Jump to content

Malwarebytes keeps blocking some IPs


Recommended Posts

Hi,

Malwarebytes has been blocking some IPs for a few days and I have seen a strange behaviour in my browser ()FF) that sometimes redirects from my wordpress account to this address:

http://ti-emme.net/traf.php?action=spam&c=11

The first time it happened - a fewe days ago - I followed the instructions here:

http://forums.malwarebytes.org/index.php?showtopic=120105 as it was the same IP blocked.

I ran a complete scan with Malwarebytes the first time, and it blocked a few things.

I ran a scan with Adwcleaner that deleted a few things, and then with Rogue Killer, and then with ComboFix.

After that I ran another scan with Malwarebytes but nothing malicious was found.

I also cleaned my wordpress account using a plugin and it found a couple of things. I changed my wordpress/FTP/php passwords.

Everything has been fine for a couple of days but since yesterday Malwarebytes has started blocking some IPs again - the same ones it was blocking a few days ago - and another my wordpress account has redirected again to http://ti-emme.net/traf.php?action=spam&c=11

Malwarebytes, Adwcleaner, RogueKiller and ComboFix don't find anything suspicious. I also use Microsoft Security Essential and Windows Firewall but they never caught anything. I scan my wordpress account with a couple of security plugins but none of them found anything.

The IPs blocked are:

109.236.82.186

94.242.251.103

77.95.229.44

I don't know whether my computer is infected or not, why nothing is found by all the above, and why the redirections happen with my wordpress account.

Could you please help?

DDS.txt

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.10.2

Run by mamaalda at 20:25:10 on 2013-01-14

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3793.2079 [GMT 0:00]

.

AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}

SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\ibmpmsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Prey\platform\windows\cronsvc.exe

C:\Program Files\Intel\WiFi\bin\EvtEng.exe

C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe

C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe

C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe

C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe

C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\ProgramData\MobileBrServ\mbbservice.exe

C:\Windows\SysWOW64\NLSSRV32.EXE

C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe

C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe

C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe

C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe

C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Windows\System32\TpShocks.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe

C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe

C:\Windows\system32\rundll32.exe

C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE

C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\taskhost.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\rundll32.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Windows\system32\rundll32.exe

C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Windows\SysWOW64\NOTEPAD.EXE

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Microsoft Security Client\MpCmdRun.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.ottimizzazione-pc.it/

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

mRun: [Fastboot] C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe

mRun: [iMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"

mRun: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor

mRun: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

uPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: NoDrives = dword:0

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

mPolicies-System: PromptOnSecureDesktop = dword:0

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000

.

INFO: HKCU has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

TCP: NameServer = 192.168.1.1 192.168.1.1

TCP: Interfaces\{1F01351A-F5B8-4D6C-9A5A-D559156A65E4} : DHCPNameServer = 192.168.1.1 192.168.1.1

TCP: Interfaces\{2517369C-5DA8-42FE-BD24-917F513AF335} : DHCPNameServer = 192.168.1.1 192.168.1.1

TCP: Interfaces\{C20D406B-E079-437C-9FCB-C426F672D9F8} : DHCPNameServer = 192.168.1.1 192.168.1.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

SSODL: WebCheck - <orphaned>

LSA: Notification Packages = scecli C:\Program Files\ThinkPad\Bluetooth Software\BtwProximityCP.dll C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll

x64-Run: [intelliPoint] "c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe"

x64-Run: [intelliType Pro] "c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe"

x64-Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4

x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

x64-Run: [TpShocks] TpShocks.exe

x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe

x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe

x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe

x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

x64-Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - <orphaned>

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Notify: igfxcui - igfxdev.dll

x64-Notify: psfus - C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll

x64-SSODL: WebCheck - <orphaned>

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\mamaalda\AppData\Roaming\Mozilla\Firefox\Profiles\fah2c9yj.default\

FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/

FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll

FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll

FF - plugin: C:\Users\mamaalda\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll

FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll

FF - plugin: C:\Windows\SysWOW64\npmproxy.dll

FF - ExtSQL: 2012-12-18 18:04; firebug@software.joehewitt.com; C:\Users\mamaalda\AppData\Roaming\Mozilla\Firefox\Profiles\fah2c9yj.default\extensions\firebug@software.joehewitt.com.xpi

FF - ExtSQL: 2012-12-18 18:05; {e3f6c2cc-d8db-498c-af6c-499fb211db97}; C:\Users\mamaalda\AppData\Roaming\Mozilla\Firefox\Profiles\fah2c9yj.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}

FF - ExtSQL: 2012-12-18 18:07; {c45c406e-ab73-11d8-be73-000a95be3b12}; C:\Users\mamaalda\AppData\Roaming\Mozilla\Firefox\Profiles\fah2c9yj.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi

FF - ExtSQL: 2012-12-18 18:07; yslow@yahoo-inc.com; C:\Users\mamaalda\AppData\Roaming\Mozilla\Firefox\Profiles\fah2c9yj.default\extensions\yslow@yahoo-inc.com.xpi

FF - ExtSQL: 2012-12-18 18:15; {B17C1C5A-04B1-11DB-9804-B622A1EF5492}; C:\Users\mamaalda\AppData\Roaming\Mozilla\Firefox\Profiles\fah2c9yj.default\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}.xpi

FF - ExtSQL: 2013-01-08 13:23; {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}; C:\Users\mamaalda\AppData\Roaming\Mozilla\Firefox\Profiles\fah2c9yj.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi

.

============= SERVICES / DRIVERS ===============

.

R0 DzHDD64;DzHDD64;C:\Windows\System32\drivers\DZHDD64.SYS [2012-10-11 29512]

R0 Fastboot;Fastboot;C:\Windows\System32\drivers\Fastboot.sys [2012-10-11 70416]

R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2013-1-9 19224]

R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2012-8-30 228768]

R0 TPDIGIMN;TPDIGIMN;C:\Windows\System32\drivers\ApsHM64.sys [2011-12-29 25416]

R1 PHCORE;PHCORE;C:\Program Files\Lenovo\RapidBoot\PHCORE64.sys [2012-3-26 33344]

R2 CronService;Cron Service for Prey;C:\Prey\platform\windows\cronsvc.exe [2012-11-28 23552]

R2 FastbootService;FastbootService;C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe [2012-10-11 169776]

R2 LENOVO.CAMMUTE;Lenovo Camera Mute;C:\Program Files\Lenovo\Communications Utility\CamMute.exe [2012-10-11 58224]

R2 LENOVO.MICMUTE;Lenovo Microphone Mute;C:\Program Files\Lenovo\HOTKEY\micmute.exe [2012-12-21 127072]

R2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe [2012-10-11 61296]

R2 LENOVO.TVTVCAM;ThinkVantage Virtual Camera Controller;C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [2012-10-11 179568]

R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe [2012-12-21 136288]

R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-1-9 398184]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-1-9 682344]

R2 Mobile Broadband HL Service;Mobile Broadband HL Service;C:\ProgramData\MobileBrServ\mbbService.exe [2012-11-24 230240]

R2 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\SysWOW64\NLSSRV32.EXE [2012-11-8 70152]

R2 risdxc;risdxc;C:\Windows\System32\drivers\risdxc64.sys [2012-10-11 101888]

R2 TPHKLOAD;Lenovo Hotkey Client Loader;C:\Program Files\Lenovo\HOTKEY\tphkload.exe [2012-12-21 145808]

R2 TPHKSVC;On Screen Display;C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe [2013-1-5 125504]

R2 VIPAppService;VIPAppService;C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [2012-4-19 84080]

R2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2012-6-25 3325232]

R3 5U877;5U877;C:\Windows\System32\drivers\5U877.sys [2012-11-24 216704]

R3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [2013-1-5 169752]

R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-12-21 342528]

R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2013-1-9 356632]

R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2013-1-9 789272]

R3 iwdbus;IWD Bus Enumerator;C:\Windows\System32\drivers\iwdbus.sys [2012-4-20 25528]

R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-1-9 24176]

R3 Power Manager DBC Service;Power Manager DBC Service;C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe [2012-10-11 1666112]

R3 SmbDrvI;SmbDrvI;C:\Windows\System32\drivers\Smb_driver_Intel.sys [2012-12-21 44344]

R3 TVTI2C;Lenovo SM bus driver;C:\Windows\System32\drivers\tvti2c.sys [2012-2-7 40248]

R3 tvtvcamd;ThinkVantage Virtual Camera;C:\Windows\System32\drivers\tvtvcamd.sys [2012-10-11 27432]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 HyperW7Svc;HyperW7 Service;C:\Program Files\Lenovo\RapidBoot\HyperW7Svc64.exe [2012-5-29 144992]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944]

S3 bcbtums;Bluetooth RAM Firmware Download USB Filter;C:\Windows\System32\drivers\bcbtums.sys [2012-10-11 163368]

S3 btwampfl;btwampfl Bluetooth filter driver;C:\Windows\System32\drivers\btwampfl.sys [2012-10-11 594472]

S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2012-10-11 39976]

S3 DozeSvc;Lenovo Doze Mode Service;C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2013-1-5 320576]

S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\System32\drivers\intelaud.sys [2012-4-20 35256]

S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-8-30 128456]

S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]

S3 PwmEWSvc;Cisco EnergyWise Enabler;C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.exe [2012-10-11 1665088]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-12-10 19456]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-12-10 57856]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-12-10 30208]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-11-25 1255736]

S4 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-3 628448]

S4 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-10-11 161560]

S4 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-10-11 363800]

.

=============== Created Last 30 ================

.

2013-01-14 15:09:31 9125352 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A5CD3F06-7BDF-4814-B2CD-D2E70B920F1E}\mpengine.dll

2013-01-13 20:12:18 9125352 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2013-01-13 14:12:49 -------- d-----w- C:\Users\mamaalda\AppData\Local\VS Revo Group

2013-01-12 20:47:19 -------- d-sh--w- C:\$RECYCLE.BIN

2013-01-12 17:26:48 -------- d-----w- C:\Users\mamaalda\.thumbnails

2013-01-12 14:04:33 98816 ----a-w- C:\Windows\sed.exe

2013-01-12 14:04:33 256000 ----a-w- C:\Windows\PEV.exe

2013-01-12 14:04:33 208896 ----a-w- C:\Windows\MBR.exe

2013-01-09 17:42:01 750592 ----a-w- C:\Windows\System32\win32spl.dll

2013-01-09 17:42:01 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll

2013-01-09 17:41:47 2002432 ----a-w- C:\Windows\System32\msxml6.dll

2013-01-09 17:41:46 1882624 ----a-w- C:\Windows\System32\msxml3.dll

2013-01-09 17:41:46 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll

2013-01-09 17:41:46 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll

2013-01-09 17:41:44 307200 ----a-w- C:\Windows\System32\ncrypt.dll

2013-01-09 17:41:44 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll

2013-01-09 17:41:20 68608 ----a-w- C:\Windows\System32\taskhost.exe

2013-01-09 17:41:19 3149824 ----a-w- C:\Windows\System32\win32k.sys

2013-01-09 17:38:19 972264 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8FAEBE92-B1EE-473D-A596-8E6C3BDC672E}\gapaengine.dll

2013-01-09 17:30:16 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client

2013-01-09 17:30:12 -------- d-----w- C:\Program Files\Microsoft Security Client

2013-01-09 17:28:55 -------- d-----w- C:\Users\mamaalda\AppData\Roaming\Malwarebytes

2013-01-09 17:28:49 -------- d-----w- C:\ProgramData\Malwarebytes

2013-01-09 17:28:48 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys

2013-01-09 17:28:48 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-01-09 15:59:00 -------- d-----w- C:\Users\mamaalda\AppData\Local\WinZip

2013-01-09 13:06:17 -------- d-----w- C:\Dell

2013-01-09 12:25:05 -------- d-----w- C:\ProgramData\DriverGenius

2013-01-09 12:24:49 -------- d-----w- C:\Program Files (x86)\Driver-Soft

2013-01-09 12:10:36 41984 ----a-w- C:\Windows\System32\drivers\USB3Ver.dll

2013-01-09 12:10:35 789272 ----a-w- C:\Windows\System32\drivers\iusb3xhc.sys

2013-01-09 12:10:35 356632 ----a-w- C:\Windows\System32\drivers\iusb3hub.sys

2013-01-09 12:10:34 19224 ----a-w- C:\Windows\System32\drivers\iusb3hcs.sys

2013-01-08 10:21:27 -------- d-----w- C:\Program Files (x86)\Common Files\Intel

2013-01-08 10:20:15 -------- d-----w- C:\Program Files\IDCC.5.5.1.84

2013-01-08 10:09:13 -------- d-----w- C:\Program Files\Intel®_USB_3.0_eXtensible_Host_Controller_Driver

2013-01-08 09:50:31 -------- d-----w- C:\Users\mamaalda\AppData\Roaming\Software Informer

2013-01-08 09:50:31 -------- d-----w- C:\Program Files (x86)\Software Informer

2013-01-08 09:49:44 -------- d-----w- C:\Program Files\Artensoft Tilt Shift Generator

2013-01-07 20:32:48 -------- d-----w- C:\Program Files (x86)\Auslogics

2013-01-07 11:15:47 0 ----a-w- C:\Windows\SysWow64\FAPA150.tmp

2013-01-07 11:15:46 0 ----a-w- C:\Windows\SysWow64\FAP9EDD.tmp

2013-01-07 11:14:56 0 ----a-w- C:\Windows\SysWow64\FAPD89F.tmp

2013-01-07 11:14:35 0 ----a-w- C:\Windows\SysWow64\FAP882C.tmp

2013-01-07 11:13:54 0 ----a-w- C:\Windows\SysWow64\FAPE871.tmp

2013-01-07 11:11:46 0 ----a-w- C:\Windows\SysWow64\FAPF51B.tmp

2013-01-07 11:11:38 0 ----a-w- C:\Windows\SysWow64\FAPD690.tmp

2013-01-07 10:54:13 0 ----a-w- C:\Windows\SysWow64\FAPE175.tmp

2013-01-07 10:54:13 0 ----a-w- C:\Windows\SysWow64\FAPE163.tmp

2013-01-07 10:54:13 0 ----a-w- C:\Windows\SysWow64\FAPE121.tmp

2013-01-05 21:42:10 -------- d-----w- C:\Intel

2013-01-05 20:41:15 53248 ----a-r- C:\Users\mamaalda\AppData\Roaming\Microsoft\Installer\{0369F866-2CE0-4EB9-B426-88FA122C6E82}\ARPPRODUCTICON.exe

2013-01-05 20:41:11 53248 ----a-r- C:\Users\mamaalda\AppData\Roaming\Microsoft\Installer\{6E6E7725-C7BC-4C39-8B3F-14B67331A120}\ARPPRODUCTICON.exe

2013-01-05 20:39:17 72048 ----a-w- C:\Windows\System32\ibmpmctl.exe

2013-01-05 20:39:17 60272 ----a-w- C:\Windows\System32\ibmpmsvc.exe

2013-01-05 20:39:17 42824 ----a-w- C:\Windows\System32\drivers\ibmpmdrv.sys

2013-01-05 20:39:17 39792 ----a-w- C:\Windows\System32\tpinspm.dll

2013-01-05 20:15:47 -------- d-----w- C:\Program Files (x86)\Cisco

2013-01-05 12:23:57 0 ----a-w- C:\Windows\SysWow64\FAP2420.tmp

2013-01-05 12:23:32 0 ----a-w- C:\Windows\SysWow64\FAPC53B.tmp

2013-01-05 12:23:32 0 ----a-w- C:\Windows\SysWow64\FAPC1B0.tmp

2013-01-03 12:40:00 -------- d-----r- C:\Users\mamaalda\Dropbox

2013-01-02 16:47:56 859072 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll

2013-01-02 16:47:56 779704 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2013-01-02 16:47:53 95184 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2013-01-02 12:30:57 -------- d-----w- C:\Program Files\CCleaner

2013-01-02 09:47:38 9125352 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9E946B09-4D1A-46A8-99B7-1665516FD764}\mpengine.dll

2013-01-01 20:13:22 -------- d-----w- C:\Users\mamaalda\AppData\Roaming\SumatraPDF

2013-01-01 20:13:19 -------- d-----w- C:\Program Files (x86)\SumatraPDF

2013-01-01 19:33:09 -------- d-----w- C:\Users\mamaalda\AppData\Roaming\Auslogics

2013-01-01 11:29:10 -------- d-----w- C:\Users\mamaalda\AppData\Local\Programs

2013-01-01 11:21:52 -------- d-----w- C:\Windows\AutoKMS

2013-01-01 10:56:32 -------- d-----w- C:\Program Files (x86)\Belarc

2012-12-31 17:22:25 -------- d-----w- C:\ProgramData\BlueSprig

2012-12-31 14:57:32 -------- d-----w- C:\Users\mamaalda\AppData\Roaming\BlueSprig

2012-12-31 14:57:29 -------- d-----w- C:\Program Files (x86)\BlueSprig

2012-12-30 22:46:41 -------- d-----w- C:\Users\mamaalda\AppData\Roaming\EurekaLog

2012-12-30 18:02:13 -------- d-----w- C:\Program Files (x86)\Everything

2012-12-28 22:50:08 29 ----a-w- C:\Windows\SysWow64\TempWmicBatchFile.bat

2012-12-28 22:27:28 -------- d-----w- C:\Prey

2012-12-28 17:56:21 -------- d-----w- C:\Users\mamaalda\AppData\Roaming\Unity

2012-12-28 13:14:40 277640 ----a-w- C:\Windows\SysWow64\IntelCpHeciSvc.exe

2012-12-28 13:14:40 172168 ----a-w- C:\Windows\System32\igfxtray.exe

2012-12-28 13:14:38 512136 ----a-w- C:\Windows\System32\igfxsrvc.exe

2012-12-28 13:14:38 441992 ----a-w- C:\Windows\System32\igfxpers.exe

2012-12-28 13:14:38 400008 ----a-w- C:\Windows\System32\hkcmd.exe

2012-12-28 13:14:38 255112 ----a-w- C:\Windows\System32\igfxext.exe

2012-12-28 13:14:36 5906056 ----a-w- C:\Windows\System32\GfxUI.exe

2012-12-28 13:14:36 185992 ----a-w- C:\Windows\System32\difx64.exe

2012-12-27 18:24:36 -------- d-----w- C:\Users\mamaalda\AppData\Local\Unity

2012-12-22 13:15:56 -------- d-----w- C:\ProgramData\Hagel Technologies

2012-12-21 22:43:04 56832 ----a-w- C:\Windows\System32\Intel_OpenCL_ICD64.dll

2012-12-21 22:43:04 56320 ----a-w- C:\Windows\SysWow64\Intel_OpenCL_ICD32.dll

2012-12-21 22:43:04 116224 ----a-w- C:\Windows\System32\igfxCoIn_v2843.dll

2012-12-21 22:43:03 216064 ----a-w- C:\Windows\System32\iglhcp64.dll

2012-12-21 22:43:03 180224 ----a-w- C:\Windows\SysWow64\iglhcp32.dll

2012-12-21 22:43:02 9007616 ----a-w- C:\Windows\System32\igfxress.dll

2012-12-21 22:43:02 384512 ----a-w- C:\Windows\System32\igfxpph.dll

2012-12-21 22:42:51 342528 ----a-w- C:\Windows\System32\drivers\IntcDAud.sys

2012-12-21 22:42:51 16896 ----a-w- C:\Windows\System32\IntcDAuC.dll

2012-12-21 22:40:20 -------- d-----w- C:\ProgramData\Intel.sav

2012-12-21 22:39:07 -------- d-----w- C:\DRIVERS

2012-12-21 22:38:03 460600 ----a-w- C:\Windows\System32\drivers\SynTP.sys

2012-12-21 22:38:03 229176 ----a-w- C:\Windows\System32\SynTPAPI.dll

2012-12-21 22:38:03 177976 ----a-w- C:\Windows\System32\SynTPCo14.dll

2012-12-21 22:38:03 113976 ----a-w- C:\Windows\SysWow64\SynTPCOM.dll

2012-12-21 22:38:01 44344 ----a-w- C:\Windows\System32\drivers\Smb_driver_Intel.sys

2012-12-21 16:48:46 -------- d-----w- C:\Users\mamaalda\AppData\Local\Microsoft Games

2012-12-21 14:58:22 46080 ----a-w- C:\Windows\System32\atmlib.dll

2012-12-21 14:58:22 367616 ----a-w- C:\Windows\System32\atmfd.dll

2012-12-21 14:58:22 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll

2012-12-21 14:58:21 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll

2012-12-21 13:10:10 -------- d-----w- C:\Users\mamaalda\AppData\Roaming\addpcs

2012-12-21 09:13:30 -------- d-----w- C:\Users\mamaalda\AppData\Roaming\PCDr

2012-12-21 09:13:23 -------- d-----w- C:\temp

2012-12-18 23:25:46 -------- d-----w- C:\Users\mamaalda\AppData\Local\Microsoft Corporation

2012-12-16 21:55:05 424960 ----a-w- C:\Windows\System32\KernelBase.dll

2012-12-16 21:54:50 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2012-12-16 21:54:50 2048 ----a-w- C:\Windows\System32\tzres.dll

2012-12-16 21:54:11 478208 ----a-w- C:\Windows\System32\dpnet.dll

2012-12-16 21:54:11 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll

.

==================== Find3M ====================

.

2013-01-10 13:05:29 74248 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-01-10 13:05:29 697864 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-12-13 16:23:46 116224 ----a-w- C:\Windows\System32\igfxCoIn_v2932.dll

2012-12-12 16:45:56 3581440 ----a-w- C:\Windows\System32\igdbcl64.dll

2012-12-12 16:45:54 27664896 ----a-w- C:\Windows\System32\igdrcl64.dll

2012-12-12 16:45:44 241664 ----a-w- C:\Windows\System32\IntelOpenCL64.dll

2012-12-12 16:45:20 2898944 ----a-w- C:\Windows\SysWow64\igdbcl32.dll

2012-12-12 16:45:18 27643904 ----a-w- C:\Windows\SysWow64\igdrcl32.dll

2012-12-12 16:45:12 196096 ----a-w- C:\Windows\SysWow64\IntelOpenCL32.dll

2012-12-12 16:45:06 12858368 ----a-w- C:\Windows\System32\igd10umd64.dll

2012-12-12 16:44:44 27457536 ----a-w- C:\Windows\System32\igdfcl64.dll

2012-12-12 16:44:04 11174912 ----a-w- C:\Windows\SysWow64\igd10umd32.dll

2012-12-12 16:42:44 410112 ----a-w- C:\Windows\System32\igfxTMM.dll

2012-12-12 16:42:44 28672 ----a-w- C:\Windows\System32\igfxexps.dll

2012-12-12 16:42:42 21850112 ----a-w- C:\Windows\SysWow64\igdfcl32.dll

2012-12-12 16:42:36 126976 ----a-w- C:\Windows\System32\igfxcpl.cpl

2012-12-12 16:42:36 12615680 ----a-w- C:\Windows\System32\igdumd64.dll

2012-12-12 16:42:34 142336 ----a-w- C:\Windows\System32\igfxdo.dll

2012-12-12 16:42:28 64000 ----a-w- C:\Windows\System32\igfxsrvc.dll

2012-12-12 16:42:28 5353888 ----a-w- C:\Windows\System32\drivers\igdkmd64.sys

2012-12-12 16:42:24 80384 ----a-w- C:\Windows\System32\igdde64.dll

2012-12-12 16:42:06 110592 ----a-w- C:\Windows\System32\hccutils.dll

2012-12-12 16:41:56 9728 ----a-w- C:\Windows\System32\IGFXDEVLib.dll

2012-12-12 16:41:56 175104 ----a-w- C:\Windows\System32\gfxSrvc.dll

2012-12-12 16:41:54 442880 ----a-w- C:\Windows\System32\igfxdev.dll

2012-12-12 16:41:38 11049472 ----a-w- C:\Windows\SysWow64\igdumd32.dll

2012-12-12 16:41:26 286208 ----a-w- C:\Windows\System32\igfxrenu.lrc

2012-12-12 16:41:24 64512 ----a-w- C:\Windows\SysWow64\igdde32.dll

2012-12-12 16:40:42 25088 ----a-w- C:\Windows\SysWow64\igfxexps32.dll

2012-12-12 16:40:14 8621056 ----a-w- C:\Windows\SysWow64\ig7icd32.dll

2012-12-12 16:40:08 330752 ----a-w- C:\Windows\SysWow64\igfxdv32.dll

2012-12-12 16:39:30 11633152 ----a-w- C:\Windows\System32\ig7icd64.dll

2012-12-12 16:38:20 640512 ----a-w- C:\Windows\SysWow64\igfxcmrt32.dll

2012-12-12 16:38:20 518656 ----a-w- C:\Windows\System32\igfxcmrt64.dll

2012-12-12 16:38:18 483840 ----a-w- C:\Windows\System32\igfx11cmrt64.dll

2012-12-12 16:38:18 459264 ----a-w- C:\Windows\SysWow64\igfx11cmrt32.dll

2012-12-12 16:38:18 3511296 ----a-w- C:\Windows\System32\igfxcmjit64.dll

2012-12-12 16:38:18 3121152 ----a-w- C:\Windows\SysWow64\igfxcmjit32.dll

2012-12-12 16:38:16 754652 ----a-w- C:\Windows\SysWow64\igcodeckrng700.bin

2012-12-12 16:38:16 754652 ----a-w- C:\Windows\System32\igcodeckrng700.bin

2012-12-12 16:38:16 598384 ----a-w- C:\Windows\SysWow64\igvpkrng700.bin

2012-12-12 16:38:16 598384 ----a-w- C:\Windows\System32\igvpkrng700.bin

2012-12-08 11:13:52 1700352 ----a-w- C:\Windows\SysWow64\gdiplus.dll

2012-11-26 11:38:22 129784 ------w- C:\Windows\SysWow64\pxafs.dll

2012-11-26 11:38:22 118520 ------w- C:\Windows\SysWow64\pxinsi64.exe

2012-11-26 11:38:22 116472 ------w- C:\Windows\SysWow64\pxcpyi64.exe

2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll

2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll

2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-11-08 18:08:50 70152 ----a-w- C:\Windows\SysWow64\NLSSRV32.EXE

2012-11-02 15:38:36 862664 ----a-w- C:\Windows\SysWow64\msvcr110.dll

2012-11-02 15:38:36 828872 ----a-w- C:\Windows\System32\msvcr110.dll

2012-11-02 15:38:36 661448 ----a-w- C:\Windows\System32\msvcp110.dll

2012-11-02 15:38:36 534480 ----a-w- C:\Windows\SysWow64\msvcp110.dll

2012-11-02 15:38:36 50856 ----a-w- C:\Windows\System32\drivers\point64.sys

2012-11-02 15:38:36 354264 ----a-w- C:\Windows\System32\vccorlib110.dll

2012-11-02 15:38:36 251864 ----a-w- C:\Windows\SysWow64\vccorlib110.dll

2012-11-02 15:38:36 2177704 ----a-w- C:\Windows\System32\coin92.dll

2012-11-02 15:38:36 1795952 ----a-w- C:\Windows\System32\WdfCoInstaller01011.dll

2012-10-30 22:51:07 41224 ----a-w- C:\Windows\avastSS.scr

2012-10-17 23:19:10 539960 ----a-w- C:\Windows\SysWow64\SynCOM.dll

2012-10-17 23:19:08 1048376 ----a-w- C:\Windows\System32\SynCOM.dll

.

============= FINISH: 20:25:45.20 ===============

I'm not sure if I need to attach the attach.txt log.

Thanks

Link to post
Share on other sites

  • 3 weeks later...

Hello mammag,

First, running "special" tools on your own is not advisable. It can make things more obscure to judge for your helper.

Running Combofix by yourself is especially risky; you might have turned your pc into a brick.

While I am helping you, do not get or run any tools without checking with me first.

Tell me if you have a hardware router between your internet modem and the pc ?

You ought to close all browsers, all instant messenger programs, then say for about 40 minutes "see" if any "Outgoing" ip blocks are noted by MBAM. Outgoing only. The incoming ones, if any, may simply be the not-unexpected 'probing' that may happen day-to-day.

Delete only, adwcleaner.exe & roguekiller.exe that you had from before.

Step 1

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT

(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

Step 2

To show all files:

  • Go to your Desktop
  • Double-Click the Computer icon.
  • From the menu options, Select Tools, then Folder Options.
  • Next click the View tab.
  • Locate and uncheck Hide file extensions for known file types.
  • Locate and uncheck Hide protected operating system files (Recommended).
  • Locate and click Show hidden files and folders and drives.
  • Click Apply > OK.

Step 3

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Delete any old/prior copy of adwcleaner.exe

Please download AdwCleaner © Xplode from >>here<< and save it on your Desktop.

If your are running Windows XP, double click adwcleaner.exe to start it.

Otherwise, Right-click on adwcleaner.exe and select Run As Administrator to launch the application.

Now click on the Search tab.

Please post the contents of the log-file created in your next post.

Note: The log can also be located at C:\AdwCleaner[XX].txt where XX Denotes the number of times the application has been ran, so in this should be something like R1.

Step 4

Please read carefully and follow these steps.

  • Delete any prior copy of Tdsskiler.exe
  • Download TDSSKiller and save it to your Desktop.
  • Double-Click on TDSSKiller.exe to run the application, then on Start Scan.
    If running Vista or Windows 7, do a RIGHT-Click and select Run as Administrator to start TDSSKILLER.exe.
  • If an infected file is detected, the default action will be Cure, click on Continue.
    TDSSKillerMal-1.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
    Skip and click on Continue
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    TDSSKillerCompleted.png
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Step 5

Delete any prior copy of Roguekiller.exe

  • Download & SAVE to your Desktop >> Tigzy's RogueKillerfrom here << or
    >> from here <<
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.
    For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on Scan button at upper right of screen.
  • Wait until the Status box shows "Scan Finished"
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller

Do NOT click any FIX buttons !

Step 6

RE-Enable your antivirus program. excl.png

Then copy/paste the following into your post (in order):

  • the contents of C:\AdwCleaner[R1].txt;
  • the contents of TDSSKILLER log;
  • the contents of RKReport log;

Be sure to do a Preview prior to pressing Submit because all reports may not fit into 1 single reply. You may have to do more than 1 reply.

Do not use the attachment feature to place any of your reports. Always put them in-line inside the body of reply.

Link to post
Share on other sites

Hi Maurice,

Thanks for your help.

The issue I had opened the thread for seems solved. But anyway, please find below:

  • the contents of C:\AdwCleaner[R1].txt;
  • the contents of TDSSKILLER log;
  • the contents of RKReport log.

The scans by AdwCleaner e TDSSKiller seem fine to me, while I'm not sure whether RK found anything suspicious. Could you please check and let me know if I need to do something else?

# AdwCleaner v2.111 - Logfile created 02/07/2013 at 15:53:55

# Updated 05/02/2013 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : mamaalda - MAMAALDATHINK

# Boot Mode : Normal

# Running from : C:\Users\mamaalda\Desktop\adwcleaner.exe

# Option [search]

***** [services] *****

***** [Files / Folders] *****

***** [Registry] *****

***** [internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16438

[OK] Registry is clean.

-\\ Mozilla Firefox v18.0.2 (en-US)

File : C:\Users\mamaalda\AppData\Roaming\Mozilla\Firefox\Profiles\bs4yf7ah.default\prefs.js

[OK] File is clean.

File : C:\Users\mamaalda\AppData\Roaming\Mozilla\Firefox\Profiles\fah2c9yj.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1255 octets] - [13/01/2013 20:07:12]

AdwCleaner[R2].txt - [862 octets] - [07/02/2013 15:53:55]

AdwCleaner[s1].txt - [3398 octets] - [12/01/2013 13:04:58]

AdwCleaner[s2].txt - [986 octets] - [12/01/2013 13:09:54]

AdwCleaner[s3].txt - [1060 octets] - [12/01/2013 17:52:26]

AdwCleaner[s4].txt - [1133 octets] - [12/01/2013 19:20:32]

AdwCleaner[s5].txt - [1196 octets] - [13/01/2013 14:36:36]

########## EOF - C:\AdwCleaner[R2].txt - [1220 octets] ##########

15:57:38.0682 4712 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35

15:57:40.0282 4712 ============================================================

15:57:40.0282 4712 Current date / time: 2013/02/07 15:57:40.0282

15:57:40.0282 4712 SystemInfo:

15:57:40.0282 4712

15:57:40.0282 4712 OS Version: 6.1.7601 ServicePack: 1.0

15:57:40.0282 4712 Product type: Workstation

15:57:40.0282 4712 ComputerName: MAMAALDATHINK

15:57:40.0282 4712 UserName: mamaalda

15:57:40.0282 4712 Windows directory: C:\Windows

15:57:40.0282 4712 System windows directory: C:\Windows

15:57:40.0282 4712 Running under WOW64

15:57:40.0282 4712 Processor architecture: Intel x64

15:57:40.0282 4712 Number of processors: 4

15:57:40.0282 4712 Page size: 0x1000

15:57:40.0282 4712 Boot type: Normal boot

15:57:40.0282 4712 ============================================================

15:57:40.0662 4712 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

15:57:40.0692 4712 ============================================================

15:57:40.0692 4712 \Device\Harddisk0\DR0:

15:57:40.0692 4712 MBR partitions:

15:57:40.0692 4712 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2EE000

15:57:40.0692 4712 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0xA8CA800

15:57:40.0702 4712 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xABB9800, BlocksNum 0x2DC74000

15:57:40.0702 4712 \Device\Harddisk0\DR0\Partition4: MBR, Type 0x7, StartLBA 0x3882D800, BlocksNum 0x1B58000

15:57:40.0702 4712 ============================================================

15:57:40.0732 4712 C: <-> \Device\Harddisk0\DR0\Partition2

15:57:40.0772 4712 Q: <-> \Device\Harddisk0\DR0\Partition4

15:57:40.0812 4712 D: <-> \Device\Harddisk0\DR0\Partition3

15:57:40.0822 4712 ============================================================

15:57:40.0822 4712 Initialize success

15:57:40.0822 4712 ============================================================

15:57:43.0672 11104 ============================================================

15:57:43.0672 11104 Scan started

15:57:43.0672 11104 Mode: Manual;

15:57:43.0672 11104 ============================================================

15:57:43.0992 11104 ================ Scan system memory ========================

15:57:43.0992 11104 System memory - ok

15:57:43.0992 11104 ================ Scan services =============================

15:57:44.0192 11104 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys

15:57:44.0192 11104 1394ohci - ok

15:57:44.0232 11104 [ 144D54704A881047AE1084C6F1163060 ] 5U877 C:\Windows\system32\DRIVERS\5U877.sys

15:57:44.0232 11104 5U877 - ok

15:57:44.0262 11104 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys

15:57:44.0262 11104 ACPI - ok

15:57:44.0292 11104 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys

15:57:44.0292 11104 AcpiPmi - ok

15:57:44.0332 11104 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys

15:57:44.0342 11104 adp94xx - ok

15:57:44.0362 11104 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys

15:57:44.0372 11104 adpahci - ok

15:57:44.0392 11104 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys

15:57:44.0402 11104 adpu320 - ok

15:57:44.0422 11104 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll

15:57:44.0422 11104 AeLookupSvc - ok

15:57:44.0452 11104 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys

15:57:44.0462 11104 AFD - ok

15:57:44.0482 11104 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys

15:57:44.0482 11104 agp440 - ok

15:57:44.0492 11104 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe

15:57:44.0492 11104 ALG - ok

15:57:44.0502 11104 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys

15:57:44.0502 11104 aliide - ok

15:57:44.0522 11104 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys

15:57:44.0542 11104 amdide - ok

15:57:44.0552 11104 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys

15:57:44.0552 11104 AmdK8 - ok

15:57:44.0562 11104 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys

15:57:44.0562 11104 AmdPPM - ok

15:57:44.0582 11104 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys

15:57:44.0582 11104 amdsata - ok

15:57:44.0602 11104 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys

15:57:44.0602 11104 amdsbs - ok

15:57:44.0622 11104 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys

15:57:44.0622 11104 amdxata - ok

15:57:44.0652 11104 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys

15:57:44.0652 11104 AppID - ok

15:57:44.0672 11104 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll

15:57:44.0672 11104 AppIDSvc - ok

15:57:44.0692 11104 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll

15:57:44.0692 11104 Appinfo - ok

15:57:44.0722 11104 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys

15:57:44.0722 11104 arc - ok

15:57:44.0732 11104 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys

15:57:44.0742 11104 arcsas - ok

15:57:44.0752 11104 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys

15:57:44.0752 11104 AsyncMac - ok

15:57:44.0772 11104 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys

15:57:44.0772 11104 atapi - ok

15:57:44.0792 11104 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

15:57:44.0802 11104 AudioEndpointBuilder - ok

15:57:44.0812 11104 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll

15:57:44.0812 11104 AudioSrv - ok

15:57:44.0832 11104 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll

15:57:44.0832 11104 AxInstSV - ok

15:57:44.0852 11104 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys

15:57:44.0862 11104 b06bdrv - ok

15:57:44.0882 11104 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys

15:57:44.0892 11104 b57nd60a - ok

15:57:44.0912 11104 [ F01759FA97126CC69DFA85CEDA0717A1 ] bcbtums C:\Windows\system32\drivers\bcbtums.sys

15:57:44.0912 11104 bcbtums - ok

15:57:44.0932 11104 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll

15:57:44.0942 11104 BDESVC - ok

15:57:44.0952 11104 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys

15:57:44.0952 11104 Beep - ok

15:57:44.0992 11104 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll

15:57:45.0002 11104 BFE - ok

15:57:45.0032 11104 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll

15:57:45.0092 11104 BITS - ok

15:57:45.0112 11104 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys

15:57:45.0112 11104 blbdrive - ok

15:57:45.0142 11104 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys

15:57:45.0142 11104 bowser - ok

15:57:45.0162 11104 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys

15:57:45.0162 11104 BrFiltLo - ok

15:57:45.0172 11104 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys

15:57:45.0172 11104 BrFiltUp - ok

15:57:45.0212 11104 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys

15:57:45.0212 11104 BridgeMP - ok

15:57:45.0222 11104 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll

15:57:45.0232 11104 Browser - ok

15:57:45.0242 11104 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys

15:57:45.0252 11104 Brserid - ok

15:57:45.0252 11104 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys

15:57:45.0262 11104 BrSerWdm - ok

15:57:45.0272 11104 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys

15:57:45.0272 11104 BrUsbMdm - ok

15:57:45.0272 11104 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys

15:57:45.0272 11104 BrUsbSer - ok

15:57:45.0282 11104 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys

15:57:45.0282 11104 BthEnum - ok

15:57:45.0292 11104 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys

15:57:45.0292 11104 BTHMODEM - ok

15:57:45.0322 11104 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys

15:57:45.0322 11104 BthPan - ok

15:57:45.0342 11104 [ 64C198198501F7560EE41D8D1EFA7952 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys

15:57:45.0342 11104 BTHPORT - ok

15:57:45.0392 11104 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll

15:57:45.0392 11104 bthserv - ok

15:57:45.0402 11104 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys

15:57:45.0402 11104 BTHUSB - ok

15:57:45.0432 11104 [ 3AFF6DC496B8A8D12C867E3FC7C86FAC ] btwampfl C:\Windows\system32\drivers\btwampfl.sys

15:57:45.0442 11104 btwampfl - ok

15:57:45.0452 11104 [ 336BBA0909B3636AB7D06A71D7B1C0DC ] btwaudio C:\Windows\system32\drivers\btwaudio.sys

15:57:45.0462 11104 btwaudio - ok

15:57:45.0482 11104 [ 9FF58F76024D25784755B01F926B00BE ] btwavdt C:\Windows\system32\drivers\btwavdt.sys

15:57:45.0482 11104 btwavdt - ok

15:57:45.0582 11104 [ 26A80D7ACA49E03A403806418B5FED46 ] btwdins C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe

15:57:45.0602 11104 btwdins - ok

15:57:45.0622 11104 [ B1ACFD00CDD13B48D86F46BFEC153BF9 ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys

15:57:45.0622 11104 btwl2cap - ok

15:57:45.0632 11104 [ EDD953D635F3AA89EF902E3F82D60D22 ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys

15:57:45.0632 11104 btwrchid - ok

15:57:45.0672 11104 catchme - ok

15:57:45.0702 11104 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys

15:57:45.0712 11104 cdfs - ok

15:57:45.0732 11104 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys

15:57:45.0742 11104 cdrom - ok

15:57:45.0772 11104 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll

15:57:45.0772 11104 CertPropSvc - ok

15:57:45.0802 11104 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys

15:57:45.0802 11104 circlass - ok

15:57:45.0832 11104 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys

15:57:45.0832 11104 CLFS - ok

15:57:45.0912 11104 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

15:57:45.0912 11104 clr_optimization_v2.0.50727_32 - ok

15:57:45.0982 11104 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

15:57:45.0982 11104 clr_optimization_v2.0.50727_64 - ok

15:57:46.0032 11104 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

15:57:46.0032 11104 clr_optimization_v4.0.30319_32 - ok

15:57:46.0062 11104 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

15:57:46.0062 11104 clr_optimization_v4.0.30319_64 - ok

15:57:46.0082 11104 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys

15:57:46.0082 11104 CmBatt - ok

15:57:46.0092 11104 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys

15:57:46.0102 11104 cmdide - ok

15:57:46.0122 11104 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys

15:57:46.0132 11104 CNG - ok

15:57:46.0152 11104 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys

15:57:46.0152 11104 Compbatt - ok

15:57:46.0162 11104 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys

15:57:46.0172 11104 CompositeBus - ok

15:57:46.0172 11104 COMSysApp - ok

15:57:46.0252 11104 [ 6958D40091456397FE26FBB453E5AB5E ] cphs C:\Windows\SysWow64\IntelCpHeciSvc.exe

15:57:46.0252 11104 cphs - ok

15:57:46.0272 11104 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys

15:57:46.0272 11104 crcdisk - ok

15:57:46.0372 11104 [ 2C53AB51F07EF7B58D32C36D8F2F8C16 ] CronService C:\Prey\platform\windows\cronsvc.exe

15:57:46.0372 11104 CronService - ok

15:57:46.0412 11104 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll

15:57:46.0412 11104 CryptSvc - ok

15:57:46.0452 11104 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll

15:57:46.0462 11104 DcomLaunch - ok

15:57:46.0492 11104 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll

15:57:46.0502 11104 defragsvc - ok

15:57:46.0522 11104 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys

15:57:46.0532 11104 DfsC - ok

15:57:46.0552 11104 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll

15:57:46.0552 11104 Dhcp - ok

15:57:46.0572 11104 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys

15:57:46.0572 11104 discache - ok

15:57:46.0582 11104 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys

15:57:46.0582 11104 Disk - ok

15:57:46.0612 11104 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll

15:57:46.0612 11104 Dnscache - ok

15:57:46.0632 11104 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll

15:57:46.0642 11104 dot3svc - ok

15:57:46.0702 11104 [ 9597BCB69286FF017DB1A0FB8144408D ] DozeSvc C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE

15:57:46.0712 11104 DozeSvc - ok

15:57:46.0742 11104 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll

15:57:46.0742 11104 DPS - ok

15:57:46.0762 11104 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys

15:57:46.0762 11104 drmkaud - ok

15:57:46.0792 11104 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys

15:57:46.0802 11104 DXGKrnl - ok

15:57:46.0822 11104 [ 3CE83D7EE95D9C9F03323810A2E747DF ] DzHDD64 C:\Windows\system32\DRIVERS\DzHDD64.sys

15:57:46.0832 11104 DzHDD64 - ok

15:57:46.0852 11104 [ 03F4C5C12FC1C69F838DA723475EF650 ] e1cexpress C:\Windows\system32\DRIVERS\e1c62x64.sys

15:57:46.0862 11104 e1cexpress - ok

15:57:46.0882 11104 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll

15:57:46.0882 11104 EapHost - ok

15:57:46.0952 11104 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys

15:57:46.0982 11104 ebdrv - ok

15:57:47.0002 11104 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe

15:57:47.0002 11104 EFS - ok

15:57:47.0052 11104 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe

15:57:47.0062 11104 ehRecvr - ok

15:57:47.0082 11104 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe

15:57:47.0082 11104 ehSched - ok

15:57:47.0112 11104 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys

15:57:47.0112 11104 elxstor - ok

15:57:47.0132 11104 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys

15:57:47.0132 11104 ErrDev - ok

15:57:47.0172 11104 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll

15:57:47.0172 11104 EventSystem - ok

15:57:47.0272 11104 [ 6EB16C7286FBCD3AB206743BA813EC48 ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe

15:57:47.0282 11104 EvtEng - ok

15:57:47.0302 11104 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys

15:57:47.0302 11104 exfat - ok

15:57:47.0322 11104 [ EB3A7D5663ACAC417DF986D4AEE12170 ] Fastboot C:\Windows\system32\DRIVERS\Fastboot.sys

15:57:47.0322 11104 Fastboot - ok

15:57:47.0372 11104 [ 63511240AF70D10343A4AE05F8E2CA12 ] FastbootService C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe

15:57:47.0372 11104 FastbootService - ok

15:57:47.0402 11104 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys

15:57:47.0402 11104 fastfat - ok

15:57:47.0442 11104 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe

15:57:47.0452 11104 Fax - ok

15:57:47.0472 11104 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys

15:57:47.0472 11104 fdc - ok

15:57:47.0482 11104 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll

15:57:47.0482 11104 fdPHost - ok

15:57:47.0502 11104 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll

15:57:47.0502 11104 FDResPub - ok

15:57:47.0512 11104 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys

15:57:47.0522 11104 FileInfo - ok

15:57:47.0532 11104 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys

15:57:47.0532 11104 Filetrace - ok

15:57:47.0542 11104 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys

15:57:47.0542 11104 flpydisk - ok

15:57:47.0552 11104 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys

15:57:47.0562 11104 FltMgr - ok

15:57:47.0642 11104 [ 5B92E2B067F64DC53698EB84966B3F0D ] FontCache C:\Windows\system32\FntCache.dll

15:57:47.0652 11104 FontCache - ok

15:57:47.0692 11104 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

15:57:47.0692 11104 FontCache3.0.0.0 - ok

15:57:47.0712 11104 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys

15:57:47.0712 11104 FsDepends - ok

15:57:47.0722 11104 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys

15:57:47.0732 11104 Fs_Rec - ok

15:57:47.0742 11104 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys

15:57:47.0752 11104 fvevol - ok

15:57:47.0762 11104 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys

15:57:47.0762 11104 gagp30kx - ok

15:57:47.0802 11104 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll

15:57:47.0812 11104 gpsvc - ok

15:57:47.0832 11104 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys

15:57:47.0832 11104 hcw85cir - ok

15:57:47.0852 11104 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys

15:57:47.0862 11104 HdAudAddService - ok

15:57:47.0882 11104 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys

15:57:47.0882 11104 HDAudBus - ok

15:57:47.0902 11104 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys

15:57:47.0902 11104 HidBatt - ok

15:57:47.0922 11104 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys

15:57:47.0932 11104 HidBth - ok

15:57:47.0952 11104 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys

15:57:47.0962 11104 HidIr - ok

15:57:47.0982 11104 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll

15:57:47.0982 11104 hidserv - ok

15:57:47.0992 11104 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys

15:57:47.0992 11104 HidUsb - ok

15:57:48.0042 11104 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll

15:57:48.0052 11104 hkmsvc - ok

15:57:48.0082 11104 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll

15:57:48.0082 11104 HomeGroupListener - ok

15:57:48.0122 11104 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll

15:57:48.0122 11104 HomeGroupProvider - ok

15:57:48.0142 11104 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys

15:57:48.0142 11104 HpSAMD - ok

15:57:48.0192 11104 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys

15:57:48.0202 11104 HTTP - ok

15:57:48.0222 11104 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys

15:57:48.0222 11104 hwpolicy - ok

15:57:48.0282 11104 [ 16A7CA284629A4D002F7B992C9A49EF9 ] HyperW7Svc C:\Program Files\Lenovo\RapidBoot\HyperW7Svc64.exe

15:57:48.0282 11104 HyperW7Svc - ok

15:57:48.0302 11104 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys

15:57:48.0302 11104 i8042prt - ok

15:57:48.0352 11104 [ CCFA835960E35F30D28A868E0B3B8722 ] iaStor C:\Windows\system32\drivers\iaStor.sys

15:57:48.0352 11104 iaStor - ok

15:57:48.0382 11104 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys

15:57:48.0382 11104 iaStorV - ok

15:57:48.0412 11104 [ B21087E1A64FD474BF3E1A602A714F1F ] IBMPMDRV C:\Windows\system32\DRIVERS\ibmpmdrv.sys

15:57:48.0422 11104 IBMPMDRV - ok

15:57:48.0442 11104 [ A3E4DE0F77031061972485EF9BD8E4D0 ] IBMPMSVC C:\Windows\system32\ibmpmsvc.exe

15:57:48.0442 11104 IBMPMSVC - ok

15:57:48.0512 11104 [ 83FF82FE209E7997067B375DAD6CF23D ] ICCS C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe

15:57:48.0522 11104 ICCS - ok

15:57:48.0582 11104 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

15:57:48.0592 11104 idsvc - ok

15:57:48.0712 11104 [ 348214F96642FD4FEF630DE021BA3540 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys

15:57:48.0762 11104 igfx - ok

15:57:48.0792 11104 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys

15:57:48.0792 11104 iirsp - ok

15:57:48.0832 11104 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll

15:57:48.0842 11104 IKEEXT - ok

15:57:48.0872 11104 [ 314285071F7117263BD246E35C17FD82 ] intaud_WaveExtensible C:\Windows\system32\drivers\intelaud.sys

15:57:48.0872 11104 intaud_WaveExtensible - ok

15:57:48.0972 11104 [ DC052337C24A87AA1ACC8FCE4F2D5C7F ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys

15:57:49.0002 11104 IntcAzAudAddService - ok

15:57:49.0042 11104 [ F5495B38BFB9149925F54F65AB40EFBF ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys

15:57:49.0042 11104 IntcDAud - ok

15:57:49.0082 11104 [ 832CE330DD987227B7DEA8C03F22AEFA ] Intel® Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe

15:57:49.0092 11104 Intel® Capability Licensing Service Interface - ok

15:57:49.0102 11104 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys

15:57:49.0102 11104 intelide - ok

15:57:49.0122 11104 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys

15:57:49.0122 11104 intelppm - ok

15:57:49.0152 11104 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll

15:57:49.0152 11104 IPBusEnum - ok

15:57:49.0182 11104 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys

15:57:49.0182 11104 IpFilterDriver - ok

15:57:49.0202 11104 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll

15:57:49.0202 11104 iphlpsvc - ok

15:57:49.0222 11104 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys

15:57:49.0222 11104 IPMIDRV - ok

15:57:49.0242 11104 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys

15:57:49.0242 11104 IPNAT - ok

15:57:49.0252 11104 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys

15:57:49.0252 11104 IRENUM - ok

15:57:49.0262 11104 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys

15:57:49.0262 11104 isapnp - ok

15:57:49.0282 11104 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys

15:57:49.0282 11104 iScsiPrt - ok

15:57:49.0332 11104 [ B2381712638B0B714D0EEAB9A1F7C640 ] iusb3hcs C:\Windows\system32\DRIVERS\iusb3hcs.sys

15:57:49.0332 11104 iusb3hcs - ok

15:57:49.0352 11104 [ FD2C6457232E95C014DAD21DEBC64867 ] iusb3hub C:\Windows\system32\DRIVERS\iusb3hub.sys

15:57:49.0362 11104 iusb3hub - ok

15:57:49.0392 11104 [ F6A2B5D030BE7EDF8ADC12C9A40825A8 ] iusb3xhc C:\Windows\system32\DRIVERS\iusb3xhc.sys

15:57:49.0402 11104 iusb3xhc - ok

15:57:49.0422 11104 [ 4487AD9C070D3973FE28AB4406555FC6 ] iwdbus C:\Windows\system32\DRIVERS\iwdbus.sys

15:57:49.0422 11104 iwdbus - ok

15:57:49.0482 11104 [ 0043D9FB61C35F90886B1E93DD556FAF ] jhi_service C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe

15:57:49.0492 11104 jhi_service - ok

15:57:49.0512 11104 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys

15:57:49.0512 11104 kbdclass - ok

15:57:49.0542 11104 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys

15:57:49.0542 11104 kbdhid - ok

15:57:49.0552 11104 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe

15:57:49.0552 11104 KeyIso - ok

15:57:49.0592 11104 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys

15:57:49.0592 11104 KSecDD - ok

15:57:49.0622 11104 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys

15:57:49.0632 11104 KSecPkg - ok

15:57:49.0652 11104 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys

15:57:49.0652 11104 ksthunk - ok

15:57:49.0692 11104 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll

15:57:49.0692 11104 KtmRm - ok

15:57:49.0732 11104 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll

15:57:49.0732 11104 LanmanServer - ok

15:57:49.0772 11104 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

15:57:49.0792 11104 LanmanWorkstation - ok

15:57:49.0842 11104 [ 4A0235E9822B220339E34D8C122BB6D1 ] LENOVO.CAMMUTE C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe

15:57:49.0852 11104 LENOVO.CAMMUTE - ok

15:57:49.0882 11104 [ 7CFE36AF06E9C0984021796EDC8AC207 ] LENOVO.MICMUTE C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe

15:57:49.0892 11104 LENOVO.MICMUTE - ok

15:57:49.0912 11104 [ 93921A19D885755B9751C3744DBCB8FD ] LENOVO.TPKNRSVC C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe

15:57:49.0922 11104 LENOVO.TPKNRSVC - ok

15:57:49.0942 11104 [ 79F99A4D59825839B7E563B4BCF52C5E ] LENOVO.TVTVCAM C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe

15:57:49.0942 11104 LENOVO.TVTVCAM - ok

15:57:49.0982 11104 [ D253E6009F05776F505F96866CCF460F ] Lenovo.VIRTSCRLSVC C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe

15:57:49.0982 11104 Lenovo.VIRTSCRLSVC - ok

15:57:50.0002 11104 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys

15:57:50.0002 11104 lltdio - ok

15:57:50.0032 11104 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll

15:57:50.0042 11104 lltdsvc - ok

15:57:50.0052 11104 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll

15:57:50.0062 11104 lmhosts - ok

15:57:50.0092 11104 [ 2FB262276D1C689C6886B1C0710342FA ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

15:57:50.0102 11104 LMS - ok

15:57:50.0122 11104 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys

15:57:50.0132 11104 LSI_FC - ok

15:57:50.0152 11104 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys

15:57:50.0162 11104 LSI_SAS - ok

15:57:50.0172 11104 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys

15:57:50.0172 11104 LSI_SAS2 - ok

15:57:50.0192 11104 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys

15:57:50.0192 11104 LSI_SCSI - ok

15:57:50.0212 11104 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys

15:57:50.0212 11104 luafv - ok

15:57:50.0242 11104 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll

15:57:50.0242 11104 Mcx2Svc - ok

15:57:50.0262 11104 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys

15:57:50.0262 11104 megasas - ok

15:57:50.0282 11104 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys

15:57:50.0282 11104 MegaSR - ok

15:57:50.0312 11104 [ 772A1DEEDFDBC244183B5C805D1B7D85 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys

15:57:50.0312 11104 MEIx64 - ok

15:57:50.0332 11104 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll

15:57:50.0332 11104 MMCSS - ok

15:57:50.0402 11104 [ E9DE65D713D4BA84D96878BE99401228 ] Mobile Broadband HL Service C:\ProgramData\MobileBrServ\mbbservice.exe

15:57:50.0402 11104 Mobile Broadband HL Service - ok

15:57:50.0402 11104 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys

15:57:50.0402 11104 Modem - ok

15:57:50.0422 11104 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys

15:57:50.0422 11104 monitor - ok

15:57:50.0452 11104 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys

15:57:50.0452 11104 mouclass - ok

15:57:50.0462 11104 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys

15:57:50.0462 11104 mouhid - ok

15:57:50.0472 11104 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys

15:57:50.0472 11104 mountmgr - ok

15:57:50.0532 11104 [ 05BF204EC0E82CC4A054DB189C8A3D84 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys

15:57:50.0532 11104 MpFilter - ok

15:57:50.0562 11104 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys

15:57:50.0562 11104 mpio - ok

15:57:50.0572 11104 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys

15:57:50.0582 11104 mpsdrv - ok

15:57:50.0612 11104 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll

15:57:50.0622 11104 MpsSvc - ok

15:57:50.0642 11104 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys

15:57:50.0642 11104 MRxDAV - ok

15:57:50.0682 11104 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys

15:57:50.0682 11104 mrxsmb - ok

15:57:50.0692 11104 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys

15:57:50.0702 11104 mrxsmb10 - ok

15:57:50.0702 11104 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys

15:57:50.0702 11104 mrxsmb20 - ok

15:57:50.0722 11104 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys

15:57:50.0722 11104 msahci - ok

15:57:50.0742 11104 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys

15:57:50.0742 11104 msdsm - ok

15:57:50.0762 11104 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe

15:57:50.0762 11104 MSDTC - ok

15:57:50.0782 11104 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys

15:57:50.0782 11104 Msfs - ok

15:57:50.0792 11104 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys

15:57:50.0792 11104 mshidkmdf - ok

15:57:50.0802 11104 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys

15:57:50.0812 11104 msisadrv - ok

15:57:50.0832 11104 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll

15:57:50.0842 11104 MSiSCSI - ok

15:57:50.0842 11104 msiserver - ok

15:57:50.0862 11104 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys

15:57:50.0862 11104 MSKSSRV - ok

15:57:50.0922 11104 [ CC8E4F72F21340A4D3A3D4DB50313EF5 ] MsMpSvc C:\Program Files\Microsoft Security Client\MsMpEng.exe

15:57:50.0922 11104 MsMpSvc - ok

15:57:50.0942 11104 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys

15:57:50.0942 11104 MSPCLOCK - ok

15:57:50.0952 11104 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys

15:57:50.0952 11104 MSPQM - ok

15:57:50.0972 11104 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys

15:57:50.0982 11104 MsRPC - ok

15:57:51.0012 11104 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys

15:57:51.0012 11104 mssmbios - ok

15:57:51.0032 11104 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys

15:57:51.0032 11104 MSTEE - ok

15:57:51.0052 11104 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys

15:57:51.0052 11104 MTConfig - ok

15:57:51.0072 11104 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys

15:57:51.0072 11104 Mup - ok

15:57:51.0112 11104 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll

15:57:51.0112 11104 napagent - ok

15:57:51.0152 11104 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys

15:57:51.0152 11104 NativeWifiP - ok

15:57:51.0212 11104 [ C38B8AE57F78915905064A9A24DC1586 ] NDIS C:\Windows\system32\drivers\ndis.sys

15:57:51.0222 11104 NDIS - ok

15:57:51.0242 11104 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys

15:57:51.0242 11104 NdisCap - ok

15:57:51.0262 11104 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys

15:57:51.0262 11104 NdisTapi - ok

15:57:51.0262 11104 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys

15:57:51.0272 11104 Ndisuio - ok

15:57:51.0282 11104 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys

15:57:51.0292 11104 NdisWan - ok

15:57:51.0302 11104 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys

15:57:51.0302 11104 NDProxy - ok

15:57:51.0312 11104 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys

15:57:51.0322 11104 NetBIOS - ok

15:57:51.0342 11104 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys

15:57:51.0342 11104 NetBT - ok

15:57:51.0352 11104 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe

15:57:51.0352 11104 Netlogon - ok

15:57:51.0382 11104 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll

15:57:51.0392 11104 Netman - ok

15:57:51.0412 11104 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll

15:57:51.0412 11104 netprofm - ok

15:57:51.0442 11104 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

15:57:51.0442 11104 NetTcpPortSharing - ok

15:57:51.0632 11104 [ 219A40EEEA50D638BA9D08680C354A0C ] NETwNs64 C:\Windows\system32\DRIVERS\Netwsw00.sys

15:57:51.0752 11104 NETwNs64 - ok

15:57:51.0782 11104 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys

15:57:51.0782 11104 nfrd960 - ok

15:57:51.0822 11104 [ 5FF89F20317309D28AC1EDEB0CD1BA72 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys

15:57:51.0822 11104 NisDrv - ok

15:57:51.0852 11104 [ 79E80B10FE8F6662E0C9162A68C43444 ] NisSrv C:\Program Files\Microsoft Security Client\NisSrv.exe

15:57:51.0852 11104 NisSrv - ok

15:57:51.0872 11104 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll

15:57:51.0882 11104 NlaSvc - ok

15:57:51.0952 11104 [ 648625BA9C540F26EFA7E27A9312D73B ] nlsX86cc C:\Windows\SysWOW64\NLSSRV32.EXE

15:57:51.0952 11104 nlsX86cc - ok

15:57:51.0972 11104 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys

15:57:51.0972 11104 Npfs - ok

15:57:51.0992 11104 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll

15:57:51.0992 11104 nsi - ok

15:57:52.0022 11104 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys

15:57:52.0022 11104 nsiproxy - ok

15:57:52.0072 11104 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys

15:57:52.0092 11104 Ntfs - ok

15:57:52.0112 11104 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys

15:57:52.0112 11104 Null - ok

15:57:52.0132 11104 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys

15:57:52.0132 11104 nvraid - ok

15:57:52.0142 11104 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys

15:57:52.0142 11104 nvstor - ok

15:57:52.0152 11104 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys

15:57:52.0152 11104 nv_agp - ok

15:57:52.0152 11104 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys

15:57:52.0162 11104 ohci1394 - ok

15:57:52.0222 11104 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

15:57:52.0222 11104 ose - ok

15:57:52.0382 11104 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

15:57:52.0422 11104 osppsvc - ok

15:57:52.0452 11104 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll

15:57:52.0452 11104 p2pimsvc - ok

15:57:52.0482 11104 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll

15:57:52.0482 11104 p2psvc - ok

15:57:52.0512 11104 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys

15:57:52.0512 11104 Parport - ok

15:57:52.0532 11104 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys

15:57:52.0542 11104 partmgr - ok

15:57:52.0552 11104 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll

15:57:52.0562 11104 PcaSvc - ok

15:57:52.0582 11104 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys

15:57:52.0582 11104 pci - ok

15:57:52.0592 11104 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys

15:57:52.0592 11104 pciide - ok

15:57:52.0612 11104 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys

15:57:52.0612 11104 pcmcia - ok

15:57:52.0622 11104 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys

15:57:52.0622 11104 pcw - ok

15:57:52.0642 11104 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys

15:57:52.0652 11104 PEAUTH - ok

15:57:52.0682 11104 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe

15:57:52.0682 11104 PerfHost - ok

15:57:52.0732 11104 [ B4C1BF666DBD6899EC4A9A499DAA040B ] PHCORE C:\Program Files\Lenovo\RapidBoot\PHCORE64.SYS

15:57:52.0732 11104 PHCORE - ok

15:57:52.0772 11104 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll

15:57:52.0782 11104 pla - ok

15:57:52.0822 11104 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll

15:57:52.0822 11104 PlugPlay - ok

15:57:52.0842 11104 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll

15:57:52.0842 11104 PNRPAutoReg - ok

15:57:52.0862 11104 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll

15:57:52.0862 11104 PNRPsvc - ok

15:57:52.0892 11104 [ 5BC4D480DD527EB0CF33A67A090A130E ] Point64 C:\Windows\system32\DRIVERS\point64.sys

15:57:52.0892 11104 Point64 - ok

15:57:52.0922 11104 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll

15:57:52.0932 11104 PolicyAgent - ok

15:57:52.0952 11104 [ A2CCA4FB273E6050F17A0A416CFF2FCD ] Power C:\Windows\system32\umpo.dll

15:57:52.0952 11104 Power - ok

15:57:53.0042 11104 [ D2FCBA55D4ED03E1FF9A290D5CF1CCA5 ] Power Manager DBC Service C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE

15:57:53.0062 11104 Power Manager DBC Service - ok

15:57:53.0092 11104 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys

15:57:53.0092 11104 PptpMiniport - ok

15:57:53.0112 11104 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys

15:57:53.0112 11104 Processor - ok

15:57:53.0142 11104 [ 5C78838B4D166D1A27DB3A8A820C799A ] ProfSvc C:\Windows\system32\profsvc.dll

15:57:53.0142 11104 ProfSvc - ok

15:57:53.0162 11104 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe

15:57:53.0162 11104 ProtectedStorage - ok

15:57:53.0192 11104 [ 05A4779E4994B21473EDBE85AABE8030 ] psadd C:\Windows\system32\DRIVERS\psadd.sys

15:57:53.0192 11104 psadd - ok

15:57:53.0202 11104 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys

15:57:53.0212 11104 Psched - ok

15:57:53.0242 11104 [ F036CFB275D0C55F4E45FBBF5F98B3C8 ] PSI_SVC_2 C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

15:57:53.0242 11104 PSI_SVC_2 - ok

15:57:53.0322 11104 [ 462059CB2914AEE993751851CDF145C9 ] PwmEWSvc C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE

15:57:53.0332 11104 PwmEWSvc - ok

15:57:53.0402 11104 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys

15:57:53.0422 11104 ql2300 - ok

15:57:53.0432 11104 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys

15:57:53.0442 11104 ql40xx - ok

15:57:53.0472 11104 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll

15:57:53.0472 11104 QWAVE - ok

15:57:53.0492 11104 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys

15:57:53.0492 11104 QWAVEdrv - ok

15:57:53.0492 11104 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys

15:57:53.0492 11104 RasAcd - ok

15:57:53.0522 11104 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys

15:57:53.0532 11104 RasAgileVpn - ok

15:57:53.0542 11104 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll

15:57:53.0542 11104 RasAuto - ok

15:57:53.0562 11104 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys

15:57:53.0572 11104 Rasl2tp - ok

15:57:53.0592 11104 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll

15:57:53.0612 11104 RasMan - ok

15:57:53.0632 11104 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys

15:57:53.0632 11104 RasPppoe - ok

15:57:53.0652 11104 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys

15:57:53.0652 11104 RasSstp - ok

15:57:53.0672 11104 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys

15:57:53.0672 11104 rdbss - ok

15:57:53.0692 11104 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys

15:57:53.0692 11104 rdpbus - ok

15:57:53.0712 11104 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys

15:57:53.0712 11104 RDPCDD - ok

15:57:53.0722 11104 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys

15:57:53.0722 11104 RDPENCDD - ok

15:57:53.0752 11104 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys

15:57:53.0752 11104 RDPREFMP - ok

15:57:53.0822 11104 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys

15:57:53.0822 11104 RdpVideoMiniport - ok

15:57:53.0852 11104 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys

15:57:53.0862 11104 RDPWD - ok

15:57:53.0872 11104 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys

15:57:53.0882 11104 rdyboost - ok

15:57:53.0942 11104 [ F09087C51C6AE42AE7DABE1EB3E44C17 ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

15:57:53.0942 11104 RegSrvc - ok

15:57:53.0982 11104 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll

15:57:53.0992 11104 RemoteAccess - ok

15:57:54.0022 11104 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll

15:57:54.0022 11104 RemoteRegistry - ok

15:57:54.0072 11104 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys

15:57:54.0082 11104 RFCOMM - ok

15:57:54.0122 11104 [ 5A227511ED22DDFEDF7EF7323C8F7D2F ] risdxc C:\Windows\system32\DRIVERS\risdxc64.sys

15:57:54.0122 11104 risdxc - ok

15:57:54.0142 11104 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll

15:57:54.0152 11104 RpcEptMapper - ok

15:57:54.0182 11104 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe

15:57:54.0182 11104 RpcLocator - ok

15:57:54.0212 11104 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll

15:57:54.0222 11104 RpcSs - ok

15:57:54.0242 11104 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys

15:57:54.0242 11104 rspndr - ok

15:57:54.0272 11104 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe

15:57:54.0272 11104 SamSs - ok

15:57:54.0302 11104 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys

15:57:54.0322 11104 sbp2port - ok

15:57:54.0352 11104 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll

15:57:54.0352 11104 SCardSvr - ok

15:57:54.0372 11104 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys

15:57:54.0372 11104 scfilter - ok

15:57:54.0412 11104 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll

15:57:54.0432 11104 Schedule - ok

15:57:54.0462 11104 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll

15:57:54.0462 11104 SCPolicySvc - ok

15:57:54.0482 11104 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll

15:57:54.0482 11104 SDRSVC - ok

15:57:54.0492 11104 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys

15:57:54.0492 11104 secdrv - ok

15:57:54.0502 11104 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll

15:57:54.0512 11104 seclogon - ok

15:57:54.0522 11104 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll

15:57:54.0522 11104 SENS - ok

15:57:54.0552 11104 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll

15:57:54.0552 11104 SensrSvc - ok

15:57:54.0582 11104 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys

15:57:54.0592 11104 Serenum - ok

15:57:54.0592 11104 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys

15:57:54.0602 11104 Serial - ok

15:57:54.0602 11104 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys

15:57:54.0602 11104 sermouse - ok

15:57:54.0642 11104 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll

15:57:54.0642 11104 SessionEnv - ok

15:57:54.0652 11104 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys

15:57:54.0652 11104 sffdisk - ok

15:57:54.0662 11104 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys

15:57:54.0662 11104 sffp_mmc - ok

15:57:54.0672 11104 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys

15:57:54.0672 11104 sffp_sd - ok

15:57:54.0672 11104 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys

15:57:54.0672 11104 sfloppy - ok

15:57:54.0722 11104 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll

15:57:54.0722 11104 SharedAccess - ok

15:57:54.0742 11104 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll

15:57:54.0752 11104 ShellHWDetection - ok

15:57:54.0782 11104 [ 3FA2CBF653544AB4EC2249B6719A3C8E ] Shockprf C:\Windows\system32\DRIVERS\Apsx64.sys

15:57:54.0782 11104 Shockprf - ok

15:57:54.0782 11104 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys

15:57:54.0792 11104 SiSRaid2 - ok

15:57:54.0792 11104 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys

15:57:54.0792 11104 SiSRaid4 - ok

15:57:54.0862 11104 [ 8C4F0DCC6A5100D48F9B2F950CDD220F ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe

15:57:54.0862 11104 SkypeUpdate - ok

15:57:54.0882 11104 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys

15:57:54.0892 11104 Smb - ok

15:57:54.0932 11104 [ E11C9E13E92DA6747363924CFFCBD7EF ] SmbDrvI C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys

15:57:54.0942 11104 SmbDrvI - ok

15:57:54.0992 11104 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe

15:57:54.0992 11104 SNMPTRAP - ok

15:57:55.0022 11104 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys

15:57:55.0022 11104 spldr - ok

15:57:55.0042 11104 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\Windows\System32\spoolsv.exe

15:57:55.0052 11104 Spooler - ok

15:57:55.0112 11104 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe

15:57:55.0142 11104 sppsvc - ok

15:57:55.0182 11104 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll

15:57:55.0182 11104 sppuinotify - ok

15:57:55.0202 11104 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys

15:57:55.0212 11104 srv - ok

15:57:55.0232 11104 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys

15:57:55.0242 11104 srv2 - ok

15:57:55.0262 11104 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys

15:57:55.0262 11104 srvnet - ok

15:57:55.0282 11104 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll

15:57:55.0292 11104 SSDPSRV - ok

15:57:55.0302 11104 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll

15:57:55.0302 11104 SstpSvc - ok

15:57:55.0322 11104 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys

15:57:55.0322 11104 stexstor - ok

15:57:55.0362 11104 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll

15:57:55.0372 11104 stisvc - ok

15:57:55.0412 11104 [ 787D181332401B04DA4EDC422193C47B ] SUService C:\Program Files (x86)\Lenovo\System Update\SUService.exe

15:57:55.0412 11104 SUService - ok

15:57:55.0442 11104 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys

15:57:55.0442 11104 swenum - ok

15:57:55.0492 11104 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll

15:57:55.0502 11104 swprv - ok

15:57:55.0542 11104 [ BB3E8D7B5165672A71392DB27028144B ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys

15:57:55.0542 11104 SynTP - ok

15:57:55.0612 11104 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll

15:57:55.0632 11104 SysMain - ok

15:57:55.0652 11104 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll

15:57:55.0652 11104 TabletInputService - ok

15:57:55.0682 11104 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll

15:57:55.0682 11104 TapiSrv - ok

15:57:55.0692 11104 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll

15:57:55.0702 11104 TBS - ok

15:57:55.0772 11104 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys

15:57:55.0792 11104 Tcpip - ok

15:57:55.0822 11104 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys

15:57:55.0832 11104 TCPIP6 - ok

15:57:55.0862 11104 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys

15:57:55.0862 11104 tcpipreg - ok

15:57:55.0882 11104 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys

15:57:55.0882 11104 TDPIPE - ok

15:57:55.0882 11104 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys

15:57:55.0882 11104 TDTCP - ok

15:57:55.0902 11104 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys

15:57:55.0902 11104 tdx - ok

15:57:55.0912 11104 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys

15:57:55.0912 11104 TermDD - ok

15:57:55.0962 11104 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll

15:57:55.0972 11104 TermService - ok

15:57:56.0002 11104 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll

15:57:56.0002 11104 Themes - ok

15:57:56.0062 11104 [ F5C7A3BAA91A5305EBC46EA441CD52F7 ] ThinkVantage Registry Monitor Service C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe

15:57:56.0072 11104 ThinkVantage Registry Monitor Service - ok

15:57:56.0092 11104 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll

15:57:56.0092 11104 THREADORDER - ok

15:57:56.0122 11104 [ BC148E3415BF8A9DE83364966F75044F ] TPDIGIMN C:\Windows\system32\DRIVERS\ApsHM64.sys

15:57:56.0122 11104 TPDIGIMN - ok

15:57:56.0142 11104 [ BBD91008BEC4A2BA5D383BC9A15D6F9E ] TPHDEXLGSVC C:\Windows\system32\TPHDEXLG64.exe

15:57:56.0142 11104 TPHDEXLGSVC - ok

15:57:56.0192 11104 [ C91C8BD1CBECAFE706D4423A2786F20F ] TPHKLOAD C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe

15:57:56.0192 11104 TPHKLOAD - ok

15:57:56.0212 11104 [ 5B62F45C87CC0FB176C5358EEA6CFB4C ] TPHKSVC C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe

15:57:56.0222 11104 TPHKSVC - ok

15:57:56.0232 11104 [ DBCC20C02E8A3E43B03C304A4E40A84F ] TPM C:\Windows\system32\drivers\tpm.sys

15:57:56.0232 11104 TPM - ok

15:57:56.0262 11104 [ 6EE437A872E0184D6D09F65C5EA0AABA ] TPPWRIF C:\Windows\system32\drivers\Tppwr64v.sys

15:57:56.0262 11104 TPPWRIF - ok

15:57:56.0282 11104 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll

15:57:56.0292 11104 TrkWks - ok

15:57:56.0332 11104 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

15:57:56.0332 11104 TrustedInstaller - ok

15:57:56.0352 11104 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys

15:57:56.0352 11104 tssecsrv - ok

15:57:56.0372 11104 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys

15:57:56.0372 11104 TsUsbFlt - ok

15:57:56.0402 11104 [ AD64450A4ABE076F5CB34CC08EEACB07 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys

15:57:56.0402 11104 TsUsbGD - ok

15:57:56.0432 11104 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys

15:57:56.0432 11104 tunnel - ok

15:57:56.0512 11104 [ 238F6382D9E2C6DD5C8D85C511640ECD ] TVT Backup Service C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe

15:57:56.0532 11104 TVT Backup Service - ok

15:57:56.0562 11104 [ D4915DB03B19F9FD50EC084CC0ED15FC ] TVTI2C C:\Windows\system32\DRIVERS\Tvti2c.sys

15:57:56.0562 11104 TVTI2C - ok

15:57:56.0592 11104 [ 760B34088C2AD8D634CC3784EF3A2CA2 ] tvtvcamd C:\Windows\system32\DRIVERS\tvtvcamd.sys

15:57:56.0592 11104 tvtvcamd - ok

15:57:56.0612 11104 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys

15:57:56.0612 11104 uagp35 - ok

15:57:56.0642 11104 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys

15:57:56.0652 11104 udfs - ok

15:57:56.0702 11104 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe

15:57:56.0702 11104 UI0Detect - ok

15:57:56.0742 11104 [ BE788A747457E6916586C410EC0111E7 ] UleadBurningHelper C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

15:57:56.0742 11104 UleadBurningHelper - ok

15:57:56.0762 11104 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys

15:57:56.0762 11104 uliagpkx - ok

15:57:56.0782 11104 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys

15:57:56.0782 11104 umbus - ok

15:57:56.0792 11104 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys

15:57:56.0802 11104 UmPass - ok

15:57:56.0882 11104 [ CABEC311CEA77EAEA3DC04A1ADFC0459 ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

15:57:56.0882 11104 UNS - ok

15:57:56.0922 11104 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll

15:57:56.0932 11104 upnphost - ok

15:57:56.0972 11104 [ 6CC0985C3BB5931F73FF0846E06A9483 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys

15:57:56.0972 11104 usbccgp - ok

15:57:57.0002 11104 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys

15:57:57.0002 11104 usbcir - ok

15:57:57.0022 11104 [ 6B3D5E6A9DA786EC755B00BC180C700B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys

15:57:57.0032 11104 usbehci - ok

15:57:57.0062 11104 [ 5A15C8D6A898D39E9171B437FF2326E0 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys

15:57:57.0072 11104 usbhub - ok

15:57:57.0092 11104 [ 660B2C08CE7103E71EAA26F85B0B0A56 ] usbohci C:\Windows\system32\drivers\usbohci.sys

15:57:57.0092 11104 usbohci - ok

15:57:57.0102 11104 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys

15:57:57.0102 11104 usbprint - ok

15:57:57.0132 11104 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS

15:57:57.0132 11104 USBSTOR - ok

15:57:57.0142 11104 [ 1529632FC96032D337B298F8A285D640 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys

15:57:57.0142 11104 usbuhci - ok

15:57:57.0152 11104 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys

15:57:57.0152 11104 usbvideo - ok

15:57:57.0172 11104 [ 70D05EE263568A742D14E1876DF80532 ] usb_rndisx C:\Windows\system32\DRIVERS\usb8023x.sys

15:57:57.0172 11104 usb_rndisx - ok

15:57:57.0192 11104 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll

15:57:57.0202 11104 UxSms - ok

15:57:57.0212 11104 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe

15:57:57.0212 11104 VaultSvc - ok

15:57:57.0222 11104 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys

15:57:57.0222 11104 vdrvroot - ok

15:57:57.0252 11104 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe

15:57:57.0262 11104 vds - ok

15:57:57.0272 11104 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys

15:57:57.0272 11104 vga - ok

15:57:57.0292 11104 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys

15:57:57.0292 11104 VgaSave - ok

15:57:57.0312 11104 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys

15:57:57.0312 11104 vhdmp - ok

15:57:57.0332 11104 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys

15:57:57.0332 11104 viaide - ok

15:57:57.0382 11104 [ 49C122513203B98B0B2C10211F23450B ] VIPAppService C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe

15:57:57.0392 11104 VIPAppService - ok

15:57:57.0412 11104 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys

15:57:57.0412 11104 volmgr - ok

15:57:57.0432 11104 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys

15:57:57.0442 11104 volmgrx - ok

15:57:57.0452 11104 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys

15:57:57.0462 11104 volsnap - ok

15:57:57.0482 11104 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys

15:57:57.0492 11104 vsmraid - ok

15:57:57.0542 11104 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe

15:57:57.0552 11104 VSS - ok

15:57:57.0572 11104 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys

15:57:57.0572 11104 vwifibus - ok

15:57:57.0592 11104 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys

15:57:57.0592 11104 vwififlt - ok

15:57:57.0602 11104 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys

15:57:57.0602 11104 vwifimp - ok

15:57:57.0622 11104 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll

15:57:57.0622 11104 W32Time - ok

15:57:57.0632 11104 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys

15:57:57.0642 11104 WacomPen - ok

15:57:57.0662 11104 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys

15:57:57.0662 11104 WANARP - ok

15:57:57.0662 11104 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys

15:57:57.0672 11104 Wanarpv6 - ok

15:57:57.0712 11104 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe

15:57:57.0722 11104 WatAdminSvc - ok

15:57:57.0782 11104 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe

15:57:57.0802 11104 wbengine - ok

15:57:57.0832 11104 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll

15:57:57.0832 11104 WbioSrvc - ok

15:57:57.0852 11104 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll

15:57:57.0862 11104 wcncsvc - ok

15:57:57.0872 11104 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

15:57:57.0872 11104 WcsPlugInService - ok

15:57:57.0902 11104 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys

15:57:57.0912 11104 Wd - ok

15:57:57.0962 11104 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys

15:57:57.0972 11104 Wdf01000 - ok

15:57:57.0992 11104 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll

15:57:57.0992 11104 WdiServiceHost - ok

15:57:58.0002 11104 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll

15:57:58.0002 11104 WdiSystemHost - ok

15:57:58.0042 11104 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll

15:57:58.0042 11104 WebClient - ok

15:57:58.0052 11104 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll

15:57:58.0062 11104 Wecsvc - ok

15:57:58.0082 11104 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll

15:57:58.0082 11104 wercplsupport - ok

15:57:58.0092 11104 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll

15:57:58.0102 11104 WerSvc - ok

15:57:58.0112 11104 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys

15:57:58.0122 11104 WfpLwf - ok

15:57:58.0132 11104 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys

15:57:58.0132 11104 WIMMount - ok

15:57:58.0152 11104 WinDefend - ok

15:57:58.0162 11104 WinHttpAutoProxySvc - ok

15:57:58.0212 11104 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll

15:57:58.0222 11104 Winmgmt - ok

15:57:58.0282 11104 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll

15:57:58.0302 11104 WinRM - ok

15:57:58.0332 11104 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUSB.sys

15:57:58.0332 11104 WinUsb - ok

15:57:58.0382 11104 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll

15:57:58.0392 11104 Wlansvc - ok

15:57:58.0512 11104 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

15:57:58.0542 11104 wlidsvc - ok

15:57:58.0572 11104 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys

15:57:58.0572 11104 WmiAcpi - ok

15:57:58.0612 11104 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe

15:57:58.0612 11104 wmiApSrv - ok

15:57:58.0642 11104 WMPNetworkSvc - ok

15:57:58.0672 11104 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll

15:57:58.0672 11104 WPCSvc - ok

15:57:58.0682 11104 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll

15:57:58.0692 11104 WPDBusEnum - ok

15:57:58.0702 11104 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys

15:57:58.0702 11104 ws2ifsl - ok

15:57:58.0722 11104 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll

15:57:58.0722 11104 wscsvc - ok

15:57:58.0742 11104 WSearch - ok

15:57:58.0812 11104 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll

15:57:58.0832 11104 wuauserv - ok

15:57:58.0852 11104 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys

15:57:58.0852 11104 WudfPf - ok

15:57:58.0872 11104 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys

15:57:58.0872 11104 WUDFRd - ok

15:57:58.0902 11104 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll

15:57:58.0902 11104 wudfsvc - ok

15:57:58.0922 11104 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll

15:57:58.0922 11104 WwanSvc - ok

15:57:59.0032 11104 [ 5BCB1F6CB749B6826BE1C0F16FF2F600 ] ZeroConfigService C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

15:57:59.0062 11104 ZeroConfigService - ok

15:57:59.0122 11104 ================ Scan global ===============================

15:57:59.0162 11104 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll

15:57:59.0192 11104 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll

15:57:59.0202 11104 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll

15:57:59.0242 11104 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll

15:57:59.0272 11104 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe

15:57:59.0282 11104 [Global] - ok

15:57:59.0282 11104 ================ Scan MBR ==================================

15:57:59.0292 11104 [ 8ACD27CC8B45C5211527CA5767FE245A ] \Device\Harddisk0\DR0

15:57:59.0462 11104 \Device\Harddisk0\DR0 - ok

15:57:59.0462 11104 ================ Scan VBR ==================================

15:57:59.0472 11104 [ 5FB739448E3189C8B2B3C25D740087DF ] \Device\Harddisk0\DR0\Partition1

15:57:59.0472 11104 \Device\Harddisk0\DR0\Partition1 - ok

15:57:59.0482 11104 [ 436440E1A7C18D89C3F493772CE0C4CE ] \Device\Harddisk0\DR0\Partition2

15:57:59.0482 11104 \Device\Harddisk0\DR0\Partition2 - ok

15:57:59.0502 11104 [ 750B3EFCB1C3D69FF5597989B18B1825 ] \Device\Harddisk0\DR0\Partition3

15:57:59.0512 11104 \Device\Harddisk0\DR0\Partition3 - ok

15:57:59.0532 11104 [ 4C31C90F864F2BD3D96E2F429E4DEBAA ] \Device\Harddisk0\DR0\Partition4

15:57:59.0532 11104 \Device\Harddisk0\DR0\Partition4 - ok

15:57:59.0532 11104 ============================================================

15:57:59.0532 11104 Scan finished

15:57:59.0532 11104 ============================================================

15:57:59.0542 6804 Detected object count: 0

15:57:59.0542 6804 Actual detected object count: 0

RogueKiller V8.4.4 [Feb 5 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : mamaalda [Admin rights]

Mode : Scan -- Date : 02/07/2013 16:00:09

| ARK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 8 ¤¤¤

[HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND

[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND

[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND

[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND

[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND

[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> FOUND

[HJ DESK] HKCU\[...]\NewStartPanel : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> FOUND

[sCREENSV][sUSP PATH] HKCU\[...]\Desktop (C:\Users\mamaalda\Desktop\dds.scr) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK5061GSY +++++

--- User ---

[MBR] b9f861d2c5e29e6b4a81256b763af3e9

[bSP] a1e900d4e9ef4ec577dd56349d4a5e3c : Lenovo tatooed MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 86421 Mo

2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 180064256 | Size: 375017 Mo

3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 948099072 | Size: 14000 Mo

User = LL1 ... OK!

User != LL2 ... KO!

--- LL2 ---

[MBR] 49bf04cfea8288654dd9ec6edcc6bf73

[bSP] 0be0197daf4be43e722e53a6c2094d6b : Windows 7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 461438 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 948099072 | Size: 14000 Mo

Finished : << RKreport[1]_S_02072013_02d1600.txt >>

RKreport[1]_S_02072013_02d1600.txt

Link to post
Share on other sites

Hello mamag,

  • Disable your anti-virus program, How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • Right-Click RogueKiller and select Run as Administrator.
  • Wait until Prescan finishes.
  • On the RogueKiller console, click the Registry tab.
    Put a check next to all of these and uncheck the rest: (if found)
    [HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
    [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
    [HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND
    [HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
    [HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND

  • Then click on Delete on the right hand column under Options.
  • When done, logoff & Restart the system.
  • The log will be found as RKreport
    Copy & Paste the contents into next reply.

Step 2

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Please download Rkill by Grinler and save it to your desktop.

Link 2
Link 3
Link 4
Double-click on the Rkill desktop icon to run the tool.
If using Vista or Windows 7, right-click on it and Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
If the tool does not run from any of the links provided, please let me know.
If your antivirus program gives a prompt message, respond positive to allow RKILL to run.
If a malware-rogue gives a message regarding RKILL, proceed forward to running RKILL

IF you still have a problem running RKILL, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.

When all done, rkill.txt log file will be on your desktop. Copy & Paste contents of Rkill.txt into a reply.

More Information about Rkill can be found at this link: http://www.bleepingcomputer.com/forums/topic308364.html

Step 3

Save and close any work documents, close any apps that you started.

Temporarily turn off (disable) your antivirus program

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Start your MBAM MalwareBytes' Anti-Malware.

Click the Settings Tab and then the General Settings sub-tab. Make sure all option lines have a checkmark.

Then click the Scanner settings sub-tab in second row of tabs. Make sure all option lines have a checkmark.

Next, Click the Update tab. Press the "Check for Updates" button.

If prompted for a Restart, do that.

When done, click the Scanner tab.

Do a Quick Scan. i_arrow-l.gif

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

When all done, Copy & paste the MBAM scan log into a new reply.

Tell me, How is the system ?

Re-enable your antivirus program.

Edited by Maurice Naggar
Link to post
Share on other sites

Hi Maurice,

Please find the logs here.

My system seems fine, I don't notice any strange or suspect behaviour.

RogueKiller V8.4.4 [Feb 5 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : mamaalda [Admin rights]

Mode : Remove -- Date : 02/07/2013 19:30:36

| ARK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 6 ¤¤¤

[HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> DELETED

[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)

[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)

[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> REPLACED (0)

[HJ DESK] HKCU\[...]\NewStartPanel : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> REPLACED (0)

[sCREENSV][sUSP PATH] HKCU\[...]\Desktop (C:\Users\mamaalda\Desktop\dds.scr) -> NOT SELECTED

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK5061GSY +++++

--- User ---

[MBR] b9f861d2c5e29e6b4a81256b763af3e9

[bSP] a1e900d4e9ef4ec577dd56349d4a5e3c : Lenovo tatooed MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 86421 Mo

2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 180064256 | Size: 375017 Mo

3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 948099072 | Size: 14000 Mo

User = LL1 ... OK!

User != LL2 ... KO!

--- LL2 ---

[MBR] 49bf04cfea8288654dd9ec6edcc6bf73

[bSP] 0be0197daf4be43e722e53a6c2094d6b : Windows 7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 461438 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 948099072 | Size: 14000 Mo

Finished : << RKreport[3]_D_02072013_02d1930.txt >>

RKreport[1]_S_02072013_02d1600.txt ; RKreport[2]_S_02072013_02d1927.txt ; RKreport[3]_D_02072013_02d1930.txt

Rkill 2.4.6 by Lawrence Abrams (Grinler)

http://www.bleepingcomputer.com/

Copyright 2008-2013 BleepingComputer.com

More Information about Rkill can be found at this link:

http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 02/07/2013 07:36:31 PM in x64 mode.

Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* FontCache => %SystemRoot%\system32\svchost.exe -k LocalService [incorrect ImagePath]

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost

Program finished at: 02/07/2013 07:36:35 PM

Execution time: 0 hours(s), 0 minute(s), and 3 seconds(s)

Malwarebytes Anti-Malware 1.70.0.1100

www.malwarebytes.org

Database version: v2013.02.07.08

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 10.0.9200.16439

mamaalda :: MAMAALDATHINK [administrator]

07/02/2013 19:40:48

mbam-log-2013-02-07 (19-40-48).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 280038

Time elapsed: 1 minute(s), 57 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

Ok. do these next.

Download Security Check by screen317 from here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Step 2

Download Dr.Web CureIt to the desktop.

The download is nearly 104.6 MB in size

  • Turn OFF your antivirus program.
    How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
  • Turn off any other add-on security app {if you have them} like MBAM File System Protection.
  • If this system is Windows 8/7 or VISTA, then Right-click on Drweb-cureit-9_zpsa6b7b265.gifdrweb-cureit.exe and select Run as Administrator.
  • Otherwise, on Windows XP, doubleclick on Drweb-cureit-9_zpsa6b7b265.gifdrweb-cureit.exe file to start the tool.
  • You will see a screen similar to this:
    Drweb-cureit-1_zps34a2f747.gif
    Click the checkbox to participate, and then click on Continue button.
  • Next
    Drweb-cureit-2_zpsee7bdcb6.gif
    Click on Select onjects for scanning
  • Next
    Drweb-cureit-3_zps137b4332.gif
    Put a checkmark by clicking on the boxes as shown.
    Do not select Temporary files or System Restore points.
    Then click on Start scanning button
  • The scan in progress will be shown like this
    Drweb-cureit-4_zps211037d0.gif
  • IF something is detected, you will see a screen similar to this
    Drweb-cureit-5_zpsd7be6acf.gif
    For each item "detected", click on the Action column down arrow, like this
    Drweb-cureit-8_zpsb099f9d5.gif
    Your options will be Cure or Ignore
    IF you see an item that you are very sure is ok, then un-check the checkbox for that item.
    Typically, you will keep the Cute default.
    Then click on the Neutralize button.
  • When the actions are completed, you will see this
    Drweb-cureit-7_zpsd290a127.gif
  • Click on the green Open Report line. It will pop-up the report in NOTEPAD.
    Save the report to your desktop. The report will be called Cureit.log
  • While in NOTEPAD, do a CTRL+A to Copy all to clipboard.
  • You should be able to get back to your forum topic, start a new reply,
    click 1 time in the box
    and do a CTRL+V (Paste}
    into reply.
  • Close Dr.Web Cureit.
  • Reboot your computer to allow files that were in use to be moved/deleted during reboot.
  • After reboot, post the contents of the log from Cureit.log you saved previously in your next reply.
    ONLY if the log is too large, then you may "attach" it.

Re-Enable your antivirus program when all done.

Link to post
Share on other sites

Hi Maurice,

Please find below the logs of Security Check and drweb-cureit.

Results of screen317's Security Check version 0.99.57

Windows 7 Service Pack 1 x64 (UAC is enabled)

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

Microsoft Security Essentials

(On Access scanning disabled!)

Error obtaining update status for antivirus!

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.70.0.1100

Adobe Flash Player 10 Flash Player out of Date!

Adobe Flash Player 11.5.502.146

Mozilla Firefox (18.0.2)

````````Process Check: objlist.exe by Laurent````````

Microsoft Security Essentials MSMpEng.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 3%

````````````````````End of Log``````````````````````

Link to post
Share on other sites

As long as no threats were detected by DrWeb Cure-it, that suffices for our need.

We can wrap-up this case now.

Take a look in Control Panel >> Programs and Features (Windows-key+R >> appwiz.cpl )

and look for Adobe Flash Player 10

and Uninstall it if found. That version is out-of-date.

If you have a problem with these steps, or something does not quite work here, do let me know.

The following few steps will remove tools we used. Advise me after you have completed the cleanups.

  • Download OTC to your desktop and run it
  • Click Yes to beginning the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.

ERUNT you should keep and use periodically to backup Windows registry.

Delete the following if still present:

adwcleaner.exe

tdsskiller.exe

roguekiller.exe

RKILL

DrWeb Cure-It

SecurityCheck.exe

Safer practices & malware prevention

We are finished here. Best regards. cool.gif

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.