1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Google redirect Virus

Discussion in 'Virus & Other Malware Removal' started by MrPokemon, Dec 26, 2012.

Thread Status:
Not open for further replies.
Advertisement
  1. MrPokemon

    MrPokemon Thread Starter

    Joined:
    Dec 26, 2012
    Messages:
    12
    like the title says i'm having a bit of a problem with Google redirecting me to other random pages and not the one im suppose to go to, haven't tested with other search engines but i'm guessing they're infected somehow, and Little more info,when i start up Google chrome,Malwarebytes anti-Malware notifies me with this [ (2012/12/25 22:42:13 -0800 CHRIS-LAPTOP Chris IP-BLOCK 93.170.104.62 (Type: outgoing, Port: 58781, Process: chrome.exe) ]


    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 1:55:08 AM, on 12/26/2012
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16457)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files\AuthenTec TrueSuite\x86\BioMonitor.exe
    C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
    C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE
    C:\Program Files (x86)\NCSoft\Launcher\NCLauncher.exe
    C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
    C:\Windows\SysWOW64\RunDll32.exe
    C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe
    C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\UI\IntelSmallBusinessAdvantage.exe
    C:\Program Files (x86)\Lenovo\message center plus\mcplaunch.exe
    C:\Program Files\lenovo\lenovo solution center\lsc.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\Bluetooth Headset Helper.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    c:\PROGRA~2\mcafee\SITEAD~1\saui.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Windows\SysWOW64\NOTEPAD.EXE
    C:\Windows\SysWOW64\NOTEPAD.EXE
    C:\Users\Chris\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    F2 - REG:system.ini: UserInit=userinit.exe
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20121014233553.dll
    O2 - BHO: TrueSuite Browser Helper Object - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files\AuthenTec TrueSuite\x86\IEBHO.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    O2 - BHO: IEPlugin - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll
    O3 - Toolbar: TrueSuite Toolbar - {C98EE38D-21E4-4A50-907D-2B56FEC7013E} - C:\Program Files\AuthenTec TrueSuite\x86\IEBHO.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    O4 - HKLM\..\Run: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
    O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
    O4 - HKLM\..\Run: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
    O4 - HKLM\..\Run: [Dolby Advanced Audio v2] "C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe" -autostart
    O4 - HKLM\..\Run: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [Fastboot] C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe
    O4 - HKLM\..\Run: [Lenovo Registration] C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot
    O4 - HKLM\..\Run: [IntelSBA] C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\Service\SBALaunchDelay.exe "C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\UI\IntelSmallBusinessAdvantage.exe -minimized" 60
    O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    O4 - HKLM\..\Run: [Aimersoft Helper Compact.exe] C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
    O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
    O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [Google Update] "C:\Users\Chris\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
    O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Chris\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
    O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
    O4 - HKCU\..\Run: [NCsoft Launcher] C:\Program Files (x86)\NCSoft\Launcher\NCLauncher.exe /Minimized
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - Global Startup: Bluetooth.lnk = ?
    O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
    O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\mcafee\msc\mcsniepl.dll
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
    O23 - Service: @C:\Windows\system32\CxAudMsg64.exe,-100 (CxAudMsg) - Unknown owner - C:\Windows\system32\CxAudMsg64.exe (file missing)
    O23 - Service: DisplayLinkManager (DisplayLinkService) - DisplayLink Corp. - C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: FastbootService - Lenovo - C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: TrueSuiteService (FPLService) - AuthenTec, Inc - C:\Program Files\AuthenTec TrueSuite\TrueSuiteService.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HitmanPro Scheduler (HitmanProScheduler) - SurfRight B.V. - C:\Program Files\HitmanPro\hmpsched.exe
    O23 - Service: HyperW7 Service (HyperW7Svc) - Lenovo Group Limited - C:\Program Files\Lenovo\RapidBoot\HyperW7Svc64.exe
    O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\Windows\system32\ibmpmsvc.exe (file missing)
    O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
    O23 - Service: Intel(R) ME Service - Unknown owner - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
    O23 - Service: Intel(R) Small Business Advantage - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe
    O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Lenovo Camera Mute (LENOVO.CAMMUTE) - Lenovo Group Limited - C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
    O23 - Service: Lenovo Microphone Mute (LENOVO.MICMUTE) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
    O23 - Service: Lenovo Keyboard Noise Reduction (LENOVO.TPKNRSVC) - Lenovo Group Limited - C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
    O23 - Service: ThinkVantage Virtual Camera Controller (LENOVO.TVTVCAM) - Lenovo Group Limited - C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe
    O23 - Service: Lenovo Auto Scroll (Lenovo.VIRTSCRLSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
    O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
    O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
    O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing)
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Power Manager DBC Service - Lenovo - C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
    O23 - Service: Cisco EnergyWise Enabler (PwmEWSvc) - Lenovo Group Limited - C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Conexant SmartAudio service (SAService) - Conexant Systems, Inc. - C:\Windows\system32\SAsrv.exe
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: SpyHunter 4 Service - Enigma Software Group USA, LLC. - C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    O23 - Service: System Update (SUService) - Lenovo Group Limited - C:\Program Files (x86)\Lenovo\System Update\SUService.exe
    O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Unknown owner - C:\Windows\System32\TPHDEXLG64.exe (file missing)
    O23 - Service: Lenovo Hotkey Client Loader (TPHKLOAD) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
    O23 - Service: On Screen Display (TPHKSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: VIPAppService - Symantec Corporation - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 17742 bytes


    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 9.0.8112.16457
    Run by Chris at 1:56:08 on 2012-12-26
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5738.3880 [GMT -8:00]
    .
    AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
    SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Program Files\AuthenTec TrueSuite\TrueSuiteService.exe
    C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
    C:\Windows\system32\ibmpmsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
    C:\Windows\System32\WUDFHost.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\WLANExt.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k WbioSvcGroup
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    C:\Windows\system32\CxAudMsg64.exe
    C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Intel\iCLS Client\HeciServer.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
    C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
    C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe
    C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    C:\Windows\system32\mfevtps.exe
    C:\Windows\system32\rundll32.exe
    C:\Windows\system32\rundll32.exe
    C:\Windows\SysWOW64\SAsrv.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\PROGRA~1\Lenovo\HOTKEY\tpnumlk.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\taskhost.exe
    C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\AuthenTec TrueSuite\TouchControl.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\igfxext.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\AuthenTec TrueSuite\x86\BioMonitor.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
    C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
    C:\Windows\System32\TpShocks.exe
    C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
    C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Windows\system32\rundll32.exe
    C:\PROGRA~1\Lenovo\HOTKEY\MKRMSG.EXE
    C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE
    C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe
    C:\Program Files (x86)\NCSoft\Launcher\NCLauncher.exe
    C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
    C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Windows\system32\rundll32.exe
    C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\SysWOW64\RunDll32.exe
    C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\UI\IntelSmallBusinessAdvantage.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe
    C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\Lenovo\message center plus\mcplaunch.exe
    C:\Program Files (x86)\Lenovo\System Update\SUService.exe
    C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    C:\Program Files\lenovo\lenovo solution center\lsc.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\Bluetooth Headset Helper.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files\HitmanPro\hmpsched.exe
    c:\PROGRA~2\mcafee\SITEAD~1\saui.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP
    uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP
    uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
    mWinlogon: Userinit = userinit.exe
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20121014233553.dll
    BHO: TrueSuite Browser Helper Object: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files\AuthenTec TrueSuite\x86\IEBHO.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
    BHO: Symantec VIP Access Add-On: {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll
    TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB: TrueSuite Toolbar: {C98EE38D-21E4-4A50-907D-2B56FEC7013E} - C:\Program Files\AuthenTec TrueSuite\x86\IEBHO.dll
    TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
    uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    uRun: [Google Update] "C:\Users\Chris\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
    uRun: [AdobeBridge] <no file>
    mRun: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
    mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
    mRun: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
    mRun: [Dolby Advanced Audio v2] "C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe" -autostart
    mRun: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [Fastboot] C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe
    mRun: [Lenovo Registration] C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot
    mRun: [IntelSBA] C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\Service\SBALaunchDelay.exe "C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\UI\IntelSmallBusinessAdvantage.exe -minimized" 60
    mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    mRun: [Aimersoft Helper Compact.exe] C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
    mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
    TCP: NameServer = 192.168.1.1 4.2.2.2
    TCP: Interfaces\{BBF75B1F-4EB1-4251-A3B7-2F7E17017AF1} : DHCPNameServer = 192.168.1.1 4.2.2.2
    TCP: Interfaces\{BBF75B1F-4EB1-4251-A3B7-2F7E17017AF1}\035324430383836363737373 : DHCPNameServer = 192.168.1.1 192.168.1.1
    TCP: Interfaces\{BBF75B1F-4EB1-4251-A3B7-2F7E17017AF1}\45753475966496 : DHCPNameServer = 209.18.47.61 209.18.47.62
    TCP: Interfaces\{BBF75B1F-4EB1-4251-A3B7-2F7E17017AF1}\E4544574541425 : DHCPNameServer = 10.0.0.1
    Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SSODL: WebCheck - <orphaned>
    LSA: Notification Packages = scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
    x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
    x64-BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20121014233553.dll
    x64-BHO: TrueSuite Browser Helper Object: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files\AuthenTec TrueSuite\IEBHO.dll
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
    x64-BHO: Symantec VIP Access Add-On: {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll
    x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
    x64-TB: TrueSuite Toolbar: {C98EE38D-21E4-4A50-907D-2B56FEC7013E} - C:\Program Files\AuthenTec TrueSuite\IEBHO.dll
    x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
    x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
    x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
    x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
    x64-Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
    x64-Run: [ForteConfig] C:\Program Files\Conexant\ForteConfig\fmapp.exe
    x64-Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SACpl.exe /t
    x64-Run: [TpShocks] TpShocks.exe
    x64-Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
    x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
    x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll
    x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
    x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-Notify: igfxcui - igfxdev.dll
    x64-SSODL: WebCheck - <orphaned>
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 Fastboot;Fastboot;C:\Windows\System32\drivers\Fastboot.sys [2012-6-27 70416]
    R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2012-6-27 16152]
    R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2012-7-17 771096]
    R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2012-7-17 339776]
    R0 TPDIGIMN;TPDIGIMN;C:\Windows\System32\drivers\ApsHM64.sys [2011-12-28 25416]
    R1 PHCORE;PHCORE;C:\Program Files\Lenovo\RapidBoot\PHCORE64.sys [2012-1-30 33344]
    R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
    R2 CxAudMsg;Conexant Audio Message Service;C:\Windows\System32\CxAudMsg64.exe [2012-6-27 198784]
    R2 DisplayLinkService;DisplayLinkManager;C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [2011-11-9 8447848]
    R2 FastbootService;FastbootService;C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe [2012-6-27 169776]
    R2 FPLService;TrueSuiteService;C:\Program Files\AuthenTec TrueSuite\TrueSuiteService.exe [2011-12-22 313672]
    R2 HitmanProScheduler;HitmanPro Scheduler;C:\Program Files\HitmanPro\hmpsched.exe [2012-12-26 108904]
    R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-2 628448]
    R2 Intel(R) ME Service;Intel(R) ME Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2012-6-27 128280]
    R2 Intel(R) Small Business Advantage;Intel(R) Small Business Advantage;C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe [2012-6-27 49376]
    R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2012-6-27 163608]
    R2 LENOVO.CAMMUTE;Lenovo Camera Mute;C:\Program Files\Lenovo\Communications Utility\CamMute.exe [2012-6-27 58192]
    R2 LENOVO.MICMUTE;Lenovo Microphone Mute;C:\Program Files\Lenovo\HOTKEY\micmute.exe [2012-3-26 101736]
    R2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe [2012-6-27 61264]
    R2 LENOVO.TVTVCAM;ThinkVantage Virtual Camera Controller;C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [2012-6-27 175440]
    R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe [2012-3-26 133992]
    R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-25 399432]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-25 676936]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-12-7 201304]
    R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-12-7 201304]
    R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-12-7 201304]
    R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-12-7 201304]
    R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2012-10-14 241016]
    R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2012-10-14 218320]
    R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2012-10-14 177680]
    R2 SAService;Conexant SmartAudio service;C:\Windows\System32\SAsrv.exe --> C:\Windows\System32\SAsrv.exe [?]
    R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
    R2 SpyHunter 4 Service;SpyHunter 4 Service;C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [2012-10-10 1021888]
    R2 TPHKLOAD;Lenovo Hotkey Client Loader;C:\Program Files\Lenovo\HOTKEY\tphkload.exe [2012-3-26 145256]
    R2 TPHKSVC;On Screen Display;C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe [2012-3-26 144960]
    R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-6-27 363800]
    R2 VIPAppService;VIPAppService;C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [2012-4-10 84080]
    R3 5U877;5U877;C:\Windows\System32\drivers\5U877.sys [2012-6-27 216064]
    R3 bcbtums;Bluetooth RAM Firmware Download USB Filter;C:\Windows\System32\drivers\bcbtums.sys [2012-6-27 163368]
    R3 btwampfl;btwampfl Bluetooth filter driver;C:\Windows\System32\drivers\btwampfl.sys [2012-6-27 594472]
    R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2012-6-27 39976]
    R3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2012-10-14 69672]
    R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-6-27 331264]
    R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-6-27 355096]
    R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-6-27 786200]
    R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-12-25 25928]
    R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2012-10-14 309400]
    R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2012-10-14 515528]
    R3 RSP2STOR;Realtek PCIE CardReader Driver - P2;C:\Windows\System32\drivers\RtsP2Stor.sys [2012-6-27 259688]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-6-27 565352]
    R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
    R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
    R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
    R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
    R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
    R3 TVTI2C;Lenovo SM bus driver;C:\Windows\System32\drivers\tvti2c.sys [2012-2-6 40248]
    R3 tvtvcamd;ThinkVantage Virtual Camera;C:\Windows\System32\drivers\tvtvcamd.sys [2012-6-27 27432]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 HyperW7Svc;HyperW7 Service;C:\Program Files\Lenovo\RapidBoot\HyperW7Svc64.exe [2012-2-2 145472]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944]
    S3 EsgScanner;EsgScanner;C:\Windows\System32\drivers\EsgScanner.sys [2012-12-25 22704]
    S3 HipShieldK;McAfee Inc. HipShieldK;C:\Windows\System32\drivers\HipShieldK.sys [2012-12-8 196440]
    S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2012-10-14 106112]
    S3 Power Manager DBC Service;Power Manager DBC Service;C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe [2012-6-27 1662528]
    S3 PwmEWSvc;Cisco EnergyWise Enabler;C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.exe [2012-6-27 1665088]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-10-16 1255736]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    .
    =============== Created Last 30 ================
    .
    2012-12-26 08:53:04 -------- d-----w- C:\Program Files\HitmanPro
    2012-12-26 08:52:51 -------- d-----w- C:\ProgramData\HitmanPro
    2012-12-26 05:39:39 -------- d-----w- C:\Users\Chris\AppData\Roaming\Malwarebytes
    2012-12-26 05:39:28 -------- d-----w- C:\ProgramData\Malwarebytes
    2012-12-26 05:39:26 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-12-26 05:39:25 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-12-26 04:37:15 22704 ----a-w- C:\Windows\System32\drivers\EsgScanner.sys
    2012-12-26 04:37:13 110080 ----a-r- C:\Users\Chris\AppData\Roaming\Microsoft\Installer\{83B952C7-F8F3-4CA3-B4C5-33C85B24E478}\IconF7A21AF7.exe
    2012-12-26 04:37:13 110080 ----a-r- C:\Users\Chris\AppData\Roaming\Microsoft\Installer\{83B952C7-F8F3-4CA3-B4C5-33C85B24E478}\IconD7F16134.exe
    2012-12-26 04:37:13 110080 ----a-r- C:\Users\Chris\AppData\Roaming\Microsoft\Installer\{83B952C7-F8F3-4CA3-B4C5-33C85B24E478}\Icon1226A4C5.exe
    2012-12-26 04:37:13 -------- d-----w- C:\sh4ldr
    2012-12-26 04:37:13 -------- d-----w- C:\Program Files\Enigma Software Group
    2012-12-26 04:36:45 -------- d-----w- C:\Windows\83B952C7F8F34CA3B4C533C85B24E478.TMP
    2012-12-24 11:53:35 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-12-21 19:22:18 46080 ----a-w- C:\Windows\System32\atmlib.dll
    2012-12-21 19:22:18 367616 ----a-w- C:\Windows\System32\atmfd.dll
    2012-12-21 19:22:18 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
    2012-12-21 19:22:17 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
    2012-12-20 08:30:33 -------- d-----w- C:\Program Files (x86)\BandiMPEG1
    2012-12-20 08:24:12 -------- d-----w- C:\Nexon
    2012-12-15 10:46:49 -------- d-sh--w- C:\found.001
    2012-12-14 23:47:25 -------- d-----w- C:\Users\Chris\AppData\Local\Chromium
    2012-12-14 20:01:17 -------- d-----w- C:\Users\Chris\AppData\Local\{4D0A8C3A-1875-4382-8CD2-25E12EBF0C58}
    2012-12-14 11:21:41 -------- d-----w- C:\Users\Chris\AppData\Local\PMB Files
    2012-12-14 11:21:40 -------- d-----w- C:\ProgramData\PMB Files
    2012-12-14 11:21:36 -------- d-----w- C:\Program Files (x86)\Pando Networks
    2012-12-14 11:21:30 -------- d-----w- C:\Users\Chris\AppData\Local\Pando_Temp
    2012-12-14 11:20:15 -------- d-----w- C:\Users\Chris\AppData\Local\assembly
    2012-12-14 11:20:00 -------- d-----w- C:\Program Files (x86)\NCSoft
    2012-12-13 06:04:55 -------- d-----w- C:\Users\Chris\AppData\Local\{4CD06E22-08C7-4057-A978-AE79EABC8092}
    2012-12-13 05:26:34 -------- d-----w- C:\Program Files (x86)\Aimersoft
    2012-12-13 05:22:09 -------- d-----w- C:\Users\Chris\AppData\Roaming\PDAppFlex
    2012-12-12 08:25:04 -------- d-----w- C:\Users\Chris\AppData\Local\4A Games
    2012-12-12 08:18:06 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation
    2012-12-12 08:05:25 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
    2012-12-12 06:13:58 478208 ----a-w- C:\Windows\System32\dpnet.dll
    2012-12-12 06:13:58 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll
    2012-12-11 23:03:59 73544 ----a-w- C:\Windows\System32\XAPOFX1_3.dll
    2012-12-09 21:12:24 -------- d-sh--w- C:\found.000
    2012-12-09 03:14:07 -------- d-----w- C:\Program Files (x86)\Password Recovery Tools 2012 Trial
    2012-12-08 18:27:08 -------- d-----w- C:\ProgramData\Nexon
    2012-12-08 18:13:36 -------- d-----w- C:\ProgramData\NexonUS
    2012-12-08 08:54:31 196440 ----a-w- C:\Windows\System32\drivers\HipShieldK.sys
    2012-12-07 19:29:43 -------- d-----w- C:\Users\Chris\AppData\Local\Facebook
    2012-12-06 19:22:59 5081608 ----a-w- C:\Windows\System32\d3dx9_36.dll
    2012-12-06 19:15:40 -------- d-----w- C:\Users\Chris\AppData\Local\Activision
    2012-12-06 19:05:37 -------- d-----w- C:\Program Files (x86)\Modern
    2012-12-05 21:51:08 -------- d-----w- C:\Games
    2012-12-05 21:50:02 -------- d-----w- C:\Users\Chris\AppData\Local\Black_Tree_Gaming
    2012-12-05 21:49:49 -------- d-----w- C:\Program Files\Nexus Mod Manager
    2012-12-01 03:35:57 -------- d-----r- C:\Program Files (x86)\Skype
    .
    ==================== Find3M ====================
    .
    2012-12-13 06:41:54 952 --sha-w- C:\ProgramData\KGyGaAvL.sys
    2012-11-22 03:26:40 3149824 ----a-w- C:\Windows\System32\win32k.sys
    2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll
    2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll
    2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2012-11-09 14:40:24 69672 ----a-w- C:\Windows\System32\drivers\cfwids.sys
    2012-11-09 14:37:42 339776 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys
    2012-11-09 14:37:30 177680 ----a-w- C:\Windows\System32\mfevtps.exe
    2012-11-09 14:36:40 10288 ----a-w- C:\Windows\System32\drivers\mfeclnk.sys
    2012-11-09 14:36:30 106112 ----a-w- C:\Windows\System32\drivers\mferkdet.sys
    2012-11-09 14:35:50 771096 ----a-w- C:\Windows\System32\drivers\mfehidk.sys
    2012-11-09 14:34:58 515528 ----a-w- C:\Windows\System32\drivers\mfefirek.sys
    2012-11-09 14:34:18 309400 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys
    2012-11-09 14:33:58 178840 ----a-w- C:\Windows\System32\drivers\mfeapfk.sys
    2012-11-09 05:45:09 2048 ----a-w- C:\Windows\System32\tzres.dll
    2012-11-09 04:42:49 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2012-11-03 22:25:26 431104 ----a-w- C:\Windows\System32\wrap_oal.dll
    2012-11-03 22:25:26 409600 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
    2012-11-03 22:25:26 136192 ----a-w- C:\Windows\System32\OpenAL32.dll
    2012-11-03 22:25:26 114688 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
    2012-10-16 08:38:37 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
    2012-10-16 08:38:34 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
    2012-10-16 07:39:52 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll
    2012-10-15 08:18:18 108008 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
    2012-10-15 08:18:14 916456 ----a-w- C:\Windows\System32\deployJava1.dll
    2012-10-15 08:18:14 1034216 ----a-w- C:\Windows\System32\npDeployJava1.dll
    2012-10-09 18:17:13 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll
    2012-10-09 18:17:13 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll
    2012-10-09 17:40:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll
    2012-10-09 17:40:31 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll
    2012-10-04 17:46:16 362496 ----a-w- C:\Windows\System32\wow64win.dll
    2012-10-04 17:46:15 243200 ----a-w- C:\Windows\System32\wow64.dll
    2012-10-04 17:46:15 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
    2012-10-04 17:45:55 215040 ----a-w- C:\Windows\System32\winsrv.dll
    2012-10-04 17:43:28 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
    2012-10-04 17:41:16 424960 ----a-w- C:\Windows\System32\KernelBase.dll
    2012-10-04 16:47:41 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
    2012-10-04 16:47:41 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
    2012-10-04 15:21:55 338432 ----a-w- C:\Windows\System32\conhost.exe
    2012-10-04 14:46:46 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
    2012-10-04 14:46:46 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
    2012-10-04 14:46:44 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
    2012-10-04 14:46:43 2048 ----a-w- C:\Windows\SysWow64\user.exe
    2012-10-04 14:41:50 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
    2012-10-04 14:41:50 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
    2012-10-04 14:41:50 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
    2012-10-04 14:41:50 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
    2012-10-03 17:56:54 1914248 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2012-10-03 17:44:21 70656 ----a-w- C:\Windows\System32\nlaapi.dll
    2012-10-03 17:44:21 303104 ----a-w- C:\Windows\System32\nlasvc.dll
    2012-10-03 17:44:17 246272 ----a-w- C:\Windows\System32\netcorehc.dll
    2012-10-03 17:44:17 18944 ----a-w- C:\Windows\System32\netevent.dll
    2012-10-03 17:44:16 216576 ----a-w- C:\Windows\System32\ncsi.dll
    2012-10-03 17:42:16 569344 ----a-w- C:\Windows\System32\iphlpsvc.dll
    2012-10-03 16:42:24 18944 ----a-w- C:\Windows\SysWow64\netevent.dll
    2012-10-03 16:42:24 175104 ----a-w- C:\Windows\SysWow64\netcorehc.dll
    2012-10-03 16:42:23 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll
    2012-10-03 16:07:26 45568 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys
    .
    ============= FINISH: 1:56:46.25 ===============


    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 10/14/2012 9:09:11 PM
    System Uptime: 12/26/2012 12:45:52 AM (1 hours ago)
    .
    Motherboard: LENOVO | | 3259AC5
    Processor: Intel(R) Core(TM) i5-3210M CPU @ 2.50GHz | CPU Socket - U3E1 | 2501/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 447 GiB total, 286.685 GiB free.
    D: is CDROM ()
    Q: is FIXED (NTFS) - 18 GiB total, 4.515 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP41: 12/25/2012 8:36:50 PM - Installed SpyHunter
    .
    ==== Installed Programs ======================
    .
    µTorrent
    Absolute Reminder
    Adobe AIR
    Adobe Download Assistant
    Adobe Flash Player 10 ActiveX
    Adobe Photoshop CS6
    Adobe Reader X MUI
    Aimersoft DVD Creator(Build 2.6.5)
    Aion
    Anime Studio Pro 9.1
    Anime Studio Pro 9.1 (x86)
    Asteroids
    AuthenTec TrueSuite
    Bandisoft MPEG-1 Decoder
    Broadcom 802.11 Network Adapter
    Burn.Now 4.5
    Call of Duty - World at War
    Cisco EAP-FAST Module
    Cisco LEAP Module
    Cisco PEAP Module
    Conexant HD Audio
    Corel Burn.Now Lenovo Edition
    Corel DVD MovieFactory 7
    Corel DVD MovieFactory Lenovo Edition
    Corel WinDVD
    Create Recovery Media
    D3DX10
    Direct DiscRecorder
    DisplayLink Core Software
    DVD-Cloner V9.70 Build 1116
    Evernote v. 4.2.3
    Facebook Video Calling 1.2.0.287
    Google Chrome
    Google Talk Plugin
    Google Toolbar for Internet Explorer
    Google Update Helper
    HitmanPro 3.7
    ImgBurn
    Integrated Camera Driver Installer Package Ver.1.2.1.16
    Intel(R) Control Center
    Intel(R) Manageability Engine Firmware Recovery Agent
    Intel(R) Management Engine Components
    Intel(R) OpenCL CPU Runtime
    Intel(R) Processor Graphics
    Intel(R) Update Manager
    Intel(R) USB 3.0 eXtensible Host Controller Driver
    Intel® Trusted Connect Service Client
    Java 7 Update 7 (64-bit)
    Junk Mail filter update
    Lenovo Auto Scroll Utility
    Lenovo Graphics Software
    Lenovo Patch Utility
    Lenovo Patch Utility 64 bit
    Lenovo Registration
    Lenovo SimpleTap
    Lenovo Solution Center
    Lenovo Solutions for Small Business
    Lenovo Solutions for Small Business Customizations
    Lenovo User Guide
    Lenovo Warranty Information
    Lenovo Welcome
    Malwarebytes Anti-Malware version 1.65.1.1000
    McAfee AntiVirus Plus
    Mesh Runtime
    Message Center Plus
    Metro 2033
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Application Error Reporting
    Microsoft Office 2010
    Microsoft Office Click-to-Run 2010
    Microsoft Office Starter 2010 - English
    Microsoft PowerPoint Viewer
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable (x64)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft_VC80_CRT_x86
    Microsoft_VC90_CRT_x86
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    NCsoft Launcher
    Nexon Game Manager
    Nexus Mod Manager
    NVIDIA PhysX
    On Screen Display
    OpenAL
    Pando Media Booster
    Password Recovery Tools 2012 Trial
    PCSX2 - Playstation 2 Emulator
    PDF Settings CS6
    Plants vs. Zombies
    Power Manager
    RapidBoot
    RapidBoot HDD Accelerator
    Realtek Ethernet Controller Driver
    Realtek PCIE Card Reader
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Shared C Run-time for x64
    Skype™ 6.0
    SpyHunter
    Steam
    SugarSync Manager
    System Update
    Team Fortress 2
    ThinkPad Power Management Driver
    ThinkPad UltraNav Driver
    ThinkVantage Active Protection System
    ThinkVantage Communications Utility
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2600217)
    Vindictus
    VIP Access
    WIDCOMM Bluetooth Software
    Windows Driver Package - Intel (iaStor) hdc (11/29/2011 11.0.0.1032)
    Windows Driver Package - Lenovo 1.65.05.20 (02/29/2012 1.65.05.20)
    Windows Driver Package - Synaptics (SynTP) Mouse (04/02/2012 16.0.5.2)
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Language Selector
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live Remote Client
    Windows Live Remote Client Resources
    Windows Live Remote Service
    Windows Live Remote Service Resources
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    WinRAR 4.20 (32-bit)
    .
    ==== Event Viewer Messages From Past Week ========
    .
    12/25/2012 7:08:29 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the LENOVO.CAMMUTE service.
    12/25/2012 11:45:58 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {395633B1-EED9-4DFC-B67F-9788B51C9F06}
    12/25/2012 11:44:41 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    12/25/2012 11:44:41 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McAfee SiteAdvisor Service with arguments "" in order to run the server: {5A90F5EE-16B8-4C2A-81B3-FD5329BA477C}
    12/25/2012 11:07:00 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}
    12/25/2012 11:04:58 PM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start.
    12/25/2012 11:03:31 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    12/25/2012 11:03:31 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    12/25/2012 11:03:31 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    12/25/2012 11:03:31 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    12/25/2012 11:03:30 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    12/25/2012 11:03:22 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    12/25/2012 11:02:53 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache mfehidk NetBIOS NetBT nsiproxy Psched rdbss spldr tdx TPPWRIF vwififlt Wanarpv6 WfpLwf
    12/25/2012 11:02:53 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    12/25/2012 11:02:53 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    12/25/2012 11:02:53 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    12/25/2012 11:02:53 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    12/25/2012 11:02:53 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    12/25/2012 11:02:53 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
    12/25/2012 11:02:53 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    12/25/2012 11:02:53 PM, Error: Service Control Manager [7001] - The McAfee Validation Trust Protection Service service depends on the McAfee Inc. mfehidk service which failed to start because of the following error: A device attached to the system is not functioning.
    12/25/2012 11:02:53 PM, Error: Service Control Manager [7001] - The McAfee Proxy Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.
    12/25/2012 11:02:53 PM, Error: Service Control Manager [7001] - The McAfee Personal Firewall Service service depends on the Windows Firewall service which failed to start because of the following error: The dependency service or group failed to start.
    12/25/2012 11:02:53 PM, Error: Service Control Manager [7001] - The McAfee McShield service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.
    12/25/2012 11:02:53 PM, Error: Service Control Manager [7001] - The McAfee Firewall Core Service service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.
    12/25/2012 11:02:53 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    12/25/2012 11:02:53 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    12/25/2012 11:02:53 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    12/25/2012 11:02:53 PM, Error: Service Control Manager [7001] - The Conexant Audio Message Service service depends on the Windows Audio service which failed to start because of the following error: The dependency service or group failed to start.
    12/25/2012 10:24:06 AM, Error: Service Control Manager [7034] - The Windows Biometric Service service terminated unexpectedly. It has done this 1 time(s).
    12/25/2012 10:23:37 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Intel(R) Small Business Advantage service.
    12/24/2012 5:19:27 AM, Error: Service Control Manager [7038] - The upnphost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    12/24/2012 5:19:27 AM, Error: Service Control Manager [7000] - The UPnP Device Host service failed to start due to the following error: The service did not start due to a logon failure.
    12/24/2012 5:19:27 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1069" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}
    12/24/2012 4:33:02 PM, Error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.1.66 with the system having network hardware address 00-26-BB-94-E0-AD. Network operations on this system may be disrupted as a result.
    12/23/2012 9:30:29 AM, Error: volsnap [25] - The shadow copies of volume C: were deleted because the shadow copy storage could not grow in time. Consider reducing the IO load on the system or choose a shadow copy storage volume that is not being shadow copied.
    12/22/2012 12:39:42 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Presentation Foundation Font Cache 3.0.0.0 service to connect.
    12/22/2012 12:39:42 PM, Error: Service Control Manager [7000] - The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    12/21/2012 7:49:55 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TPHKSVC service.
    12/21/2012 11:43:52 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
    12/21/2012 11:43:52 AM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    .
    ==== End Of File ===========================
     
  2. MrPokemon

    MrPokemon Thread Starter

    Joined:
    Dec 26, 2012
    Messages:
    12
  3. MrPokemon

    MrPokemon Thread Starter

    Joined:
    Dec 26, 2012
    Messages:
    12
  4. MrPokemon

    MrPokemon Thread Starter

    Joined:
    Dec 26, 2012
    Messages:
    12
  5. CatByte

    CatByte Malware Specialist

    Joined:
    Feb 24, 2009
    Messages:
    3,930
    Please do the following:

    Download the appropriate version for your system of the Farbar Recovery Scan Tool and save it to a flash drive. (Choose the correct version depending on which architecture operating system you are using, 32bit (x86) or 64 (x64) bit)

    Plug the flashdrive into the infected PC.

    Enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Choose your language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.
    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Choose your language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.
    On the System Recovery Options menu you will get the following options:

      • Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to the disclaimer.
    • Place a check next to List Drivers MD5 as well as the default check marks that are already there
    • Press Scan button.
    • FRST will let you know when the scan is complete and has written the FRST.txt to file, close out this message, then type the following into the search box:
      services.exe
    • now press the search button
    • when the search is complete, search.txt will also be written to your USB
    • type exit and reboot the computer normally
    • please copy and paste both logs in your reply.(FRST.txt and Search.txt)
     
  6. MrPokemon

    MrPokemon Thread Starter

    Joined:
    Dec 26, 2012
    Messages:
    12
    it didn't allow me to run either one.
    i have a 64-bit laptop ant it kept telling me that it wasn't supported and when i tried the 32-bit it just said something about the sub-image missing
     
  7. CatByte

    CatByte Malware Specialist

    Joined:
    Feb 24, 2009
    Messages:
    3,930
    ok we'll try a different tool

    Please run the following

    Refer to the ComboFix User's Guide

    1. Download ComboFix from the following location:

      Link

      * IMPORTANT !!! Place ComboFix.exe on your Desktop
    2. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
      You can get help on disabling your protection programs here
    3. Double click on ComboFix.exe & follow the prompts.
    4. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
    5. When finished, it shall produce a log for you. Post that log in your next reply

      Note:
      Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


      ---------------------------------------------------------------------------------------------
    6. Ensure your AntiVirus and AntiSpyware applications are re-enabled.

      ---------------------------------------------------------------------------------------------

    NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
     
  8. MrPokemon

    MrPokemon Thread Starter

    Joined:
    Dec 26, 2012
    Messages:
    12
    HERE YOU GO


    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5738.3614 [GMT -8:00]
    Running from: c:\users\Chris\Desktop\ComboFix.exe
    AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
    FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
    SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\Chris\AppData\Local\assembly\tmp
    Q:\Autorun.inf
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-12-07 to 2013-01-07 )))))))))))))))))))))))))))))))
    .
    .
    2013-01-07 02:19 . 2013-01-07 02:19 -------- d-----w- c:\users\Default\AppData\Local\temp
    2013-01-06 08:21 . 2013-01-06 08:21 -------- d-----w- c:\users\Chris\AppData\Local\ElevatedDiagnostics
    2013-01-01 22:31 . 2013-01-01 22:31 -------- d-----w- c:\users\Chris\AppData\Local\Daring_Development_Inc
    2013-01-01 22:30 . 2013-01-01 22:30 -------- d-----w- c:\program files (x86)\Daring Development
    2013-01-01 21:14 . 2013-01-01 21:14 -------- d-----w- c:\users\Chris\AppData\Local\Programs
    2012-12-28 19:31 . 2012-12-28 19:31 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
    2012-12-28 19:31 . 2012-12-28 19:31 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
    2012-12-28 19:30 . 2012-12-28 19:30 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
    2012-12-28 19:30 . 2012-12-28 19:30 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
    2012-12-26 08:53 . 2012-12-26 08:53 -------- d-----w- c:\program files\HitmanPro
    2012-12-26 08:52 . 2012-12-26 09:22 -------- d-----w- c:\programdata\HitmanPro
    2012-12-26 05:39 . 2012-12-26 05:39 -------- d-----w- c:\users\Chris\AppData\Roaming\Malwarebytes
    2012-12-26 05:39 . 2012-12-26 05:39 -------- d-----w- c:\programdata\Malwarebytes
    2012-12-26 05:39 . 2012-12-15 00:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-12-26 05:39 . 2013-01-01 21:14 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-12-26 04:37 . 2012-12-26 04:37 -------- d-----w- c:\program files\Enigma Software Group
    2012-12-26 04:36 . 2012-12-26 10:29 -------- d-----w- c:\windows\83B952C7F8F34CA3B4C533C85B24E478.TMP
    2012-12-24 11:53 . 2012-12-24 12:19 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-12-21 19:22 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
    2012-12-21 19:22 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
    2012-12-21 19:22 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
    2012-12-21 19:22 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
    2012-12-20 08:30 . 2012-12-20 08:30 -------- d-----w- c:\program files (x86)\BandiMPEG1
    2012-12-20 08:24 . 2012-12-20 08:24 -------- d-----w- C:\Nexon
    2012-12-15 10:46 . 2012-12-15 10:46 -------- d-----w- C:\found.001
    2012-12-14 23:47 . 2012-12-14 23:47 -------- d-----w- c:\users\Chris\AppData\Local\Chromium
    2012-12-14 11:21 . 2013-01-06 09:17 -------- d-----w- c:\users\Chris\AppData\Local\PMB Files
    2012-12-14 11:21 . 2012-12-14 23:22 -------- d-----w- c:\programdata\PMB Files
    2012-12-14 11:21 . 2012-12-14 11:21 -------- d-----w- c:\program files (x86)\Pando Networks
    2012-12-14 11:21 . 2012-12-14 11:21 -------- d-----w- c:\users\Chris\AppData\Local\Pando_Temp
    2012-12-14 11:20 . 2013-01-07 02:08 -------- d-----w- c:\users\Chris\AppData\Local\assembly
    2012-12-14 11:20 . 2012-12-14 11:22 -------- d-----w- c:\program files (x86)\NCSoft
    2012-12-14 11:19 . 2012-12-14 11:19 -------- d-----w- c:\users\Chris\AppData\Roaming\InstallShield
    2012-12-13 05:26 . 2012-12-13 05:26 -------- d-----w- c:\program files (x86)\Aimersoft
    2012-12-13 05:22 . 2012-12-13 05:22 -------- d-----w- c:\users\Chris\AppData\Roaming\PDAppFlex
    2012-12-12 08:25 . 2012-12-12 08:25 -------- d-----w- c:\users\Chris\AppData\Local\4A Games
    2012-12-12 08:18 . 2012-12-12 08:18 -------- d-----w- c:\program files (x86)\NVIDIA Corporation
    2012-12-12 08:05 . 2012-12-26 04:36 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
    2012-12-12 06:13 . 2012-11-02 05:59 478208 ----a-w- c:\windows\system32\dpnet.dll
    2012-12-12 06:13 . 2012-11-02 05:11 376832 ----a-w- c:\windows\SysWow64\dpnet.dll
    2012-12-11 23:03 . 2009-09-05 01:44 73544 ----a-w- c:\windows\system32\XAPOFX1_3.dll
    2012-12-09 21:12 . 2012-12-09 21:12 -------- d-----w- C:\found.000
    2012-12-09 05:20 . 2012-12-09 05:28 -------- d-----w- c:\users\Chris\AppData\Roaming\ImgBurn
    2012-12-09 05:15 . 2012-12-09 05:15 -------- d-----w- c:\program files (x86)\ImgBurn
    2012-12-09 03:14 . 2012-12-09 03:14 -------- d-----w- c:\program files (x86)\Password Recovery Tools 2012 Trial
    2012-12-08 18:27 . 2012-12-08 18:27 -------- d-----w- c:\programdata\Nexon
    2012-12-08 08:54 . 2012-04-21 00:40 196440 ----a-w- c:\windows\system32\drivers\HipShieldK.sys
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-12-13 06:41 . 2012-11-04 20:33 952 --sha-w- c:\programdata\KGyGaAvL.sys
    2012-11-09 14:40 . 2012-10-15 06:35 69672 ----a-w- c:\windows\system32\drivers\cfwids.sys
    2012-11-09 14:37 . 2012-07-17 21:52 339776 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
    2012-11-09 14:37 . 2012-10-15 05:57 177680 ----a-w- c:\windows\system32\mfevtps.exe
    2012-11-09 14:36 . 2012-10-15 06:35 10288 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
    2012-11-09 14:36 . 2012-10-15 06:35 106112 ----a-w- c:\windows\system32\drivers\mferkdet.sys
    2012-11-09 14:35 . 2012-07-17 21:50 771096 ----a-w- c:\windows\system32\drivers\mfehidk.sys
    2012-11-09 14:34 . 2012-10-15 06:35 515528 ----a-w- c:\windows\system32\drivers\mfefirek.sys
    2012-11-09 14:34 . 2012-10-15 06:35 309400 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
    2012-11-09 14:33 . 2012-07-17 21:48 178840 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
    2012-11-03 22:25 . 2012-11-02 11:39 431104 ----a-w- c:\windows\system32\wrap_oal.dll
    2012-11-03 22:25 . 2012-11-02 11:39 409600 ----a-w- c:\windows\SysWow64\wrap_oal.dll
    2012-11-03 22:25 . 2012-11-02 11:39 136192 ----a-w- c:\windows\system32\OpenAL32.dll
    2012-11-03 22:25 . 2012-11-02 11:39 114688 ----a-w- c:\windows\SysWow64\OpenAL32.dll
    2012-10-16 08:38 . 2012-11-27 23:53 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
    2012-10-16 08:38 . 2012-11-27 23:53 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
    2012-10-16 07:39 . 2012-11-27 23:53 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
    2012-10-15 08:18 . 2012-10-15 08:18 108008 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
    2012-10-15 08:18 . 2012-10-15 08:18 289768 ----a-w- c:\windows\system32\javaws.exe
    2012-10-15 08:18 . 2012-10-15 08:18 189416 ----a-w- c:\windows\system32\javaw.exe
    2012-10-15 08:18 . 2012-10-15 08:18 188904 ----a-w- c:\windows\system32\java.exe
    2012-10-15 08:18 . 2012-10-15 08:18 916456 ----a-w- c:\windows\system32\deployJava1.dll
    2012-10-15 08:18 . 2012-10-15 08:18 1034216 ----a-w- c:\windows\system32\npDeployJava1.dll
    2012-10-15 04:10 . 2010-06-24 18:33 19720 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2012-10-09 18:17 . 2012-11-25 03:06 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll
    2012-10-09 18:17 . 2012-11-25 03:06 226816 ----a-w- c:\windows\system32\dhcpcore6.dll
    2012-10-09 17:40 . 2012-11-25 03:06 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll
    2012-10-09 17:40 . 2012-11-25 03:06 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-06-27 39408]
    "Steam"="c:\program files (x86)\Steam\steam.exe" [2012-12-04 1354736]
    "Facebook Update"="c:\users\Chris\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-12-07 138096]
    "Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2012-12-14 3093624]
    "NCsoft Launcher"="c:\program files (x86)\NCSoft\Launcher\NCLauncher.exe" [2012-12-14 38744]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "IMSS"="c:\program files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2012-03-06 133400]
    "USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-01-04 291608]
    "RotateImage"="c:\program files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe" [2008-10-30 55808]
    "Dolby Advanced Audio v2"="c:\program files (x86)\Dolby Advanced Audio v2\pcee4.exe" [2011-12-21 507744]
    "PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2012-04-11 5939776]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-16 932288]
    "Fastboot"="c:\program files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe" [2012-01-17 1091376]
    "Lenovo Registration"="c:\program files (x86)\Lenovo Registration\LenovoReg.exe" [2011-07-14 4351712]
    "IntelSBA"="c:\program files (x86)\Intel\Intel(R) Small Business Advantage\Service\SBALaunchDelay.exe" [2012-02-27 55520]
    "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-09-12 1535112]
    "Aimersoft Helper Compact.exe"="c:\program files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe" [2012-02-20 1666560]
    "AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-10 1073312]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2012-4-1 1390368]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Notification Packages REG_MULTI_SZ scecli c:\program files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 HyperW7Svc;HyperW7 Service;c:\program files\Lenovo\RapidBoot\HyperW7Svc64.exe [2012-02-02 145472]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
    R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
    R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
    R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2012-04-21 196440]
    R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-11-09 106112]
    R3 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE [2012-04-11 1665088]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-10-16 1255736]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
    S0 Fastboot;Fastboot;c:\windows\System32\DRIVERS\Fastboot.sys [2012-01-17 70416]
    S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-01-04 16152]
    S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-11-09 339776]
    S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys [2011-12-29 25416]
    S1 PHCORE;PHCORE;c:\program files\Lenovo\RapidBoot\PHCORE64.SYS [2012-01-31 33344]
    S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
    S2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg64.exe [2010-12-17 198784]
    S2 DisplayLinkService;DisplayLinkManager;c:\program files\DisplayLink Core Software\DisplayLinkManager.exe [2011-11-09 8447848]
    S2 FastbootService;FastbootService;c:\program files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe [2012-01-17 169776]
    S2 FPLService;TrueSuiteService;c:\program files\AuthenTec TrueSuite\TrueSuiteService.exe [2011-12-23 313672]
    S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-02-03 628448]
    S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2012-03-06 128280]
    S2 Intel(R) Small Business Advantage;Intel(R) Small Business Advantage;c:\program files (x86)\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe [2012-02-27 49376]
    S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2012-03-06 163608]
    S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [2012-04-11 58192]
    S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2011-07-12 101736]
    S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [2012-04-11 61264]
    S2 LENOVO.TVTVCAM;ThinkVantage Virtual Camera Controller;c:\program files\Lenovo\Communications Utility\vcamsvc.exe [2012-04-11 175440]
    S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2011-07-12 133992]
    S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-15 398184]
    S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-15 682344]
    S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304]
    S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304]
    S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304]
    S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-11-09 218320]
    S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-11-09 177680]
    S2 SAService;Conexant SmartAudio service;c:\windows\system32\SAsrv.exe [x]
    S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
    S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [2011-07-12 145256]
    S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2011-12-29 144960]
    S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-03-06 363800]
    S2 VIPAppService;VIPAppService;c:\program files (x86)\Symantec\VIP Access Client\VIPAppService.exe [2012-04-10 84080]
    S3 5U877;5U877;c:\windows\system32\DRIVERS\5U877.sys [2012-02-16 216064]
    S3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys [2012-04-01 163368]
    S3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys [2012-04-01 594472]
    S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2011-09-17 39976]
    S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-11-09 69672]
    S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-12-06 331264]
    S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-01-04 355096]
    S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-01-04 786200]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-15 24176]
    S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-11-09 515528]
    S3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2012-04-11 1662528]
    S3 RSP2STOR;Realtek PCIE CardReader Driver - P2;c:\windows\system32\DRIVERS\RtsP2Stor.sys [2011-10-27 259688]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-08-23 565352]
    S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
    S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
    S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
    S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
    S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
    S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys [2011-05-29 40248]
    S3 tvtvcamd;ThinkVantage Virtual Camera;c:\windows\system32\DRIVERS\tvtvcamd.sys [2011-12-08 27432]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *Deregistered* - mfeavfk01
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-01-07 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3910317161-2487669532-2512826936-1001Core.job
    - c:\users\Chris\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-12-07 19:29]
    .
    2013-01-07 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3910317161-2487669532-2512826936-1001UA.job
    - c:\users\Chris\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-12-07 19:29]
    .
    2013-01-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-27 10:41]
    .
    2013-01-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-27 10:41]
    .
    2013-01-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3910317161-2487669532-2512826936-1001Core.job
    - c:\users\Chris\AppData\Local\Google\Update\GoogleUpdate.exe [2012-10-16 04:15]
    .
    2013-01-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3910317161-2487669532-2512826936-1001UA.job
    - c:\users\Chris\AppData\Local\Google\Update\GoogleUpdate.exe [2012-10-16 04:15]
    .
    2013-01-06 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
    - c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 20:41]
    .
    2013-01-07 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
    - c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 20:41]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]
    @="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}"
    [HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]
    2012-02-29 06:38 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]
    @="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}"
    [HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]
    2012-02-29 06:38 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]
    @="{A759AFF6-5851-457D-A540-F4ECED148351}"
    [HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}]
    2012-02-29 06:38 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]
    @="{1574C9EF-7D58-488F-B358-8B78C1538F51}"
    [HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]
    2012-02-29 06:38 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-02-09 398616]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2012-02-09 440600]
    "cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2012-03-01 564352]
    "ForteConfig"="c:\program files\Conexant\ForteConfig\fmapp.exe" [2010-10-26 49056]
    "SmartAudio"="c:\program files\CONEXANT\SAII\SACpl.exe" [2012-02-21 1654400]
    "TpShocks"="TpShocks.exe" [2012-02-25 382528]
    "LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2012-04-11 283984]
    "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    TCP: DhcpNameServer = 192.168.1.1 4.2.2.2
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    Wow6432Node-HKCU-Run-AdobeBridge - (no file)
    Wow6432Node-HKCU-Run-PlayNC Launcher - (no file)
    Wow6432Node-HKLM-Run-SwitchBoard - c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    SafeBoot-61302845.sys
    Toolbar-Locked - (no file)
    HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
    AddRemove-DVD-Cloner 9_is1 - c:\users\Chris\Desktop\Test\DVD-Cloner\unins000.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Fastboot]
    "ImagePath"=multi:"System32\DRIVERS\Fastboot.sys\00"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Fastboot]
    "ImagePath"=multi:"System32\DRIVERS\Fastboot.sys\00"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
     
  9. CatByte

    CatByte Malware Specialist

    Joined:
    Feb 24, 2009
    Messages:
    3,930
    was that all there was to the log as it appears to have been cut off?

    The log should be located at C:\ComboFix.txt


    Please run the following:

    Please download TDSSKiller.zip
    • Extract it to your desktop
    • Double click TDSSKiller.exe
    • when the window opens, click on Change Parameters
    • under &#8221;Additional options&#8221;, put a check mark in the box next to &#8220;Detect TDLFS File System&#8221;
    • click OK
    • Press Start Scan
      • If Malicious objects are found then ensure Cure is selected
      • If TDLFS File System/TDSS File system is found then ensure Cure is selected (if cure is not available, choose skip)
      • Then click Continue > Reboot now
    • Copy and paste the log in your next reply
      • A copy of the log will be saved automatically to the root of the drive (typically C:\)
     
  10. MrPokemon

    MrPokemon Thread Starter

    Joined:
    Dec 26, 2012
    Messages:
    12
    i guess it was cut off because when the program finished scanning the log file it popped up and showed me the log file so i pasted it thinking it was complete.Sorry about that,let me post it again

    ComboFix 13-01-06.01 - Chris 01/06/2013 17:59:42.1.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5738.3614 [GMT -8:00]
    Running from: c:\users\Chris\Desktop\ComboFix.exe
    AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
    FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
    SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\Chris\AppData\Local\assembly\tmp
    Q:\Autorun.inf
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-12-07 to 2013-01-07 )))))))))))))))))))))))))))))))
    .
    .
    2013-01-07 02:19 . 2013-01-07 02:19 -------- d-----w- c:\users\Default\AppData\Local\temp
    2013-01-06 08:21 . 2013-01-06 08:21 -------- d-----w- c:\users\Chris\AppData\Local\ElevatedDiagnostics
    2013-01-01 22:31 . 2013-01-01 22:31 -------- d-----w- c:\users\Chris\AppData\Local\Daring_Development_Inc
    2013-01-01 22:30 . 2013-01-01 22:30 -------- d-----w- c:\program files (x86)\Daring Development
    2013-01-01 21:14 . 2013-01-01 21:14 -------- d-----w- c:\users\Chris\AppData\Local\Programs
    2012-12-28 19:31 . 2012-12-28 19:31 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
    2012-12-28 19:31 . 2012-12-28 19:31 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
    2012-12-28 19:30 . 2012-12-28 19:30 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
    2012-12-28 19:30 . 2012-12-28 19:30 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
    2012-12-26 08:53 . 2012-12-26 08:53 -------- d-----w- c:\program files\HitmanPro
    2012-12-26 08:52 . 2012-12-26 09:22 -------- d-----w- c:\programdata\HitmanPro
    2012-12-26 05:39 . 2012-12-26 05:39 -------- d-----w- c:\users\Chris\AppData\Roaming\Malwarebytes
    2012-12-26 05:39 . 2012-12-26 05:39 -------- d-----w- c:\programdata\Malwarebytes
    2012-12-26 05:39 . 2012-12-15 00:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-12-26 05:39 . 2013-01-01 21:14 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-12-26 04:37 . 2012-12-26 04:37 -------- d-----w- c:\program files\Enigma Software Group
    2012-12-26 04:36 . 2012-12-26 10:29 -------- d-----w- c:\windows\83B952C7F8F34CA3B4C533C85B24E478.TMP
    2012-12-24 11:53 . 2012-12-24 12:19 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-12-21 19:22 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
    2012-12-21 19:22 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
    2012-12-21 19:22 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
    2012-12-21 19:22 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
    2012-12-20 08:30 . 2012-12-20 08:30 -------- d-----w- c:\program files (x86)\BandiMPEG1
    2012-12-20 08:24 . 2012-12-20 08:24 -------- d-----w- C:\Nexon
    2012-12-15 10:46 . 2012-12-15 10:46 -------- d-----w- C:\found.001
    2012-12-14 23:47 . 2012-12-14 23:47 -------- d-----w- c:\users\Chris\AppData\Local\Chromium
    2012-12-14 11:21 . 2013-01-06 09:17 -------- d-----w- c:\users\Chris\AppData\Local\PMB Files
    2012-12-14 11:21 . 2012-12-14 23:22 -------- d-----w- c:\programdata\PMB Files
    2012-12-14 11:21 . 2012-12-14 11:21 -------- d-----w- c:\program files (x86)\Pando Networks
    2012-12-14 11:21 . 2012-12-14 11:21 -------- d-----w- c:\users\Chris\AppData\Local\Pando_Temp
    2012-12-14 11:20 . 2013-01-07 02:08 -------- d-----w- c:\users\Chris\AppData\Local\assembly
    2012-12-14 11:20 . 2012-12-14 11:22 -------- d-----w- c:\program files (x86)\NCSoft
    2012-12-14 11:19 . 2012-12-14 11:19 -------- d-----w- c:\users\Chris\AppData\Roaming\InstallShield
    2012-12-13 05:26 . 2012-12-13 05:26 -------- d-----w- c:\program files (x86)\Aimersoft
    2012-12-13 05:22 . 2012-12-13 05:22 -------- d-----w- c:\users\Chris\AppData\Roaming\PDAppFlex
    2012-12-12 08:25 . 2012-12-12 08:25 -------- d-----w- c:\users\Chris\AppData\Local\4A Games
    2012-12-12 08:18 . 2012-12-12 08:18 -------- d-----w- c:\program files (x86)\NVIDIA Corporation
    2012-12-12 08:05 . 2012-12-26 04:36 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
    2012-12-12 06:13 . 2012-11-02 05:59 478208 ----a-w- c:\windows\system32\dpnet.dll
    2012-12-12 06:13 . 2012-11-02 05:11 376832 ----a-w- c:\windows\SysWow64\dpnet.dll
    2012-12-11 23:03 . 2009-09-05 01:44 73544 ----a-w- c:\windows\system32\XAPOFX1_3.dll
    2012-12-09 21:12 . 2012-12-09 21:12 -------- d-----w- C:\found.000
    2012-12-09 05:20 . 2012-12-09 05:28 -------- d-----w- c:\users\Chris\AppData\Roaming\ImgBurn
    2012-12-09 05:15 . 2012-12-09 05:15 -------- d-----w- c:\program files (x86)\ImgBurn
    2012-12-09 03:14 . 2012-12-09 03:14 -------- d-----w- c:\program files (x86)\Password Recovery Tools 2012 Trial
    2012-12-08 18:27 . 2012-12-08 18:27 -------- d-----w- c:\programdata\Nexon
    2012-12-08 08:54 . 2012-04-21 00:40 196440 ----a-w- c:\windows\system32\drivers\HipShieldK.sys
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-12-13 06:41 . 2012-11-04 20:33 952 --sha-w- c:\programdata\KGyGaAvL.sys
    2012-11-09 14:40 . 2012-10-15 06:35 69672 ----a-w- c:\windows\system32\drivers\cfwids.sys
    2012-11-09 14:37 . 2012-07-17 21:52 339776 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
    2012-11-09 14:37 . 2012-10-15 05:57 177680 ----a-w- c:\windows\system32\mfevtps.exe
    2012-11-09 14:36 . 2012-10-15 06:35 10288 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
    2012-11-09 14:36 . 2012-10-15 06:35 106112 ----a-w- c:\windows\system32\drivers\mferkdet.sys
    2012-11-09 14:35 . 2012-07-17 21:50 771096 ----a-w- c:\windows\system32\drivers\mfehidk.sys
    2012-11-09 14:34 . 2012-10-15 06:35 515528 ----a-w- c:\windows\system32\drivers\mfefirek.sys
    2012-11-09 14:34 . 2012-10-15 06:35 309400 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
    2012-11-09 14:33 . 2012-07-17 21:48 178840 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
    2012-11-03 22:25 . 2012-11-02 11:39 431104 ----a-w- c:\windows\system32\wrap_oal.dll
    2012-11-03 22:25 . 2012-11-02 11:39 409600 ----a-w- c:\windows\SysWow64\wrap_oal.dll
    2012-11-03 22:25 . 2012-11-02 11:39 136192 ----a-w- c:\windows\system32\OpenAL32.dll
    2012-11-03 22:25 . 2012-11-02 11:39 114688 ----a-w- c:\windows\SysWow64\OpenAL32.dll
    2012-10-16 08:38 . 2012-11-27 23:53 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
    2012-10-16 08:38 . 2012-11-27 23:53 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
    2012-10-16 07:39 . 2012-11-27 23:53 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
    2012-10-15 08:18 . 2012-10-15 08:18 108008 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
    2012-10-15 08:18 . 2012-10-15 08:18 289768 ----a-w- c:\windows\system32\javaws.exe
    2012-10-15 08:18 . 2012-10-15 08:18 189416 ----a-w- c:\windows\system32\javaw.exe
    2012-10-15 08:18 . 2012-10-15 08:18 188904 ----a-w- c:\windows\system32\java.exe
    2012-10-15 08:18 . 2012-10-15 08:18 916456 ----a-w- c:\windows\system32\deployJava1.dll
    2012-10-15 08:18 . 2012-10-15 08:18 1034216 ----a-w- c:\windows\system32\npDeployJava1.dll
    2012-10-15 04:10 . 2010-06-24 18:33 19720 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2012-10-09 18:17 . 2012-11-25 03:06 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll
    2012-10-09 18:17 . 2012-11-25 03:06 226816 ----a-w- c:\windows\system32\dhcpcore6.dll
    2012-10-09 17:40 . 2012-11-25 03:06 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll
    2012-10-09 17:40 . 2012-11-25 03:06 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-06-27 39408]
    "Steam"="c:\program files (x86)\Steam\steam.exe" [2012-12-04 1354736]
    "Facebook Update"="c:\users\Chris\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-12-07 138096]
    "Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2012-12-14 3093624]
    "NCsoft Launcher"="c:\program files (x86)\NCSoft\Launcher\NCLauncher.exe" [2012-12-14 38744]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "IMSS"="c:\program files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2012-03-06 133400]
    "USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-01-04 291608]
    "RotateImage"="c:\program files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe" [2008-10-30 55808]
    "Dolby Advanced Audio v2"="c:\program files (x86)\Dolby Advanced Audio v2\pcee4.exe" [2011-12-21 507744]
    "PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2012-04-11 5939776]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-16 932288]
    "Fastboot"="c:\program files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe" [2012-01-17 1091376]
    "Lenovo Registration"="c:\program files (x86)\Lenovo Registration\LenovoReg.exe" [2011-07-14 4351712]
    "IntelSBA"="c:\program files (x86)\Intel\Intel(R) Small Business Advantage\Service\SBALaunchDelay.exe" [2012-02-27 55520]
    "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-09-12 1535112]
    "Aimersoft Helper Compact.exe"="c:\program files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe" [2012-02-20 1666560]
    "AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-10 1073312]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2012-4-1 1390368]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Notification Packages REG_MULTI_SZ scecli c:\program files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 HyperW7Svc;HyperW7 Service;c:\program files\Lenovo\RapidBoot\HyperW7Svc64.exe [2012-02-02 145472]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
    R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
    R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
    R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2012-04-21 196440]
    R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-11-09 106112]
    R3 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE [2012-04-11 1665088]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-10-16 1255736]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
    S0 Fastboot;Fastboot;c:\windows\System32\DRIVERS\Fastboot.sys [2012-01-17 70416]
    S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-01-04 16152]
    S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-11-09 339776]
    S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys [2011-12-29 25416]
    S1 PHCORE;PHCORE;c:\program files\Lenovo\RapidBoot\PHCORE64.SYS [2012-01-31 33344]
    S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
    S2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg64.exe [2010-12-17 198784]
    S2 DisplayLinkService;DisplayLinkManager;c:\program files\DisplayLink Core Software\DisplayLinkManager.exe [2011-11-09 8447848]
    S2 FastbootService;FastbootService;c:\program files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe [2012-01-17 169776]
    S2 FPLService;TrueSuiteService;c:\program files\AuthenTec TrueSuite\TrueSuiteService.exe [2011-12-23 313672]
    S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-02-03 628448]
    S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2012-03-06 128280]
    S2 Intel(R) Small Business Advantage;Intel(R) Small Business Advantage;c:\program files (x86)\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe [2012-02-27 49376]
    S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2012-03-06 163608]
    S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [2012-04-11 58192]
    S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2011-07-12 101736]
    S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [2012-04-11 61264]
    S2 LENOVO.TVTVCAM;ThinkVantage Virtual Camera Controller;c:\program files\Lenovo\Communications Utility\vcamsvc.exe [2012-04-11 175440]
    S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2011-07-12 133992]
    S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-15 398184]
    S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-15 682344]
    S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304]
    S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304]
    S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304]
    S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-11-09 218320]
    S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-11-09 177680]
    S2 SAService;Conexant SmartAudio service;c:\windows\system32\SAsrv.exe [x]
    S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
    S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [2011-07-12 145256]
    S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2011-12-29 144960]
    S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-03-06 363800]
    S2 VIPAppService;VIPAppService;c:\program files (x86)\Symantec\VIP Access Client\VIPAppService.exe [2012-04-10 84080]
    S3 5U877;5U877;c:\windows\system32\DRIVERS\5U877.sys [2012-02-16 216064]
    S3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys [2012-04-01 163368]
    S3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys [2012-04-01 594472]
    S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2011-09-17 39976]
    S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-11-09 69672]
    S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-12-06 331264]
    S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-01-04 355096]
    S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-01-04 786200]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-15 24176]
    S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-11-09 515528]
    S3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2012-04-11 1662528]
    S3 RSP2STOR;Realtek PCIE CardReader Driver - P2;c:\windows\system32\DRIVERS\RtsP2Stor.sys [2011-10-27 259688]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-08-23 565352]
    S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
    S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
    S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
    S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
    S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
    S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys [2011-05-29 40248]
    S3 tvtvcamd;ThinkVantage Virtual Camera;c:\windows\system32\DRIVERS\tvtvcamd.sys [2011-12-08 27432]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *Deregistered* - mfeavfk01
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-01-07 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3910317161-2487669532-2512826936-1001Core.job
    - c:\users\Chris\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-12-07 19:29]
    .
    2013-01-07 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3910317161-2487669532-2512826936-1001UA.job
    - c:\users\Chris\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-12-07 19:29]
    .
    2013-01-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-27 10:41]
    .
    2013-01-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-27 10:41]
    .
    2013-01-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3910317161-2487669532-2512826936-1001Core.job
    - c:\users\Chris\AppData\Local\Google\Update\GoogleUpdate.exe [2012-10-16 04:15]
    .
    2013-01-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3910317161-2487669532-2512826936-1001UA.job
    - c:\users\Chris\AppData\Local\Google\Update\GoogleUpdate.exe [2012-10-16 04:15]
    .
    2013-01-06 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
    - c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 20:41]
    .
    2013-01-07 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
    - c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 20:41]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]
    @="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}"
    [HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]
    2012-02-29 06:38 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]
    @="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}"
    [HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]
    2012-02-29 06:38 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]
    @="{A759AFF6-5851-457D-A540-F4ECED148351}"
    [HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}]
    2012-02-29 06:38 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]
    @="{1574C9EF-7D58-488F-B358-8B78C1538F51}"
    [HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]
    2012-02-29 06:38 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-02-09 398616]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2012-02-09 440600]
    "cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2012-03-01 564352]
    "ForteConfig"="c:\program files\Conexant\ForteConfig\fmapp.exe" [2010-10-26 49056]
    "SmartAudio"="c:\program files\CONEXANT\SAII\SACpl.exe" [2012-02-21 1654400]
    "TpShocks"="TpShocks.exe" [2012-02-25 382528]
    "LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2012-04-11 283984]
    "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    TCP: DhcpNameServer = 192.168.1.1 4.2.2.2
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    Wow6432Node-HKCU-Run-AdobeBridge - (no file)
    Wow6432Node-HKCU-Run-PlayNC Launcher - (no file)
    Wow6432Node-HKLM-Run-SwitchBoard - c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    SafeBoot-61302845.sys
    Toolbar-Locked - (no file)
    HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
    AddRemove-DVD-Cloner 9_is1 - c:\users\Chris\Desktop\Test\DVD-Cloner\unins000.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Fastboot]
    "ImagePath"=multi:"System32\DRIVERS\Fastboot.sys\00"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Fastboot]
    "ImagePath"=multi:"System32\DRIVERS\Fastboot.sys\00"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker3"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
    "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2013-01-06 19:26:49
    ComboFix-quarantined-files.txt 2013-01-07 03:26
    .
    Pre-Run: 303,323,533,312 bytes free
    Post-Run: 304,729,780,224 bytes free
    .
    - - End Of File - - 32ED65EF8FEDC8EEE85937D36EBD1378
     
  11. CatByte

    CatByte Malware Specialist

    Joined:
    Feb 24, 2009
    Messages:
    3,930
    thank-you for the log

    please continue with the TDSSKiller instructions :)
     
  12. MrPokemon

    MrPokemon Thread Starter

    Joined:
    Dec 26, 2012
    Messages:
    12
    Here you go

    17:33:40.0799 9092 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
    17:33:41.0545 9092 ============================================================
    17:33:41.0545 9092 Current date / time: 2013/01/07 17:33:41.0545
    17:33:41.0545 9092 SystemInfo:
    17:33:41.0545 9092
    17:33:41.0545 9092 OS Version: 6.1.7601 ServicePack: 1.0
    17:33:41.0545 9092 Product type: Workstation
    17:33:41.0545 9092 ComputerName: CHRIS-LAPTOP
    17:33:41.0545 9092 UserName: Chris
    17:33:41.0545 9092 Windows directory: C:\Windows
    17:33:41.0545 9092 System windows directory: C:\Windows
    17:33:41.0545 9092 Running under WOW64
    17:33:41.0545 9092 Processor architecture: Intel x64
    17:33:41.0545 9092 Number of processors: 4
    17:33:41.0545 9092 Page size: 0x1000
    17:33:41.0545 9092 Boot type: Normal boot
    17:33:41.0545 9092 ============================================================
    17:33:42.0039 9092 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    17:33:42.0043 9092 ============================================================
    17:33:42.0043 9092 \Device\Harddisk0\DR0:
    17:33:42.0044 9092 MBR partitions:
    17:33:42.0044 9092 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2EE000
    17:33:42.0044 9092 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x37D6F000
    17:33:42.0044 9092 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x3805D800, BlocksNum 0x2328000
    17:33:42.0044 9092 ============================================================
    17:33:42.0070 9092 C: <-> \Device\Harddisk0\DR0\Partition2
    17:33:42.0122 9092 Q: <-> \Device\Harddisk0\DR0\Partition3
    17:33:42.0122 9092 ============================================================
    17:33:42.0123 9092 Initialize success
    17:33:42.0123 9092 ============================================================
    17:33:43.0703 9724 ============================================================
    17:33:43.0703 9724 Scan started
    17:33:43.0703 9724 Mode: Manual;
    17:33:43.0703 9724 ============================================================
    17:33:44.0425 9724 ================ Scan system memory ========================
    17:33:44.0425 9724 System memory - ok
    17:33:44.0426 9724 ================ Scan services =============================
    17:33:44.0665 9724 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
    17:33:44.0702 9724 1394ohci - ok
    17:33:44.0744 9724 [ 1F305C858E7B5E537C9B783D46243A7A ] 5U877 C:\Windows\system32\DRIVERS\5U877.sys
    17:33:44.0778 9724 5U877 - ok
    17:33:44.0828 9724 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
    17:33:44.0830 9724 ACPI - ok
    17:33:44.0851 9724 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
    17:33:44.0884 9724 AcpiPmi - ok
    17:33:44.0929 9724 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
    17:33:44.0940 9724 adp94xx - ok
    17:33:44.0995 9724 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
    17:33:45.0004 9724 adpahci - ok
    17:33:45.0059 9724 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
    17:33:45.0065 9724 adpu320 - ok
    17:33:45.0090 9724 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
    17:33:45.0092 9724 AeLookupSvc - ok
    17:33:45.0139 9724 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
    17:33:45.0142 9724 AFD - ok
    17:33:45.0175 9724 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
    17:33:45.0179 9724 agp440 - ok
    17:33:45.0214 9724 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
    17:33:45.0219 9724 ALG - ok
    17:33:45.0260 9724 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
    17:33:45.0263 9724 aliide - ok
    17:33:45.0280 9724 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
    17:33:45.0282 9724 amdide - ok
    17:33:45.0319 9724 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
    17:33:45.0323 9724 AmdK8 - ok
    17:33:45.0331 9724 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
    17:33:45.0335 9724 AmdPPM - ok
    17:33:45.0356 9724 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
    17:33:45.0394 9724 amdsata - ok
    17:33:45.0419 9724 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
    17:33:45.0426 9724 amdsbs - ok
    17:33:45.0443 9724 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
    17:33:45.0479 9724 amdxata - ok
    17:33:45.0523 9724 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
    17:33:45.0558 9724 AppID - ok
    17:33:45.0588 9724 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
    17:33:45.0591 9724 AppIDSvc - ok
    17:33:45.0602 9724 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
    17:33:45.0603 9724 Appinfo - ok
    17:33:45.0665 9724 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
    17:33:45.0669 9724 arc - ok
    17:33:45.0672 9724 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
    17:33:45.0678 9724 arcsas - ok
    17:33:45.0778 9724 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
    17:33:45.0814 9724 aspnet_state - ok
    17:33:45.0868 9724 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
    17:33:45.0872 9724 AsyncMac - ok
    17:33:45.0901 9724 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
    17:33:45.0906 9724 atapi - ok
    17:33:45.0943 9724 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
    17:33:45.0991 9724 AudioEndpointBuilder - ok
    17:33:46.0001 9724 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
    17:33:46.0005 9724 AudioSrv - ok
    17:33:46.0042 9724 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
    17:33:46.0069 9724 AxInstSV - ok
    17:33:46.0121 9724 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
    17:33:46.0130 9724 b06bdrv - ok
    17:33:46.0222 9724 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
    17:33:46.0230 9724 b57nd60a - ok
    17:33:46.0278 9724 [ F01759FA97126CC69DFA85CEDA0717A1 ] bcbtums C:\Windows\system32\drivers\bcbtums.sys
    17:33:46.0314 9724 bcbtums - ok
    17:33:46.0424 9724 [ D41E6CCB9752F551049D2E0C437DD03D ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
    17:33:46.0445 9724 BCM43XX - ok
    17:33:46.0488 9724 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
    17:33:46.0492 9724 BDESVC - ok
    17:33:46.0499 9724 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
    17:33:46.0502 9724 Beep - ok
    17:33:46.0540 9724 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
    17:33:46.0574 9724 BFE - ok
    17:33:46.0650 9724 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
    17:33:46.0655 9724 BITS - ok
    17:33:46.0687 9724 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
    17:33:46.0690 9724 blbdrive - ok
    17:33:46.0721 9724 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
    17:33:46.0755 9724 bowser - ok
    17:33:46.0780 9724 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
    17:33:46.0785 9724 BrFiltLo - ok
    17:33:46.0789 9724 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
    17:33:46.0792 9724 BrFiltUp - ok
    17:33:46.0821 9724 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
    17:33:46.0825 9724 BridgeMP - ok
    17:33:46.0852 9724 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
    17:33:46.0879 9724 Browser - ok
    17:33:46.0885 9724 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
    17:33:46.0894 9724 Brserid - ok
    17:33:46.0897 9724 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
    17:33:46.0901 9724 BrSerWdm - ok
    17:33:46.0904 9724 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
    17:33:46.0907 9724 BrUsbMdm - ok
    17:33:46.0910 9724 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
    17:33:46.0912 9724 BrUsbSer - ok
    17:33:46.0945 9724 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
    17:33:46.0948 9724 BthEnum - ok
    17:33:46.0960 9724 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
    17:33:46.0963 9724 BTHMODEM - ok
    17:33:46.0984 9724 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
    17:33:46.0985 9724 BthPan - ok
    17:33:47.0008 9724 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
    17:33:47.0036 9724 BTHPORT - ok
    17:33:47.0065 9724 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
    17:33:47.0068 9724 bthserv - ok
    17:33:47.0086 9724 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
    17:33:47.0119 9724 BTHUSB - ok
    17:33:47.0175 9724 [ 3AFF6DC496B8A8D12C867E3FC7C86FAC ] btwampfl C:\Windows\system32\drivers\btwampfl.sys
    17:33:47.0214 9724 btwampfl - ok
    17:33:47.0265 9724 [ 336BBA0909B3636AB7D06A71D7B1C0DC ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
    17:33:47.0300 9724 btwaudio - ok
    17:33:47.0326 9724 [ 9FF58F76024D25784755B01F926B00BE ] btwavdt C:\Windows\system32\drivers\btwavdt.sys
    17:33:47.0362 9724 btwavdt - ok
    17:33:47.0448 9724 [ 26A80D7ACA49E03A403806418B5FED46 ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    17:33:47.0491 9724 btwdins - ok
    17:33:47.0507 9724 [ B1ACFD00CDD13B48D86F46BFEC153BF9 ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
    17:33:47.0542 9724 btwl2cap - ok
    17:33:47.0550 9724 [ EDD953D635F3AA89EF902E3F82D60D22 ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
    17:33:47.0585 9724 btwrchid - ok
    17:33:47.0621 9724 catchme - ok
    17:33:47.0646 9724 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
    17:33:47.0650 9724 cdfs - ok
    17:33:47.0683 9724 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
    17:33:47.0717 9724 cdrom - ok
    17:33:47.0750 9724 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
    17:33:47.0776 9724 CertPropSvc - ok
    17:33:47.0808 9724 [ DF8D07059E7237E0BE9C1421EF5F9482 ] cfwids C:\Windows\system32\drivers\cfwids.sys
    17:33:47.0843 9724 cfwids - ok
    17:33:47.0869 9724 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
    17:33:47.0872 9724 circlass - ok
    17:33:47.0907 9724 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
    17:33:47.0909 9724 CLFS - ok
    17:33:47.0966 9724 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    17:33:47.0970 9724 clr_optimization_v2.0.50727_32 - ok
    17:33:48.0007 9724 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    17:33:48.0012 9724 clr_optimization_v2.0.50727_64 - ok
    17:33:48.0088 9724 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    17:33:48.0127 9724 clr_optimization_v4.0.30319_32 - ok
    17:33:48.0166 9724 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    17:33:48.0206 9724 clr_optimization_v4.0.30319_64 - ok
    17:33:48.0244 9724 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
    17:33:48.0247 9724 CmBatt - ok
    17:33:48.0273 9724 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
    17:33:48.0276 9724 cmdide - ok
    17:33:48.0321 9724 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
    17:33:48.0350 9724 CNG - ok
    17:33:48.0412 9724 [ 9F6DE1995A188615CEEE908E750A34ED ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT64.sys
    17:33:48.0445 9724 CnxtHdAudService - ok
    17:33:48.0490 9724 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
    17:33:48.0493 9724 Compbatt - ok
    17:33:48.0522 9724 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
    17:33:48.0560 9724 CompositeBus - ok
    17:33:48.0567 9724 COMSysApp - ok
    17:33:48.0668 9724 [ E1C17DC650A7FA69DE63C4D4A8E888EA ] cphs C:\Windows\SysWow64\IntelCpHeciSvc.exe
    17:33:48.0714 9724 cphs - ok
    17:33:48.0731 9724 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
    17:33:48.0733 9724 crcdisk - ok
    17:33:48.0764 9724 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
    17:33:48.0800 9724 CryptSvc - ok
    17:33:48.0935 9724 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    17:33:48.0939 9724 cvhsvc - ok
    17:33:48.0983 9724 [ F160B26B26BA4AFE8CECC12ED5AC231E ] CxAudMsg C:\Windows\system32\CxAudMsg64.exe
    17:33:49.0018 9724 CxAudMsg - ok
    17:33:49.0084 9724 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
    17:33:49.0087 9724 DcomLaunch - ok
    17:33:49.0112 9724 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
    17:33:49.0121 9724 defragsvc - ok
    17:33:49.0150 9724 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
    17:33:49.0183 9724 DfsC - ok
    17:33:49.0226 9724 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
    17:33:49.0255 9724 Dhcp - ok
    17:33:49.0265 9724 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
    17:33:49.0266 9724 discache - ok
    17:33:49.0295 9724 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
    17:33:49.0299 9724 Disk - ok
    17:33:49.0467 9724 [ 4453DA8650DA827BC33B8D41A8F97894 ] DisplayLinkService C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
    17:33:49.0634 9724 DisplayLinkService - ok
    17:33:49.0683 9724 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
    17:33:49.0710 9724 Dnscache - ok
    17:33:49.0718 9724 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
    17:33:49.0747 9724 dot3svc - ok
    17:33:49.0753 9724 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
    17:33:49.0754 9724 DPS - ok
    17:33:49.0815 9724 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
    17:33:49.0819 9724 drmkaud - ok
    17:33:49.0843 9724 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
    17:33:49.0886 9724 DXGKrnl - ok
    17:33:49.0929 9724 EagleX64 - ok
    17:33:49.0946 9724 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
    17:33:49.0951 9724 EapHost - ok
    17:33:50.0015 9724 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
    17:33:50.0084 9724 ebdrv - ok
    17:33:50.0111 9724 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
    17:33:50.0147 9724 EFS - ok
    17:33:50.0214 9724 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
    17:33:50.0255 9724 ehRecvr - ok
    17:33:50.0278 9724 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
    17:33:50.0282 9724 ehSched - ok
    17:33:50.0324 9724 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
    17:33:50.0334 9724 elxstor - ok
    17:33:50.0336 9724 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
    17:33:50.0339 9724 ErrDev - ok
    17:33:50.0396 9724 esgiguard - ok
    17:33:50.0441 9724 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
    17:33:50.0443 9724 EventSystem - ok
    17:33:50.0473 9724 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
    17:33:50.0479 9724 exfat - ok
    17:33:50.0512 9724 [ EB3A7D5663ACAC417DF986D4AEE12170 ] Fastboot C:\Windows\system32\DRIVERS\Fastboot.sys
    17:33:50.0548 9724 Fastboot - ok
    17:33:50.0613 9724 [ 63511240AF70D10343A4AE05F8E2CA12 ] FastbootService C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe
    17:33:50.0614 9724 FastbootService - ok
    17:33:50.0632 9724 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
    17:33:50.0638 9724 fastfat - ok
    17:33:50.0681 9724 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
    17:33:50.0684 9724 Fax - ok
    17:33:50.0721 9724 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
    17:33:50.0724 9724 fdc - ok
    17:33:50.0756 9724 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
    17:33:50.0772 9724 fdPHost - ok
    17:33:50.0785 9724 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
    17:33:50.0787 9724 FDResPub - ok
    17:33:50.0823 9724 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
    17:33:50.0825 9724 FileInfo - ok
    17:33:50.0843 9724 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
    17:33:50.0846 9724 Filetrace - ok
    17:33:50.0849 9724 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
    17:33:50.0852 9724 flpydisk - ok
    17:33:50.0864 9724 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
    17:33:50.0892 9724 FltMgr - ok
    17:33:50.0938 9724 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
    17:33:50.0968 9724 FontCache - ok
    17:33:51.0057 9724 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    17:33:51.0096 9724 FontCache3.0.0.0 - ok
    17:33:51.0173 9724 [ 87100772372E769A5F15032027344F9D ] FPLService C:\Program Files\AuthenTec TrueSuite\TrueSuiteService.exe
    17:33:51.0210 9724 FPLService - ok
    17:33:51.0242 9724 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
    17:33:51.0246 9724 FsDepends - ok
    17:33:51.0272 9724 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
    17:33:51.0307 9724 Fs_Rec - ok
    17:33:51.0347 9724 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
    17:33:51.0349 9724 fvevol - ok
    17:33:51.0376 9724 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
    17:33:51.0380 9724 gagp30kx - ok
    17:33:51.0411 9724 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
    17:33:51.0419 9724 gpsvc - ok
    17:33:51.0464 9724 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    17:33:51.0465 9724 gupdate - ok
    17:33:51.0468 9724 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    17:33:51.0469 9724 gupdatem - ok
    17:33:51.0510 9724 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    17:33:51.0513 9724 gusvc - ok
    17:33:51.0556 9724 [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys
    17:33:51.0594 9724 hamachi - ok
    17:33:51.0616 9724 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
    17:33:51.0619 9724 hcw85cir - ok
    17:33:51.0639 9724 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
    17:33:51.0683 9724 HdAudAddService - ok
    17:33:51.0704 9724 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
    17:33:51.0706 9724 HDAudBus - ok
    17:33:51.0709 9724 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
    17:33:51.0712 9724 HidBatt - ok
    17:33:51.0717 9724 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
    17:33:51.0721 9724 HidBth - ok
    17:33:51.0754 9724 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
    17:33:51.0758 9724 HidIr - ok
    17:33:51.0785 9724 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
    17:33:51.0788 9724 hidserv - ok
    17:33:51.0808 9724 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
    17:33:51.0842 9724 HidUsb - ok
    17:33:51.0902 9724 [ A894FB2CAE6A29F5D9C8EDA47B074623 ] HipShieldK C:\Windows\system32\drivers\HipShieldK.sys
    17:33:51.0939 9724 HipShieldK - ok
    17:33:51.0968 9724 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
    17:33:51.0994 9724 hkmsvc - ok
    17:33:52.0007 9724 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
    17:33:52.0009 9724 HomeGroupListener - ok
    17:33:52.0038 9724 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
    17:33:52.0040 9724 HomeGroupProvider - ok
    17:33:52.0079 9724 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
    17:33:52.0115 9724 HpSAMD - ok
    17:33:52.0142 9724 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
    17:33:52.0146 9724 HTTP - ok
    17:33:52.0162 9724 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
    17:33:52.0163 9724 hwpolicy - ok
    17:33:52.0227 9724 [ 46FD38CBD57D2EC86C42DCCE05C82F67 ] HyperW7Svc C:\Program Files\Lenovo\RapidBoot\HyperW7Svc64.exe
    17:33:52.0268 9724 HyperW7Svc - ok
    17:33:52.0291 9724 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
    17:33:52.0295 9724 i8042prt - ok
    17:33:52.0342 9724 [ C224331A54571C8C9162F7714400BBBD ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
    17:33:52.0344 9724 iaStor - ok
    17:33:52.0378 9724 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
    17:33:52.0420 9724 iaStorV - ok
    17:33:52.0442 9724 [ 72B253CDBCAA10E88AAD0BA39CC83BCD ] IBMPMDRV C:\Windows\system32\DRIVERS\ibmpmdrv.sys
    17:33:52.0476 9724 IBMPMDRV - ok
    17:33:52.0486 9724 [ 4925FFB084C9AD02E8EEF01FB18BF5AC ] IBMPMSVC C:\Windows\system32\ibmpmsvc.exe
    17:33:52.0522 9724 IBMPMSVC - ok
    17:33:52.0566 9724 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    17:33:52.0613 9724 idsvc - ok
    17:33:52.0958 9724 [ E910E770A54E55973FFBE663C3254000 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
    17:33:53.0036 9724 igfx - ok
    17:33:53.0067 9724 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
    17:33:53.0071 9724 iirsp - ok
    17:33:53.0110 9724 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
    17:33:53.0146 9724 IKEEXT - ok
    17:33:53.0195 9724 [ 6C9FFFECA9FED31347D211C5D1FFBD2D ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
    17:33:53.0229 9724 IntcDAud - ok
    17:33:53.0321 9724 [ 832CE330DD987227B7DEA8C03F22AEFA ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
    17:33:53.0359 9724 Intel(R) Capability Licensing Service Interface - ok
    17:33:53.0410 9724 [ FB166D86AFCBD9A9BFD342DC2564F5DF ] Intel(R) ME Service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
    17:33:53.0451 9724 Intel(R) ME Service - ok
    17:33:53.0513 9724 [ 16DF912A1C88B7AE46E907661F31AA77 ] Intel(R) Small Business Advantage C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe
    17:33:53.0552 9724 Intel(R) Small Business Advantage - ok
    17:33:53.0580 9724 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
    17:33:53.0583 9724 intelide - ok
    17:33:53.0614 9724 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
    17:33:53.0615 9724 intelppm - ok
    17:33:53.0666 9724 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
    17:33:53.0671 9724 IPBusEnum - ok
    17:33:53.0703 9724 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
    17:33:53.0738 9724 IpFilterDriver - ok
    17:33:53.0780 9724 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
    17:33:53.0787 9724 iphlpsvc - ok
    17:33:53.0798 9724 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
    17:33:53.0833 9724 IPMIDRV - ok
    17:33:53.0843 9724 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
    17:33:53.0848 9724 IPNAT - ok
    17:33:53.0874 9724 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
    17:33:53.0877 9724 IRENUM - ok
    17:33:53.0887 9724 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
    17:33:53.0890 9724 isapnp - ok
    17:33:53.0905 9724 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
    17:33:53.0945 9724 iScsiPrt - ok
    17:33:53.0982 9724 [ 8E4577C6E0D3114170509159DE658907 ] iusb3hcs C:\Windows\system32\DRIVERS\iusb3hcs.sys
    17:33:54.0016 9724 iusb3hcs - ok
    17:33:54.0030 9724 [ FE76346E9B57DA575BD1B3BD0CCAD7FF ] iusb3hub C:\Windows\system32\DRIVERS\iusb3hub.sys
    17:33:54.0067 9724 iusb3hub - ok
    17:33:54.0087 9724 [ 1008CD90DA2198FFD250298DEB9DF160 ] iusb3xhc C:\Windows\system32\DRIVERS\iusb3xhc.sys
    17:33:54.0128 9724 iusb3xhc - ok
    17:33:54.0167 9724 [ B443D3D1B6F21C2B424E49491B65C488 ] jhi_service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    17:33:54.0207 9724 jhi_service - ok
    17:33:54.0267 9724 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
    17:33:54.0271 9724 kbdclass - ok
    17:33:54.0288 9724 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
    17:33:54.0324 9724 kbdhid - ok
    17:33:54.0355 9724 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
    17:33:54.0356 9724 KeyIso - ok
    17:33:54.0384 9724 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
    17:33:54.0411 9724 KSecDD - ok
    17:33:54.0445 9724 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
    17:33:54.0481 9724 KSecPkg - ok
    17:33:54.0508 9724 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
    17:33:54.0510 9724 ksthunk - ok
    17:33:54.0536 9724 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
    17:33:54.0546 9724 KtmRm - ok
    17:33:54.0593 9724 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
    17:33:54.0620 9724 LanmanServer - ok
    17:33:54.0693 9724 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
    17:33:54.0720 9724 LanmanWorkstation - ok
    17:33:54.0759 9724 [ D157679261C0F6739784166CB984A933 ] LENOVO.CAMMUTE C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
    17:33:54.0760 9724 LENOVO.CAMMUTE - ok
    17:33:54.0822 9724 [ 340288B3B2EDC8AFD5FF127DF85142A7 ] LENOVO.MICMUTE C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
    17:33:54.0869 9724 LENOVO.MICMUTE - ok
    17:33:54.0925 9724 [ 9D37F8F00324E9C6C7C5369E50D92EB6 ] LENOVO.TPKNRSVC C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
    17:33:54.0966 9724 LENOVO.TPKNRSVC - ok
    17:33:54.0993 9724 [ 3038396D26AE40D7C2E7E775870EB458 ] LENOVO.TVTVCAM C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe
    17:33:55.0044 9724 LENOVO.TVTVCAM - ok
    17:33:55.0059 9724 [ F7DE50781DC4D162C1005EB30D98F931 ] Lenovo.VIRTSCRLSVC C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
    17:33:55.0100 9724 Lenovo.VIRTSCRLSVC - ok
    17:33:55.0127 9724 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
    17:33:55.0130 9724 lltdio - ok
    17:33:55.0153 9724 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
    17:33:55.0164 9724 lltdsvc - ok
    17:33:55.0222 9724 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
    17:33:55.0227 9724 lmhosts - ok
    17:33:55.0270 9724 [ 9BE23DF9B1FC56F58DD0F28CC187E713 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    17:33:55.0272 9724 LMS - ok
    17:33:55.0311 9724 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
    17:33:55.0315 9724 LSI_FC - ok
    17:33:55.0328 9724 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
    17:33:55.0332 9724 LSI_SAS - ok
    17:33:55.0340 9724 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
    17:33:55.0343 9724 LSI_SAS2 - ok
    17:33:55.0363 9724 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
    17:33:55.0368 9724 LSI_SCSI - ok
    17:33:55.0379 9724 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
    17:33:55.0381 9724 luafv - ok
    17:33:55.0457 9724 [ 92EB844D90615CB266F84C3202B8786E ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
    17:33:55.0492 9724 MBAMProtector - ok
    17:33:55.0538 9724 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    17:33:55.0581 9724 MBAMScheduler - ok
    17:33:55.0610 9724 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    17:33:55.0657 9724 MBAMService - ok
    17:33:55.0752 9724 [ F928E5E72BBA15DD0CE9A26E0413D236 ] McAfee SiteAdvisor Service C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    17:33:55.0754 9724 McAfee SiteAdvisor Service - ok
    17:33:55.0763 9724 [ F928E5E72BBA15DD0CE9A26E0413D236 ] McMPFSvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    17:33:55.0765 9724 McMPFSvc - ok
    17:33:55.0770 9724 [ F928E5E72BBA15DD0CE9A26E0413D236 ] mcmscsvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    17:33:55.0771 9724 mcmscsvc - ok
    17:33:55.0775 9724 [ F928E5E72BBA15DD0CE9A26E0413D236 ] McNaiAnn C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    17:33:55.0776 9724 McNaiAnn - ok
    17:33:55.0799 9724 [ F928E5E72BBA15DD0CE9A26E0413D236 ] McNASvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    17:33:55.0801 9724 McNASvc - ok
    17:33:55.0839 9724 [ 1814532DB0404C5FB65AA3EB051B2BE5 ] McODS C:\Program Files\McAfee\VirusScan\mcods.exe
    17:33:55.0841 9724 McODS - ok
    17:33:55.0868 9724 [ F928E5E72BBA15DD0CE9A26E0413D236 ] McProxy C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    17:33:55.0869 9724 McProxy - ok
    17:33:55.0899 9724 [ 9BBCECBE3FE5AF5958A770DC512D0473 ] McShield C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
    17:33:55.0901 9724 McShield - ok
    17:33:55.0932 9724 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
    17:33:55.0960 9724 Mcx2Svc - ok
    17:33:55.0995 9724 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
    17:33:56.0000 9724 megasas - ok
    17:33:56.0040 9724 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
    17:33:56.0048 9724 MegaSR - ok
    17:33:56.0086 9724 [ 6B01B7414A105B9E51652089A03027CF ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
    17:33:56.0121 9724 MEIx64 - ok
    17:33:56.0161 9724 [ 2D53234C24B0103FDE0BE06782AA6F80 ] mfeapfk C:\Windows\system32\drivers\mfeapfk.sys
    17:33:56.0197 9724 mfeapfk - ok
    17:33:56.0262 9724 [ C0EAF4F2367C44157E1DE4817238FEC2 ] mfeavfk C:\Windows\system32\drivers\mfeavfk.sys
    17:33:56.0301 9724 mfeavfk - ok
    17:33:56.0354 9724 mfeavfk01 - ok
    17:33:56.0384 9724 [ 05248F2E6E1AFA6972D058C36199DEB7 ] mfefire C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
    17:33:56.0421 9724 mfefire - ok
    17:33:56.0474 9724 [ 6856931F9F5B757E9D09369CC35096B9 ] mfefirek C:\Windows\system32\drivers\mfefirek.sys
    17:33:56.0513 9724 mfefirek - ok
    17:33:56.0544 9724 [ 62E4C929A4DB48616B1B90143B48C948 ] mfehidk C:\Windows\system32\drivers\mfehidk.sys
    17:33:56.0589 9724 mfehidk - ok
    17:33:56.0622 9724 [ B5B96149BE124092F577DE54EC7D4D65 ] mferkdet C:\Windows\system32\drivers\mferkdet.sys
    17:33:56.0658 9724 mferkdet - ok
    17:33:56.0689 9724 [ DC5483CAD90D95D65B618E35C66E28DF ] mfevtp C:\Windows\system32\mfevtps.exe
    17:33:56.0726 9724 mfevtp - ok
    17:33:56.0759 9724 [ E18162EA85F1531964F8222CC9E25E26 ] mfewfpk C:\Windows\system32\drivers\mfewfpk.sys
    17:33:56.0799 9724 mfewfpk - ok
    17:33:56.0840 9724 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
    17:33:56.0841 9724 MMCSS - ok
    17:33:56.0862 9724 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
    17:33:56.0866 9724 Modem - ok
    17:33:56.0896 9724 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
    17:33:56.0896 9724 monitor - ok
    17:33:56.0916 9724 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
    17:33:56.0919 9724 mouclass - ok
    17:33:56.0922 9724 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\drivers\mouhid.sys
    17:33:56.0926 9724 mouhid - ok
    17:33:56.0958 9724 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
    17:33:56.0959 9724 mountmgr - ok
    17:33:56.0971 9724 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
    17:33:57.0009 9724 mpio - ok
    17:33:57.0025 9724 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
    17:33:57.0029 9724 mpsdrv - ok
    17:33:57.0053 9724 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
    17:33:57.0088 9724 MpsSvc - ok
    17:33:57.0101 9724 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
    17:33:57.0141 9724 MRxDAV - ok
    17:33:57.0168 9724 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
    17:33:57.0202 9724 mrxsmb - ok
    17:33:57.0227 9724 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
    17:33:57.0261 9724 mrxsmb10 - ok
    17:33:57.0279 9724 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
    17:33:57.0313 9724 mrxsmb20 - ok
    17:33:57.0319 9724 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
    17:33:57.0357 9724 msahci - ok
    17:33:57.0375 9724 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
    17:33:57.0417 9724 msdsm - ok
    17:33:57.0432 9724 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
    17:33:57.0438 9724 MSDTC - ok
    17:33:57.0463 9724 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
    17:33:57.0466 9724 Msfs - ok
    17:33:57.0478 9724 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
    17:33:57.0483 9724 mshidkmdf - ok
    17:33:57.0501 9724 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
    17:33:57.0503 9724 msisadrv - ok
    17:33:57.0524 9724 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
    17:33:57.0530 9724 MSiSCSI - ok
    17:33:57.0532 9724 msiserver - ok
    17:33:57.0545 9724 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
    17:33:57.0549 9724 MSKSSRV - ok
    17:33:57.0570 9724 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
    17:33:57.0573 9724 MSPCLOCK - ok
    17:33:57.0576 9724 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
    17:33:57.0578 9724 MSPQM - ok
    17:33:57.0591 9724 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
    17:33:57.0619 9724 MsRPC - ok
    17:33:57.0638 9724 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
    17:33:57.0639 9724 mssmbios - ok
    17:33:57.0656 9724 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
    17:33:57.0660 9724 MSTEE - ok
    17:33:57.0662 9724 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
    17:33:57.0665 9724 MTConfig - ok
    17:33:57.0679 9724 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
    17:33:57.0683 9724 Mup - ok
    17:33:57.0718 9724 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
    17:33:57.0722 9724 napagent - ok
    17:33:57.0761 9724 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
    17:33:57.0767 9724 NativeWifiP - ok
    17:33:57.0810 9724 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
    17:33:57.0823 9724 NDIS - ok
    17:33:57.0835 9724 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
    17:33:57.0839 9724 NdisCap - ok
    17:33:57.0864 9724 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
    17:33:57.0867 9724 NdisTapi - ok
    17:33:57.0892 9724 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
    17:33:57.0925 9724 Ndisuio - ok
    17:33:57.0936 9724 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
    17:33:57.0971 9724 NdisWan - ok
    17:33:57.0999 9724 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
    17:33:58.0033 9724 NDProxy - ok
    17:33:58.0040 9724 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
    17:33:58.0043 9724 NetBIOS - ok
    17:33:58.0057 9724 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
    17:33:58.0058 9724 NetBT - ok
    17:33:58.0077 9724 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
    17:33:58.0078 9724 Netlogon - ok
    17:33:58.0103 9724 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
    17:33:58.0111 9724 Netman - ok
    17:33:58.0195 9724 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    17:33:58.0235 9724 NetMsmqActivator - ok
    17:33:58.0238 9724 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    17:33:58.0239 9724 NetPipeActivator - ok
    17:33:58.0247 9724 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
    17:33:58.0250 9724 netprofm - ok
    17:33:58.0254 9724 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    17:33:58.0255 9724 NetTcpActivator - ok
    17:33:58.0258 9724 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    17:33:58.0259 9724 NetTcpPortSharing - ok
    17:33:58.0324 9724 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
    17:33:58.0327 9724 nfrd960 - ok
    17:33:58.0356 9724 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
    17:33:58.0385 9724 NlaSvc - ok
    17:33:58.0393 9724 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
    17:33:58.0395 9724 Npfs - ok
    17:33:58.0408 9724 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
    17:33:58.0412 9724 nsi - ok
    17:33:58.0424 9724 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
    17:33:58.0425 9724 nsiproxy - ok
    17:33:58.0472 9724 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
    17:33:58.0527 9724 Ntfs - ok
    17:33:58.0535 9724 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
    17:33:58.0538 9724 Null - ok
    17:33:58.0577 9724 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
    17:33:58.0615 9724 nvraid - ok
    17:33:58.0634 9724 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
    17:33:58.0672 9724 nvstor - ok
    17:33:58.0692 9724 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
    17:33:58.0697 9724 nv_agp - ok
    17:33:58.0702 9724 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
    17:33:58.0706 9724 ohci1394 - ok
    17:33:58.0736 9724 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    17:33:58.0781 9724 ose - ok
    17:33:58.0905 9724 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    17:33:59.0161 9724 osppsvc - ok
    17:33:59.0227 9724 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
    17:33:59.0229 9724 p2pimsvc - ok
    17:33:59.0261 9724 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
    17:33:59.0264 9724 p2psvc - ok
    17:33:59.0291 9724 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
    17:33:59.0295 9724 Parport - ok
    17:33:59.0324 9724 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
    17:33:59.0360 9724 partmgr - ok
    17:33:59.0401 9724 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
    17:33:59.0407 9724 PcaSvc - ok
    17:33:59.0424 9724 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
    17:33:59.0425 9724 pci - ok
    17:33:59.0435 9724 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
    17:33:59.0438 9724 pciide - ok
    17:33:59.0458 9724 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
    17:33:59.0464 9724 pcmcia - ok
    17:33:59.0475 9724 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
    17:33:59.0478 9724 pcw - ok
    17:33:59.0505 9724 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
    17:33:59.0513 9724 PEAUTH - ok
    17:33:59.0645 9724 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
    17:33:59.0648 9724 PerfHost - ok
    17:33:59.0693 9724 [ 2CECB15AC87B7869A40305221FD28F82 ] PHCORE C:\Program Files\Lenovo\RapidBoot\PHCORE64.SYS
    17:33:59.0735 9724 PHCORE - ok
    17:33:59.0779 9724 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
    17:33:59.0829 9724 pla - ok
    17:33:59.0894 9724 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
    17:33:59.0925 9724 PlugPlay - ok
    17:33:59.0935 9724 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
    17:33:59.0940 9724 PNRPAutoReg - ok
    17:33:59.0971 9724 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
    17:33:59.0973 9724 PNRPsvc - ok
    17:34:00.0005 9724 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
    17:34:00.0037 9724 PolicyAgent - ok
    17:34:00.0060 9724 [ A2CCA4FB273E6050F17A0A416CFF2FCD ] Power C:\Windows\system32\umpo.dll
    17:34:00.0062 9724 Power - ok
    17:34:00.0131 9724 [ E833FC54B622311D1CB5247AA1245904 ] Power Manager DBC Service C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
    17:34:00.0138 9724 Power Manager DBC Service - ok
    17:34:00.0181 9724 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
    17:34:00.0214 9724 PptpMiniport - ok
    17:34:00.0240 9724 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
    17:34:00.0243 9724 Processor - ok
    17:34:00.0275 9724 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
    17:34:00.0278 9724 ProfSvc - ok
    17:34:00.0288 9724 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
    17:34:00.0290 9724 ProtectedStorage - ok
    17:34:00.0302 9724 [ 05A4779E4994B21473EDBE85AABE8030 ] psadd C:\Windows\system32\DRIVERS\psadd.sys
    17:34:00.0337 9724 psadd - ok
    17:34:00.0348 9724 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
    17:34:00.0349 9724 Psched - ok
    17:34:00.0374 9724 [ F036CFB275D0C55F4E45FBBF5F98B3C8 ] PSI_SVC_2 C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
    17:34:00.0417 9724 PSI_SVC_2 - ok
    17:34:00.0454 9724 [ 63144B678D71977F5B27E9BC38FB3EA0 ] PwmEWSvc C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE
    17:34:00.0525 9724 PwmEWSvc - ok
    17:34:00.0566 9724 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
    17:34:00.0600 9724 ql2300 - ok
    17:34:00.0611 9724 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
    17:34:00.0615 9724 ql40xx - ok
    17:34:00.0641 9724 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
    17:34:00.0648 9724 QWAVE - ok
    17:34:00.0663 9724 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
    17:34:00.0667 9724 QWAVEdrv - ok
    17:34:00.0670 9724 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
    17:34:00.0673 9724 RasAcd - ok
    17:34:00.0708 9724 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
    17:34:00.0710 9724 RasAgileVpn - ok
    17:34:00.0724 9724 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
    17:34:00.0730 9724 RasAuto - ok
    17:34:00.0741 9724 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
    17:34:00.0742 9724 Rasl2tp - ok
    17:34:00.0783 9724 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
    17:34:00.0816 9724 RasMan - ok
    17:34:00.0854 9724 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
    17:34:00.0858 9724 RasPppoe - ok
    17:34:00.0871 9724 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
    17:34:00.0873 9724 RasSstp - ok
    17:34:00.0903 9724 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
    17:34:00.0938 9724 rdbss - ok
    17:34:00.0969 9724 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
    17:34:00.0973 9724 rdpbus - ok
    17:34:00.0997 9724 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
    17:34:00.0998 9724 RDPCDD - ok
    17:34:01.0003 9724 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
    17:34:01.0004 9724 RDPENCDD - ok
    17:34:01.0016 9724 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
    17:34:01.0017 9724 RDPREFMP - ok
    17:34:01.0039 9724 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
    17:34:01.0075 9724 RDPWD - ok
    17:34:01.0135 9724 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
    17:34:01.0173 9724 rdyboost - ok
    17:34:01.0210 9724 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
    17:34:01.0215 9724 RemoteAccess - ok
    17:34:01.0234 9724 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
    17:34:01.0240 9724 RemoteRegistry - ok
    17:34:01.0269 9724 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
    17:34:01.0273 9724 RFCOMM - ok
    17:34:01.0285 9724 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
    17:34:01.0290 9724 RpcEptMapper - ok
    17:34:01.0321 9724 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
    17:34:01.0325 9724 RpcLocator - ok
    17:34:01.0350 9724 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
    17:34:01.0353 9724 RpcSs - ok
    17:34:01.0399 9724 [ 7F324DFFCA5318EEF040DBE351D038D8 ] RSP2STOR C:\Windows\system32\DRIVERS\RtsP2Stor.sys
    17:34:01.0400 9724 RSP2STOR - ok
    17:34:01.0437 9724 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
    17:34:01.0439 9724 rspndr - ok
    17:34:01.0477 9724 [ 9140DB0911DE035FED0A9A77A2D156EA ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
    17:34:01.0517 9724 RTL8167 - ok
    17:34:01.0554 9724 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
    17:34:01.0556 9724 SamSs - ok
    17:34:01.0558 9724 SAService - ok
    17:34:01.0570 9724 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
    17:34:01.0607 9724 sbp2port - ok
    17:34:01.0648 9724 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
    17:34:01.0654 9724 SCardSvr - ok
    17:34:01.0665 9724 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
    17:34:01.0702 9724 scfilter - ok
    17:34:01.0727 9724 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
    17:34:01.0771 9724 Schedule - ok
    17:34:01.0794 9724 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
    17:34:01.0795 9724 SCPolicySvc - ok
    17:34:01.0806 9724 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
    17:34:01.0834 9724 SDRSVC - ok
    17:34:01.0867 9724 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
    17:34:01.0869 9724 secdrv - ok
    17:34:01.0881 9724 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
    17:34:01.0908 9724 seclogon - ok
    17:34:01.0922 9724 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
    17:34:01.0923 9724 SENS - ok
    17:34:01.0947 9724 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
    17:34:01.0950 9724 SensrSvc - ok
    17:34:01.0974 9724 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
    17:34:01.0977 9724 Serenum - ok
    17:34:01.0991 9724 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
    17:34:01.0994 9724 Serial - ok
    17:34:02.0010 9724 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
    17:34:02.0013 9724 sermouse - ok
    17:34:02.0031 9724 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
    17:34:02.0058 9724 SessionEnv - ok
    17:34:02.0066 9724 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
    17:34:02.0071 9724 sffdisk - ok
    17:34:02.0085 9724 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
    17:34:02.0088 9724 sffp_mmc - ok
    17:34:02.0105 9724 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
    17:34:02.0139 9724 sffp_sd - ok
    17:34:02.0149 9724 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
    17:34:02.0152 9724 sfloppy - ok
    17:34:02.0198 9724 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
    17:34:02.0239 9724 Sftfs - ok
    17:34:02.0332 9724 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    17:34:02.0378 9724 sftlist - ok
    17:34:02.0403 9724 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
    17:34:02.0440 9724 Sftplay - ok
    17:34:02.0475 9724 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
    17:34:02.0511 9724 Sftredir - ok
    17:34:02.0543 9724 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
    17:34:02.0578 9724 Sftvol - ok
    17:34:02.0608 9724 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    17:34:02.0649 9724 sftvsa - ok
    17:34:02.0699 9724 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
    17:34:02.0708 9724 SharedAccess - ok
    17:34:02.0743 9724 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
    17:34:02.0774 9724 ShellHWDetection - ok
    17:34:02.0802 9724 [ 7AC6FBFC13ABA3F15B05986412D10E10 ] Shockprf C:\Windows\system32\DRIVERS\Apsx64.sys
    17:34:02.0838 9724 Shockprf - ok
    17:34:02.0874 9724 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
    17:34:02.0878 9724 SiSRaid2 - ok
    17:34:02.0890 9724 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
    17:34:02.0894 9724 SiSRaid4 - ok
    17:34:02.0961 9724 [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
    17:34:07.0499 9724 SkypeUpdate - ok
    17:34:07.0538 9724 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
    17:34:07.0543 9724 Smb - ok
    17:34:07.0581 9724 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
    17:34:07.0586 9724 SNMPTRAP - ok
    17:34:07.0598 9724 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
    17:34:07.0601 9724 spldr - ok
    17:34:07.0653 9724 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
    17:34:07.0691 9724 Spooler - ok
    17:34:07.0780 9724 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
    17:34:07.0795 9724 sppsvc - ok
    17:34:07.0813 9724 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
    17:34:07.0817 9724 sppuinotify - ok
    17:34:07.0835 9724 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
    17:34:07.0870 9724 srv - ok
    17:34:07.0885 9724 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
    17:34:07.0930 9724 srv2 - ok
    17:34:07.0957 9724 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
    17:34:07.0991 9724 srvnet - ok
    17:34:08.0017 9724 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
    17:34:08.0019 9724 SSDPSRV - ok
    17:34:08.0037 9724 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
    17:34:08.0042 9724 SstpSvc - ok
    17:34:08.0079 9724 Steam Client Service - ok
    17:34:08.0091 9724 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
    17:34:08.0094 9724 stexstor - ok
    17:34:08.0135 9724 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
    17:34:08.0168 9724 stisvc - ok
    17:34:08.0276 9724 [ 787D181332401B04DA4EDC422193C47B ] SUService C:\Program Files (x86)\Lenovo\System Update\SUService.exe
    17:34:08.0314 9724 SUService - ok
    17:34:08.0332 9724 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
    17:34:08.0335 9724 swenum - ok
    17:34:08.0365 9724 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
    17:34:08.0376 9724 swprv - ok
    17:34:08.0424 9724 [ 2765A6B5DFF317D15C2E03E5C25122ED ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
    17:34:08.0461 9724 SynTP - ok
    17:34:08.0504 9724 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
    17:34:08.0561 9724 SysMain - ok
    17:34:08.0577 9724 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
    17:34:08.0603 9724 TabletInputService - ok
    17:34:08.0609 9724 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
    17:34:08.0638 9724 TapiSrv - ok
    17:34:08.0654 9724 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
    17:34:08.0656 9724 TBS - ok
    17:34:08.0732 9724 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
    17:34:08.0883 9724 Tcpip - ok
    17:34:08.0934 9724 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
    17:34:08.0942 9724 TCPIP6 - ok
    17:34:09.0005 9724 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
    17:34:09.0039 9724 tcpipreg - ok
    17:34:09.0098 9724 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
    17:34:09.0102 9724 TDPIPE - ok
    17:34:09.0121 9724 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
    17:34:09.0156 9724 TDTCP - ok
    17:34:09.0192 9724 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
    17:34:09.0226 9724 tdx - ok
    17:34:09.0252 9724 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
    17:34:09.0278 9724 TermDD - ok
    17:34:09.0315 9724 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
    17:34:09.0349 9724 TermService - ok
    17:34:09.0394 9724 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
    17:34:09.0399 9724 Themes - ok
    17:34:09.0428 9724 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
    17:34:09.0430 9724 THREADORDER - ok
    17:34:09.0437 9724 [ BC148E3415BF8A9DE83364966F75044F ] TPDIGIMN C:\Windows\system32\DRIVERS\ApsHM64.sys
    17:34:09.0472 9724 TPDIGIMN - ok
    17:34:09.0510 9724 [ BBD91008BEC4A2BA5D383BC9A15D6F9E ] TPHDEXLGSVC C:\Windows\system32\TPHDEXLG64.exe
    17:34:09.0546 9724 TPHDEXLGSVC - ok
    17:34:09.0592 9724 [ 83415782D47F8064FCAFEA308ABB2246 ] TPHKLOAD C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
    17:34:09.0628 9724 TPHKLOAD - ok
    17:34:09.0644 9724 [ 046A7B412E4E6C4A7B426441E143F0F2 ] TPHKSVC C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
    17:34:09.0697 9724 TPHKSVC - ok
    17:34:09.0718 9724 [ DBCC20C02E8A3E43B03C304A4E40A84F ] TPM C:\Windows\system32\drivers\tpm.sys
    17:34:09.0722 9724 TPM - ok
    17:34:09.0742 9724 [ 1DF6E6C026AD1D428687FE3B427A87BC ] TPPWRIF C:\Windows\system32\drivers\Tppwr64v.sys
    17:34:09.0786 9724 TPPWRIF - ok
    17:34:09.0827 9724 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
    17:34:09.0832 9724 TrkWks - ok
    17:34:09.0891 9724 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
    17:34:09.0925 9724 TrustedInstaller - ok
    17:34:09.0938 9724 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
    17:34:09.0973 9724 tssecsrv - ok
    17:34:10.0006 9724 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
    17:34:10.0041 9724 TsUsbFlt - ok
    17:34:10.0061 9724 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
    17:34:10.0096 9724 TsUsbGD - ok
    17:34:10.0118 9724 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
    17:34:10.0152 9724 tunnel - ok
    17:34:10.0176 9724 [ D4915DB03B19F9FD50EC084CC0ED15FC ] TVTI2C C:\Windows\system32\DRIVERS\Tvti2c.sys
    17:34:10.0212 9724 TVTI2C - ok
    17:34:10.0260 9724 [ 760B34088C2AD8D634CC3784EF3A2CA2 ] tvtvcamd C:\Windows\system32\DRIVERS\tvtvcamd.sys
    17:34:10.0295 9724 tvtvcamd - ok
    17:34:10.0312 9724 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
    17:34:10.0317 9724 uagp35 - ok
    17:34:10.0340 9724 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
    17:34:10.0378 9724 udfs - ok
    17:34:10.0402 9724 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
    17:34:10.0407 9724 UI0Detect - ok
    17:34:10.0434 9724 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
    17:34:10.0438 9724 uliagpkx - ok
    17:34:10.0467 9724 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
    17:34:10.0501 9724 umbus - ok
    17:34:10.0509 9724 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
    17:34:10.0512 9724 UmPass - ok
    17:34:10.0586 9724 [ 30FF46EABCA1BB18E4F357492A8F7FC9 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    17:34:10.0588 9724 UNS - ok
    17:34:10.0608 9724 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
    17:34:10.0617 9724 upnphost - ok
    17:34:10.0641 9724 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
    17:34:10.0674 9724 usbccgp - ok
    17:34:10.0696 9724 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
    17:34:10.0700 9724 usbcir - ok
    17:34:10.0720 9724 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
    17:34:10.0755 9724 usbehci - ok
    17:34:10.0821 9724 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
    17:34:10.0823 9724 usbhub - ok
    17:34:10.0838 9724 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
    17:34:10.0873 9724 usbohci - ok
    17:34:10.0890 9724 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys
    17:34:10.0893 9724 usbprint - ok
    17:34:10.0897 9724 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
    17:34:10.0932 9724 USBSTOR - ok
    17:34:10.0935 9724 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
    17:34:10.0970 9724 usbuhci - ok
    17:34:10.0975 9724 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
    17:34:11.0011 9724 usbvideo - ok
    17:34:11.0047 9724 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
    17:34:11.0051 9724 UxSms - ok
    17:34:11.0077 9724 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
    17:34:11.0078 9724 VaultSvc - ok
    17:34:11.0097 9724 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
    17:34:11.0101 9724 vdrvroot - ok
    17:34:11.0125 9724 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
    17:34:11.0165 9724 vds - ok
    17:34:11.0169 9724 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
    17:34:11.0171 9724 vga - ok
    17:34:11.0215 9724 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
    17:34:11.0218 9724 VgaSave - ok
    17:34:11.0224 9724 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
    17:34:11.0262 9724 vhdmp - ok
    17:34:11.0266 9724 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
    17:34:11.0269 9724 viaide - ok
    17:34:11.0328 9724 [ A9BDE7317E68D497DEFAD1C84FBCFD24 ] VIPAppService C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
    17:34:11.0368 9724 VIPAppService - ok
    17:34:11.0385 9724 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
    17:34:11.0421 9724 volmgr - ok
    17:34:11.0438 9724 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
    17:34:11.0440 9724 volmgrx - ok
    17:34:11.0458 9724 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
    17:34:11.0498 9724 volsnap - ok
    17:34:11.0516 9724 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
    17:34:11.0522 9724 vsmraid - ok
    17:34:11.0567 9724 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
    17:34:11.0624 9724 VSS - ok
    17:34:11.0638 9724 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
    17:34:11.0640 9724 vwifibus - ok
    17:34:11.0669 9724 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
    17:34:11.0673 9724 vwififlt - ok
    17:34:11.0709 9724 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
    17:34:11.0719 9724 W32Time - ok
    17:34:11.0724 9724 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
    17:34:11.0728 9724 WacomPen - ok
    17:34:11.0782 9724 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
    17:34:11.0815 9724 WANARP - ok
    17:34:11.0818 9724 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
    17:34:11.0819 9724 Wanarpv6 - ok
    17:34:11.0911 9724 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
    17:34:11.0974 9724 WatAdminSvc - ok
    17:34:12.0018 9724 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
    17:34:12.0062 9724 wbengine - ok
    17:34:12.0073 9724 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
    17:34:12.0075 9724 WbioSrvc - ok
    17:34:12.0089 9724 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
    17:34:12.0120 9724 wcncsvc - ok
    17:34:12.0138 9724 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
    17:34:12.0141 9724 WcsPlugInService - ok
    17:34:12.0164 9724 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
    17:34:12.0168 9724 Wd - ok
    17:34:12.0202 9724 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
    17:34:12.0247 9724 Wdf01000 - ok
    17:34:12.0265 9724 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
    17:34:12.0271 9724 WdiServiceHost - ok
    17:34:12.0274 9724 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
    17:34:12.0276 9724 WdiSystemHost - ok
    17:34:12.0296 9724 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
    17:34:12.0324 9724 WebClient - ok
    17:34:12.0342 9724 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
    17:34:12.0351 9724 Wecsvc - ok
    17:34:12.0363 9724 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
    17:34:12.0365 9724 wercplsupport - ok
    17:34:12.0387 9724 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
    17:34:12.0392 9724 WerSvc - ok
    17:34:12.0427 9724 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
    17:34:12.0429 9724 WfpLwf - ok
    17:34:12.0438 9724 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
    17:34:12.0441 9724 WIMMount - ok
    17:34:12.0453 9724 WinDefend - ok
    17:34:12.0459 9724 WinHttpAutoProxySvc - ok
    17:34:12.0515 9724 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
    17:34:12.0521 9724 Winmgmt - ok
    17:34:12.0572 9724 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
    17:34:12.0691 9724 WinRM - ok
    17:34:12.0746 9724 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUSB.sys
    17:34:12.0780 9724 WinUsb - ok
    17:34:12.0874 9724 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
    17:34:12.0894 9724 Wlansvc - ok
    17:34:12.0948 9724 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
    17:34:12.0983 9724 wlcrasvc - ok
    17:34:13.0083 9724 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    17:34:13.0118 9724 wlidsvc - ok
    17:34:13.0156 9724 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
    17:34:13.0157 9724 WmiAcpi - ok
    17:34:13.0178 9724 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
    17:34:13.0182 9724 wmiApSrv - ok
    17:34:13.0185 9724 WMPNetworkSvc - ok
    17:34:13.0218 9724 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
    17:34:13.0222 9724 WPCSvc - ok
    17:34:13.0239 9724 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
    17:34:13.0265 9724 WPDBusEnum - ok
    17:34:13.0304 9724 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
    17:34:13.0305 9724 ws2ifsl - ok
    17:34:13.0320 9724 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
    17:34:13.0323 9724 wscsvc - ok
    17:34:13.0327 9724 WSearch - ok
    17:34:13.0395 9724 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
    17:34:13.0405 9724 wuauserv - ok
    17:34:13.0456 9724 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
    17:34:13.0489 9724 WudfPf - ok
    17:34:13.0537 9724 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
    17:34:13.0570 9724 WUDFRd - ok
    17:34:13.0619 9724 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
    17:34:13.0646 9724 wudfsvc - ok
    17:34:13.0715 9724 [ F0B1D8725FAB9F4A559CCC91A960FCE0 ] WwanSvc C:\Windows\System32\wwansvc.dll
    17:34:13.0744 9724 WwanSvc - ok
    17:34:13.0801 9724 [ 4A5CE13408945E525503B5F73D29B9C5 ] xnacc C:\Windows\system32\DRIVERS\xnacc.sys
    17:34:13.0813 9724 xnacc - ok
    17:34:13.0828 9724 ================ Scan global ===============================
    17:34:13.0850 9724 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
    17:34:13.0879 9724 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
    17:34:13.0888 9724 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
    17:34:13.0914 9724 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
    17:34:13.0943 9724 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
    17:34:13.0946 9724 [Global] - ok
    17:34:13.0946 9724 ================ Scan MBR ==================================
    17:34:13.0961 9724 [ 4C396012F2DC6B0EB4CDBB3B6CBAEF68 ] \Device\Harddisk0\DR0
    17:34:14.0257 9724 \Device\Harddisk0\DR0 - ok
    17:34:14.0258 9724 ================ Scan VBR ==================================
    17:34:14.0259 9724 [ EBE7A5924DE688C92DCE4954DA56FFD4 ] \Device\Harddisk0\DR0\Partition1
    17:34:14.0261 9724 \Device\Harddisk0\DR0\Partition1 - ok
    17:34:14.0282 9724 [ AC76DF478598C1463A5C44A25BECA22F ] \Device\Harddisk0\DR0\Partition2
    17:34:14.0285 9724 \Device\Harddisk0\DR0\Partition2 - ok
    17:34:14.0318 9724 [ CF8350247705A402E8BAC621748B15A6 ] \Device\Harddisk0\DR0\Partition3
    17:34:14.0320 9724 \Device\Harddisk0\DR0\Partition3 - ok
    17:34:14.0321 9724 ============================================================
    17:34:14.0321 9724 Scan finished
    17:34:14.0321 9724 ============================================================
    17:34:14.0327 9868 Detected object count: 0
    17:34:14.0327 9868 Actual detected object count: 0
    17:34:58.0954 8288 Deinitialize success
     
  13. CatByte

    CatByte Malware Specialist

    Joined:
    Feb 24, 2009
    Messages:
    3,930
    Please run the following:

    Please download Junkware Removal Tool to your desktop.
    • Shutdown your antivirus to avoid any conflicts.
    • Right-mouse click JRT.exe and select Run as administrator
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message


    NEXT


    Download AdwCleaner from here and save it to your desktop.
    • Run AdwCleaner and select Delete
    • Once done it will ask to reboot, allow the reboot
    • On reboot a log will be produced, please attach the content of the log to your next reply


    NEXT

    • Please open your MalwareBytes AntiMalware Program
    • Click the Update Tab and search for updates
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish, so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected. <-- very important
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the entire report in your next reply.

    Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



    NEXT


    Go here to run an online scanner from ESET.
    • Turn off the real time scanner of any existing antivirus program while performing the online scan
    • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
    • When asked, allow the activeX control to install
    • Click Start
    • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
    • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
    • Click Scan
    • Wait for the scan to finish
    • When the scan completes, press the LIST OF THREATS FOUND button
    • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
    • Include the contents of this report in your next reply.
    • Press the BACK button.
    • Press Finish
     
  14. MrPokemon

    MrPokemon Thread Starter

    Joined:
    Dec 26, 2012
    Messages:
    12
    a question,if you can please answer it that would be great.can a virus just disappear?

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 4.4.1 (01.06.2013:2)
    OS: Windows 7 Home Premium x64
    Ran by Chris on Tue 01/08/2013 at 17:19:56.93
    Blog: http://thisisudax.blogspot.com
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values

    Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\\DefaultScope
    Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\\DefaultScope
    Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\searchscopes\\DefaultScope
    Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\searchscopes\\DefaultScope
    Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\searchscopes\\DefaultScope
    Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\searchscopes\\DefaultScope
    Successfully repaired: [Registry Value] hkey_users\S-1-5-21-3910317161-2487669532-2512826936-1001\software\microsoft\internet explorer\searchscopes\\DefaultScope



    ~~~ Registry Keys



    ~~~ Files



    ~~~ Folders

    Successfully deleted: [Folder] "C:\ProgramData\partner"



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Tue 01/08/2013 at 17:26:37.67
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    -------------------------------------------------------------------------------------------------------------------------------------------------------------------------

    # AdwCleaner v2.105 - Logfile created 01/08/2013 at 17:28:39
    # Updated 08/01/2013 by Xplode
    # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
    # User : Chris - CHRIS-LAPTOP
    # Boot Mode : Normal
    # Running from : C:\Users\Chris\Desktop\adwcleaner.exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****


    ***** [Registry] *****


    ***** [Internet Browsers] *****

    -\\ Internet Explorer v9.0.8112.16457

    [OK] Registry is clean.

    -\\ Google Chrome v23.0.1271.97

    File : C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    *************************

    AdwCleaner[S1].txt - [660 octets] - [08/01/2013 17:28:39]

    ########## EOF - C:\AdwCleaner[S1].txt - [719 octets] ##########

    ---------------------------------------------------------------------------------------------------------------------------------------------------------------

    Malwarebytes Anti-Malware (Trial) 1.70.0.1100
    www.malwarebytes.org

    Database version: v2013.01.09.01

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Chris :: CHRIS-LAPTOP [administrator]

    Protection: Disabled

    1/8/2013 5:38:28 PM
    mbam-log-2013-01-08 (17-38-28).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 210967
    Time elapsed: 2 minute(s), 34 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
    ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

    C:\Users\Chris\Downloads\DVDC.rar a variant of Win32/HackTool.Patcher.AD application
     
  15. CatByte

    CatByte Malware Specialist

    Joined:
    Feb 24, 2009
    Messages:
    3,930
    symptoms can disappear, but unless an anti virus or other tool causes the removal of the infection, then I'm not aware that any infection can just "disappear"

    how is the computer running now, are there any outstanding issues?

    NEXT

    Visit ADOBE and download the latest version of Acrobat Reader (version XI)
    Having the latest updates ensures there are no security vulnerabilities in your system.

    NEXT

    [​IMG]
    Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.
    • Download the latest version of Java Runtime Environment (JRE) 7 and Save it to your Desktop.
    • Scroll down to where it says Java SE 7u10
    • Click the Download button under JRE to the right.
    • Read the License Agreement then select Accept License Agreement
    • Click on the link to download Windows x86 Offline and save the file to your desktop.
    • Close any programs you may have running - especially your web browser.
    • Go to Start > Control Panel, double-click on Add or Remove Programs and remove all older versions of Java.
    • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java(TM) 6) in the name.
    • Click the Remove or Change/Remove button.
    • Repeat as many times as necessary to remove each Java versions.
    • Reboot your computer once all Java components are removed.
    • Then from your desktop double-click on jre-7u10-windows-i586.exe to install the newest version.
    • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
      • On the General tab, under Temporary Internet Files, click the Settings button.
      • Next, click on the Delete Files button
      • There are three options in the window to clear the cache - Leave these two Checked

        • Trace and Log Files
          Cached Applications and Applets
        • Click OK on Delete Temporary Files Window
          Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
        • Click OK to leave the Temporary Files Window
        • Click OK to leave the Java Control Panel.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1082409

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice