Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

Solved: cannot get rid of a virus named services.exe and trojan.patchep!sys


(!)

mathew206's Avatar
mathew206 mathew206 is offline
Computer Specs
Member with 153 posts.
THREAD STARTER
 
Join Date: Aug 2012
Experience: Intermediate
06-Aug-2012, 08:40 PM #1
cannot get rid of a virus named services.exe and trojan.patchep!sys
Hello,

I cannot seem to get rid of these viruses. I have tried to scan multiple times both in normal mode and safe mode. I have used MBAM, Norton Business security suite, Superantispyware, TDSS, mcafee scanner, and I cannot get rid of them. The viruses are detected at times, but the antivirus programs cannot delete them. Everytime I turn the computer off, it says that it is updating systems, which I'm assuming is the virus. :/ Please help. Thank you in advance for any of your help. My system specs are below.


System log:

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Professional, Service Pack 1, 64 bit
Processor: Intel(R) Core(TM)2 Duo CPU T6570 @ 2.10GHz, Intel64 Family 6 Model 23 Stepping 10
Processor Count: 2
RAM: 3932 Mb
Graphics Card: Mobile Intel(R) 4 Series Express Chipset Family, 1838 Mb
Hard Drives: C: Total - 465737 MB, Free - 328152 MB; Q: Total - 9999 MB, Free - 2239 MB;
Motherboard: LENOVO, 2842FBU
Antivirus: McAfee VirusScan Enterprise, Updated: No, On-Demand Scanner: Disabled
mathew206's Avatar
mathew206 mathew206 is offline
Computer Specs
Member with 153 posts.
THREAD STARTER
 
Join Date: Aug 2012
Experience: Intermediate
14-Aug-2012, 01:07 AM #2
Hey guys,

I know that the site says to be patient. It has been a week since I first posted, but I just want to make sure that I am in line and have not been overlooked. Any response would be greatly appreciated. Thanks!
Mark1956's Avatar
Malware Removal Specialist with 14,071 posts.
 
Join Date: May 2011
Location: Spain
Experience: Advanced
15-Aug-2012, 04:05 AM #3
Hi Mathew206, my name is Mark and I will be helping you.

At the top of the Malware forum there is a notice Everyone MUST read this BEFORE posting for help in this forum. Not following those instructions puts helpers off from assisting you. Also, there are not enough volunteers to help with the ever increasing demand for assistance. Those who follow the instructions tend to get priority. Please read those instructions thoroughly and post both logs from DDS, you need not post the logs from HJT or GMER.

You are probably infected with the ZeroAccess rootkit. As a precaution, if you use this PC for any on-line banking and/or signing into any financial institutions, you should change your passwords on a clean machine and not use this one to log into any of those sites until we are sure it is clean.

Please follow these instructions and post the log.

STEP 1


NOTE: If you have already used Combofix please delete the icon from your desktop.
  • Please download DeFogger and save it to your desktop.
  • Once downloaded, double-click on the DeFogger icon to start the tool.
  • The application window will appear.
  • You should now click on the Disable button to disable your CD Emulation drivers.
  • When it prompts you whether or not you want to continue, please click on the Yes button to continue.
  • When the program has completed you will see a Finished! message. Click on the OK button to exit the program.
  • If CD Emulation programs are present and have been disabled, DeFogger will now ask you to reboot the machine. Please allow it to do so by clicking on the OK button.
STEP 2

Please download ComboFix from one of the locations below and save it to your Desktop. <-Important!!!Be sure to print out and follow these instructions: A guide and tutorial on using ComboFix



Vista/Windows 7 users can skip the Recovery Console instructions and use the Windows DVD to boot into the Vista Recovery Environment or Windows 7 System Recovery Options if something goes awry. If you do not have a Windows 7 DVD then please create a Windows 7 Repair Disc. XP users need to install the Recovery Console first.
  • Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Click this link to see a list of such programs and how to disable them.
  • If ComboFix detects an older version of itself, you will be asked to update the program.
  • ComboFix will begin by showing a Disclaimer. Read it and click I Agree if you want to continue.
  • Follow the prompts and click on Yes to continue scanning for malware.
  • If using Windows 7 or Vista and you receive a UAC prompt asking if you want to continue running the program, you should press the Continue button.
  • When finished, please copy and paste the contents of C:\ComboFix.txt (which will open after reboot) in your next reply.
  • Be sure to re-enable your anti-virus and other security programs.
-- Do not touch your mouse/keyboard until the ComboFix scan has completed, as this may cause the process to stall or the computer to lock.
-- ComboFix will temporarily disable your desktop, and if interrupted may leave it disabled. If this occurs, please reboot to restore it.
-- ComboFix disables autorun of all CD, floppy and USB devices to assist with malware removal and increase security.
If you no longer have access to your Internet connection after running ComboFix, please reboot to restore it. If that does not restore the connection, then follow the instructions for Manually restoring the Internet connection provided in the "How to Guide" you printed out earlier.

NOTE: if you see a message like this when you attempt to open anything after the reboot "Illegal Operation attempted on a registry key that has been marked for deletion" please reboot the system again and the warning should not return.
Quote:
Do NOT use ComboFix unless you have been instructed to do so by a Malware Removal Expert. It is a powerful tool intended by its creator to be used under the guidance and supervision of an expert, NOT for general public or personal use. Using this tool incorrectly could lead to serious problems with your operating system such as preventing it from ever starting again. This site, sUBs and myself will not be responsible for any damage caused to your machine by misusing or running ComboFix on your own. Please read ComboFix's Disclaimer.

Last edited by Mark1956; 15-Aug-2012 at 04:16 AM..
mathew206's Avatar
mathew206 mathew206 is offline
Computer Specs
Member with 153 posts.
THREAD STARTER
 
Join Date: Aug 2012
Experience: Intermediate
16-Aug-2012, 04:26 PM #4
Dear Mark,

Thank you very much for your assistance. My apologies for the oversight on DDS. Lot of forums don't want you to do anything before seeking help. I will follow your directions to the best of my capabilities.


You mentioned not to post from HJT, does that mean I do not need to scan with it either?

DDS is attached below in the next post.
mathew206's Avatar
mathew206 mathew206 is offline
Computer Specs
Member with 153 posts.
THREAD STARTER
 
Join Date: Aug 2012
Experience: Intermediate
16-Aug-2012, 04:29 PM #5
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by ChoysToy at 13:12:40 on 2012-08-16
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3933.2358 [GMT -7:00]
.
AV: Norton Business Suite *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Business Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Business Suite *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\PROGRA~1\Lenovo\HOTKEY\tpnumlk.exe
C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\DDNI\DIBS\DDNIService.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe
C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files (x86)\Norton Business Suite\Engine\6.2.1.5\ccSvcHst.exe
C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\McShield.exe
C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mfeann.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Norton Business Suite\Engine\6.2.1.5\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Google\Update\1.3.21.115\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.21.115\GoogleCrashHandler64.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Program Files\Lenovo\HOTKEY\tpfnf6r.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Windows\System32\TpShocks.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe
C:\Program Files (x86)\McAfee\VirusScan Enterprise\shstat.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\igfxext.exe
C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\DDNI\Lenovo Idea Notes\DDNIMSGService.exe
C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\Program Files (x86)\Lenovo\System Update\SUService.exe
C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe
C:\Program Files (x86)\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\system32\DeviceDisplayObjectProvider.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://lenovo.msn.com
uInternet Settings,ProxyOverride = *.local
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin .dll
BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Business Suite\Engine\6.2.1.5\coIEPlg.dll
BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Business Suite\Engine\6.2.1.5\IPS\IPSBHO.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\McAfee\VirusScan Enterprise\scriptsn.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Business Suite\Engine\6.2.1.5\coIEPlg.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [TaskScheduler] C:\ProWin11\32bit\TaskSch.exe
mRun: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
mRun: [McAfeeUpdaterUI] "C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
mRun: [ShStatEXE] "C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: Interfaces\{1558DF44-4292-4178-A5CA-A141778C5639} : DhcpNameServer = 10.11.28.10
TCP: Interfaces\{6181048D-F057-4692-A447-130C1484C7A4} : DhcpNameServer = 10.11.28.25
TCP: Interfaces\{6181048D-F057-4692-A447-130C1484C7A4}\05F607723702E4564777F627B6 : DhcpNameServer = 192.168.2.1 192.168.2.1 75.75.75.75 75.75.76.76
TCP: Interfaces\{6181048D-F057-4692-A447-130C1484C7A4}\2375942554335353 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{6181048D-F057-4692-A447-130C1484C7A4}\4656A7D616475736 : DhcpNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin .dll
BHO-X64: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Business Suite\Engine\6.2.1.5\coIEPlg.dll
BHO-X64: Norton Identity Protection - No File
BHO-X64: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Business Suite\Engine\6.2.1.5\IPS\IPSBHO.DLL
BHO-X64: Norton Vulnerability Protection - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan Enterprise\scriptsn.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: Google Gears Helper: {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
BHO-X64: Google Gears Helper - No File
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Business Suite\Engine\6.2.1.5\coIEPlg.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
mRun-x64: [McAfeeUpdaterUI] "C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
mRun-x64: [ShStatEXE] "C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\ChoysToy\AppData\Roaming\Mozilla\Firefox\Profiles\nfiidqxa.default \
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20120711.002\BHDrvx64.sys [2012-7-13 1161376]
R1 ccSet_N360;Norton Business Suite Settings Manager;C:\Windows\system32\drivers\N360x64\0602010.005\ccSetx64.sys --> C:\Windows\system32\drivers\N360x64\0602010.005\ccSetx64.sys [?]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20120718.001\IDSviA64.sys [2012-7-19 509088]
R1 lenovo.smi;Lenovo System Interface Driver;C:\Windows\system32\DRIVERS\smiifx64.sys --> C:\Windows\system32\DRIVERS\smiifx64.sys [?]
R3 5U877;USB Video Device;C:\Windows\system32\DRIVERS\5U877.sys --> C:\Windows\system32\DRIVERS\5U877.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-7-11 138912]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?]
R3 JMCR;JMCR;C:\Windows\system32\DRIVERS\jmcr.sys --> C:\Windows\system32\DRIVERS\jmcr.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]
R3 pneteth;PdaNet Broadband;C:\Windows\system32\DRIVERS\pneteth.sys --> C:\Windows\system32\DRIVERS\pneteth.sys [?]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
.
=============== Created Last 30 ================
.
2012-07-23 04:27:08 -------- d-----w- C:\$RECYCLE.BIN
2012-07-22 17:11:53 208896 ----a-w- C:\Windows\MBR.exe
2012-07-22 17:11:50 256000 ----a-w- C:\Windows\PEV.exe
2012-07-22 17:11:49 98816 ----a-w- C:\Windows\sed.exe
2012-07-22 17:11:49 518144 ----a-w- C:\Windows\SWREG.exe
2012-07-19 06:03:57 -------- d-----w- C:\FRST
.
==================== Find3M ====================
.
2012-07-13 22:40:47 116016 ----a-w- C:\Windows\System32\drivers\24097668.sys
2012-07-12 03:06:46 175736 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2012-07-12 01:48:10 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-12 01:48:10 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-06-12 03:08:36 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-06-02 22:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
.
============= FINISH: 13:14:44.59 ===============
mathew206's Avatar
mathew206 mathew206 is offline
Computer Specs
Member with 153 posts.
THREAD STARTER
 
Join Date: Aug 2012
Experience: Intermediate
16-Aug-2012, 05:29 PM #6
attach.txt log and combofix log
Attach.txt as an attachment.

Also, I tried to run combofix, but it says that I have real time scanners running. I have Norton Business Suite, and I rechecked the settings for it. Everything showed that it was disabled or not checked. So I continued, and the Combofix said I was running at my own risk. It completed the scan, and the results are copied below. Thanks again, I will wait for your response.




ComboFix 12-08-16.01 - ChoysToy 08/16/2012 13:38:02.2.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3933.2369 [GMT -7:00]
Running from: c:\users\ChoysToy\Desktop\ComboFix.exe
AV: Norton Business Suite *Enabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Business Suite *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Business Suite *Enabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
* Resident AV is active
.
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\swtools\APPS\CSBED\CSBE\ACTIVATION_104\_desktop.ini
c:\swtools\APPS\CSBED\CSBE\ACTIVATION_104\BIN\_desktop.ini
.
.
((((((((((((((((((((((((( Files Created from 2012-07-16 to 2012-08-16 )))))))))))))))))))))))))))))))
.
.
2012-08-16 20:57 . 2012-08-16 20:57 -------- d-----w- c:\users\Xiao Rui\AppData\Local\temp
2012-08-16 20:57 . 2012-08-16 20:57 -------- d-----w- c:\users\TEMP\AppData\Local\temp
2012-08-16 20:57 . 2012-08-16 20:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-19 06:03 . 2012-07-19 06:04 -------- d-----w- C:\FRST
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-13 22:40 . 2012-07-13 22:40 116016 ----a-w- c:\windows\system32\drivers\24097668.sys
2012-07-12 03:06 . 2012-07-12 03:06 175736 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2012-07-12 01:48 . 2012-04-12 00:58 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-12 01:48 . 2011-06-02 18:38 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-11 18:31 . 2010-03-28 20:35 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-06-12 03:08 . 2012-07-11 18:37 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-06-09 05:43 . 2012-07-11 16:03 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-06-06 06:06 . 2012-07-11 16:04 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 06:06 . 2012-07-11 16:04 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 06:02 . 2012-07-11 16:03 1133568 ----a-w- c:\windows\system32\cdosys.dll
2012-06-06 05:05 . 2012-07-11 16:04 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-06-06 05:05 . 2012-07-11 16:04 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-06-06 05:03 . 2012-07-11 16:03 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
2012-06-02 22:19 . 2012-06-27 06:20 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-27 06:21 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-27 06:21 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-27 06:21 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-27 06:20 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 22:19 . 2012-06-27 06:20 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-27 06:21 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-27 06:20 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 22:15 . 2012-06-27 06:20 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 12:49 . 2012-07-11 18:30 17807360 ----a-w- c:\windows\system32\mshtml.dll
2012-06-02 12:17 . 2012-07-11 18:30 10924032 ----a-w- c:\windows\system32\ieframe.dll
2012-06-02 12:12 . 2012-07-11 18:30 2311680 ----a-w- c:\windows\system32\jscript9.dll
2012-06-02 12:05 . 2012-07-11 18:30 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-06-02 12:05 . 2012-07-11 18:30 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-06-02 12:04 . 2012-07-11 18:30 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-02 12:04 . 2012-07-11 18:30 237056 ----a-w- c:\windows\system32\url.dll
2012-06-02 12:03 . 2012-07-11 18:30 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-06-02 12:01 . 2012-07-11 18:30 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-02 12:00 . 2012-07-11 18:30 818688 ----a-w- c:\windows\system32\jscript.dll
2012-06-02 11:59 . 2012-07-11 18:30 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-06-02 11:57 . 2012-07-11 18:30 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-06-02 11:57 . 2012-07-11 18:30 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-02 11:54 . 2012-07-11 18:30 248320 ----a-w- c:\windows\system32\ieui.dll
2012-06-02 08:33 . 2012-07-11 18:30 1800192 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-06-02 08:25 . 2012-07-11 18:30 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-06-02 08:25 . 2012-07-11 18:30 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-06-02 08:20 . 2012-07-11 18:30 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-06-02 08:16 . 2012-07-11 18:30 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-06-02 05:50 . 2012-07-11 16:03 458704 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 05:48 . 2012-07-11 16:03 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 05:48 . 2012-07-11 16:03 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 05:45 . 2012-07-11 16:03 340992 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 05:44 . 2012-07-11 16:03 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-06-02 04:40 . 2012-07-11 16:03 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-06-02 04:40 . 2012-07-11 16:03 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-06-02 04:39 . 2012-07-11 16:03 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-06-02 04:34 . 2012-07-11 16:03 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-23_04.27.18 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-02-19 05:08 . 2012-08-16 21:01 57708 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-08-16 21:01 55234 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-03-27 03:52 . 2012-08-16 21:01 15010 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1784883445-1032603892-293820194-1003_UserData.bin
+ 2012-08-16 20:58 . 2012-08-16 20:58 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-07-23 04:14 . 2012-07-23 04:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-16 20:58 . 2012-08-16 20:58 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-07-23 04:14 . 2012-07-23 04:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 04:54 . 2012-08-16 19:50 229376 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\ Cookies\index.dat
- 2009-07-14 04:54 . 2012-07-22 07:50 229376 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\ Cookies\index.dat
- 2009-07-14 02:36 . 2012-07-22 05:54 683588 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-08-16 20:16 683588 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-08-16 20:16 128518 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-07-22 05:54 128518 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:01 . 2012-08-16 20:57 429176 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-07-23 03:59 429176 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 04:54 . 2012-07-22 07:50 2080768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-16 19:50 2080768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-22 07:50 3997696 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Hi story\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-16 19:50 3997696 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Hi story\History.IE5\index.dat
+ 2010-02-19 05:48 . 2012-08-16 20:57 2918368 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2010-02-19 05:48 . 2012-07-23 04:00 2918368 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2011-04-08 21:16 . 2012-07-22 18:30 6726292 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1784883445-1032603892-293820194-1003-8192.dat
+ 2011-04-08 21:16 . 2012-08-16 20:57 6726292 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1784883445-1032603892-293820194-1003-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\ex plorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\ChoysToy\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\ex plorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\ChoysToy\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\ex plorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\ChoysToy\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TaskScheduler"="c:\prowin11\32bit\TaskSch.exe" [2012-05-28 443992]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ru n]
"PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2009-12-10 1092968]
"McAfeeUpdaterUI"="c:\program files (x86)\McAfee\Common Framework\udaterui.exe" [2009-01-16 136512]
"ShStatEXE"="c:\program files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2009-04-30 124240]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCO RE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfee EngineService]
@="Service"
.
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-10 136176]
R2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-08-05 362992]
R2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [2009-08-05 309744]
R2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [2009-08-05 166384]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-12 250056]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-10 136176]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2009-04-30 76696]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-08 113120]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2009-12-10 75112]
R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-08-05 313840]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-08-05 1124848]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-02-19 51712]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-07 1255736]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0602010.005\SYMDS64.SYS [2011-08-16 451192]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0602010.005\SYMEFA64.SYS [2011-11-24 1092728]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys [2009-06-29 23592]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20120711.002\BHDrvx64.sys [2012-07-11 1161376]
S1 ccSet_N360;Norton Business Suite Settings Manager;c:\windows\system32\drivers\N360x64\0602010.005\ccSetx64.sys [2011-11-04 167048]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20120718.001\IDSvia64.sys [2012-07-11 509088]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys [2008-05-12 15400]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2012-01-12 57976]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0602010.005\Ironx64.SYS [2011-11-17 190072]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\0602010.005\SYMNETS.SYS [2011-11-17 405624]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 DDNIMSGService;DDNIMSGService;c:\program files (x86)\DDNI\Lenovo Idea Notes\DDNIMSGService.exe [2010-07-20 171872]
S2 DDNIService;DDNIService;c:\program files (x86)\DDNI\DIBS\DDNIService.exe [2010-07-23 163680]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2009-07-03 45424]
S2 McAfeeEngineService;McAfee Engine Service;c:\program files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe [2009-04-30 19720]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2009-04-30 78992]
S2 N360;Norton Business Suite;c:\program files (x86)\Norton Business Suite\Engine\6.2.1.5\ccSvcHst.exe [2012-03-27 138232]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2009-07-15 62320]
S3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys [2009-06-18 161024]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-07-12 138912]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-07-09 139264]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2009-05-18 143320]
S3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2009-09-15 6952960]
S3 pneteth;PdaNet Broadband;c:\windows\system32\DRIVERS\pneteth.sys [2010-09-03 15360]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 01:48]
.
2012-08-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-10 04:51]
.
2012-08-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-10 04:51]
.
2012-07-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1784883445-1032603892-293820194-1003Core.job
- c:\users\ChoysToy\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-08 06:29]
.
2012-08-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1784883445-1032603892-293820194-1003UA.job
- c:\users\ChoysToy\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-08 06:29]
.
2012-05-22 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\pcdr5cuiw32.exe [2009-10-08 21:44]
.
2012-08-16 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\pcdr5cuiw32.exe [2009-10-08 21:44]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\ChoysToy\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\ChoysToy\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\ChoysToy\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\ChoysToy\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-10 7968800]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2009-03-13 68976]
"LENOVO.TPFNF6R"="c:\program files\Lenovo\HOTKEY\TPFNF6R.exe" [2009-08-20 62752]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-08-07 186904]
"TpShocks"="TpShocks.exe" [2009-07-09 380704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-08 387608]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-08 365592]
"AcWin7Hlpr"="c:\program files (x86)\Lenovo\Access Connections\AcTBenabler.exe" [2009-10-14 36864]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-11 1873256]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://lenovo.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105
FF - ProfilePath - c:\users\ChoysToy\AppData\Roaming\Mozilla\Firefox\Profiles\nfiidqxa.default \
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton Business Suite\Engine\6.2.1.5\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton Business Suite\Engine\6.2.1.5\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_ 3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX .exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00, 79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00, \
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00, 79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00, \
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\Lenovo\HOTKEY\tpnumlk.exe
c:\program files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files (x86)\McAfee\Common Framework\FrameworkService.exe
c:\program files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe
c:\program files (x86)\McAfee\Common Framework\naPrdMgr.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files (x86)\Lenovo\Access Connections\AcSvc.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\progra~1\Lenovo\HOTKEY\tpnumlkd.exe
c:\program files (x86)\Google\Update\1.3.21.115\GoogleCrashHandler.exe
c:\program files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files (x86)\Lenovo\System Update\SUService.exe
c:\program files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
.
**************************************************************************
.
Completion time: 2012-08-16 14:08:48 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-16 21:08
ComboFix2.txt 2012-07-23 04:32
.
Pre-Run: 343,722,696,704 bytes free
Post-Run: 343,239,516,160 bytes free
.
- - End Of File - - 429067C2F319B30F134537A3A60E8C41
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.
Mark1956's Avatar
Malware Removal Specialist with 14,071 posts.
 
Join Date: May 2011
Location: Spain
Experience: Advanced
16-Aug-2012, 06:20 PM #7
For a start please uninstall McAfee Agent and then run this
McAfee Removal Tool

You need not run HJT, it doesn't fix anything, it only produces a log just like DDS, but DDS provides the same information plus a bit more.

Please post the log from the TDSSKiller scan, you will find it on your C: drive.

I can see you have used Farbar Recovery Scan Tool, did you obtain a log from it, if so please post it.

While I am helping you please do not attempt to run any scans that I have not requested as this can produce misleading results.

Combofix has not found anything so we need to run some other scans, we will start with this one:

Download RogueKiller (by tigzy) and save direct to your Desktop.

On the web page click on this:
  • Quit all running programs
  • Start RogueKiller.exe
  • Wait until Prescan has finished.
  • Ensure all boxes are ticked under "Report" tab.
  • Click on Scan.
  • Click on Report when complete. Copy/paste the contents of the report and paste into your next reply.
  • NOTE: DO NOT attempt to remove anything that the scan detects.
mathew206's Avatar
mathew206 mathew206 is offline
Computer Specs
Member with 153 posts.
THREAD STARTER
 
Join Date: Aug 2012
Experience: Intermediate
17-Aug-2012, 01:26 AM #8
Hey Mark,

I have not tried any other troubleshooting or cleaning programs since we have started. I will look for the logs for TDSSkiller and Farbar.

I have tried to uninstall Mcafee on multiple occasions, but I have not had any success. Everytime I try to uninstall, it states
"McAfee Agent cannot be removed because other products are still using it. "

I actually got this version of Mcafee from school (University of California, Irvine) which was used in conjunction with Cisco Clean Access Agent.
I was able to uninstall Cisco Clean access agent, but not mcafee. I have tried MCPR.exe as well, but I was still unable to uninstall mcafee. Do you still want me to proceed with Rogue Killer? Or any other tips on getting rid of Mcafee?
mathew206's Avatar
mathew206 mathew206 is offline
Computer Specs
Member with 153 posts.
THREAD STARTER
 
Join Date: Aug 2012
Experience: Intermediate
17-Aug-2012, 01:35 AM #9
TDSSKiller log
I found the TDSSKiller log, but I could not locate Farbar log. Would that also be under C: drive? Thanks Mark.


15:40:46.0558 2876 TDSS rootkit removing tool 2.7.45.0 Jul 9 2012 12:46:35
15:40:47.0119 2876 ============================================================
15:40:47.0119 2876 Current date / time: 2012/07/13 15:40:47.0119
15:40:47.0119 2876 SystemInfo:
15:40:47.0119 2876
15:40:47.0119 2876 OS Version: 6.1.7601 ServicePack: 1.0
15:40:47.0119 2876 Product type: Workstation
15:40:47.0119 2876 ComputerName: CHOYSTOY-THINK
15:40:47.0119 2876 UserName: ChoysToy
15:40:47.0119 2876 Windows directory: C:\Windows
15:40:47.0119 2876 System windows directory: C:\Windows
15:40:47.0119 2876 Running under WOW64
15:40:47.0119 2876 Processor architecture: Intel x64
15:40:47.0119 2876 Number of processors: 2
15:40:47.0119 2876 Page size: 0x1000
15:40:47.0119 2876 Boot type: Safe boot with network
15:40:47.0119 2876 ============================================================
15:40:47.0743 2876 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:40:47.0759 2876 ============================================================
15:40:47.0759 2876 \Device\Harddisk0\DR0:
15:40:47.0759 2876 MBR partitions:
15:40:47.0759 2876 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x258000
15:40:47.0759 2876 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x258800, BlocksNum 0x38DA4FF8
15:40:47.0759 2876 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x38FFD800, BlocksNum 0x1388000
15:40:47.0759 2876 ============================================================
15:40:47.0775 2876 C: <-> \Device\Harddisk0\DR0\Partition1
15:40:47.0821 2876 Q: <-> \Device\Harddisk0\DR0\Partition2
15:40:47.0821 2876 ============================================================
15:40:47.0821 2876 Initialize success
15:40:47.0821 2876 ============================================================
15:43:33.0260 2448 ============================================================
15:43:33.0260 2448 Scan started
15:43:33.0260 2448 Mode: Manual;
15:43:33.0260 2448 ============================================================
15:43:35.0771 2448 !SASCORE (a0709b82fa3b5afad1467e565b8b3ba0) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
15:43:35.0771 2448 !SASCORE - ok
15:43:36.0614 2448 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
15:43:36.0614 2448 1394ohci - ok
15:43:36.0879 2448 5U877 (7d497701bda1267ad5f86350925d2f10) C:\Windows\system32\DRIVERS\5U877.sys
15:43:36.0879 2448 5U877 - ok
15:43:37.0269 2448 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
15:43:37.0269 2448 ACPI - ok
15:43:37.0363 2448 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
15:43:37.0363 2448 AcpiPmi - ok
15:43:37.0737 2448 AcPrfMgrSvc (bcab739e5fea28407076d757044a629f) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
15:43:37.0753 2448 AcPrfMgrSvc - ok
15:43:37.0862 2448 AcSvc (d6dd4f1596c54afa5c6ccae6842f9e44) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
15:43:37.0862 2448 AcSvc - ok
15:43:38.0751 2448 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
15:43:38.0751 2448 AdobeFlashPlayerUpdateSvc - ok
15:43:39.0188 2448 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
15:43:39.0188 2448 adp94xx - ok
15:43:39.0515 2448 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
15:43:39.0531 2448 adpahci - ok
15:43:39.0593 2448 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
15:43:39.0593 2448 adpu320 - ok
15:43:39.0703 2448 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
15:43:39.0703 2448 AeLookupSvc - ok
15:43:40.0186 2448 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
15:43:40.0186 2448 AFD - ok
15:43:40.0280 2448 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
15:43:40.0280 2448 agp440 - ok
15:43:40.0373 2448 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
15:43:40.0373 2448 ALG - ok
15:43:40.0467 2448 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
15:43:40.0467 2448 aliide - ok
15:43:40.0670 2448 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
15:43:40.0670 2448 amdide - ok
15:43:41.0138 2448 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
15:43:41.0138 2448 AmdK8 - ok
15:43:41.0263 2448 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
15:43:41.0263 2448 AmdPPM - ok
15:43:41.0294 2448 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
15:43:41.0294 2448 amdsata - ok
15:43:41.0341 2448 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
15:43:41.0341 2448 amdsbs - ok
15:43:41.0387 2448 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
15:43:41.0387 2448 amdxata - ok
15:43:41.0419 2448 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
15:43:41.0419 2448 AppID - ok
15:43:41.0465 2448 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
15:43:41.0465 2448 AppIDSvc - ok
15:43:41.0497 2448 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
15:43:41.0497 2448 Appinfo - ok
15:43:41.0621 2448 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:43:41.0621 2448 Apple Mobile Device - ok
15:43:41.0668 2448 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
15:43:41.0668 2448 AppMgmt - ok
15:43:41.0731 2448 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
15:43:41.0731 2448 arc - ok
15:43:41.0777 2448 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
15:43:41.0777 2448 arcsas - ok
15:43:41.0824 2448 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
15:43:41.0824 2448 AsyncMac - ok
15:43:41.0855 2448 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
15:43:41.0855 2448 atapi - ok
15:43:41.0980 2448 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
15:43:41.0980 2448 AudioEndpointBuilder - ok
15:43:41.0996 2448 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
15:43:41.0996 2448 AudioSrv - ok
15:43:42.0043 2448 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
15:43:42.0043 2448 AxInstSV - ok
15:43:42.0121 2448 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
15:43:42.0121 2448 b06bdrv - ok
15:43:42.0152 2448 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
15:43:42.0152 2448 b57nd60a - ok
15:43:42.0230 2448 BcmSqlStartupSvc (6163664c7e9cd110af70180c126c3fdc) C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
15:43:42.0230 2448 BcmSqlStartupSvc - ok
15:43:42.0261 2448 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
15:43:42.0261 2448 BDESVC - ok
15:43:42.0355 2448 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
15:43:42.0355 2448 Beep - ok
15:43:42.0713 2448 BHDrvx64 (c8ab71a5102d0fc103f6dfc750005137) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20120711.002\BHDrvx64.sys
15:43:42.0713 2448 BHDrvx64 - ok
15:43:42.0901 2448 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
15:43:42.0947 2448 BITS - ok
15:43:43.0025 2448 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
15:43:43.0025 2448 blbdrive - ok
15:43:43.0150 2448 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
15:43:43.0166 2448 Bonjour Service - ok
15:43:43.0228 2448 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
15:43:43.0228 2448 bowser - ok
15:43:43.0275 2448 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:43:43.0275 2448 BrFiltLo - ok
15:43:43.0306 2448 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:43:43.0306 2448 BrFiltUp - ok
15:43:43.0337 2448 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
15:43:43.0337 2448 Browser - ok
15:43:43.0384 2448 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
15:43:43.0384 2448 Brserid - ok
15:43:43.0400 2448 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
15:43:43.0400 2448 BrSerWdm - ok
15:43:43.0415 2448 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
15:43:43.0415 2448 BrUsbMdm - ok
15:43:43.0431 2448 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
15:43:43.0431 2448 BrUsbSer - ok
15:43:43.0493 2448 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
15:43:43.0493 2448 BthEnum - ok
15:43:43.0509 2448 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
15:43:43.0509 2448 BTHMODEM - ok
15:43:43.0540 2448 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
15:43:43.0540 2448 BthPan - ok
15:43:43.0571 2448 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
15:43:43.0587 2448 BTHPORT - ok
15:43:43.0618 2448 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
15:43:43.0618 2448 bthserv - ok
15:43:43.0665 2448 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
15:43:43.0665 2448 BTHUSB - ok
15:43:43.0774 2448 ccSet_N360 (0e1737a63aec0f6de231bb59836c0a11) C:\Windows\system32\drivers\N360x64\0602010.005\ccSetx64.sys
15:43:43.0774 2448 ccSet_N360 - ok
15:43:43.0821 2448 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
15:43:43.0821 2448 cdfs - ok
15:43:43.0868 2448 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
15:43:43.0868 2448 cdrom - ok
15:43:43.0930 2448 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
15:43:43.0930 2448 CertPropSvc - ok
15:43:43.0977 2448 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
15:43:43.0977 2448 circlass - ok
15:43:44.0024 2448 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
15:43:44.0024 2448 CLFS - ok
15:43:44.0117 2448 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:43:44.0117 2448 clr_optimization_v2.0.50727_32 - ok
15:43:44.0164 2448 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:43:44.0164 2448 clr_optimization_v2.0.50727_64 - ok
15:43:44.0258 2448 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:43:44.0289 2448 clr_optimization_v4.0.30319_32 - ok
15:43:44.0336 2448 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:43:44.0336 2448 clr_optimization_v4.0.30319_64 - ok
15:43:44.0383 2448 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
15:43:44.0383 2448 CmBatt - ok
15:43:44.0414 2448 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
15:43:44.0414 2448 cmdide - ok
15:43:44.0461 2448 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
15:43:44.0461 2448 CNG - ok
15:43:44.0507 2448 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
15:43:44.0507 2448 Compbatt - ok
15:43:44.0523 2448 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
15:43:44.0539 2448 CompositeBus - ok
15:43:44.0539 2448 COMSysApp - ok
15:43:44.0570 2448 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
15:43:44.0570 2448 crcdisk - ok
15:43:44.0601 2448 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
15:43:44.0617 2448 CryptSvc - ok
15:43:44.0710 2448 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
15:43:44.0710 2448 CSC - ok
15:43:44.0757 2448 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
15:43:44.0757 2448 CscService - ok
15:43:44.0819 2448 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
15:43:44.0851 2448 DcomLaunch - ok
15:43:44.0944 2448 DDNIMSGService (696c496ddab0a608d02894e9d4f62980) C:\Program Files (x86)\DDNI\Lenovo Idea Notes\DDNIMSGService.exe
15:43:44.0960 2448 DDNIMSGService - ok
15:43:44.0975 2448 DDNIService (a767a85632556477021d43259397b21a) C:\Program Files (x86)\DDNI\DIBS\DDNIService.exe
15:43:44.0975 2448 DDNIService - ok
15:43:45.0007 2448 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
15:43:45.0007 2448 defragsvc - ok
15:43:45.0100 2448 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
15:43:45.0100 2448 DfsC - ok
15:43:45.0147 2448 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
15:43:45.0147 2448 Dhcp - ok
15:43:45.0163 2448 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
15:43:45.0163 2448 discache - ok
15:43:45.0178 2448 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
15:43:45.0178 2448 Disk - ok
15:43:45.0225 2448 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
15:43:45.0225 2448 Dnscache - ok
15:43:45.0287 2448 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
15:43:45.0287 2448 dot3svc - ok
15:43:45.0350 2448 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
15:43:45.0350 2448 Dot4 - ok
15:43:45.0365 2448 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\DRIVERS\Dot4Prt.sys
15:43:45.0365 2448 Dot4Print - ok
15:43:45.0397 2448 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
15:43:45.0397 2448 dot4usb - ok
15:43:45.0428 2448 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
15:43:45.0428 2448 DPS - ok
15:43:45.0443 2448 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
15:43:45.0443 2448 drmkaud - ok
15:43:45.0553 2448 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
15:43:45.0553 2448 DXGKrnl - ok
15:43:45.0584 2448 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
15:43:45.0599 2448 EapHost - ok
15:43:45.0755 2448 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
15:43:45.0771 2448 ebdrv - ok
15:43:45.0865 2448 eeCtrl (ba6420c1f7070ed8f1ba372844f3e1ec) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
15:43:45.0865 2448 eeCtrl - ok
15:43:45.0958 2448 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
15:43:45.0974 2448 EFS - ok
15:43:46.0036 2448 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
15:43:46.0052 2448 ehRecvr - ok
15:43:46.0083 2448 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
15:43:46.0083 2448 ehSched - ok
15:43:46.0145 2448 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
15:43:46.0161 2448 elxstor - ok
15:43:46.0255 2448 EraserUtilRebootDrv (1343df3451bc0c442dc69837c6fba21b) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
15:43:46.0255 2448 EraserUtilRebootDrv - ok
15:43:46.0286 2448 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
15:43:46.0286 2448 ErrDev - ok
15:43:46.0348 2448 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
15:43:46.0348 2448 EventSystem - ok
15:43:46.0504 2448 EvtEng (51643ee2712d9212e1e53ca7e8d8eb4a) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
15:43:46.0520 2448 EvtEng - ok
15:43:46.0645 2448 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
15:43:46.0645 2448 exfat - ok
15:43:46.0691 2448 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
15:43:46.0691 2448 fastfat - ok
15:43:46.0785 2448 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
15:43:46.0801 2448 Fax - ok
15:43:46.0801 2448 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
15:43:46.0801 2448 fdc - ok
15:43:46.0832 2448 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
15:43:46.0832 2448 fdPHost - ok
15:43:46.0847 2448 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
15:43:46.0847 2448 FDResPub - ok
15:43:46.0879 2448 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
15:43:46.0879 2448 FileInfo - ok
15:43:46.0879 2448 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
15:43:46.0879 2448 Filetrace - ok
15:43:46.0972 2448 FLEXnet Licensing Service (227846995afeefa70d328bf5334a86a5) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
15:43:46.0972 2448 FLEXnet Licensing Service - ok
15:43:47.0003 2448 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
15:43:47.0003 2448 flpydisk - ok
15:43:47.0050 2448 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
15:43:47.0050 2448 FltMgr - ok
15:43:47.0128 2448 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
15:43:47.0144 2448 FontCache - ok
15:43:47.0206 2448 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:43:47.0206 2448 FontCache3.0.0.0 - ok
15:43:47.0269 2448 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
15:43:47.0269 2448 FsDepends - ok
15:43:47.0315 2448 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
15:43:47.0315 2448 Fs_Rec - ok
15:43:47.0362 2448 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
15:43:47.0362 2448 fvevol - ok
15:43:47.0378 2448 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
15:43:47.0378 2448 gagp30kx - ok
15:43:47.0425 2448 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:43:47.0425 2448 GEARAspiWDM - ok
15:43:47.0487 2448 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
15:43:47.0487 2448 gpsvc - ok
15:43:47.0596 2448 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:43:47.0596 2448 gupdate - ok
15:43:47.0612 2448 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:43:47.0627 2448 gupdatem - ok
15:43:47.0643 2448 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
15:43:47.0643 2448 hcw85cir - ok
15:43:47.0705 2448 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
15:43:47.0705 2448 HdAudAddService - ok
15:43:47.0721 2448 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
15:43:47.0721 2448 HDAudBus - ok
15:43:47.0737 2448 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
15:43:47.0737 2448 HidBatt - ok
15:43:47.0752 2448 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
15:43:47.0752 2448 HidBth - ok
15:43:47.0768 2448 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
15:43:47.0768 2448 HidIr - ok
15:43:47.0783 2448 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
15:43:47.0783 2448 hidserv - ok
15:43:47.0783 2448 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
15:43:47.0783 2448 HidUsb - ok
15:43:47.0830 2448 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
15:43:47.0830 2448 hkmsvc - ok
15:43:47.0861 2448 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
15:43:47.0877 2448 HomeGroupListener - ok
15:43:47.0924 2448 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
15:43:47.0924 2448 HomeGroupProvider - ok
15:43:48.0080 2448 hpqcxs08 (0a3c6aa4a9fc38c20ba4eac2c3351c05) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
15:43:48.0080 2448 hpqcxs08 - ok
15:43:48.0127 2448 hpqddsvc (75cc8c5146a3fb76221a7606628778d5) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
15:43:48.0127 2448 hpqddsvc - ok
15:43:48.0173 2448 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
15:43:48.0173 2448 HpSAMD - ok
15:43:48.0236 2448 HPSLPSVC (2adf33f93991c4e24e86ffa5f906417b) C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
15:43:48.0251 2448 HPSLPSVC - ok
15:43:48.0361 2448 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
15:43:48.0361 2448 HTTP - ok
15:43:48.0407 2448 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
15:43:48.0407 2448 hwpolicy - ok
15:43:48.0470 2448 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
15:43:48.0470 2448 i8042prt - ok
15:43:48.0563 2448 IAANTMON (0e899d0db39617aa0b2f992e7e95b5eb) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
15:43:48.0563 2448 IAANTMON - ok
15:43:48.0626 2448 iaStor (bbb3b6df1abb0fe35802ede85cc1c011) C:\Windows\system32\DRIVERS\iaStor.sys
15:43:48.0626 2448 iaStor - ok
15:43:48.0688 2448 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
15:43:48.0688 2448 iaStorV - ok
15:43:48.0766 2448 IBMPMDRV (b8e7ca64fff8b71636dea3a845cc23e5) C:\Windows\system32\DRIVERS\ibmpmdrv.sys
15:43:48.0766 2448 IBMPMDRV - ok
15:43:48.0782 2448 IBMPMSVC (6daedf692b52b7c238c7199419318d16) C:\Windows\system32\ibmpmsvc.exe
15:43:48.0782 2448 IBMPMSVC - ok
15:43:48.0891 2448 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:43:48.0907 2448 idsvc - ok
15:43:49.0172 2448 IDSVia64 (ce0bf35c79e03bb89da6b14fac838605) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20120712.001\IDSvia64.sys
15:43:49.0172 2448 IDSVia64 - ok
15:43:49.0515 2448 igfx (37a65e3d89f6bbf5719ff9585f99eb7d) C:\Windows\system32\DRIVERS\igdkmd64.sys
15:43:49.0562 2448 igfx - ok
15:43:49.0655 2448 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
15:43:49.0655 2448 iirsp - ok
15:43:49.0702 2448 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
15:43:49.0718 2448 IKEEXT - ok
15:43:49.0827 2448 IntcAzAudAddService (3111a658416dc464ba1e48e3b2169952) C:\Windows\system32\drivers\RTKVHD64.sys
15:43:49.0827 2448 IntcAzAudAddService - ok
15:43:49.0921 2448 IntcHdmiAddService (88a20fa54c73ded4e8dac764e9130ae9) C:\Windows\system32\drivers\IntcHdmi.sys
15:43:49.0921 2448 IntcHdmiAddService - ok
15:43:49.0967 2448 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
15:43:49.0967 2448 intelide - ok
15:43:49.0999 2448 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
15:43:49.0999 2448 intelppm - ok
15:43:50.0045 2448 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
15:43:50.0045 2448 IPBusEnum - ok
15:43:50.0077 2448 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:43:50.0077 2448 IpFilterDriver - ok
15:43:50.0123 2448 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
15:43:50.0123 2448 IPMIDRV - ok
15:43:50.0139 2448 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
15:43:50.0139 2448 IPNAT - ok
15:43:50.0295 2448 iPod Service (a9ab99ee7d39725eafec82732d2b3271) C:\Program Files\iPod\bin\iPodService.exe
15:43:50.0295 2448 iPod Service - ok
15:43:50.0311 2448 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
15:43:50.0311 2448 IRENUM - ok
15:43:50.0357 2448 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
15:43:50.0357 2448 isapnp - ok
15:43:50.0373 2448 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
15:43:50.0389 2448 iScsiPrt - ok
15:43:50.0435 2448 IviRegMgr (213822072085b5bbad9af30ab577d817) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
15:43:50.0435 2448 IviRegMgr - ok
15:43:50.0529 2448 JMCR (80a1de467adf200390134d63e359937a) C:\Windows\system32\DRIVERS\jmcr.sys
15:43:50.0529 2448 JMCR - ok
15:43:50.0576 2448 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
15:43:50.0576 2448 kbdclass - ok
15:43:50.0623 2448 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
15:43:50.0623 2448 kbdhid - ok
15:43:50.0669 2448 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:43:50.0669 2448 KeyIso - ok
15:43:50.0732 2448 KMWDFILTER (07071c1e3cd8f0f9114aac8b072ca1e5) C:\Windows\system32\DRIVERS\KMWDFILTER.sys
15:43:50.0747 2448 KMWDFILTER - ok
15:43:50.0779 2448 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
15:43:50.0779 2448 KSecDD - ok
15:43:50.0825 2448 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
15:43:50.0825 2448 KSecPkg - ok
15:43:50.0872 2448 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
15:43:50.0872 2448 ksthunk - ok
15:43:50.0919 2448 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
15:43:50.0919 2448 KtmRm - ok
15:43:50.0997 2448 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
15:43:50.0997 2448 LanmanServer - ok
15:43:51.0044 2448 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
15:43:51.0044 2448 LanmanWorkstation - ok
15:43:51.0106 2448 LENOVO.MICMUTE (d584216c7767dcfb4b812b9b60a4a4e7) C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
15:43:51.0106 2448 LENOVO.MICMUTE - ok
15:43:51.0137 2448 lenovo.smi (5acff5823634bc2c4ebf559c3b33e18e) C:\Windows\system32\DRIVERS\smiifx64.sys
15:43:51.0137 2448 lenovo.smi - ok
15:43:51.0169 2448 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
15:43:51.0184 2448 lltdio - ok
15:43:51.0231 2448 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
15:43:51.0231 2448 lltdsvc - ok
15:43:51.0231 2448 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
15:43:51.0231 2448 lmhosts - ok
15:43:51.0262 2448 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
15:43:51.0262 2448 LSI_FC - ok
15:43:51.0278 2448 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
15:43:51.0278 2448 LSI_SAS - ok
15:43:51.0293 2448 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:43:51.0293 2448 LSI_SAS2 - ok
15:43:51.0309 2448 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:43:51.0309 2448 LSI_SCSI - ok
15:43:51.0340 2448 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
15:43:51.0340 2448 luafv - ok
15:43:51.0434 2448 McAfeeEngineService (c1dfabffd5c17a64a3e756313e5495d9) C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe
15:43:51.0434 2448 McAfeeEngineService - ok
15:43:51.0481 2448 McAfeeFramework (c341d64c9f3b39cb56f9712335c33717) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
15:43:51.0481 2448 McAfeeFramework - ok
15:43:51.0512 2448 McShield (683d79595af56b4b987ffc898c83c575) C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\McShield.exe
15:43:51.0512 2448 McShield - ok
15:43:51.0543 2448 McTaskManager (7984c3fe368abe31543a95fbf4965bb8) C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe
15:43:51.0559 2448 McTaskManager - ok
15:43:51.0605 2448 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
15:43:51.0605 2448 Mcx2Svc - ok
15:43:51.0637 2448 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
15:43:51.0637 2448 megasas - ok
15:43:51.0652 2448 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
15:43:51.0652 2448 MegaSR - ok
15:43:51.0683 2448 mfeapfk (be32ddafc21b7ac0abeb5b0433cb2b22) C:\Windows\system32\drivers\mfeapfk.sys
15:43:51.0683 2448 mfeapfk - ok
15:43:51.0715 2448 mfeavfk (d1434fafe6e916f25d1669979c21cf5d) C:\Windows\system32\drivers\mfeavfk.sys
15:43:51.0715 2448 mfeavfk - ok
15:43:51.0761 2448 mfehidk (d0067b5e7d1a9ae6fe659eb03d6c9e34) C:\Windows\system32\drivers\mfehidk.sys
15:43:51.0761 2448 mfehidk - ok
15:43:51.0793 2448 mferkdet (b013e947563b509750023a1e6820908e) C:\Windows\system32\drivers\mferkdet.sys
15:43:51.0793 2448 mferkdet - ok
15:43:51.0824 2448 mfetdik (6fa1daa1ea0a3a467688f2598a625318) C:\Windows\system32\drivers\mfetdik.sys
15:43:51.0824 2448 mfetdik - ok
15:43:51.0839 2448 mfevtp (5c17c234f6cb7e6a6a9d175a71dd49a8) C:\Windows\system32\mfevtps.exe
15:43:51.0839 2448 mfevtp - ok
15:43:51.0964 2448 Microsoft SharePoint Workspace Audit Service - ok
15:43:51.0980 2448 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
15:43:51.0980 2448 MMCSS - ok
15:43:52.0027 2448 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
15:43:52.0027 2448 Modem - ok
15:43:52.0089 2448 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
15:43:52.0089 2448 monitor - ok
15:43:52.0183 2448 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
15:43:52.0183 2448 mouclass - ok
15:43:52.0214 2448 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
15:43:52.0214 2448 mouhid - ok
15:43:52.0261 2448 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
15:43:52.0261 2448 mountmgr - ok
15:43:52.0354 2448 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
15:43:52.0354 2448 MozillaMaintenance - ok
15:43:52.0401 2448 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
15:43:52.0401 2448 mpio - ok
15:43:52.0432 2448 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
15:43:52.0432 2448 mpsdrv - ok
15:43:52.0479 2448 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
15:43:52.0479 2448 MRxDAV - ok
15:43:52.0557 2448 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:43:52.0557 2448 mrxsmb - ok
15:43:52.0635 2448 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:43:52.0635 2448 mrxsmb10 - ok
15:43:52.0697 2448 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:43:52.0697 2448 mrxsmb20 - ok
15:43:52.0729 2448 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
15:43:52.0729 2448 msahci - ok
15:43:52.0775 2448 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
15:43:52.0775 2448 msdsm - ok
15:43:52.0807 2448 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
15:43:52.0807 2448 MSDTC - ok
15:43:52.0869 2448 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
15:43:52.0869 2448 Msfs - ok
15:43:52.0885 2448 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
15:43:52.0885 2448 mshidkmdf - ok
15:43:52.0900 2448 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
15:43:52.0900 2448 msisadrv - ok
15:43:52.0931 2448 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
15:43:52.0931 2448 MSiSCSI - ok
15:43:52.0931 2448 msiserver - ok
15:43:52.0947 2448 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
15:43:52.0947 2448 MSKSSRV - ok
15:43:52.0963 2448 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
15:43:52.0963 2448 MSPCLOCK - ok
15:43:52.0978 2448 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
15:43:52.0978 2448 MSPQM - ok
15:43:53.0025 2448 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
15:43:53.0025 2448 MsRPC - ok
15:43:53.0072 2448 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
15:43:53.0072 2448 mssmbios - ok
15:43:53.0165 2448 MSSQL$MSSMLBIZ - ok
15:43:53.0197 2448 MSSQLServerADHelper (1d89eb4e2a99cabd4e81225f4f4c4b25) c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe
15:43:53.0197 2448 MSSQLServerADHelper - ok
15:43:53.0212 2448 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
15:43:53.0228 2448 MSTEE - ok
15:43:53.0228 2448 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
15:43:53.0228 2448 MTConfig - ok
15:43:53.0259 2448 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
15:43:53.0259 2448 Mup - ok
15:43:53.0415 2448 N360 (c6948f034d7edabcfa2234d399fc78bc) C:\Program Files (x86)\Norton Business Suite\Engine\6.2.1.5\ccSvcHst.exe
15:43:53.0415 2448 N360 - ok
15:43:53.0540 2448 NACAgent (20f2516bfac46d34a3c36210d6455c72) C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe
15:43:53.0540 2448 NACAgent - ok
15:43:53.0649 2448 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
15:43:53.0649 2448 napagent - ok
15:43:53.0727 2448 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
15:43:53.0727 2448 NativeWifiP - ok
15:43:53.0945 2448 NAVENG (8043d41f881d6ace40b854ad6e32217f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20120713.004\ENG64.SYS
15:43:53.0945 2448 NAVENG - ok
15:43:54.0039 2448 NAVEX15 (9a9ab2fc45d701daed465d14980f1305) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20120713.004\EX64.SYS
15:43:54.0055 2448 NAVEX15 - ok
15:43:54.0179 2448 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
15:43:54.0195 2448 NDIS - ok
15:43:54.0226 2448 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
15:43:54.0226 2448 NdisCap - ok
15:43:54.0242 2448 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
15:43:54.0257 2448 NdisTapi - ok
15:43:54.0304 2448 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
15:43:54.0304 2448 Ndisuio - ok
15:43:54.0351 2448 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
15:43:54.0351 2448 NdisWan - ok
15:43:54.0413 2448 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
15:43:54.0413 2448 NDProxy - ok
15:43:54.0476 2448 Net Driver HPZ12 (d5ac41ae382738483faffbd7e373d49a) C:\Windows\system32\HPZinw12.dll
15:43:54.0476 2448 Net Driver HPZ12 - ok
15:43:54.0491 2448 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
15:43:54.0491 2448 NetBIOS - ok
15:43:54.0538 2448 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
15:43:54.0538 2448 NetBT - ok
15:43:54.0585 2448 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:43:54.0585 2448 Netlogon - ok
15:43:54.0601 2448 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
15:43:54.0601 2448 Netman - ok
15:43:54.0647 2448 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
15:43:54.0647 2448 netprofm - ok
15:43:54.0694 2448 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:43:54.0694 2448 NetTcpPortSharing - ok
15:43:54.0959 2448 NETw5s64 (4d85a450edef10c38882182753a49aae) C:\Windows\system32\DRIVERS\NETw5s64.sys
15:43:54.0991 2448 NETw5s64 - ok
15:43:55.0287 2448 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
15:43:55.0318 2448 netw5v64 - ok
15:43:55.0412 2448 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
15:43:55.0412 2448 nfrd960 - ok
15:43:55.0459 2448 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
15:43:55.0474 2448 NlaSvc - ok
15:43:55.0490 2448 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
15:43:55.0490 2448 Npfs - ok
15:43:55.0505 2448 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
15:43:55.0505 2448 nsi - ok
15:43:55.0537 2448 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
15:43:55.0537 2448 nsiproxy - ok
15:43:55.0724 2448 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
15:43:55.0724 2448 Ntfs - ok
15:43:55.0849 2448 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
15:43:55.0849 2448 Null - ok
15:43:55.0895 2448 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
15:43:55.0895 2448 nvraid - ok
15:43:55.0927 2448 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
15:43:55.0927 2448 nvstor - ok
15:43:55.0973 2448 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
15:43:55.0989 2448 nv_agp - ok
15:43:56.0036 2448 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
15:43:56.0036 2448 ohci1394 - ok
15:43:56.0098 2448 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:43:56.0098 2448 ose - ok
15:43:56.0363 2448 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
15:43:56.0379 2448 osppsvc - ok
15:43:56.0488 2448 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
15:43:56.0488 2448 p2pimsvc - ok
15:43:56.0504 2448 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
15:43:56.0519 2448 p2psvc - ok
15:43:56.0566 2448 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
15:43:56.0582 2448 Parport - ok
15:43:56.0613 2448 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
15:43:56.0613 2448 partmgr - ok
15:43:56.0644 2448 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
15:43:56.0644 2448 PcaSvc - ok
15:43:56.0691 2448 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
15:43:56.0691 2448 pci - ok
15:43:56.0707 2448 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
15:43:56.0707 2448 pciide - ok
15:43:56.0722 2448 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
15:43:56.0722 2448 pcmcia - ok
15:43:56.0738 2448 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
15:43:56.0738 2448 pcw - ok
15:43:56.0785 2448 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
15:43:56.0785 2448 PEAUTH - ok
15:43:56.0863 2448 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
15:43:56.0878 2448 PeerDistSvc - ok
15:43:56.0925 2448 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
15:43:56.0956 2448 PerfHost - ok
15:43:57.0065 2448 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
15:43:57.0081 2448 pla - ok
15:43:57.0159 2448 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
15:43:57.0159 2448 PlugPlay - ok
15:43:57.0237 2448 Pml Driver HPZ12 (37f6046cdc630442d7dc087501ff6fc6) C:\Windows\system32\HPZipm12.dll
15:43:57.0237 2448 Pml Driver HPZ12 - ok
15:43:57.0315 2448 pneteth (fe74ba87cdaa80ac9261f49167f0608a) C:\Windows\system32\DRIVERS\pneteth.sys
15:43:57.0315 2448 pneteth - ok
15:43:57.0346 2448 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
15:43:57.0346 2448 PNRPAutoReg - ok
15:43:57.0377 2448 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
15:43:57.0377 2448 PNRPsvc - ok
15:43:57.0424 2448 Point64 (4f0878fd62d5f7444c5f1c4c66d9d293) C:\Windows\system32\DRIVERS\point64.sys
15:43:57.0424 2448 Point64 - ok
15:43:57.0471 2448 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
15:43:57.0471 2448 PolicyAgent - ok
15:43:57.0502 2448 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
15:43:57.0502 2448 Power - ok
15:43:57.0565 2448 Power Manager DBC Service (d07d33d2293e4acae0cbf13108b92a4f) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
15:43:57.0565 2448 Power Manager DBC Service - ok
15:43:57.0596 2448 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
15:43:57.0596 2448 PptpMiniport - ok
15:43:57.0627 2448 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
15:43:57.0627 2448 Processor - ok
15:43:57.0674 2448 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
15:43:57.0674 2448 ProfSvc - ok
15:43:57.0705 2448 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:43:57.0705 2448 ProtectedStorage - ok
15:43:57.0736 2448 psadd (515a7c5a0886fcc60901916785efd549) C:\Windows\system32\DRIVERS\psadd.sys
15:43:57.0736 2448 psadd - ok
15:43:57.0799 2448 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
15:43:57.0799 2448 Psched - ok
15:43:57.0814 2448 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
15:43:57.0830 2448 PxHlpa64 - ok
15:43:57.0892 2448 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
15:43:57.0892 2448 ql2300 - ok
15:43:58.0001 2448 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
15:43:58.0001 2448 ql40xx - ok
15:43:58.0033 2448 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
15:43:58.0033 2448 QWAVE - ok
15:43:58.0048 2448 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
15:43:58.0048 2448 QWAVEdrv - ok
15:43:58.0064 2448 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
15:43:58.0064 2448 RasAcd - ok
15:43:58.0079 2448 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
15:43:58.0079 2448 RasAgileVpn - ok
15:43:58.0111 2448 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
15:43:58.0111 2448 RasAuto - ok
15:43:58.0157 2448 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:43:58.0157 2448 Rasl2tp - ok
15:43:58.0220 2448 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
15:43:58.0220 2448 RasMan - ok
15:43:58.0235 2448 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
15:43:58.0235 2448 RasPppoe - ok
15:43:58.0251 2448 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
15:43:58.0251 2448 RasSstp - ok
15:43:58.0329 2448 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
15:43:58.0329 2448 rdbss - ok
15:43:58.0345 2448 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
15:43:58.0345 2448 rdpbus - ok
15:43:58.0360 2448 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:43:58.0360 2448 RDPCDD - ok
15:43:58.0423 2448 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
15:43:58.0423 2448 RDPDR - ok
15:43:58.0454 2448 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
15:43:58.0454 2448 RDPENCDD - ok
15:43:58.0485 2448 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
15:43:58.0485 2448 RDPREFMP - ok
15:43:58.0547 2448 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
15:43:58.0547 2448 RDPWD - ok
15:43:58.0563 2448 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
15:43:58.0563 2448 rdyboost - ok
15:43:58.0641 2448 RegSrvc (3b71b5b91e7dca93585d5a86c897adc4) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
15:43:58.0641 2448 RegSrvc - ok
15:43:58.0672 2448 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
15:43:58.0672 2448 RemoteAccess - ok
15:43:58.0703 2448 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
15:43:58.0703 2448 RemoteRegistry - ok
15:43:58.0766 2448 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
15:43:58.0781 2448 RFCOMM - ok
15:43:58.0844 2448 Roxio UPnP Renderer 10 (14a99fd851272c73b758546ef8f0e641) C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
15:43:58.0859 2448 Roxio UPnP Renderer 10 - ok
15:43:58.0875 2448 Roxio Upnp Server 10 (ba917f2f2bd5033e70823797c73cdfcb) C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe
15:43:58.0891 2448 Roxio Upnp Server 10 - ok
15:43:58.0937 2448 RoxLiveShare10 (8986d20cf294d794a79fb18ff697b68b) C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
15:43:58.0953 2448 RoxLiveShare10 - ok
15:43:59.0000 2448 RoxMediaDB10 (d8c44229eb2495e774350529ed9be08d) C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
15:43:59.0015 2448 RoxMediaDB10 - ok
15:43:59.0047 2448 RoxWatch10 (53716357f4b3c99112cf0a21932c5688) C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
15:43:59.0047 2448 RoxWatch10 - ok
15:43:59.0125 2448 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
15:43:59.0125 2448 RpcEptMapper - ok
15:43:59.0140 2448 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
15:43:59.0140 2448 RpcLocator - ok
15:43:59.0187 2448 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
15:43:59.0203 2448 RpcSs - ok
15:43:59.0249 2448 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
15:43:59.0249 2448 rspndr - ok
15:43:59.0296 2448 RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\Windows\system32\DRIVERS\Rt64win7.sys
15:43:59.0296 2448 RTL8167 - ok
15:43:59.0343 2448 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
15:43:59.0343 2448 s3cap - ok
15:43:59.0374 2448 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:43:59.0374 2448 SamSs - ok
15:43:59.0452 2448 SASDIFSV (99df79c258b3342b6c8a5f802998de56) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
15:43:59.0452 2448 SASDIFSV - ok
15:43:59.0468 2448 SASKUTIL (2859c35c0651e8eb0d86d48e740388f2) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
15:43:59.0468 2448 SASKUTIL - ok
15:43:59.0515 2448 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
15:43:59.0515 2448 sbp2port - ok
15:43:59.0546 2448 SBRE (9aceb2a2362fc87a3825963e61ba9076) C:\Windows\system32\drivers\SBREdrv.sys
15:43:59.0546 2448 SBRE - ok
15:43:59.0593 2448 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
15:43:59.0593 2448 SCardSvr - ok
15:43:59.0639 2448 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
15:43:59.0639 2448 scfilter - ok
15:43:59.0717 2448 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
15:43:59.0717 2448 Schedule - ok
15:43:59.0749 2448 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
15:43:59.0749 2448 SCPolicySvc - ok
15:43:59.0780 2448 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
15:43:59.0780 2448 sdbus - ok
15:43:59.0827 2448 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
15:43:59.0827 2448 SDRSVC - ok
15:43:59.0920 2448 SeaPort (16a252022535b680046f6e34e136d378) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
15:43:59.0920 2448 SeaPort - ok
15:43:59.0951 2448 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
15:43:59.0951 2448 secdrv - ok
15:43:59.0983 2448 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
15:43:59.0983 2448 seclogon - ok
15:43:59.0998 2448 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
15:43:59.0998 2448 SENS - ok
15:44:00.0045 2448 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
15:44:00.0045 2448 SensrSvc - ok
15:44:00.0061 2448 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
15:44:00.0061 2448 Serenum - ok
15:44:00.0076 2448 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
15:44:00.0076 2448 Serial - ok
15:44:00.0123 2448 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
15:44:00.0123 2448 sermouse - ok
15:44:00.0170 2448 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
15:44:00.0170 2448 SessionEnv - ok
15:44:00.0201 2448 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
15:44:00.0201 2448 sffdisk - ok
15:44:00.0217 2448 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
15:44:00.0217 2448 sffp_mmc - ok
15:44:00.0232 2448 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
15:44:00.0248 2448 sffp_sd - ok
15:44:00.0263 2448 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
15:44:00.0263 2448 sfloppy - ok
15:44:00.0341 2448 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
15:44:00.0341 2448 ShellHWDetection - ok
15:44:00.0373 2448 Shockprf (5a5346931ce61ea85f8338f7a03131f7) C:\Windows\system32\DRIVERS\Apsx64.sys
15:44:00.0373 2448 Shockprf - ok
15:44:00.0388 2448 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:44:00.0388 2448 SiSRaid2 - ok
15:44:00.0419 2448 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
15:44:00.0419 2448 SiSRaid4 - ok
15:44:00.0466 2448 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
15:44:00.0466 2448 Smb - ok
15:44:00.0513 2448 SMR300 (10bc9f077fc149e4e0a40bae1d42a259) C:\Windows\system32\drivers\SMR300.SYS
15:44:00.0513 2448 SMR300 - ok
15:44:00.0560 2448 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
15:44:00.0560 2448 SNMPTRAP - ok
15:44:00.0591 2448 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
15:44:00.0591 2448 spldr - ok
15:44:00.0669 2448 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
15:44:00.0669 2448 Spooler - ok
15:44:00.0872 2448 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
15:44:00.0903 2448 sppsvc - ok
15:44:00.0981 2448 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
15:44:00.0981 2448 sppuinotify - ok
15:44:01.0075 2448 SQLBrowser (86ebd8b1f23e743aad21f4d5b4d40985) c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
15:44:01.0075 2448 SQLBrowser - ok
15:44:01.0137 2448 SQLWriter (3c432a96363097870995e2a3c8b66abd) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
15:44:01.0137 2448 SQLWriter - ok
15:44:01.0277 2448 SRTSP (06b9a7ba94356ec5207c5ddb59540378) C:\Windows\System32\Drivers\N360x64\0602010.005\SRTSP64.SYS
15:44:01.0293 2448 SRTSP - ok
15:44:01.0324 2448 SRTSPX (fbb8945a61e55a2345d12487c74a9d76) C:\Windows\system32\drivers\N360x64\0602010.005\SRTSPX64.SYS
15:44:01.0324 2448 SRTSPX - ok
15:44:01.0371 2448 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
15:44:01.0371 2448 srv - ok
15:44:01.0449 2448 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
15:44:01.0449 2448 srv2 - ok
15:44:01.0496 2448 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
15:44:01.0496 2448 SrvHsfHDA - ok
15:44:01.0543 2448 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
15:44:01.0558 2448 SrvHsfV92 - ok
15:44:01.0683 2448 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
15:44:01.0683 2448 SrvHsfWinac - ok
15:44:01.0714 2448 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
15:44:01.0730 2448 srvnet - ok
15:44:01.0761 2448 sscdbus (1612881760c9df7fbb09b6cf1d3ba0df) C:\Windows\system32\DRIVERS\sscdbus.sys
15:44:01.0761 2448 sscdbus - ok
15:44:01.0792 2448 sscdmdfl (d7803a687e85189ea2b525cc22093521) C:\Windows\system32\DRIVERS\sscdmdfl.sys
15:44:01.0792 2448 sscdmdfl - ok
15:44:01.0823 2448 sscdmdm (06db3d5eb2444083c7f5af7874765505) C:\Windows\system32\DRIVERS\sscdmdm.sys
15:44:01.0823 2448 sscdmdm - ok
15:44:01.0823 2448 sscdserd (23ebb395609d9cdb8b1074a12254119b) C:\Windows\system32\DRIVERS\sscdserd.sys
15:44:01.0823 2448 sscdserd - ok
15:44:01.0855 2448 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
15:44:01.0855 2448 SSDPSRV - ok
15:44:01.0886 2448 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
15:44:01.0886 2448 SstpSvc - ok
15:44:01.0901 2448 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
15:44:01.0901 2448 stexstor - ok
15:44:01.0948 2448 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
15:44:01.0948 2448 StillCam - ok
15:44:02.0011 2448 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
15:44:02.0026 2448 stisvc - ok
15:44:02.0104 2448 stllssvr (ff5eb78af7dfb68c2fb363537aaf753e) C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
15:44:02.0104 2448 stllssvr - ok
15:44:02.0151 2448 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
15:44:02.0151 2448 storflt - ok
15:44:02.0198 2448 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
15:44:02.0198 2448 StorSvc - ok
15:44:02.0213 2448 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
15:44:02.0213 2448 storvsc - ok
15:44:02.0276 2448 SUService (3119e9bc5fad5ea1cd31ae200a1da591) c:\Program Files (x86)\Lenovo\System Update\SUService.exe
15:44:02.0276 2448 SUService - ok
15:44:02.0307 2448 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
15:44:02.0307 2448 swenum - ok
15:44:02.0323 2448 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
15:44:02.0338 2448 swprv - ok
15:44:02.0432 2448 SymDS (8b2430762099598da40686f754632efd) C:\Windows\system32\drivers\N360x64\0602010.005\SYMDS64.SYS
15:44:02.0432 2448 SymDS - ok
15:44:02.0525 2448 SymEFA (f90c7a190399165d3ab2245048d34786) C:\Windows\system32\drivers\N360x64\0602010.005\SYMEFA64.SYS
15:44:02.0525 2448 SymEFA - ok
15:44:02.0588 2448 SymEvent (898bb48c797483420df523b2bbc1ecdb) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
15:44:02.0588 2448 SymEvent - ok
15:44:02.0619 2448 SymIRON (5013a76caaa1d7cf1c55214b490b4e35) C:\Windows\system32\drivers\N360x64\0602010.005\Ironx64.SYS
15:44:02.0619 2448 SymIRON - ok
15:44:02.0666 2448 SymNetS (3911bd0e68c010e5438a87706abbe9ab) C:\Windows\System32\Drivers\N360x64\0602010.005\SYMNETS.SYS
15:44:02.0666 2448 SymNetS - ok
15:44:02.0775 2448 SynTP (868dfb220a18312a12cef01ba9ac069b) C:\Windows\system32\DRIVERS\SynTP.sys
15:44:02.0775 2448 SynTP - ok
15:44:02.0869 2448 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
15:44:02.0884 2448 SysMain - ok
15:44:02.0962 2448 szkg5 (8598e4a12eaa945b35365dd2750b9777) C:\Windows\syswow64\DRIVERS\szkg64.sys
15:44:02.0962 2448 szkg5 - ok
15:44:03.0040 2448 szserver (8fdaf81240a4057162cad255f02a844e) C:\Program Files (x86)\Common Files\iS3\Anti-Spyware\SZServer.exe
15:44:03.0040 2448 szserver - ok
15:44:03.0118 2448 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
15:44:03.0118 2448 TabletInputService - ok
15:44:03.0149 2448 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
15:44:03.0149 2448 TapiSrv - ok
15:44:03.0181 2448 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
15:44:03.0181 2448 TBS - ok
15:44:03.0337 2448 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
15:44:03.0337 2448 Tcpip - ok
15:44:03.0524 2448 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
15:44:03.0524 2448 TCPIP6 - ok
15:44:03.0633 2448 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
15:44:03.0633 2448 tcpipreg - ok
15:44:03.0649 2448 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
15:44:03.0649 2448 TDPIPE - ok
15:44:03.0695 2448 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
15:44:03.0695 2448 TDTCP - ok
15:44:03.0742 2448 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
15:44:03.0742 2448 tdx - ok
15:44:03.0789 2448 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
15:44:03.0789 2448 TermDD - ok
15:44:03.0820 2448 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
15:44:03.0836 2448 TermService - ok
15:44:03.0851 2448 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
15:44:03.0851 2448 Themes - ok
15:44:03.0961 2448 ThinkVantage Registry Monitor Service (39ac444e07fdbd8c2e8e291a65d515d3) C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
15:44:03.0961 2448 ThinkVantage Registry Monitor Service - ok
15:44:03.0992 2448 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
15:44:03.0992 2448 THREADORDER - ok
15:44:04.0039 2448 TPDIGIMN (7e25f9ae51daac0791df1eb949a58dbe) C:\Windows\system32\DRIVERS\ApsHM64.sys
15:44:04.0039 2448 TPDIGIMN - ok
15:44:04.0070 2448 TPHDEXLGSVC (dd96de244cb186207149bc897e67217a) C:\Windows\system32\TPHDEXLG64.exe
15:44:04.0070 2448 TPHDEXLGSVC - ok
15:44:04.0117 2448 TPHKSVC (3c6a42a8494d74f44f048bb7f9f2db44) C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
15:44:04.0117 2448 TPHKSVC - ok
15:44:04.0148 2448 TPM (dbcc20c02e8a3e43b03c304a4e40a84f) C:\Windows\system32\drivers\tpm.sys
15:44:04.0148 2448 TPM - ok
15:44:04.0179 2448 TPPWRIF (2c067e01d6bbccc88b233b868e210907) C:\Windows\system32\drivers\Tppwr64v.sys
15:44:04.0179 2448 TPPWRIF - ok
15:44:04.0195 2448 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
15:44:04.0195 2448 TrkWks - ok
15:44:04.0257 2448 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
15:44:04.0257 2448 TrustedInstaller - ok
15:44:04.0304 2448 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:44:04.0304 2448 tssecsrv - ok
15:44:04.0351 2448 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
15:44:04.0351 2448 TsUsbFlt - ok
15:44:04.0460 2448 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
15:44:04.0460 2448 tunnel - ok
15:44:04.0616 2448 TVT Backup Service (b56da1aa776c15043d10f82b32aa000d) C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe
15:44:04.0631 2448 TVT Backup Service - ok
15:44:04.0741 2448 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
15:44:04.0741 2448 uagp35 - ok
15:44:04.0787 2448 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
15:44:04.0787 2448 udfs - ok
15:44:04.0834 2448 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
15:44:04.0834 2448 UI0Detect - ok
15:44:04.0881 2448 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
15:44:04.0881 2448 uliagpkx - ok
15:44:04.0912 2448 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
15:44:04.0912 2448 umbus - ok
15:44:04.0943 2448 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
15:44:04.0943 2448 UmPass - ok
15:44:04.0959 2448 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
15:44:04.0959 2448 UmRdpService - ok
15:44:04.0990 2448 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
15:44:05.0006 2448 upnphost - ok
15:44:05.0068 2448 USBAAPL64 (54d4b48d443e7228bf64cf7cdc3118ac) C:\Windows\system32\Drivers\usbaapl64.sys
15:44:05.0068 2448 USBAAPL64 - ok
15:44:05.0115 2448 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
15:44:05.0115 2448 usbaudio - ok
15:44:05.0146 2448 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
15:44:05.0146 2448 usbccgp - ok
15:44:05.0177 2448 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
15:44:05.0177 2448 usbcir - ok
15:44:05.0209 2448 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
15:44:05.0209 2448 usbehci - ok
15:44:05.0240 2448 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
15:44:05.0240 2448 usbhub - ok
15:44:05.0271 2448 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
15:44:05.0271 2448 usbohci - ok
15:44:05.0287 2448 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
15:44:05.0287 2448 usbprint - ok
15:44:05.0333 2448 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
15:44:05.0333 2448 usbscan - ok
15:44:05.0380 2448 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:44:05.0380 2448 USBSTOR - ok
15:44:05.0396 2448 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
15:44:05.0396 2448 usbuhci - ok
15:44:05.0443 2448 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
15:44:05.0443 2448 usbvideo - ok
15:44:05.0474 2448 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
15:44:05.0474 2448 UxSms - ok
15:44:05.0521 2448 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:44:05.0521 2448 VaultSvc - ok
15:44:05.0567 2448 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
15:44:05.0567 2448 vdrvroot - ok
15:44:05.0661 2448 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
15:44:05.0661 2448 vds - ok
15:44:05.0723 2448 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
15:44:05.0723 2448 vga - ok
15:44:05.0739 2448 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
15:44:05.0739 2448 VgaSave - ok
15:44:05.0770 2448 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
15:44:05.0770 2448 vhdmp - ok
15:44:05.0817 2448 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
15:44:05.0817 2448 viaide - ok
15:44:05.0879 2448 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
15:44:05.0879 2448 vmbus - ok
15:44:05.0911 2448 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
15:44:05.0911 2448 VMBusHID - ok
15:44:05.0926 2448 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
15:44:05.0926 2448 volmgr - ok
15:44:05.0973 2448 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
15:44:05.0973 2448 volmgrx - ok
15:44:06.0035 2448 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
15:44:06.0035 2448 volsnap - ok
15:44:06.0067 2448 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
15:44:06.0067 2448 vsmraid - ok
15:44:06.0145 2448 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
15:44:06.0160 2448 VSS - ok
15:44:06.0254 2448 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
15:44:06.0254 2448 vwifibus - ok
15:44:06.0285 2448 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
15:44:06.0285 2448 vwififlt - ok
15:44:06.0285 2448 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
15:44:06.0285 2448 vwifimp - ok
15:44:06.0347 2448 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
15:44:06.0347 2448 W32Time - ok
15:44:06.0363 2448 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
15:44:06.0379 2448 WacomPen - ok
15:44:06.0457 2448 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:44:06.0457 2448 WANARP - ok
15:44:06.0457 2448 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:44:06.0457 2448 Wanarpv6 - ok
15:44:06.0581 2448 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
15:44:06.0597 2448 WatAdminSvc - ok
15:44:06.0722 2448 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
15:44:06.0722 2448 wbengine - ok
15:44:06.0847 2448 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
15:44:06.0862 2448 WbioSrvc - ok
15:44:06.0909 2448 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
15:44:06.0925 2448 wcncsvc - ok
15:44:06.0940 2448 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
15:44:06.0940 2448 WcsPlugInService - ok
15:44:07.0018 2448 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
15:44:07.0018 2448 Wd - ok
15:44:07.0096 2448 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
15:44:07.0096 2448 Wdf01000 - ok
15:44:07.0143 2448 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
15:44:07.0143 2448 WdiServiceHost - ok
15:44:07.0143 2448 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
15:44:07.0159 2448 WdiSystemHost - ok
15:44:07.0205 2448 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
15:44:07.0205 2448 WebClient - ok
15:44:07.0237 2448 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
15:44:07.0237 2448 Wecsvc - ok
15:44:07.0268 2448 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
15:44:07.0268 2448 wercplsupport - ok
15:44:07.0315 2448 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
15:44:07.0315 2448 WerSvc - ok
15:44:07.0393 2448 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
15:44:07.0393 2448 WfpLwf - ok
15:44:07.0439 2448 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
15:44:07.0439 2448 WIMMount - ok
15:44:07.0455 2448 WinHttpAutoProxySvc - ok
15:44:07.0533 2448 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
15:44:07.0533 2448 Winmgmt - ok
15:44:07.0642 2448 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
15:44:07.0658 2448 WinRM - ok
15:44:07.0798 2448 WinUSB (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUSB.sys
15:44:07.0798 2448 WinUSB - ok
15:44:07.0861 2448 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
15:44:07.0861 2448 Wlansvc - ok
15:44:08.0032 2448 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:44:08.0032 2448 wlidsvc - ok
15:44:08.0141 2448 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
15:44:08.0141 2448 WmiAcpi - ok
15:44:08.0173 2448 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
15:44:08.0173 2448 wmiApSrv - ok
15:44:08.0204 2448 WMPNetworkSvc - ok
15:44:08.0235 2448 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
15:44:08.0235 2448 WPCSvc - ok
15:44:08.0282 2448 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
15:44:08.0282 2448 WPDBusEnum - ok
15:44:08.0313 2448 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
15:44:08.0313 2448 ws2ifsl - ok
15:44:08.0360 2448 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys
15:44:08.0360 2448 WSDPrintDevice - ok
15:44:08.0375 2448 WSearch - ok
15:44:08.0594 2448 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
15:44:08.0609 2448 wuauserv - ok
15:44:08.0765 2448 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
15:44:08.0765 2448 WudfPf - ok
15:44:08.0797 2448 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:44:08.0797 2448 WUDFRd - ok
15:44:08.0843 2448 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
15:44:08.0843 2448 wudfsvc - ok
15:44:08.0875 2448 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
15:44:08.0890 2448 WwanSvc - ok
15:44:08.0937 2448 MBR (0x1B8) (799385149a78d64a37d711f052eead64) \Device\Harddisk0\DR0
15:44:09.0093 2448 \Device\Harddisk0\DR0 - ok
15:44:09.0093 2448 Boot (0x1200) (1ea833e6b60e28e326c303bb7106a034) \Device\Harddisk0\DR0\Partition0
15:44:09.0093 2448 \Device\Harddisk0\DR0\Partition0 - ok
15:44:09.0109 2448 Boot (0x1200) (d30cf8d03224be751d5b405e67105faf) \Device\Harddisk0\DR0\Partition1
15:44:09.0109 2448 \Device\Harddisk0\DR0\Partition1 - ok
15:44:09.0140 2448 Boot (0x1200) (586cf448fa74ec9d7179558761e36ca9) \Device\Harddisk0\DR0\Partition2
15:44:09.0140 2448 \Device\Harddisk0\DR0\Partition2 - ok
15:44:09.0140 2448 ============================================================
15:44:09.0140 2448 Scan finished
15:44:09.0140 2448 ============================================================
15:44:09.0155 2424 Detected object count: 0
15:44:09.0155 2424 Actual detected object count: 0
15:48:38.0364 2344 ============================================================
15:48:38.0364 2344 Scan started
15:48:38.0364 2344 Mode: Manual; TDLFS;
15:48:38.0364 2344 ============================================================
15:48:39.0741 2344 !SASCORE (a0709b82fa3b5afad1467e565b8b3ba0) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
15:48:39.0742 2344 !SASCORE - ok
15:48:39.0794 2344 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
15:48:39.0796 2344 1394ohci - ok
15:48:39.0851 2344 5U877 (7d497701bda1267ad5f86350925d2f10) C:\Windows\system32\DRIVERS\5U877.sys
15:48:39.0852 2344 5U877 - ok
15:48:39.0898 2344 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
15:48:39.0900 2344 ACPI - ok
15:48:39.0927 2344 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
15:48:39.0927 2344 AcpiPmi - ok
15:48:40.0056 2344 AcPrfMgrSvc (bcab739e5fea28407076d757044a629f) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
15:48:40.0057 2344 AcPrfMgrSvc - ok
15:48:40.0100 2344 AcSvc (d6dd4f1596c54afa5c6ccae6842f9e44) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
15:48:40.0102 2344 AcSvc - ok
15:48:40.0232 2344 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
15:48:40.0233 2344 AdobeFlashPlayerUpdateSvc - ok
15:48:40.0288 2344 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
15:48:40.0293 2344 adp94xx - ok
15:48:40.0333 2344 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
15:48:40.0335 2344 adpahci - ok
15:48:40.0368 2344 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
15:48:40.0370 2344 adpu320 - ok
15:48:40.0423 2344 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
15:48:40.0424 2344 AeLookupSvc - ok
15:48:40.0477 2344 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
15:48:40.0480 2344 AFD - ok
15:48:40.0524 2344 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
15:48:40.0524 2344 agp440 - ok
15:48:40.0532 2344 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
15:48:40.0533 2344 ALG - ok
15:48:40.0567 2344 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
15:48:40.0567 2344 aliide - ok
15:48:40.0610 2344 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
15:48:40.0610 2344 amdide - ok
15:48:40.0636 2344 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
15:48:40.0637 2344 AmdK8 - ok
15:48:40.0662 2344 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
15:48:40.0663 2344 AmdPPM - ok
15:48:40.0709 2344 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
15:48:40.0710 2344 amdsata - ok
15:48:40.0738 2344 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
15:48:40.0739 2344 amdsbs - ok
15:48:40.0782 2344 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
15:48:40.0783 2344 amdxata - ok
15:48:40.0817 2344 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
15:48:40.0818 2344 AppID - ok
15:48:40.0847 2344 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
15:48:40.0848 2344 AppIDSvc - ok
15:48:40.0907 2344 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
15:48:40.0908 2344 Appinfo - ok
15:48:41.0092 2344 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:48:41.0093 2344 Apple Mobile Device - ok
15:48:41.0117 2344 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
15:48:41.0118 2344 AppMgmt - ok
15:48:41.0165 2344 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
15:48:41.0166 2344 arc - ok
15:48:41.0198 2344 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
15:48:41.0198 2344 arcsas - ok
15:48:41.0237 2344 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
15:48:41.0238 2344 AsyncMac - ok
15:48:41.0262 2344 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
15:48:41.0262 2344 atapi - ok
15:48:41.0339 2344 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
15:48:41.0343 2344 AudioEndpointBuilder - ok
15:48:41.0353 2344 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
15:48:41.0357 2344 AudioSrv - ok
15:48:41.0390 2344 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
15:48:41.0391 2344 AxInstSV - ok
15:48:41.0467 2344 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
15:48:41.0470 2344 b06bdrv - ok
15:48:41.0527 2344 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
15:48:41.0529 2344 b57nd60a - ok
15:48:41.0790 2344 BcmSqlStartupSvc (6163664c7e9cd110af70180c126c3fdc) C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
15:48:41.0790 2344 BcmSqlStartupSvc - ok
15:48:41.0942 2344 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
15:48:41.0943 2344 BDESVC - ok
15:48:42.0036 2344 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
15:48:42.0036 2344 Beep - ok
15:48:43.0528 2344 BHDrvx64 (c8ab71a5102d0fc103f6dfc750005137) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20120711.002\BHDrvx64.sys
15:48:43.0535 2344 BHDrvx64 - ok
15:48:43.0984 2344 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
15:48:43.0990 2344 BITS - ok
15:48:44.0060 2344 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
15:48:44.0060 2344 blbdrive - ok
15:48:44.0143 2344 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
15:48:44.0146 2344 Bonjour Service - ok
15:48:44.0183 2344 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
15:48:44.0184 2344 bowser - ok
15:48:44.0210 2344 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:48:44.0210 2344 BrFiltLo - ok
15:48:44.0221 2344 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:48:44.0222 2344 BrFiltUp - ok
15:48:44.0285 2344 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
15:48:44.0287 2344 Browser - ok
15:48:44.0340 2344 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
15:48:44.0342 2344 Brserid - ok
15:48:44.0363 2344 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
15:48:44.0364 2344 BrSerWdm - ok
15:48:44.0395 2344 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
15:48:44.0395 2344 BrUsbMdm - ok
15:48:44.0433 2344 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
15:48:44.0433 2344 BrUsbSer - ok
15:48:44.0472 2344 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
15:48:44.0473 2344 BthEnum - ok
15:48:44.0510 2344 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
15:48:44.0510 2344 BTHMODEM - ok
15:48:44.0551 2344 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
15:48:44.0552 2344 BthPan - ok
15:48:44.0607 2344 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
15:48:44.0610 2344 BTHPORT - ok
15:48:44.0659 2344 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
15:48:44.0660 2344 bthserv - ok
15:48:44.0699 2344 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
15:48:44.0699 2344 BTHUSB - ok
15:48:44.0770 2344 ccSet_N360 (0e1737a63aec0f6de231bb59836c0a11) C:\Windows\system32\drivers\N360x64\0602010.005\ccSetx64.sys
15:48:44.0771 2344 ccSet_N360 - ok
15:48:44.0812 2344 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
15:48:44.0812 2344 cdfs - ok
15:48:44.0843 2344 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
15:48:44.0845 2344 cdrom - ok
15:48:44.0899 2344 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
15:48:44.0900 2344 CertPropSvc - ok
15:48:44.0934 2344 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
15:48:44.0935 2344 circlass - ok
15:48:44.0959 2344 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
15:48:44.0962 2344 CLFS - ok
15:48:45.0049 2344 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:48:45.0050 2344 clr_optimization_v2.0.50727_32 - ok
15:48:45.0084 2344 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:48:45.0085 2344 clr_optimization_v2.0.50727_64 - ok
15:48:45.0170 2344 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:48:45.0171 2344 clr_optimization_v4.0.30319_32 - ok
15:48:45.0238 2344 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:48:45.0239 2344 clr_optimization_v4.0.30319_64 - ok
15:48:45.0276 2344 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
15:48:45.0276 2344 CmBatt - ok
15:48:45.0314 2344 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
15:48:45.0314 2344 cmdide - ok
15:48:45.0362 2344 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
15:48:45.0365 2344 CNG - ok
15:48:45.0401 2344 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
15:48:45.0402 2344 Compbatt - ok
15:48:45.0427 2344 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
15:48:45.0428 2344 CompositeBus - ok
15:48:45.0435 2344 COMSysApp - ok
15:48:45.0462 2344 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
15:48:45.0462 2344 crcdisk - ok
15:48:45.0515 2344 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
15:48:45.0517 2344 CryptSvc - ok
15:48:45.0580 2344 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
15:48:45.0583 2344 CSC - ok
15:48:45.0661 2344 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
15:48:45.0666 2344 CscService - ok
15:48:45.0710 2344 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
15:48:45.0714 2344 DcomLaunch - ok
15:48:45.0803 2344 DDNIMSGService (696c496ddab0a608d02894e9d4f62980) C:\Program Files (x86)\DDNI\Lenovo Idea Notes\DDNIMSGService.exe
15:48:45.0805 2344 DDNIMSGService - ok
15:48:45.0835 2344 DDNIService (a767a85632556477021d43259397b21a) C:\Program Files (x86)\DDNI\DIBS\DDNIService.exe
15:48:45.0836 2344 DDNIService - ok
15:48:45.0878 2344 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
15:48:45.0880 2344 defragsvc - ok
15:48:45.0956 2344 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
15:48:45.0957 2344 DfsC - ok
15:48:46.0007 2344 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
15:48:46.0009 2344 Dhcp - ok
15:48:46.0050 2344 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
15:48:46.0051 2344 discache - ok
15:48:46.0091 2344 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
15:48:46.0091 2344 Disk - ok
15:48:46.0138 2344 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
15:48:46.0139 2344 Dnscache - ok
15:48:46.0179 2344 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
15:48:46.0181 2344 dot3svc - ok
15:48:46.0241 2344 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
15:48:46.0242 2344 Dot4 - ok
15:48:46.0279 2344 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\DRIVERS\Dot4Prt.sys
15:48:46.0280 2344 Dot4Print - ok
15:48:46.0322 2344 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
15:48:46.0323 2344 dot4usb - ok
15:48:46.0358 2344 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
15:48:46.0360 2344 DPS - ok
15:48:46.0400 2344 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
15:48:46.0400 2344 drmkaud - ok
15:48:46.0493 2344 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
15:48:46.0503 2344 DXGKrnl - ok
15:48:46.0553 2344 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
15:48:46.0553 2344 EapHost - ok
15:48:46.0813 2344 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
15:48:46.0833 2344 ebdrv - ok
15:48:46.0913 2344 eeCtrl (ba6420c1f7070ed8f1ba372844f3e1ec) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
15:48:46.0923 2344 eeCtrl - ok
15:48:47.0043 2344 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
15:48:47.0043 2344 EFS - ok
15:48:47.0143 2344 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
15:48:47.0153 2344 ehRecvr - ok
15:48:47.0183 2344 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
15:48:47.0183 2344 ehSched - ok
15:48:47.0263 2344 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
15:48:47.0273 2344 elxstor - ok
15:48:47.0343 2344 EraserUtilRebootDrv (1343df3451bc0c442dc69837c6fba21b) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
15:48:47.0353 2344 EraserUtilRebootDrv - ok
15:48:47.0413 2344 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
15:48:47.0413 2344 ErrDev - ok
15:48:47.0483 2344 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
15:48:47.0493 2344 EventSystem - ok
15:48:47.0683 2344 EvtEng (51643ee2712d9212e1e53ca7e8d8eb4a) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
15:48:47.0693 2344 EvtEng - ok
15:48:47.0798 2344 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
15:48:47.0799 2344 exfat - ok
15:48:47.0814 2344 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
15:48:47.0816 2344 fastfat - ok
15:48:47.0878 2344 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
15:48:47.0883 2344 Fax - ok
15:48:47.0904 2344 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
15:48:47.0905 2344 fdc - ok
15:48:47.0931 2344 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
15:48:47.0932 2344 fdPHost - ok
15:48:47.0941 2344 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
15:48:47.0942 2344 FDResPub - ok
15:48:47.0959 2344 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
15:48:47.0960 2344 FileInfo - ok
15:48:47.0979 2344 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
15:48:47.0979 2344 Filetrace - ok
15:48:48.0072 2344 FLEXnet Licensing Service (227846995afeefa70d328bf5334a86a5) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
15:48:48.0076 2344 FLEXnet Licensing Service - ok
15:48:48.0107 2344 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
15:48:48.0107 2344 flpydisk - ok
15:48:48.0155 2344 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
15:48:48.0156 2344 FltMgr - ok
15:48:48.0232 2344 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
15:48:48.0240 2344 FontCache - ok
15:48:48.0302 2344 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:48:48.0302 2344 FontCache3.0.0.0 - ok
15:48:48.0363 2344 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
15:48:48.0363 2344 FsDepends - ok
15:48:48.0441 2344 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
15:48:48.0442 2344 Fs_Rec - ok
15:48:48.0505 2344 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
15:48:48.0507 2344 fvevol - ok
15:48:48.0541 2344 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
15:48:48.0541 2344 gagp30kx - ok
15:48:48.0578 2344 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:48:48.0579 2344 GEARAspiWDM - ok
15:48:48.0655 2344 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
15:48:48.0660 2344 gpsvc - ok
15:48:48.0777 2344 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:48:48.0778 2344 gupdate - ok
15:48:48.0783 2344 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:48:48.0784 2344 gupdatem - ok
15:48:48.0823 2344 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
15:48:48.0824 2344 hcw85cir - ok
15:48:48.0873 2344 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
15:48:48.0876 2344 HdAudAddService - ok
15:48:48.0908 2344 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
15:48:48.0909 2344 HDAudBus - ok
15:48:48.0946 2344 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
15:48:48.0946 2344 HidBatt - ok
15:48:48.0962 2344 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
15:48:48.0962 2344 HidBth - ok
15:48:49.0014 2344 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
15:48:49.0014 2344 HidIr - ok
15:48:49.0035 2344 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
15:48:49.0036 2344 hidserv - ok
15:48:49.0041 2344 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
15:48:49.0042 2344 HidUsb - ok
15:48:49.0092 2344 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
15:48:49.0094 2344 hkmsvc - ok
15:48:49.0134 2344 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
15:48:49.0136 2344 HomeGroupListener - ok
15:48:49.0198 2344 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
15:48:49.0200 2344 HomeGroupProvider - ok
15:48:49.0345 2344 hpqcxs08 (0a3c6aa4a9fc38c20ba4eac2c3351c05) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
15:48:49.0346 2344 hpqcxs08 - ok
15:48:49.0383 2344 hpqddsvc (75cc8c5146a3fb76221a7606628778d5) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
15:48:49.0385 2344 hpqddsvc - ok
15:48:49.0425 2344 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
15:48:49.0425 2344 HpSAMD - ok
15:48:49.0513 2344 HPSLPSVC (2adf33f93991c4e24e86ffa5f906417b) C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
15:48:49.0520 2344 HPSLPSVC - ok
15:48:49.0614 2344 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
15:48:49.0618 2344 HTTP - ok
15:48:49.0666 2344 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
15:48:49.0666 2344 hwpolicy - ok
15:48:49.0705 2344 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
15:48:49.0706 2344 i8042prt - ok
15:48:49.0786 2344 IAANTMON (0e899d0db39617aa0b2f992e7e95b5eb) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
15:48:49.0789 2344 IAANTMON - ok
15:48:49.0848 2344 iaStor (bbb3b6df1abb0fe35802ede85cc1c011) C:\Windows\system32\DRIVERS\iaStor.sys
15:48:49.0850 2344 iaStor - ok
15:48:49.0922 2344 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
15:48:49.0924 2344 iaStorV - ok
15:48:49.0957 2344 IBMPMDRV (b8e7ca64fff8b71636dea3a845cc23e5) C:\Windows\system32\DRIVERS\ibmpmdrv.sys
15:48:49.0958 2344 IBMPMDRV - ok
15:48:49.0981 2344 IBMPMSVC (6daedf692b52b7c238c7199419318d16) C:\Windows\system32\ibmpmsvc.exe
15:48:49.0982 2344 IBMPMSVC - ok
15:48:50.0078 2344 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:48:50.0083 2344 idsvc - ok
15:48:50.0339 2344 IDSVia64 (ce0bf35c79e03bb89da6b14fac838605) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20120712.001\IDSvia64.sys
15:48:50.0342 2344 IDSVia64 - ok
15:48:51.0175 2344 igfx (37a65e3d89f6bbf5719ff9585f99eb7d) C:\Windows\system32\DRIVERS\igdkmd64.sys
15:48:51.0219 2344 igfx - ok
15:48:51.0311 2344 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
15:48:51.0312 2344 iirsp - ok
15:48:51.0372 2344 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
15:48:51.0377 2344 IKEEXT - ok
15:48:51.0473 2344 IntcAzAudAddService (3111a658416dc464ba1e48e3b2169952) C:\Windows\system32\drivers\RTKVHD64.sys
15:48:51.0484 2344 IntcAzAudAddService - ok
15:48:51.0573 2344 IntcHdmiAddService (88a20fa54c73ded4e8dac764e9130ae9) C:\Windows\system32\drivers\IntcHdmi.sys
15:48:51.0574 2344 IntcHdmiAddService - ok
15:48:51.0616 2344 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
15:48:51.0617 2344 intelide - ok
15:48:51.0644 2344 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
15:48:51.0645 2344 intelppm - ok
15:48:51.0670 2344 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
15:48:51.0672 2344 IPBusEnum - ok
15:48:51.0714 2344 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:48:51.0714 2344 IpFilterDriver - ok
15:48:51.0731 2344 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
15:48:51.0731 2344 IPMIDRV - ok
15:48:51.0754 2344 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
15:48:51.0755 2344 IPNAT - ok
15:48:51.0852 2344 iPod Service (a9ab99ee7d39725eafec82732d2b3271) C:\Program Files\iPod\bin\iPodService.exe
15:48:51.0857 2344 iPod Service - ok
15:48:51.0886 2344 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
15:48:51.0887 2344 IRENUM - ok
15:48:51.0926 2344 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
15:48:51.0926 2344 isapnp - ok
15:48:51.0954 2344 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
15:48:51.0956 2344 iScsiPrt - ok
15:48:52.0010 2344 IviRegMgr (213822072085b5bbad9af30ab577d817) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
15:48:52.0011 2344 IviRegMgr - ok
15:48:52.0039 2344 JMCR (80a1de467adf200390134d63e359937a) C:\Windows\system32\DRIVERS\jmcr.sys
15:48:52.0040 2344 JMCR - ok
15:48:52.0057 2344 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
15:48:52.0058 2344 kbdclass - ok
15:48:52.0088 2344 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
15:48:52.0088 2344 kbdhid - ok
15:48:52.0129 2344 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:48:52.0130 2344 KeyIso - ok
15:48:52.0170 2344 KMWDFILTER (07071c1e3cd8f0f9114aac8b072ca1e5) C:\Windows\system32\DRIVERS\KMWDFILTER.sys
15:48:52.0170 2344 KMWDFILTER - ok
15:48:52.0208 2344 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
15:48:52.0209 2344 KSecDD - ok
15:48:52.0246 2344 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
15:48:52.0247 2344 KSecPkg - ok
15:48:52.0274 2344 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
15:48:52.0274 2344 ksthunk - ok
15:48:52.0310 2344 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
15:48:52.0313 2344 KtmRm - ok
15:48:52.0351 2344 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
15:48:52.0354 2344 LanmanServer - ok
15:48:52.0432 2344 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
15:48:52.0434 2344 LanmanWorkstation - ok
15:48:52.0498 2344 LENOVO.MICMUTE (d584216c7767dcfb4b812b9b60a4a4e7) C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
15:48:52.0499 2344 LENOVO.MICMUTE - ok
15:48:52.0516 2344 lenovo.smi (5acff5823634bc2c4ebf559c3b33e18e) C:\Windows\system32\DRIVERS\smiifx64.sys
15:48:52.0516 2344 lenovo.smi - ok
15:48:52.0540 2344 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
15:48:52.0540 2344 lltdio - ok
15:48:52.0577 2344 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
15:48:52.0580 2344 lltdsvc - ok
15:48:52.0587 2344 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
15:48:52.0588 2344 lmhosts - ok
15:48:52.0632 2344 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
15:48:52.0633 2344 LSI_FC - ok
15:48:52.0691 2344 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
15:48:52.0692 2344 LSI_SAS - ok
15:48:52.0749 2344 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:48:52.0750 2344 LSI_SAS2 - ok
15:48:52.0771 2344 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:48:52.0772 2344 LSI_SCSI - ok
15:48:52.0798 2344 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
15:48:52.0800 2344 luafv - ok
15:48:52.0894 2344 McAfeeEngineService (c1dfabffd5c17a64a3e756313e5495d9) C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe
15:48:52.0895 2344 McAfeeEngineService - ok
15:48:52.0946 2344 McAfeeFramework (c341d64c9f3b39cb56f9712335c33717) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
15:48:52.0947 2344 McAfeeFramework - ok
15:48:52.0971 2344 McShield (683d79595af56b4b987ffc898c83c575) C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\McShield.exe
15:48:52.0972 2344 McShield - ok
15:48:53.0010 2344 McTaskManager (7984c3fe368abe31543a95fbf4965bb8) C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe
15:48:53.0011 2344 McTaskManager - ok
15:48:53.0057 2344 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
15:48:53.0059 2344 Mcx2Svc - ok
15:48:53.0095 2344 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
15:48:53.0095 2344 megasas - ok
15:48:53.0126 2344 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
15:48:53.0128 2344 MegaSR - ok
15:48:53.0155 2344 mfeapfk (be32ddafc21b7ac0abeb5b0433cb2b22) C:\Windows\system32\drivers\mfeapfk.sys
15:48:53.0155 2344 mfeapfk - ok
15:48:53.0179 2344 mfeavfk (d1434fafe6e916f25d1669979c21cf5d) C:\Windows\system32\drivers\mfeavfk.sys
15:48:53.0180 2344 mfeavfk - ok
15:48:53.0236 2344 mfehidk (d0067b5e7d1a9ae6fe659eb03d6c9e34) C:\Windows\system32\drivers\mfehidk.sys
15:48:53.0239 2344 mfehidk - ok
15:48:53.0260 2344 mferkdet (b013e947563b509750023a1e6820908e) C:\Windows\system32\drivers\mferkdet.sys
15:48:53.0261 2344 mferkdet - ok
15:48:53.0285 2344 mfetdik (6fa1daa1ea0a3a467688f2598a625318) C:\Windows\system32\drivers\mfetdik.sys
15:48:53.0286 2344 mfetdik - ok
15:48:53.0304 2344 mfevtp (5c17c234f6cb7e6a6a9d175a71dd49a8) C:\Windows\system32\mfevtps.exe
15:48:53.0306 2344 mfevtp - ok
15:48:53.0395 2344 Microsoft SharePoint Workspace Audit Service - ok
15:48:53.0414 2344 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
15:48:53.0416 2344 MMCSS - ok
15:48:53.0450 2344 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
15:48:53.0451 2344 Modem - ok
15:48:53.0486 2344 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
15:48:53.0487 2344 monitor - ok
15:48:53.0531 2344 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
15:48:53.0532 2344 mouclass - ok
15:48:53.0545 2344 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
15:48:53.0546 2344 mouhid - ok
15:48:53.0594 2344 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
15:48:53.0595 2344 mountmgr - ok
15:48:53.0685 2344 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
15:48:53.0686 2344 MozillaMaintenance - ok
15:48:53.0730 2344 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
15:48:53.0731 2344 mpio - ok
15:48:53.0763 2344 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
15:48:53.0764 2344 mpsdrv - ok
15:48:53.0804 2344 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
15:48:53.0806 2344 MRxDAV - ok
15:48:53.0847 2344 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:48:53.0849 2344 mrxsmb - ok
15:48:53.0901 2344 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:48:53.0903 2344 mrxsmb10 - ok
15:48:53.0918 2344 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:48:53.0920 2344 mrxsmb20 - ok
15:48:53.0954 2344 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
15:48:53.0955 2344 msahci - ok
15:48:53.0992 2344 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
15:48:53.0993 2344 msdsm - ok
15:48:54.0031 2344 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
15:48:54.0033 2344 MSDTC - ok
15:48:54.0063 2344 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
15:48:54.0064 2344 Msfs - ok
15:48:54.0081 2344 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
15:48:54.0081 2344 mshidkmdf - ok
15:48:54.0096 2344 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
15:48:54.0096 2344 msisadrv - ok
15:48:54.0173 2344 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
15:48:54.0174 2344 MSiSCSI - ok
15:48:54.0179 2344 msiserver - ok
15:48:54.0200 2344 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
15:48:54.0201 2344 MSKSSRV - ok
15:48:54.0222 2344 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
15:48:54.0223 2344 MSPCLOCK - ok
15:48:54.0236 2344 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
15:48:54.0236 2344 MSPQM - ok
15:48:54.0285 2344 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
15:48:54.0288 2344 MsRPC - ok
15:48:54.0318 2344 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
15:48:54.0319 2344 mssmbios - ok
15:48:54.0473 2344 MSSQL$MSSMLBIZ - ok
15:48:54.0577 2344 MSSQLServerADHelper (1d89eb4e2a99cabd4e81225f4f4c4b25) c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe
15:48:54.0578 2344 MSSQLServerADHelper - ok
15:48:54.0605 2344 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
15:48:54.0606 2344 MSTEE - ok
15:48:54.0619 2344 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
15:48:54.0619 2344 MTConfig - ok
15:48:54.0638 2344 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
15:48:54.0638 2344 Mup - ok
15:48:54.0938 2344 N360 (c6948f034d7edabcfa2234d399fc78bc) C:\Program Files (x86)\Norton Business Suite\Engine\6.2.1.5\ccSvcHst.exe
15:48:54.0939 2344 N360 - ok
15:48:55.0143 2344 NACAgent (20f2516bfac46d34a3c36210d6455c72) C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe
15:48:55.0154 2344 NACAgent - ok
15:48:55.0314 2344 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
15:48:55.0318 2344 napagent - ok
15:48:55.0393 2344 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
15:48:55.0395 2344 NativeWifiP - ok
15:48:55.0613 2344 NAVENG (8043d41f881d6ace40b854ad6e32217f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20120713.004\ENG64.SYS
15:48:55.0614 2344 NAVENG - ok
15:48:55.0721 2344 NAVEX15 (9a9ab2fc45d701daed465d14980f1305) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20120713.004\EX64.SYS
15:48:55.0733 2344 NAVEX15 - ok
15:48:55.0908 2344 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
15:48:55.0914 2344 NDIS - ok
15:48:55.0949 2344 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
15:48:55.0949 2344 NdisCap - ok
15:48:55.0968 2344 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
15:48:55.0969 2344 NdisTapi - ok
15:48:56.0068 2344 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
15:48:56.0069 2344 Ndisuio - ok
15:48:56.0114 2344 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
15:48:56.0115 2344 NdisWan - ok
15:48:56.0155 2344 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
15:48:56.0156 2344 NDProxy - ok
15:48:56.0200 2344 Net Driver HPZ12 (d5ac41ae382738483faffbd7e373d49a) C:\Windows\system32\HPZinw12.dll
15:48:56.0201 2344 Net Driver HPZ12 - ok
15:48:56.0224 2344 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
15:48:56.0225 2344 NetBIOS - ok
15:48:56.0270 2344 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
15:48:56.0272 2344 NetBT - ok
15:48:56.0307 2344 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:48:56.0308 2344 Netlogon - ok
15:48:56.0336 2344 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
15:48:56.0339 2344 Netman - ok
15:48:56.0363 2344 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
15:48:56.0367 2344 netprofm - ok
15:48:56.0492 2344 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:48:56.0493 2344 NetTcpPortSharing - ok
15:48:56.0981 2344 NETw5s64 (4d85a450edef10c38882182753a49aae) C:\Windows\system32\DRIVERS\NETw5s64.sys
15:48:57.0022 2344 NETw5s64 - ok
15:48:57.0305 2344 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
15:48:57.0338 2344 netw5v64 - ok
15:48:57.0434 2344 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
15:48:57.0435 2344 nfrd960 - ok
15:48:57.0484 2344 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
15:48:57.0487 2344 NlaSvc - ok
15:48:57.0501 2344 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
15:48:57.0502 2344 Npfs - ok
15:48:57.0540 2344 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
15:48:57.0542 2344 nsi - ok
15:48:57.0563 2344 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
15:48:57.0564 2344 nsiproxy - ok
15:48:57.0701 2344 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
15:48:57.0712 2344 Ntfs - ok
15:48:57.0814 2344 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
15:48:57.0814 2344 Null - ok
15:48:57.0864 2344 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
15:48:57.0865 2344 nvraid - ok
15:48:57.0888 2344 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
15:48:57.0890 2344 nvstor - ok
15:48:57.0933 2344 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
15:48:57.0934 2344 nv_agp - ok
15:48:57.0959 2344 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
15:48:57.0960 2344 ohci1394 - ok
15:48:58.0018 2344 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:48:58.0019 2344 ose - ok
15:48:58.0359 2344 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
15:48:58.0389 2344 osppsvc - ok
15:48:58.0523 2344 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
15:48:58.0526 2344 p2pimsvc - ok
15:48:58.0577 2344 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
15:48:58.0581 2344 p2psvc - ok
15:48:58.0647 2344 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
15:48:58.0648 2344 Parport - ok
15:48:58.0694 2344 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
15:48:58.0695 2344 partmgr - ok
15:48:58.0740 2344 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
15:48:58.0742 2344 PcaSvc - ok
15:48:58.0796 2344 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
15:48:58.0798 2344 pci - ok
15:48:58.0829 2344 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
15:48:58.0830 2344 pciide - ok
15:48:58.0871 2344 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
15:48:58.0872 2344 pcmcia - ok
15:48:58.0911 2344 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
15:48:58.0912 2344 pcw - ok
15:48:58.0986 2344 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
15:48:58.0990 2344 PEAUTH - ok
15:48:59.0105 2344 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
15:48:59.0114 2344 PeerDistSvc - ok
15:48:59.0179 2344 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
15:48:59.0180 2344 PerfHost - ok
15:48:59.0387 2344 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
15:48:59.0397 2344 pla - ok
15:48:59.0456 2344 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
15:48:59.0460 2344 PlugPlay - ok
15:48:59.0511 2344 Pml Driver HPZ12 (37f6046cdc630442d7dc087501ff6fc6) C:\Windows\system32\HPZipm12.dll
15:48:59.0512 2344 Pml Driver HPZ12 - ok
15:48:59.0592 2344 pneteth (fe74ba87cdaa80ac9261f49167f0608a) C:\Windows\system32\DRIVERS\pneteth.sys
15:48:59.0593 2344 pneteth - ok
15:48:59.0620 2344 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
15:48:59.0621 2344 PNRPAutoReg - ok
15:48:59.0691 2344 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
15:48:59.0694 2344 PNRPsvc - ok
15:48:59.0738 2344 Point64 (4f0878fd62d5f7444c5f1c4c66d9d293) C:\Windows\system32\DRIVERS\point64.sys
15:48:59.0738 2344 Point64 - ok
15:48:59.0790 2344 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
15:48:59.0795 2344 PolicyAgent - ok
15:48:59.0844 2344 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
15:48:59.0847 2344 Power - ok
15:48:59.0902 2344 Power Manager DBC Service (d07d33d2293e4acae0cbf13108b92a4f) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
15:48:59.0903 2344 Power Manager DBC Service - ok
15:48:59.0953 2344 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
15:48:59.0955 2344 PptpMiniport - ok
15:48:59.0975 2344 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
15:48:59.0975 2344 Processor - ok
15:49:00.0022 2344 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
15:49:00.0025 2344 ProfSvc - ok
15:49:00.0074 2344 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:49:00.0076 2344 ProtectedStorage - ok
15:49:00.0128 2344 psadd (515a7c5a0886fcc60901916785efd549) C:\Windows\system32\DRIVERS\psadd.sys
15:49:00.0129 2344 psadd - ok
15:49:00.0200 2344 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
15:49:00.0201 2344 Psched - ok
15:49:00.0229 2344 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
15:49:00.0231 2344 PxHlpa64 - ok
15:49:00.0338 2344 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
15:49:00.0348 2344 ql2300 - ok
15:49:00.0553 2344 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
15:49:00.0554 2344 ql40xx - ok
15:49:00.0619 2344 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
15:49:00.0622 2344 QWAVE - ok
15:49:00.0654 2344 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
15:49:00.0655 2344 QWAVEdrv - ok
15:49:00.0682 2344 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
15:49:00.0682 2344 RasAcd - ok
15:49:00.0702 2344 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
15:49:00.0703 2344 RasAgileVpn - ok
15:49:00.0723 2344 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
15:49:00.0724 2344 RasAuto - ok
15:49:00.0773 2344 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:49:00.0774 2344 Rasl2tp - ok
15:49:00.0832 2344 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
15:49:00.0835 2344 RasMan - ok
15:49:00.0884 2344 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
15:49:00.0885 2344 RasPppoe - ok
15:49:00.0919 2344 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
15:49:00.0920 2344 RasSstp - ok
15:49:00.0975 2344 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
15:49:00.0977 2344 rdbss - ok
15:49:01.0015 2344 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
15:49:01.0015 2344 rdpbus - ok
15:49:01.0028 2344 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:49:01.0029 2344 RDPCDD - ok
15:49:01.0069 2344 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
15:49:01.0070 2344 RDPDR - ok
15:49:01.0099 2344 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
15:49:01.0099 2344 RDPENCDD - ok
15:49:01.0133 2344 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
15:49:01.0133 2344 RDPREFMP - ok
15:49:01.0181 2344 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
15:49:01.0183 2344 RDPWD - ok
15:49:01.0211 2344 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
15:49:01.0212 2344 rdyboost - ok
15:49:01.0337 2344 RegSrvc (3b71b5b91e7dca93585d5a86c897adc4) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
15:49:01.0342 2344 RegSrvc - ok
15:49:01.0385 2344 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
15:49:01.0386 2344 RemoteAccess - ok
15:49:01.0423 2344 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
15:49:01.0425 2344 RemoteRegistry - ok
15:49:01.0547 2344 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
15:49:01.0548 2344 RFCOMM - ok
15:49:01.0648 2344 Roxio UPnP Renderer 10 (14a99fd851272c73b758546ef8f0e641) C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
15:49:01.0650 2344 Roxio UPnP Renderer 10 - ok
15:49:01.0694 2344 Roxio Upnp Server 10 (ba917f2f2bd5033e70823797c73cdfcb) C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe
15:49:01.0697 2344 Roxio Upnp Server 10 - ok
15:49:01.0806 2344 RoxLiveShare10 (8986d20cf294d794a79fb18ff697b68b) C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
15:49:01.0809 2344 RoxLiveShare10 - ok
15:49:01.0946 2344 RoxMediaDB10 (d8c44229eb2495e774350529ed9be08d) C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
15:49:01.0953 2344 RoxMediaDB10 - ok
15:49:02.0040 2344 RoxWatch10 (53716357f4b3c99112cf0a21932c5688) C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
15:49:02.0041 2344 RoxWatch10 - ok
15:49:02.0151 2344 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
15:49:02.0153 2344 RpcEptMapper - ok
15:49:02.0177 2344 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
15:49:02.0178 2344 RpcLocator - ok
15:49:02.0235 2344 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
15:49:02.0240 2344 RpcSs - ok
15:49:02.0295 2344 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
15:49:02.0295 2344 rspndr - ok
15:49:02.0336 2344 RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\Windows\system32\DRIVERS\Rt64win7.sys
15:49:02.0340 2344 RTL8167 - ok
15:49:02.0404 2344 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
15:49:02.0405 2344 s3cap - ok
15:49:02.0509 2344 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:49:02.0510 2344 SamSs - ok
15:49:02.0580 2344 SASDIFSV (99df79c258b3342b6c8a5f802998de56) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
15:49:02.0580 2344 SASDIFSV - ok
15:49:02.0596 2344 SASKUTIL (2859c35c0651e8eb0d86d48e740388f2) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
15:49:02.0596 2344 SASKUTIL - ok
15:49:02.0642 2344 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
15:49:02.0643 2344 sbp2port - ok
15:49:02.0681 2344 SBRE (9aceb2a2362fc87a3825963e61ba9076) C:\Windows\system32\drivers\SBREdrv.sys
15:49:02.0682 2344 SBRE - ok
15:49:02.0723 2344 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
15:49:02.0725 2344 SCardSvr - ok
15:49:02.0776 2344 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
15:49:02.0777 2344 scfilter - ok
15:49:02.0945 2344 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
15:49:02.0953 2344 Schedule - ok
15:49:03.0001 2344 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
15:49:03.0002 2344 SCPolicySvc - ok
15:49:03.0059 2344 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
15:49:03.0060 2344 sdbus - ok
15:49:03.0103 2344 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
15:49:03.0106 2344 SDRSVC - ok
15:49:03.0193 2344 SeaPort (16a252022535b680046f6e34e136d378) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
15:49:03.0194 2344 SeaPort - ok
15:49:03.0241 2344 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
15:49:03.0241 2344 secdrv - ok
15:49:03.0278 2344 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
15:49:03.0280 2344 seclogon - ok
15:49:03.0300 2344 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
15:49:03.0302 2344 SENS - ok
15:49:03.0334 2344 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
15:49:03.0335 2344 SensrSvc - ok
15:49:03.0350 2344 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
15:49:03.0350 2344 Serenum - ok
15:49:03.0368 2344 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
15:49:03.0369 2344 Serial - ok
15:49:03.0414 2344 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
15:49:03.0414 2344 sermouse - ok
15:49:03.0460 2344 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
15:49:03.0462 2344 SessionEnv - ok
15:49:03.0503 2344 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
15:49:03.0504 2344 sffdisk - ok
15:49:03.0517 2344 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
15:49:03.0518 2344 sffp_mmc - ok
15:49:03.0525 2344 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
15:49:03.0525 2344 sffp_sd - ok
15:49:03.0584 2344 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
15:49:03.0585 2344 sfloppy - ok
15:49:03.0645 2344 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
15:49:03.0649 2344 ShellHWDetection - ok
15:49:03.0690 2344 Shockprf (5a5346931ce61ea85f8338f7a03131f7) C:\Windows\system32\DRIVERS\Apsx64.sys
15:49:03.0691 2344 Shockprf - ok
15:49:03.0724 2344 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:49:03.0725 2344 SiSRaid2 - ok
15:49:03.0756 2344 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
15:49:03.0757 2344 SiSRaid4 - ok
15:49:03.0790 2344 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
15:49:03.0791 2344 Smb - ok
15:49:03.0829 2344 SMR300 (10bc9f077fc149e4e0a40bae1d42a259) C:\Windows\system32\drivers\SMR300.SYS
15:49:03.0830 2344 SMR300 - ok
15:49:03.0884 2344 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
15:49:03.0886 2344 SNMPTRAP - ok
15:49:03.0912 2344 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
15:49:03.0913 2344 spldr - ok
15:49:03.0974 2344 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
15:49:03.0978 2344 Spooler - ok
15:49:04.0141 2344 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
15:49:04.0163 2344 sppsvc - ok
15:49:04.0237 2344 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
15:49:04.0239 2344 sppuinotify - ok
15:49:04.0330 2344 SQLBrowser (86ebd8b1f23e743aad21f4d5b4d40985) c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
15:49:04.0332 2344 SQLBrowser - ok
15:49:04.0892 2344 SQLWriter (3c432a96363097870995e2a3c8b66abd) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
15:49:04.0893 2344 SQLWriter - ok
15:49:05.0026 2344 SRTSP (06b9a7ba94356ec5207c5ddb59540378) C:\Windows\System32\Drivers\N360x64\0602010.005\SRTSP64.SYS
15:49:05.0030 2344 SRTSP - ok
15:49:05.0081 2344 SRTSPX (fbb8945a61e55a2345d12487c74a9d76) C:\Windows\system32\drivers\N360x64\0602010.005\SRTSPX64.SYS
15:49:05.0082 2344 SRTSPX - ok
15:49:05.0122 2344 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
15:49:05.0126 2344 srv - ok
15:49:05.0165 2344 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
15:49:05.0168 2344 srv2 - ok
15:49:05.0222 2344 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
15:49:05.0224 2344 SrvHsfHDA - ok
15:49:05.0302 2344 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
15:49:05.0311 2344 SrvHsfV92 - ok
15:49:05.0432 2344 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
15:49:05.0440 2344 SrvHsfWinac - ok
15:49:05.0486 2344 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
15:49:05.0487 2344 srvnet - ok
15:49:05.0514 2344 sscdbus (1612881760c9df7fbb09b6cf1d3ba0df) C:\Windows\system32\DRIVERS\sscdbus.sys
15:49:05.0515 2344 sscdbus - ok
15:49:05.0539 2344 sscdmdfl (d7803a687e85189ea2b525cc22093521) C:\Windows\system32\DRIVERS\sscdmdfl.sys
15:49:05.0540 2344 sscdmdfl - ok
15:49:05.0562 2344 sscdmdm (06db3d5eb2444083c7f5af7874765505) C:\Windows\system32\DRIVERS\sscdmdm.sys
15:49:05.0563 2344 sscdmdm - ok
15:49:05.0582 2344 sscdserd (23ebb395609d9cdb8b1074a12254119b) C:\Windows\system32\DRIVERS\sscdserd.sys
15:49:05.0583 2344 sscdserd - ok
15:49:05.0606 2344 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
15:49:05.0608 2344 SSDPSRV - ok
15:49:05.0625 2344 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
15:49:05.0627 2344 SstpSvc - ok
15:49:05.0642 2344 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
15:49:05.0643 2344 stexstor - ok
15:49:05.0686 2344 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
15:49:05.0687 2344 StillCam - ok
15:49:05.0747 2344 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
15:49:05.0751 2344 stisvc - ok
15:49:05.0816 2344 stllssvr (ff5eb78af7dfb68c2fb363537aaf753e) C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
15:49:05.0817 2344 stllssvr - ok
15:49:05.0864 2344 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
15:49:05.0865 2344 storflt - ok
15:49:05.0883 2344 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
15:49:05.0885 2344 StorSvc - ok
15:49:05.0903 2344 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
15:49:05.0903 2344 storvsc - ok
15:49:05.0958 2344 SUService (3119e9bc5fad5ea1cd31ae200a1da591) c:\Program Files (x86)\Lenovo\System Update\SUService.exe
15:49:05.0959 2344 SUService - ok
15:49:05.0975 2344 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
15:49:05.0976 2344 swenum - ok
15:49:06.0004 2344 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
15:49:06.0008 2344 swprv - ok
15:49:06.0086 2344 SymDS (8b2430762099598da40686f754632efd) C:\Windows\system32\drivers\N360x64\0602010.005\SYMDS64.SYS
15:49:06.0088 2344 SymDS - ok
15:49:06.0135 2344 SymEFA (f90c7a190399165d3ab2245048d34786) C:\Windows\system32\drivers\N360x64\0602010.005\SYMEFA64.SYS
15:49:06.0142 2344 SymEFA - ok
15:49:06.0187 2344 SymEvent (898bb48c797483420df523b2bbc1ecdb) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
15:49:06.0189 2344 SymEvent - ok
15:49:06.0218 2344 SymIRON (5013a76caaa1d7cf1c55214b490b4e35) C:\Windows\system32\drivers\N360x64\0602010.005\Ironx64.SYS
15:49:06.0219 2344 SymIRON - ok
15:49:06.0251 2344 SymNetS (3911bd0e68c010e5438a87706abbe9ab) C:\Windows\System32\Drivers\N360x64\0602010.005\SYMNETS.SYS
15:49:06.0254 2344 SymNetS - ok
15:49:06.0304 2344 SynTP (868dfb220a18312a12cef01ba9ac069b) C:\Windows\system32\DRIVERS\SynTP.sys
15:49:06.0306 2344 SynTP - ok
15:49:06.0513 2344 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
15:49:06.0525 2344 SysMain - ok
15:49:06.0641 2344 szkg5 (8598e4a12eaa945b35365dd2750b9777) C:\Windows\syswow64\DRIVERS\szkg64.sys
15:49:06.0642 2344 szkg5 - ok
15:49:06.0708 2344 szserver (8fdaf81240a4057162cad255f02a844e) C:\Program Files (x86)\Common Files\iS3\Anti-Spyware\SZServer.exe
15:49:06.0708 2344 szserver - ok
15:49:06.0797 2344 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
15:49:06.0799 2344 TabletInputService - ok
15:49:06.0845 2344 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
15:49:06.0848 2344 TapiSrv - ok
15:49:06.0906 2344 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
15:49:06.0907 2344 TBS - ok
15:49:07.0125 2344 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
15:49:07.0138 2344 Tcpip - ok
15:49:07.0329 2344 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
15:49:07.0340 2344 TCPIP6 - ok
15:49:07.0444 2344 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
15:49:07.0444 2344 tcpipreg - ok
15:49:07.0464 2344 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
15:49:07.0464 2344 TDPIPE - ok
15:49:07.0506 2344 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
15:49:07.0506 2344 TDTCP - ok
15:49:07.0542 2344 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
15:49:07.0543 2344 tdx - ok
15:49:07.0582 2344 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
15:49:07.0583 2344 TermDD - ok
15:49:07.0630 2344 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
15:49:07.0637 2344 TermService - ok
15:49:07.0657 2344 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
15:49:07.0659 2344 Themes - ok
15:49:07.0779 2344 ThinkVantage Registry Monitor Service (39ac444e07fdbd8c2e8e291a65d515d3) C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
15:49:07.0785 2344 ThinkVantage Registry Monitor Service - ok
15:49:07.0804 2344 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
15:49:07.0806 2344 THREADORDER - ok
15:49:07.0865 2344 TPDIGIMN (7e25f9ae51daac0791df1eb949a58dbe) C:\Windows\system32\DRIVERS\ApsHM64.sys
15:49:07.0866 2344 TPDIGIMN - ok
15:49:07.0885 2344 TPHDEXLGSVC (dd96de244cb186207149bc897e67217a) C:\Windows\system32\TPHDEXLG64.exe
15:49:07.0886 2344 TPHDEXLGSVC - ok
15:49:07.0940 2344 TPHKSVC (3c6a42a8494d74f44f048bb7f9f2db44) C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
15:49:07.0940 2344 TPHKSVC - ok
15:49:07.0965 2344 TPM (dbcc20c02e8a3e43b03c304a4e40a84f) C:\Windows\system32\drivers\tpm.sys
15:49:07.0965 2344 TPM - ok
15:49:07.0994 2344 TPPWRIF (2c067e01d6bbccc88b233b868e210907) C:\Windows\system32\drivers\Tppwr64v.sys
15:49:07.0994 2344 TPPWRIF - ok
15:49:08.0028 2344 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
15:49:08.0030 2344 TrkWks - ok
15:49:08.0089 2344 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
15:49:08.0090 2344 TrustedInstaller - ok
15:49:08.0135 2344 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:49:08.0136 2344 tssecsrv - ok
15:49:08.0176 2344 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
15:49:08.0177 2344 TsUsbFlt - ok
15:49:08.0220 2344 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
15:49:08.0221 2344 tunnel - ok
15:49:08.0350 2344 TVT Backup Service (b56da1aa776c15043d10f82b32aa000d) C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe
15:49:08.0359 2344 TVT Backup Service - ok
15:49:08.0554 2344 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
15:49:08.0554 2344 uagp35 - ok
15:49:08.0615 2344 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
15:49:08.0618 2344 udfs - ok
15:49:08.0679 2344 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
15:49:08.0681 2344 UI0Detect - ok
15:49:08.0738 2344 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
15:49:08.0739 2344 uliagpkx - ok
15:49:08.0783 2344 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
15:49:08.0784 2344 umbus - ok
15:49:08.0828 2344 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
15:49:08.0829 2344 UmPass - ok
15:49:08.0847 2344 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
15:49:08.0849 2344 UmRdpService - ok
15:49:08.0893 2344 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
15:49:08.0897 2344 upnphost - ok
15:49:08.0959 2344 USBAAPL64 (54d4b48d443e7228bf64cf7cdc3118ac) C:\Windows\system32\Drivers\usbaapl64.sys
15:49:08.0959 2344 USBAAPL64 - ok
15:49:09.0030 2344 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
15:49:09.0031 2344 usbaudio - ok
15:49:09.0084 2344 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
15:49:09.0085 2344 usbccgp - ok
15:49:09.0121 2344 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
15:49:09.0122 2344 usbcir - ok
15:49:09.0148 2344 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
15:49:09.0149 2344 usbehci - ok
15:49:09.0177 2344 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
15:49:09.0180 2344 usbhub - ok
15:49:09.0200 2344 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
15:49:09.0200 2344 usbohci - ok
15:49:09.0221 2344 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
15:49:09.0221 2344 usbprint - ok
15:49:09.0264 2344 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
15:49:09.0265 2344 usbscan - ok
15:49:09.0309 2344 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:49:09.0310 2344 USBSTOR - ok
15:49:09.0330 2344 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
15:49:09.0330 2344 usbuhci - ok
15:49:09.0369 2344 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
15:49:09.0370 2344 usbvideo - ok
15:49:09.0401 2344 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
15:49:09.0402 2344 UxSms - ok
15:49:09.0442 2344 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:49:09.0443 2344 VaultSvc - ok
15:49:09.0484 2344 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
15:49:09.0485 2344 vdrvroot - ok
15:49:09.0547 2344 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
15:49:09.0551 2344 vds - ok
15:49:09.0581 2344 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
15:49:09.0582 2344 vga - ok
15:49:09.0594 2344 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
15:49:09.0594 2344 VgaSave - ok
15:49:09.0623 2344 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
15:49:09.0625 2344 vhdmp - ok
15:49:09.0643 2344 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
15:49:09.0644 2344 viaide - ok
15:49:09.0690 2344 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
15:49:09.0692 2344 vmbus - ok
15:49:09.0708 2344 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
15:49:09.0709 2344 VMBusHID - ok
15:49:09.0727 2344 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
15:49:09.0728 2344 volmgr - ok
15:49:09.0770 2344 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
15:49:09.0773 2344 volmgrx - ok
15:49:09.0803 2344 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
15:49:09.0805 2344 volsnap - ok
15:49:09.0825 2344 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
15:49:09.0826 2344 vsmraid - ok
15:49:09.0923 2344 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
15:49:09.0934 2344 VSS - ok
15:49:10.0023 2344 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
15:49:10.0024 2344 vwifibus - ok
15:49:10.0034 2344 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
15:49:10.0035 2344 vwififlt - ok
15:49:10.0045 2344 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
15:49:10.0045 2344 vwifimp - ok
15:49:10.0087 2344 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
15:49:10.0090 2344 W32Time - ok
15:49:10.0112 2344 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
15:49:10.0113 2344 WacomPen - ok
15:49:10.0148 2344 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:49:10.0149 2344 WANARP - ok
15:49:10.0153 2344 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:49:10.0154 2344 Wanarpv6 - ok
15:49:10.0236 2344 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
15:49:10.0243 2344 WatAdminSvc - ok
15:49:10.0328 2344 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
15:49:10.0339 2344 wbengine - ok
15:49:10.0461 2344 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
15:49:10.0463 2344 WbioSrvc - ok
15:49:10.0523 2344 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
15:49:10.0526 2344 wcncsvc - ok
15:49:10.0556 2344 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
15:49:10.0558 2344 WcsPlugInService - ok
15:49:10.0644 2344 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
15:49:10.0645 2344 Wd - ok
15:49:10.0744 2344 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
15:49:10.0748 2344 Wdf01000 - ok
15:49:10.0796 2344 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
15:49:10.0799 2344 WdiServiceHost - ok
15:49:10.0805 2344 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
15:49:10.0807 2344 WdiSystemHost - ok
15:49:10.0874 2344 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
15:49:10.0877 2344 WebClient - ok
15:49:10.0899 2344 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
15:49:10.0902 2344 Wecsvc - ok
15:49:10.0919 2344 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
15:49:10.0921 2344 wercplsupport - ok
15:49:10.0942 2344 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
15:49:10.0944 2344 WerSvc - ok
15:49:10.0996 2344 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
15:49:10.0997 2344 WfpLwf - ok
15:49:11.0014 2344 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
15:49:11.0015 2344 WIMMount - ok
15:49:11.0024 2344 WinHttpAutoProxySvc - ok
15:49:11.0075 2344 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
15:49:11.0076 2344 Winmgmt - ok
15:49:11.0191 2344 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
15:49:11.0204 2344 WinRM - ok
15:49:11.0312 2344 WinUSB (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUSB.sys
15:49:11.0313 2344 WinUSB - ok
15:49:11.0364 2344 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
15:49:11.0371 2344 Wlansvc - ok
15:49:11.0512 2344 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:49:11.0525 2344 wlidsvc - ok
15:49:11.0621 2344 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
15:49:11.0622 2344 WmiAcpi - ok
15:49:11.0657 2344 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
15:49:11.0659 2344 wmiApSrv - ok
15:49:11.0683 2344 WMPNetworkSvc - ok
15:49:11.0707 2344 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
15:49:11.0709 2344 WPCSvc - ok
15:49:11.0751 2344 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
15:49:11.0753 2344 WPDBusEnum - ok
15:49:11.0780 2344 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
15:49:11.0781 2344 ws2ifsl - ok
15:49:11.0816 2344 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys
15:49:11.0817 2344 WSDPrintDevice - ok
15:49:11.0821 2344 WSearch - ok
15:49:11.0946 2344 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
15:49:11.0962 2344 wuauserv - ok
15:49:12.0070 2344 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
15:49:12.0071 2344 WudfPf - ok
15:49:12.0094 2344 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:49:12.0095 2344 WUDFRd - ok
15:49:12.0133 2344 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
15:49:12.0135 2344 wudfsvc - ok
15:49:12.0166 2344 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
15:49:12.0169 2344 WwanSvc - ok
15:49:12.0204 2344 MBR (0x1B8) (799385149a78d64a37d711f052eead64) \Device\Harddisk0\DR0
15:49:12.0454 2344 \Device\Harddisk0\DR0 - ok
15:49:12.0458 2344 Boot (0x1200) (1ea833e6b60e28e326c303bb7106a034) \Device\Harddisk0\DR0\Partition0
15:49:12.0459 2344 \Device\Harddisk0\DR0\Partition0 - ok
15:49:12.0491 2344 Boot (0x1200) (d30cf8d03224be751d5b405e67105faf) \Device\Harddisk0\DR0\Partition1
15:49:12.0492 2344 \Device\Harddisk0\DR0\Partition1 - ok
15:49:12.0526 2344 Boot (0x1200) (586cf448fa74ec9d7179558761e36ca9) \Device\Harddisk0\DR0\Partition2
15:49:12.0527 2344 \Device\Harddisk0\DR0\Partition2 - ok
15:49:12.0528 2344 ============================================================
15:49:12.0528 2344 Scan finished
15:49:12.0528 2344 ============================================================
15:49:12.0542 2240 Detected object count: 0
15:49:12.0542 2240 Actual detected object count: 0
15:49:16.0757 2872 Deinitialize success
Mark1956's Avatar
Malware Removal Specialist with 14,071 posts.
 
Join Date: May 2011
Location: Spain
Experience: Advanced
17-Aug-2012, 01:49 AM #10
So far everything is coming up clean, don't worry about the FRST log. We can deal with McAfee later. Please go ahead and run RogueKiller and post the log.
mathew206's Avatar
mathew206 mathew206 is offline
Computer Specs
Member with 153 posts.
THREAD STARTER
 
Join Date: Aug 2012
Experience: Intermediate
17-Aug-2012, 02:24 AM #11
rogue killer report
Hey Mark, I actually do have the frst64 log, but I cannot get it until tomorrow as it is on another flash drive. I know you said not to worry, but if you want me to post it tomorrow, I can.

Here is the rogue killer report. It appears that it did catch a few things. I have not attempted to fix anything.


RogueKiller V7.6.6 [08/10/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files...3-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: ChoysToy [Admin rights]
Mode: Scan -- Date: 08/16/2012 23:13:35

Bad processes: 0

Registry Entries: 3
[HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

Particular Files / Folders:
[ZeroAccess][FOLDER] U : c:\windows\installer\{9867ed17-947a-e440-13f8-372d5a958ab1}\U --> FOUND
[ZeroAccess][FOLDER] L : c:\windows\installer\{9867ed17-947a-e440-13f8-372d5a958ab1}\L --> FOUND
[ZeroAccess][FILE] @ : c:\users\choystoy\appdata\local\{9867ed17-947a-e440-13f8-372d5a958ab1}\@ --> FOUND
[ZeroAccess][FOLDER] U : c:\users\choystoy\appdata\local\{9867ed17-947a-e440-13f8-372d5a958ab1}\U --> FOUND
[ZeroAccess][FOLDER] L : c:\users\choystoy\appdata\local\{9867ed17-947a-e440-13f8-372d5a958ab1}\L --> FOUND

Driver: [NOT LOADED]

Infection : ZeroAccess

HOSTS File:
127.0.0.1 localhost


MBR Check:

+++++ PhysicalDrive0: HITACHI HTS545050B9A300 +++++
--- User ---
[MBR] a9b701eb7dd85cbeca9ebb098e6f2a3a
[BSP] 86d84489c985e4e60089373306b3b6b9 : Lenovo tatooed MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1200 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2459648 | Size: 465737 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 956291072 | Size: 10000 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt
Mark1956's Avatar
Malware Removal Specialist with 14,071 posts.
 
Join Date: May 2011
Location: Spain
Experience: Advanced
17-Aug-2012, 02:41 AM #12
Please try this to remove McAfee. Click on Ctrl Alt Delete keys at the same time and then select the Task Manager. Find these three running processes:

FrameworkService.exe
VsTskMgr.exe
naPrdMgr.exe


Select each one in turn and click on the End Process button. Once done go into Programs and Features and try to uninstall the program again, then run the Removal tool.

Next please do another scan with RogueKiller and select all of the ZeroAccess detections, then click on the Delete button. Post the resulting log.

Then follow these instructions:

  • Windows 7 System File Checker
  • Click on Start and type cmd in the search box. Right click on cmd in the popup menu and select Run as Administrator.
  • Another box will open, at the Command Prompt, type sfc /scannow and press Enter. (Note the gap between the c and the /)
  • Let the check run to completion.
    To find the log
  • Copy & Paste the following command at the Command Prompt and press Enter:
    findstr /c:"[SR]" %windir%\logs\cbs\cbs.log >%userprofile%\Desktop\sfcdetails.txt
  • This will place a file on your desktop called sfcdetails.txt which contains the results of the scan.
  • Zip up the file and attach it to your next post.
mathew206's Avatar
mathew206 mathew206 is offline
Computer Specs
Member with 153 posts.
THREAD STARTER
 
Join Date: Aug 2012
Experience: Intermediate
17-Aug-2012, 02:54 AM #13
I actually could not find any of those three items in processes. However, I did find the following under the Services tab: McAfee EngineService, McAfeeFramework, McShield, McTaskManager.

Shall I still proceed with roguekiller? I actually did not even close the program yet, so I could just delete from the first scan. Let me know if this is okay, or to rescan. Thanks.
Mark1956's Avatar
Malware Removal Specialist with 14,071 posts.
 
Join Date: May 2011
Location: Spain
Experience: Advanced
17-Aug-2012, 05:18 AM #14
You can go ahead with deleting the detections witout restarting RogueKiller, post the log when done.

In respect of McAfee, I thought those .exe files would be seen in the Processes list, nevertheless please disable and stop anything you can find related to McAfee, it should then allow you to uninstall it.
mathew206's Avatar
mathew206 mathew206 is offline
Computer Specs
Member with 153 posts.
THREAD STARTER
 
Join Date: Aug 2012
Experience: Intermediate
17-Aug-2012, 11:26 AM #15
Rogue Killer report 2ave
Mcafee removal - I tried to stop the services related to Mcafee. What I did was, find the item under the Services tab, right click, then click stop service. (the options it has is 1. start service, 2. stop service, 3. go to process).

When I clicked stop service, a window opens up and says, "The operation could not be completed. Access is denied."
When I tried go to process, it just opens up the processes tab, but nothing is highlighted, and nothing happens.

Start service is greyed out and and I cannot click that option.

Quick question for you, Should I keep my computer in sleep mode or on between trouble shooting? Everytime I turn it off, it says that updates are being updated/installed. I believe that is the virus as I did not see any windows updates.

Here is the second Rogue Killer log after hitting delete.


RogueKiller V7.6.6 [08/10/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files...3-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: ChoysToy [Admin rights]
Mode: Remove -- Date: 08/17/2012 08:09:40

Bad processes: 0

Registry Entries: 3
[HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

Particular Files / Folders:
[ZeroAccess][FOLDER] U : c:\windows\installer\{9867ed17-947a-e440-13f8-372d5a958ab1}\U --> REMOVED
[ZeroAccess][FOLDER] L : c:\windows\installer\{9867ed17-947a-e440-13f8-372d5a958ab1}\L --> REMOVED
[ZeroAccess][FILE] @ : c:\users\choystoy\appdata\local\{9867ed17-947a-e440-13f8-372d5a958ab1}\@ --> REMOVED
[ZeroAccess][FOLDER] U : c:\users\choystoy\appdata\local\{9867ed17-947a-e440-13f8-372d5a958ab1}\U --> REMOVED
[ZeroAccess][FOLDER] L : c:\users\choystoy\appdata\local\{9867ed17-947a-e440-13f8-372d5a958ab1}\L --> REMOVED

Driver: [NOT LOADED]

Infection : ZeroAccess

HOSTS File:
127.0.0.1 localhost


MBR Check:

+++++ PhysicalDrive0: HITACHI HTS545050B9A300 +++++
--- User ---
[MBR] a9b701eb7dd85cbeca9ebb098e6f2a3a
[BSP] 86d84489c985e4e60089373306b3b6b9 : Lenovo tatooed MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1200 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2459648 | Size: 465737 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 956291072 | Size: 10000 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑