirda.sys

09:13:05.0375 4028 NSCIRDA - ok

09:13:05.0390 4028 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys

09:13:05.0406 4028 Ntfs - ok

09:13:05.0406 4028 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe

09:13:05.0406 4028 NtLmSsp - ok

09:13:05.0421 4028 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll

09:13:05.0421 4028 NtmsSvc - ok

09:13:05.0437 4028 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys

09:13:05.0453 4028 Null - ok

09:13:05.0453 4028 [ 7D4ED787E0D06677776339318DF25BDC ] NvtlService C:\Program Files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe

09:13:05.0468 4028 NvtlService - ok

09:13:05.0468 4028 [ 93213C7EC08E01E37A935BF144E75DF6 ] NWADI C:\WINDOWS\system32\DRIVERS\NWADIenum.sys

09:13:05.0500 4028 NWADI - ok

09:13:05.0500 4028 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

09:13:05.0515 4028 NwlnkFlt - ok

09:13:05.0531 4028 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

09:13:05.0546 4028 NwlnkFwd - ok

09:13:05.0562 4028 [ 1F0E05DFF4F5A833168E49BE1256F002 ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

09:13:05.0562 4028 odserv - ok

09:13:05.0578 4028 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

09:13:05.0578 4028 ose - ok

09:13:05.0593 4028 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\drivers\Parport.sys

09:13:05.0609 4028 Parport - ok

09:13:05.0609 4028 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys

09:13:05.0625 4028 PartMgr - ok

09:13:05.0640 4028 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys

09:13:05.0656 4028 ParVdm - ok

09:13:05.0656 4028 [ A1E779A0CF7A21B42E8FD3E8856D8481 ] PassThru Service C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe

09:13:05.0671 4028 PassThru Service - ok

09:13:05.0671 4028 [ 1961590AA191B6B7DCF18A6A693AF7B8 ] PCASp50 C:\WINDOWS\system32\Drivers\PCASp50.sys

09:13:05.0671 4028 PCASp50 - ok

09:13:05.0671 4028 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys

09:13:05.0703 4028 PCI - ok

09:13:05.0703 4028 PCIDump - ok

09:13:05.0703 4028 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys

09:13:05.0718 4028 PCIIde - ok

09:13:05.0734 4028 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys

09:13:05.0765 4028 Pcmcia - ok

09:13:05.0765 4028 [ 1E715247EFFFDDA938C085913045D599 ] PCTINDIS5 C:\WINDOWS\system32\PCTINDIS5.SYS

09:13:05.0781 4028 PCTINDIS5 - ok

09:13:05.0796 4028 PDCOMP - ok

09:13:05.0796 4028 PDFRAME - ok

09:13:05.0796 4028 PDRELI - ok

09:13:05.0796 4028 PDRFRAME - ok

09:13:05.0812 4028 perc2 - ok

09:13:05.0812 4028 perc2hib - ok

09:13:05.0828 4028 [ 0E776ED5F7CC9F94299E70461B7B8185 ] PlugPlay C:\WINDOWS\system32\services.exe

09:13:05.0828 4028 PlugPlay - ok

09:13:05.0828 4028 [ BAFC9706BDF425A02B66468AB2605C59 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll

09:13:05.0828 4028 Pml Driver HPZ12 - ok

09:13:05.0843 4028 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe

09:13:05.0843 4028 PolicyAgent - ok

09:13:05.0843 4028 [ 07A5F0D46C06C154560A70C998003C2A ] Power Manager DBC Service C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE

09:13:05.0843 4028 Power Manager DBC Service - ok

09:13:05.0843 4028 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys

09:13:05.0875 4028 PptpMiniport - ok

09:13:05.0875 4028 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe

09:13:05.0875 4028 ProtectedStorage - ok

09:13:05.0875 4028 [ F8A25F1DD8B2C332CBC663E3579566E7 ] psadd C:\WINDOWS\system32\DRIVERS\psadd.sys

09:13:05.0875 4028 psadd - ok

09:13:05.0890 4028 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys

09:13:05.0906 4028 Ptilink - ok

09:13:05.0906 4028 [ 40EC047DC4304D3910D9358FCEAA1803 ] PwmEWSvc C:\Program Files\ThinkPad\Utilities\PWMEWSVC.EXE

09:13:05.0906 4028 PwmEWSvc - ok

09:13:05.0921 4028 ql1080 - ok

09:13:05.0921 4028 Ql10wnt - ok

09:13:05.0921 4028 ql12160 - ok

09:13:05.0921 4028 ql1240 - ok

09:13:05.0937 4028 ql1280 - ok

09:13:05.0937 4028 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys

09:13:05.0953 4028 RasAcd - ok

09:13:05.0968 4028 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll

09:13:05.0968 4028 RasAuto - ok

09:13:05.0968 4028 [ 0207D26DDF796A193CCD9F83047BB5FC ] Rasirda C:\WINDOWS\system32\DRIVERS\rasirda.sys

09:13:05.0984 4028 Rasirda - ok

09:13:06.0000 4028 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

09:13:06.0015 4028 Rasl2tp - ok

09:13:06.0015 4028 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll

09:13:06.0031 4028 RasMan - ok

09:13:06.0031 4028 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys

09:13:06.0046 4028 RasPppoe - ok

09:13:06.0062 4028 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys

09:13:06.0093 4028 Raspti - ok

09:13:06.0093 4028 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys

09:13:06.0171 4028 Rdbss - ok

09:13:06.0187 4028 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

09:13:06.0203 4028 RDPCDD - ok

09:13:06.0203 4028 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys

09:13:06.0218 4028 rdpdr - ok

09:13:06.0234 4028 [ 6728E45B66F93C08F11DE2E316FC70DD ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys

09:13:06.0281 4028 RDPWD - ok

09:13:06.0281 4028 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe

09:13:06.0296 4028 RDSessMgr - ok

09:13:06.0296 4028 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys

09:13:06.0312 4028 redbook - ok

09:13:06.0328 4028 [ 3B1A7CEA1E230103264405E0FB05532C ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

09:13:06.0343 4028 RegSrvc - ok

09:13:06.0343 4028 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll

09:13:06.0343 4028 RemoteAccess - ok

09:13:06.0359 4028 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll

09:13:06.0359 4028 RemoteRegistry - ok

09:13:06.0359 4028 RFNP32 - ok

09:13:06.0359 4028 [ A780D3EAA74582EA1DEB6BD9C7A3D9C9 ] rpcapd C:\Program Files\WinPcap\rpcapd.exe

09:13:06.0375 4028 rpcapd - ok

09:13:06.0375 4028 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe

09:13:06.0375 4028 RpcLocator - ok

09:13:06.0390 4028 [ 2589FE6015A316C0F5D5112B4DA7B509 ] RpcSs C:\WINDOWS\System32\rpcss.dll

09:13:06.0390 4028 RpcSs - ok

09:13:06.0406 4028 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe

09:13:06.0406 4028 RSVP - ok

09:13:06.0406 4028 [ 0F82A97056EA208183C0085589F83050 ] rt2500usb C:\WINDOWS\system32\DRIVERS\rt2500usb.sys

09:13:06.0437 4028 rt2500usb - ok

09:13:06.0437 4028 [ A0EEA6F631349D0E0B7A6CAA7E099CB0 ] RUBotSrv C:\Program Files\Trend Micro\RUBotted\RUBotSrv.exe

09:13:06.0453 4028 RUBotSrv - ok

09:13:06.0468 4028 [ 8C9D57338B02D95C0FC7DB428C50A001 ] S24EventMonitor C:\Program Files\Intel\WiFi\bin\S24EvMon.exe

09:13:06.0484 4028 S24EventMonitor - ok

09:13:06.0500 4028 [ 27FC71DA659305E260ACBDA15A318399 ] s24trans C:\WINDOWS\system32\DRIVERS\s24trans.sys

09:13:06.0500 4028 s24trans - ok

09:13:06.0500 4028 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe

09:13:06.0500 4028 SamSs - ok

09:13:06.0500 4028 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe

09:13:06.0515 4028 SCardSvr - ok

09:13:06.0515 4028 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll

09:13:06.0531 4028 Schedule - ok

09:13:06.0531 4028 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys

09:13:06.0546 4028 Secdrv - ok

09:13:06.0562 4028 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll

09:13:06.0562 4028 seclogon - ok

09:13:06.0562 4028 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll

09:13:06.0562 4028 SENS - ok

09:13:06.0578 4028 [ 9C80BA2E3B0AD98D108154C020FCB966 ] SER2AT C:\WINDOWS\system32\DRIVERS\SER2AT.sys

09:13:06.0578 4028 SER2AT - ok

09:13:06.0578 4028 Ser2pl - ok

09:13:06.0578 4028 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] Serenum C:\WINDOWS\system32\DRIVERS\serenum.sys

09:13:06.0609 4028 Serenum - ok

09:13:06.0609 4028 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\drivers\Serial.sys

09:13:06.0640 4028 Serial - ok

09:13:06.0656 4028 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys

09:13:06.0671 4028 Sfloppy - ok

09:13:06.0687 4028 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll

09:13:06.0687 4028 SharedAccess - ok

09:13:06.0687 4028 [ 1926899BF9FFE2602B63074971700412 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll

09:13:06.0703 4028 ShellHWDetection - ok

09:13:06.0703 4028 [ 1624530D05155F4E5A4736531523BFF5 ] Shockprf C:\WINDOWS\system32\DRIVERS\Apsx86.sys

09:13:06.0734 4028 Shockprf - ok

09:13:06.0750 4028 [ F2AB02C279BFC511A4B859416FFD4EB2 ] Si3112 C:\WINDOWS\system32\drivers\Si3112.sys

09:13:06.0765 4028 Si3112 - ok

09:13:06.0781 4028 Simbad - ok

09:13:06.0781 4028 [ 7E00E1C6F2CF9822F15D17FFB684A200 ] SKYSCOUT C:\WINDOWS\system32\DRIVERS\UsbScout.sys

09:13:06.0796 4028 SKYSCOUT - ok

09:13:06.0812 4028 [ 26341D0DD225D19FD50E0EE3C3C77502 ] Smapint C:\WINDOWS\system32\drivers\Smapint.sys

09:13:06.0812 4028 Smapint - ok

09:13:06.0828 4028 [ 0B9C01236D25BDCB37AA79DC59DFB7D3 ] smihlp C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys

09:13:06.0828 4028 smihlp - ok

09:13:06.0828 4028 [ DB3C22745C0DA4666F3BE31F1AF36B2F ] SMTPSVC C:\WINDOWS\system32\inetsrv\inetinfo.exe

09:13:06.0828 4028 SMTPSVC - ok

09:13:06.0843 4028 Sparrow - ok

09:13:06.0843 4028 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys

09:13:06.0859 4028 splitter - ok

09:13:06.0859 4028 [ D8E14A61ACC1D4A6CD0D38AEBAC7FA3B ] Spooler C:\WINDOWS\system32\spoolsv.exe

09:13:06.0875 4028 Spooler - ok

09:13:06.0875 4028 [ BFF4D98AC361EFB0D85513F9629AFAF5 ] SprintRcAppSvc C:\Program Files\Sprint\Sprint SmartView\RcAppSvc.exe

09:13:06.0875 4028 SprintRcAppSvc - ok

09:13:06.0906 4028 [ CDDDEC541BC3C96F91ECB48759673505 ] sptd C:\WINDOWS\System32\Drivers\sptd.sys

09:13:06.0921 4028 sptd - ok

09:13:06.0921 4028 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys

09:13:06.0937 4028 sr - ok

09:13:06.0953 4028 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll

09:13:06.0953 4028 srservice - ok

09:13:06.0968 4028 [ 5252605079810904E31C332E241CD59B ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys

09:13:06.0984 4028 Srv - ok

09:13:06.0984 4028 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll

09:13:07.0000 4028 SSDPSRV - ok

09:13:07.0000 4028 [ A9573045BAA16EAB9B1085205B82F1ED ] StillCam C:\WINDOWS\system32\DRIVERS\serscan.sys

09:13:07.0015 4028 StillCam - ok

09:13:07.0031 4028 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll

09:13:07.0031 4028 stisvc - ok

09:13:07.0031 4028 [ C2191C1A5DFED0795E3D3B68905B195B ] SUService C:\Program Files\Lenovo\System Update\SUService.exe

09:13:07.0031 4028 SUService - ok

09:13:07.0046 4028 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys

09:13:07.0062 4028 swenum - ok

09:13:07.0062 4028 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys

09:13:07.0093 4028 swmidi - ok

09:13:07.0125 4028 [ AF88AE62B84D016EB5BDC12DDF1005A3 ] swmx00 C:\WINDOWS\system32\DRIVERS\swmx00.sys

09:13:07.0156 4028 swmx00 - ok

09:13:07.0156 4028 [ 24BCE62E4DA07C6488E3A7FF37A6B6AE ] SWNC5E00 C:\WINDOWS\system32\DRIVERS\SWNC5E00.sys

09:13:07.0187 4028 SWNC5E00 - ok

09:13:07.0187 4028 SwPrv - ok

09:13:07.0187 4028 symc810 - ok

09:13:07.0187 4028 symc8xx - ok

09:13:07.0187 4028 SymSnapService - ok

09:13:07.0203 4028 sym_hi - ok

09:13:07.0203 4028 sym_u3 - ok

09:13:07.0218 4028 [ 7E194E86BF306E07470A0AC56B41DE83 ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys

09:13:07.0265 4028 SynTP - ok

09:13:07.0265 4028 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys

09:13:07.0281 4028 sysaudio - ok

09:13:07.0281 4028 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe

09:13:07.0281 4028 SysmonLog - ok

09:13:07.0296 4028 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll

09:13:07.0296 4028 TapiSrv - ok

09:13:07.0312 4028 [ 93EA8D04EC73A85DB02EB8805988F733 ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys

09:13:07.0328 4028 Tcpip - ok

09:13:07.0343 4028 [ 4BED0C7FDF414D1BD26BF33EA673CA49 ] tcpipBM C:\WINDOWS\system32\drivers\tcpipBM.sys

09:13:07.0343 4028 tcpipBM - ok

09:13:07.0359 4028 [ 58E3EB5A5C78740C5870EEE6648CCC46 ] TcUsb C:\WINDOWS\system32\Drivers\tcusb.sys

09:13:07.0359 4028 TcUsb - ok

09:13:07.0359 4028 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys

09:13:07.0375 4028 TDPIPE - ok

09:13:07.0390 4028 [ 564B337034271B7BDDCABFDDC91C6B7A ] TDSMAPI C:\WINDOWS\system32\drivers\TDSMAPI.SYS

09:13:07.0406 4028 TDSMAPI - ok

09:13:07.0406 4028 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys

09:13:07.0421 4028 TDTCP - ok

09:13:07.0437 4028 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys

09:13:07.0468 4028 TermDD - ok

09:13:07.0484 4028 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll

09:13:07.0484 4028 TermService - ok

09:13:07.0500 4028 [ 1926899BF9FFE2602B63074971700412 ] Themes C:\WINDOWS\System32\shsvcs.dll

09:13:07.0500 4028 Themes - ok

09:13:07.0515 4028 [ 9626746A9B120D2ED537DD8D76278405 ] ThinkVantage Registry Monitor Service C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe

09:13:07.0531 4028 ThinkVantage Registry Monitor Service - ok

09:13:07.0531 4028 [ A1124EBC672AA3AE1B327096C1DCC346 ] TIEHDUSB C:\WINDOWS\system32\drivers\tiehdusb.sys

09:13:07.0531 4028 TIEHDUSB - ok

09:13:07.0546 4028 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe

09:13:07.0546 4028 TlntSvr - ok

09:13:07.0546 4028 TosIde - ok

09:13:07.0546 4028 [ D2378FBBD668D9FE9B6B5E3139D506D3 ] TPDIGIMN C:\WINDOWS\system32\DRIVERS\ApsHM86.sys

09:13:07.0578 4028 TPDIGIMN - ok

09:13:07.0578 4028 [ A34A1E6B5461273846D30F5898602A72 ] TPHDEXLGSVC C:\WINDOWS\system32\TPHDEXLG.exe

09:13:07.0578 4028 TPHDEXLGSVC - ok

09:13:07.0593 4028 [ 8AEF2188630F5ECD79AD9ABBA630630B ] TPHKDRV C:\WINDOWS\system32\DRIVERS\TPHKDRV.sys

09:13:07.0593 4028 TPHKDRV - ok

09:13:07.0593 4028 [ 9CD364ECB3A10B24C7CAC8FF89993A67 ] TPHKLOAD C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe

09:13:07.0593 4028 TPHKLOAD - ok

09:13:07.0609 4028 [ C04BB65441913AB621C58A8BD3169B23 ] TPHKSVC C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe

09:13:07.0609 4028 TPHKSVC - ok

09:13:07.0609 4028 [ C037817E2498D9DB736E4BA355B1F4E7 ] TPPWRIF C:\WINDOWS\system32\drivers\Tppwrif.sys

09:13:07.0625 4028 TPPWRIF - ok

09:13:07.0640 4028 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll

09:13:07.0640 4028 TrkWks - ok

09:13:07.0640 4028 [ F10F36E20448A5500A5F83F67EE4AAD4 ] TSMAPIP C:\WINDOWS\system32\drivers\TSMAPIP.SYS

09:13:07.0656 4028 TSMAPIP - ok

09:13:07.0671 4028 [ E9EA448F1174BE4052416B62263EA4EE ] TVT Scheduler C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe

09:13:07.0687 4028 TVT Scheduler - ok

09:13:07.0687 4028 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys

09:13:07.0718 4028 Udfs - ok

09:13:07.0718 4028 ultra - ok

09:13:07.0718 4028 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys

09:13:07.0765 4028 Update - ok

09:13:07.0781 4028 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll

09:13:07.0781 4028 upnphost - ok

09:13:07.0796 4028 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe

09:13:07.0796 4028 UPS - ok

09:13:07.0796 4028 [ 83CAFCB53201BBAC04D822F32438E244 ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys

09:13:07.0828 4028 USBAAPL - ok

09:13:07.0828 4028 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys

09:13:07.0843 4028 usbccgp - ok

09:13:07.0843 4028 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys

09:13:07.0875 4028 usbehci - ok

09:13:07.0875 4028 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys

09:13:07.0890 4028 usbhub - ok

09:13:07.0890 4028 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys

09:13:07.0921 4028 usbscan - ok

09:13:07.0921 4028 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

09:13:07.0937 4028 USBSTOR - ok

09:13:07.0937 4028 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys

09:13:07.0953 4028 usbuhci - ok

09:13:07.0968 4028 [ B6CC50279D6CD28E090A5D33244ADC9A ] usb_rndisx C:\WINDOWS\system32\DRIVERS\usb8023x.sys

09:13:07.0984 4028 usb_rndisx - ok

09:13:07.0984 4028 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys

09:13:08.0000 4028 VgaSave - ok

09:13:08.0000 4028 ViaIde - ok

09:13:08.0015 4028 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys

09:13:08.0031 4028 VolSnap - ok

09:13:08.0031 4028 [ ED93E2B7FD5AEB89C924F175824A4D6D ] VSBC C:\WINDOWS\system32\DRIVERS\evsbc.sys

09:13:08.0046 4028 VSBC - ok

09:13:08.0062 4028 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe

09:13:08.0062 4028 VSS - ok

09:13:08.0078 4028 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll

09:13:08.0093 4028 W32Time - ok

09:13:08.0093 4028 [ DB3C22745C0DA4666F3BE31F1AF36B2F ] W3SVC C:\WINDOWS\system32\inetsrv\inetinfo.exe

09:13:08.0093 4028 W3SVC - ok

09:13:08.0093 4028 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys

09:13:08.0109 4028 Wanarp - ok

09:13:08.0125 4028 [ D918617B46457B9AC28027722E30F647 ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys

09:13:08.0125 4028 Wdf01000 - ok

09:13:08.0140 4028 WDICA - ok

09:13:08.0140 4028 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys

09:13:08.0156 4028 wdmaud - ok

09:13:08.0156 4028 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll

09:13:08.0171 4028 WebClient - ok

09:13:08.0171 4028 [ A2A5F0ED60CEE2236B433B5B84812EAD ] WebDriveFSD C:\Program Files\NetDrive\rffsd.sys

09:13:08.0187 4028 WebDriveFSD - ok

09:13:08.0187 4028 [ C86DA43F9D80A7E18A92D3BDF705FFDC ] WebDriveService C:\Program Files\NetDrive\wdservice.exe

09:13:08.0187 4028 WebDriveService - ok

09:13:08.0203 4028 [ 11EC1AFCEB5C917CE73D3C301FF4291E ] winachsf C:\WINDOWS\system32\DRIVERS\hsx_cnxt.sys

09:13:08.0250 4028 winachsf - ok

09:13:08.0265 4028 [ CE291805CB4CD561A5A569DF4E28E41F ] windrvNT C:\WINDOWS\system32\windrvNT.sys

09:13:08.0281 4028 windrvNT - ok

09:13:08.0296 4028 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll

09:13:08.0312 4028 winmgmt - ok

09:13:08.0312 4028 [ FD600B032E741EB6AAB509FC630F7C42 ] WinUSB C:\WINDOWS\system32\DRIVERS\WinUSB.sys

09:13:08.0328 4028 WinUSB - ok

09:13:08.0328 4028 [ C7E39EA41233E9F5B86C8DA3A9F1E4A8 ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll

09:13:08.0328 4028 WmdmPmSN - ok

09:13:08.0343 4028 [ BAB489A5FE26F2D0C910CF7AF7E4CF92 ] Wmi C:\WINDOWS\System32\advapi32.dll

09:13:08.0359 4028 Wmi - ok

09:13:08.0375 4028 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe

09:13:08.0375 4028 WmiApSrv - ok

09:13:08.0390 4028 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

09:13:08.0421 4028 WPFFontCache_v0400 - ok

09:13:08.0421 4028 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys

09:13:08.0437 4028 WS2IFSL - ok

09:13:08.0453 4028 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll

09:13:08.0453 4028 wscsvc - ok

09:13:08.0453 4028 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll

09:13:08.0453 4028 wuauserv - ok

09:13:08.0468 4028 [ 6FF66513D372D479EF1810223C8D20CE ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys

09:13:08.0484 4028 WudfPf - ok

09:13:08.0484 4028 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys

09:13:08.0484 4028 WudfRd - ok

09:13:08.0515 4028 [ 575A4190D989F64732119E4114045A4F ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll

09:13:08.0515 4028 WudfSvc - ok

09:13:08.0531 4028 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll

09:13:08.0546 4028 WZCSVC - ok

09:13:08.0546 4028 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll

09:13:08.0546 4028 xmlprov - ok

09:13:08.0562 4028 ================ Scan global ===============================

09:13:08.0562 4028 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll

09:13:08.0578 4028 [ 1618F36D4F7F6CCCEB3EE44BA95BE85C ] C:\WINDOWS\system32\winsrv.dll

09:13:08.0593 4028 [ 1618F36D4F7F6CCCEB3EE44BA95BE85C ] C:\WINDOWS\system32\winsrv.dll

09:13:08.0593 4028 [ 0E776ED5F7CC9F94299E70461B7B8185 ] C:\WINDOWS\system32\services.exe

09:13:08.0593 4028 [Global] - ok

09:13:08.0593 4028 ================ Scan MBR ==================================

09:13:08.0609 4028 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0

09:13:08.0671 4028 \Device\Harddisk0\DR0 - ok

09:13:08.0671 4028 ================ Scan VBR ==================================

09:13:08.0671 4028 [ 60EF243301F185B5056291BE29E87AC2 ] \Device\Harddisk0\DR0\Partition1

09:13:08.0671 4028 \Device\Harddisk0\DR0\Partition1 - ok

09:13:08.0671 4028 ============================================================

09:13:08.0671 4028 Scan finished

09:13:08.0671 4028 ============================================================

09:13:08.0671 1712 Detected object count: 0

09:13:08.0671 1712 Actual detected object count: 0

Link to post
Share on other sites

Still having the same issues as before. The laptop does a restart on its own. I could be in notepad, firefox or just idle, and the laptop will just execute a reboot. I've run Memtest86 overnight, so I think the hardware is okay. I'm running Notebook Hardware control to see if things were heat-related (tried undervolting to keep it cooler, tried locking down the lowest speeds, same thing. Now running it at stock voltages but lowest speed-step)

I've even booted from a LInux CD distro, and the machine seemed to run fine.

So, if it isn't heat or hardware, gotta be something in the software. So before I back everything up and re-format the drive, I thought I'd give this a try.

Link to post
Share on other sites

  • Staff

Hi,

It could definitely be a hard drive issue. Let's check with this test:

Click Start --> Run, enter cmd.exe, and press Enter

In the black box that appears, enter this command exactly as shown:

chkdsk>"%userprofile%\desktop\chkdsk.txt"

Press Enter.

When it finishes, open chkdsk.txt on your Desktop and post its contents here.

-screen317

Link to post
Share on other sites

Thanks for replying. I'm running an SSD and here is the output of chkdsk

The type of the file system is NTFS.

WARNING! F parameter not specified.

Running CHKDSK in read-only mode.

CHKDSK is verifying files (stage 1 of 3)...

0 percent completed.

1 percent completed.

2 percent completed.

3 percent completed.

4 percent completed.

5 percent completed.

6 percent completed.

7 percent completed.

8 percent completed.

9 percent completed.

10 percent completed.

11 percent completed.

12 percent completed.

13 percent completed.

14 percent completed.

15 percent completed.

16 percent completed.

17 percent completed.

18 percent completed.

19 percent completed.

20 percent completed.

21 percent completed.

22 percent completed.

23 percent completed.

24 percent completed.

25 percent completed.

26 percent completed.

27 percent completed.

28 percent completed.

29 percent completed.

30 percent completed.

31 percent completed.

32 percent completed.

33 percent completed.

34 percent completed.

35 percent completed.

36 percent completed.

37 percent completed.

38 percent completed.

39 percent completed.

40 percent completed.

41 percent completed.

42 percent completed.

43 percent completed.

44 percent completed.

45 percent completed.

46 percent completed.

47 percent completed.

48 percent completed.

49 percent completed.

50 percent completed.

51 percent completed.

52 percent completed.

53 percent completed.

54 percent completed.

55 percent completed.

56 percent completed.

57 percent completed.

58 percent completed.

59 percent completed.

60 percent completed.

61 percent completed.

62 percent completed.

63 percent completed.

64 percent completed.

65 percent completed.

66 percent completed.

67 percent completed.

68 percent completed.

69 percent completed.

70 percent completed.

71 percent completed.

72 percent completed.

73 percent completed.

74 percent completed.

75 percent completed.

76 percent completed.

77 percent completed.

78 percent completed.

79 percent completed.

80 percent completed.

81 percent completed.

82 percent completed.

83 percent completed.

84 percent completed.

85 percent completed.

86 percent completed.

87 percent completed.

88 percent completed.

89 percent completed.

90 percent completed.

91 percent completed.

92 percent completed.

93 percent completed.

94 percent completed.

95 percent completed.

96 percent completed.

97 percent completed.

98 percent completed.

99 percent completed.

100 percent completed.

File verification completed.

CHKDSK is verifying indexes (stage 2 of 3)...

0 percent completed.

1 percent completed.

2 percent completed.

3 percent completed.

4 percent completed.

5 percent completed.

6 percent completed.

7 percent completed.

8 percent completed.

9 percent completed.

10 percent completed.

11 percent completed.

12 percent completed.

13 percent completed.

14 percent completed.

15 percent completed.

16 percent completed.

17 percent completed.

18 percent completed.

19 percent completed.

20 percent completed.

21 percent completed.

22 percent completed.

23 percent completed.

24 percent completed.

25 percent completed.

26 percent completed.

27 percent completed.

28 percent completed.

29 percent completed.

30 percent completed.

31 percent completed.

32 percent completed.

33 percent completed.

34 percent completed.

35 percent completed.

36 percent completed.

37 percent completed.

38 percent completed.

39 percent completed.

40 percent completed.

41 percent completed.

42 percent completed.

43 percent completed.

44 percent completed.

45 percent completed.

46 percent completed.

47 percent completed.

48 percent completed.

49 percent completed.

50 percent completed.

51 percent completed.

52 percent completed.

53 percent completed.

54 percent completed.

55 percent completed.

56 percent completed.

57 percent completed.

58 percent completed.

59 percent completed.

60 percent completed.

61 percent completed.

62 percent completed.

63 percent completed.

64 percent completed.

65 percent completed.

66 percent completed.

67 percent completed.

68 percent completed.

69 percent completed.

70 percent completed.

71 percent completed.

72 percent completed.

73 percent completed.

74 percent completed.

75 percent completed.

76 percent completed.

77 percent completed.

78 percent completed.

79 percent completed.

80 percent completed.

81 percent completed.

82 percent completed.

83 percent completed.

84 percent completed.

85 percent completed.

86 percent completed.

87 percent completed.

88 percent completed.

89 percent completed.

90 percent completed.

91 percent completed.

92 percent completed.

93 percent completed.

94 percent completed.

95 percent completed.

96 percent completed.

97 percent completed.

98 percent completed.

99 percent completed.

100 percent completed.

Index verification completed.

CHKDSK is verifying security descriptors (stage 3 of 3)...

0 percent completed.

1 percent completed.

2 percent completed.

3 percent completed.

4 percent completed.

5 percent completed.

6 percent completed.

7 percent completed.

8 percent completed.

9 percent completed.

10 percent completed.

11 percent completed.

12 percent completed.

13 percent completed.

14 percent completed.

15 percent completed.

16 percent completed.

17 percent completed.

18 percent completed.

19 percent completed.

20 percent completed.

21 percent completed.

22 percent completed.

23 percent completed.

24 percent completed.

25 percent completed.

26 percent completed.

27 percent completed.

28 percent completed.

29 percent completed.

30 percent completed.

31 percent completed.

32 percent completed.

33 percent completed.

34 percent completed.

35 percent completed.

36 percent completed.

37 percent completed.

38 percent completed.

39 percent completed.

40 percent completed.

41 percent completed.

42 percent completed.

43 percent completed.

44 percent completed.

45 percent completed.

46 percent completed.

47 percent completed.

48 percent completed.

49 percent completed.

50 percent completed.

51 percent completed.

52 percent completed.

53 percent completed.

54 percent completed.

55 percent completed.

56 percent completed.

57 percent completed.

58 percent completed.

59 percent completed.

60 percent completed.

61 percent completed.

62 percent completed.

63 percent completed.

64 percent completed.

65 percent completed.

66 percent completed.

67 percent completed.

68 percent completed.

69 percent completed.

70 percent completed.

71 percent completed.

72 percent completed.

73 percent completed.

74 percent completed.

75 percent completed.

76 percent completed.

77 percent completed.

78 percent completed.

79 percent completed.

80 percent completed.

81 percent completed.

82 percent completed.

83 percent completed.

84 percent completed.

85 percent completed.

86 percent completed.

87 percent completed.

88 percent completed.

89 percent completed.

90 percent completed.

91 percent completed.

92 percent completed.

93 percent completed.

94 percent completed.

95 percent completed.

96 percent completed.

97 percent completed.

98 percent completed.

99 percent completed.

100 percent completed.

Security descriptor verification completed.

CHKDSK is verifying Usn Journal...

Usn Journal verification completed.

244195528 KB total disk space.

233259224 KB in 220588 files.

78692 KB in 26454 indexes.

0 KB in bad sectors.

536072 KB in use by the system.

65536 KB occupied by the log file.

10321540 KB available on disk.

4096 bytes in each allocation unit.

61048882 total allocation units on disk.

2580385 allocation units available on disk.

Link to post
Share on other sites

I run NHC, which throttles the Speedstep CPU down to 1GHz when the machine is sort of idling, and up to the full 2.33GHz when doing heavy lifting.

If I'm sitting in a browser screen (the last crash, for example), the machine is running at its lowest speed, and the fan isn't running at max speed,

like it is if I'm compiling.

Anything else I should try?

Link to post
Share on other sites

  • 2 weeks later...
  • 4 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.