Jump to content

Start-up failure, Java Exploit, impossible to analyze Hijack This log


odd lion
 Share

Recommended Posts

I have a Thinkpad T400, running Win7, Kaspersky AV, was pretty stable and healthy. It has recently developed horrible symptoms including: suddenly shutting down (ie, crashing, black screen not blue screen), won't start up properly (crashes shortly after start-up, or various programs automatically shut down shortly after start-up, eventually leading to shut down / crash).

 

Running updates of power drivers ("Lenovo updates") caused problems and more shut-downs, though this behavior is erratic...sometimes it runs for an hour, sometimes for 5 minutes.

 

Did a full scan with Kaspersky, which found a Trojan (Exploit.Java.CVE-2011) and appears to have eliminated it. Still, start-up is not stable, and programs (Intel Management and Security among them) still shut down and the machine is clearly not stable or happily running. A repeat scan with Kaspersky found nothing.

 

Did a full scan with Malwarebytes, which found nothing.

 

Did a scan with CCleaner, which cleared out lots of junk.

 

Did a scan with 'Hijack This' (run as administrator), but the program keeps stalling when I try to analyze the log (the final step). I tried this twice, and even tried it on another machine, with the same results. is there some known issue, or am I doing something wrong, or an alternate way of submitting the 'Hijack This' info for analysis?

 

Thanks!

Odd Lion

Link to comment
Share on other sites

I managed to get the Hijack This log, and paste it below. Any help with this would be most appreciated!

Thanks,

Odd Lion

 

*********************

 

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 12:58:53 AM, on 10/3/2012

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16448)

Boot mode: Safe mode with network support

 

Running processes:

C:WindowsExplorer.EXE

C:Windowssystem32ctfmon.exe

C:Windowshelppane.exe

C:UsersYuenDesktopHijackThis.exe

 

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://123.taobao.com/?wangwang/

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =

R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =

R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelperShim.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:ProgramDataRealRealPlayerBrowserRecordPluginIErpbrowserrecordplugin.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre6binssv.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEFavClient.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:Program FilesSkypeToolbarsInternet Explorerskypeieplugin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program FilesJavajre6binjp2ssv.dll

O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEFavClient.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEFavClient.dll

O4 - HKLM..Run: [FingerPrintSoftware] "C:Program FilesLenovo Fingerprint Softwarefpapp.exe" s

O4 - HKLM..Run: [FingerPrintSoftwareSplashScreen] "C:Program FilesLenovo Fingerprint SoftwareSplashScreen.exe" s

O4 - HKLM..Run: [TpShocks] TpShocks.exe

O4 - HKLM..Run: [startCCC] "C:Program FilesATI TechnologiesATI.ACECore-StaticCLIStart.exe" MSRun

O4 - HKLM..Run: [PWMTRV] rundll32 C:PROGRA~1ThinkPadUTILIT~1PWMTR32V.DLL,PwrMgrBkGndMonitor

O4 - HKLM..Run: [TPHOTKEY] C:Program FilesLenovoHOTKEYTPOSDSVC.exe

O4 - HKLM..Run: [LENOVO.TPFNF6R] C:Program FilesLenovoHOTKEYTPFNF6R.exe

O4 - HKLM..Run: [synTPEnh] %ProgramFiles%SynapticsSynTPSynTPEnh.exe

O4 - HKLM..Run: [picon] "C:Program FilesCommon FilesIntelPrivacy IconPrivacyIconClient.exe" -startup

O4 - HKLM..Run: [tsnp2uvc] C:Windowstsnp2uvc.exe

O4 - HKLM..Run: [AVP] "C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0 for Windows Workstations MP4avp.exe"

O4 - HKLM..Run: [AdobeCS4ServiceManager] "C:Program FilesCommon FilesAdobeCS4ServiceManagerCS4ServiceManager.exe" -launchedbylogin

O4 - HKLM..Run: [Adobe Acrobat Speed Launcher] "C:Program FilesAdobeAcrobat 9.0AcrobatAcrobat_sl.exe"

O4 - HKLM..Run: [Acrobat Assistant 8.0] "C:Program FilesAdobeAcrobat 9.0AcrobatAcrotray.exe"

O4 - HKLM..Run: [Adobe ARM] "C:Program FilesCommon FilesAdobeARM1.0AdobeARM.exe"

O4 - HKLM..Run: [sunJavaUpdateSched] "C:Program FilesCommon FilesJavaJava Updatejusched.exe"

O4 - HKLM..Run: [igfxTray] C:Windowssystem32igfxtray.exe

O4 - HKLM..Run: [HotKeysCmds] C:Windowssystem32hkcmd.exe

O4 - HKLM..Run: [Persistence] C:Windowssystem32igfxpers.exe

O4 - HKCU..Run: [smartAudio] C:Program FilesCONEXANTSAIISAIICpl.exe /t

O4 - HKCU..Run: [Google Update] "C:UsersYuenAppDataLocalGoogleUpdateGoogleUpdate.exe" /c

O4 - HKUSS-1-5-19..Run: [sidebar] %ProgramFiles%Windows SidebarSidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUSS-1-5-19..RunOnce: [mctadmin] C:WindowsSystem32mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUSS-1-5-20..Run: [sidebar] %ProgramFiles%Windows SidebarSidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUSS-1-5-20..RunOnce: [mctadmin] C:WindowsSystem32mctadmin.exe (User 'NETWORK SERVICE')

O4 - Global Startup: Digital Line Detect.lnk = C:Program FilesDigital Line DetectDLG.exe

O4 - Global Startup: FileZilla FTP Client

O8 - Extra context menu item: Add to Anti-Banner - C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0 for Windows Workstations MP4ie_banner_deny.htm

O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Append to Existing PDF - res://C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~1MICROS~1Office12EXCEL.EXE/3000

O8 - Extra context menu item: Ìí¼ÓΪ°¢ÀïÍúÍú±íÇé - D:Programs7.00.07CAddNewEmotion.htm

O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0 for Windows Workstations MP4scieplgn.dll

O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:Program FilesSkypeToolbarsInternet Explorerskypeieplugin.dll

O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:Program FilesSkypeToolbarsInternet Explorerskypeieplugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~1Office12REFIEBAR.DLL

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O15 - Trusted Zone: http://*.alipay.com

O15 - Trusted Zone: http://*.alisoft.com

O15 - Trusted Zone: http://*.taobao.com

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:Program FilesSkypeToolbarsInternet Explorerskypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL

O20 - AppInit_DLLs: C:PROGRA~1KASPER~1KASPER~1.0FOadialhk.dll,C:PROGRA~1KASPER~1KASPER~1.0FOkloehk.dll

O23 - Service: AD Monitor (ADMonitor) - Unknown owner - C:Windowssystem32ADMonitor.exe

O23 - Service: AMD External Events Utility - AMD - C:Windowssystem32atiesrxx.exe

O23 - Service: AuthenTec Fingerprint Service (ATService) - AuthenTec, Inc. - C:Windowssystem32AtService.exe

O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0 for Windows Workstations MP4avp.exe

O23 - Service: Data Transfer Service (dtsvc) - Unknown owner - C:Windowssystem32DTS.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:Program FilesIntelWiFibinEvtEng.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe

O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:Windowssystem32ibmpmsvc.exe

O23 - Service: Lenovo Microphone Mute (LENOVO.MICMUTE) - Lenovo Group Limited - C:Program FilesLENOVOHOTKEYMICMUTE.exe

O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:Program FilesIntelAMTLMS.exe

O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:Program FilesMalwarebytes' Anti-Malwarembamscheduler.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:Program FilesMalwarebytes' Anti-Malwarembamservice.exe

O23 - Service: Power Manager DBC Service - Lenovo - C:Program FilesThinkPadUtilitiesPWMDBSVC.EXE

O23 - Service: Macrium Reflect Image Mounting Service (ReflectService.exe) - Unknown owner - D:ProgramsReflectService.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:Program FilesCommon FilesIntelWirelessCommonRegSrvc.exe

O23 - Service: System Update (SUService) - Lenovo Group Limited - C:Program FilesLenovoSystem UpdateSUService.exe

O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:WindowsSystem32TPHDEXLG.exe

O23 - Service: On Screen Display (TPHKSVC) - Lenovo Group Limited - C:Program FilesLENOVOHOTKEYTPHKSVC.exe

O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:Program FilesCommon FilesIntelPrivacy IconUNSUNS.exe

 

--

End of file - 9393 bytes

Link to comment
Share on other sites

Sorry for the delay! If you still need help, download DDS from one of these links:

DDS.com

DDS.pif

  • Disable any script blocking protection
  • Double click the dds icon to run the tool.
  • When done, DDS will open two (2) logs:
    • DDS.txt
    • Attach.txt <--- will be minimized in the task tray
  • Save both reports to your desktop.
Include the contents of both logs in your next post.

The scan will instruct you to post Attach.txt as an attachment.

No need for that though ..... just post it's contents as you would any other log.

Link to comment
Share on other sites

Thanks Jacee! I ran DDS.pif, and it produced the following logs:

 

Thanks for your help,

Odd Lion

 

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31

Run by Yuen at 1:24:06 on 2012-10-05

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2520.1104 [GMT 8:00]

.

AV: Kaspersky Anti-Virus *Enabled/Outdated* {AE1D740B-8F0F-D137-211D-873D44B3F4AE}

SP: Kaspersky Anti-Virus *Enabled/Updated* {157C95EF-A935-DEB9-1BAD-BC4F3F34BE13}

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: Kaspersky Anti-Virus *Enabled* {9626F52E-C560-D06F-0A42-2E08BA60B3D5}

.

============== Running Processes ===============

.

C:Windowssystem32wininit.exe

C:Windowssystem32lsm.exe

C:Windowssystem32svchost.exe -k DcomLaunch

C:Windowssystem32DTS.exe

C:Windowssystem32ibmpmsvc.exe

C:Windowssystem32AtService.exe

C:Windowssystem32svchost.exe -k RPCSS

C:Windowssystem32atiesrxx.exe

C:WindowsSystem32svchost.exe -k LocalServiceNetworkRestricted

C:WindowsSystem32svchost.exe -k LocalSystemNetworkRestricted

C:Windowssystem32svchost.exe -k netsvcs

C:Windowssystem32svchost.exe -k LocalService

C:Windowssystem32atieclxx.exe

C:Windowssystem32svchost.exe -k NetworkService

C:Windowssystem32WLANExt.exe

C:Windowssystem32conhost.exe

C:WindowsSystem32spoolsv.exe

C:Windowssystem32svchost.exe -k LocalServiceNoNetwork

C:Program FilesLENOVOHOTKEYTPHKSVC.exe

C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0 for Windows Workstations MP4avp.exe

C:Program FilesIntelWiFibinEvtEng.exe

C:Windowssystem32svchost.exe -k HsfXAudioService

C:Program FilesIntelAMTLMS.exe

C:Program FilesMalwarebytes' Anti-Malwarembamscheduler.exe

C:Program FilesMalwarebytes' Anti-Malwarembamservice.exe

C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGmdm.exe

D:ProgramsReflectService.exe

C:Program FilesCommon FilesIntelWirelessCommonRegSrvc.exe

C:Windowssystem32svchost.exe -k imgsvc

C:Program FilesCommon FilesIntelPrivacy IconUNSUNS.exe

C:Windowssystem32wbemunsecapp.exe

C:Windowssystem32wbemwmiprvse.exe

C:Windowssystem32taskhost.exe

C:Program FilesMalwarebytes' Anti-Malwarembamgui.exe

C:Windowssystem32Dwm.exe

C:WindowsExplorer.EXE

C:WindowsSystem32TpShocks.exe

C:WindowsSystem32rundll32.exe

C:Program FilesLenovoHOTKEYTPOSDSVC.exe

C:Program FilesLenovoHOTKEYtpfnf6r.exe

C:Program FilesSynapticsSynTPSynTPEnh.exe

C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0 for Windows Workstations MP4avp.exe

C:Program FilesLenovoHOTKEYTPONSCR.exe

C:Windowssystem32taskeng.exe

C:Program FilesLenovoZoomTpScrex.exe

C:Program FilesAdobeAcrobat 9.0Acrobatacrobat_sl.exe

C:Program FilesAdobeAcrobat 9.0Acrobatacrotray.exe

C:Program FilesCommon FilesJavaJava Updatejusched.exe

C:WindowsSystem32igfxpers.exe

C:Program FilesSynapticsSynTPSynTPLpr.exe

C:Windowssystem32igfxsrvc.exe

C:Program FilesDigital Line DetectDLG.exe

C:WindowsSystem32svchost.exe -k LocalServiceAndNoImpersonation

C:Windowssystem32svchost.exe -k bthsvcs

C:Windowssystem32svchost.exe -k NetworkServiceNetworkRestricted

C:Windowssystem32SearchIndexer.exe

C:Program FilesWindows Media Playerwmpnetwk.exe

C:Windowssystem32SearchProtocolHost.exe

C:Program FilesSynapticsSynTPSynTPHelper.exe

C:WindowsSystem32svchost.exe -k LocalServicePeerNet

C:Windowssystem32sppsvc.exe

C:WindowsSystem32svchost.exe -k secsvcs

C:UsersYuenAppDataLocalGoogleChromeApplicationchrome.exe

C:UsersYuenAppDataLocalGoogleChromeApplicationchrome.exe

C:UsersYuenAppDataLocalGoogleChromeApplicationchrome.exe

C:UsersYuenAppDataLocalGoogleChromeApplicationchrome.exe

C:UsersYuenAppDataLocalGoogleChromeApplicationchrome.exe

C:WindowsSystem32svchost.exe -k WerSvcGroup

C:UsersYuenAppDataLocalGoogleChromeApplicationchrome.exe

C:UsersYuenAppDataLocalGoogleChromeApplicationchrome.exe

C:Windowssystem32wbemwmiprvse.exe

C:Windowssystem32wuauclt.exe

C:WindowsservicingTrustedInstaller.exe

?C:Windowssystem32wbemWMIADAP.EXE

C:Windowssystem32SearchFilterHost.exe

C:Windowssystem32conhost.exe

C:Program FilesATI TechnologiesATI.ACECore-StaticMOM.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://123.taobao.com/?wangwang/

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:program filescommon filesadobeacrobatactivexAcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:programdatarealrealplayerbrowserrecordpluginierpbrowserrecordplugin.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:program filesjavajre6binssv.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:program filescommon filesadobeacrobatactivexAcroIEFavClient.dll

BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:program filesskypetoolbarsinternet explorerskypeieplugin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:program filesjavajre6binjp2ssv.dll

BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:program filescommon filesadobeacrobatactivexAcroIEFavClient.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:program filescommon filesadobeacrobatactivexAcroIEFavClient.dll

uRun: [smartAudio] c:program filesconexantsaiiSAIICpl.exe /t

uRun: [Google Update] "c:usersyuenappdatalocalgoogleupdateGoogleUpdate.exe" /c

mRun: [FingerPrintSoftware] "c:program fileslenovo fingerprint softwarefpapp.exe" s

mRun: [FingerPrintSoftwareSplashScreen] "c:program fileslenovo fingerprint softwaresplashscreen.exe" s

mRun: [<NO NAME>]

mRun: [TpShocks] TpShocks.exe

mRun: [startCCC] "c:program filesati technologiesati.acecore-staticCLIStart.exe" MSRun

mRun: [PWMTRV] rundll32 c:progra~1thinkpadutilit~1PWMTR32V.DLL,PwrMgrBkGndMonitor

mRun: [TPHOTKEY] c:program fileslenovohotkeyTPOSDSVC.exe

mRun: [LENOVO.TPFNF6R] c:program fileslenovohotkeyTPFNF6R.exe

mRun: [synTPEnh] %ProgramFiles%SynapticsSynTPSynTPEnh.exe

mRun: [picon] "c:program filescommon filesintelprivacy iconPrivacyIconClient.exe" -startup

mRun: [tsnp2uvc] c:windowstsnp2uvc.exe

mRun: [AVP] "c:program fileskaspersky labkaspersky anti-virus 6.0 for windows workstations mp4avp.exe"

mRun: [AdobeCS4ServiceManager] "c:program filescommon filesadobecs4servicemanagerCS4ServiceManager.exe" -launchedbylogin

mRun: [Adobe Acrobat Speed Launcher] "c:program filesadobeacrobat 9.0acrobatAcrobat_sl.exe"

mRun: [Acrobat Assistant 8.0] "c:program filesadobeacrobat 9.0acrobatAcrotray.exe"

mRun: [Adobe ARM] "c:program filescommon filesadobearm1.0AdobeARM.exe"

mRun: [sunJavaUpdateSched] "c:program filescommon filesjavajava updatejusched.exe"

mRun: [igfxTray] c:windowssystem32igfxtray.exe

mRun: [HotKeysCmds] c:windowssystem32hkcmd.exe

mRun: [Persistence] c:windowssystem32igfxpers.exe

StartupFolder: c:progra~2micros~1windowsstartm~1programsstartupdigita~1.lnk - c:program filesdigital line detectDLG.exe

StartupFolder: c:progra~2micros~1windowsstartm~1programsstartupfilezi~1filezi~1.lnk - d:programsfilezilla ftp clientfilezilla.exe

StartupFolder: c:progra~2micros~1windowsstartm~1programsstartupfilezi~1uninst~1.lnk - d:programsfilezilla ftp clientuninstall.exe

uPolicies-explorer: DisallowCpl = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: DisableCAD = 1 (0x1)

IE: Add to Anti-Banner - c:program fileskaspersky labkaspersky anti-virus 6.0 for windows workstations mp4ie_banner_deny.htm

IE: Append Link Target to Existing PDF - c:program filescommon filesadobeacrobatactivexAcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:program filescommon filesadobeacrobatactivexAcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:program filescommon filesadobeacrobatactivexAcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:program filescommon filesadobeacrobatactivexAcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:progra~1micros~1office12EXCEL.EXE/3000

IE: Ìí¼ÓΪ°¢ÀïÍúÍú±íÇé - d:programs7.00.07cAddNewEmotion.htm

IE: {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - {85E0B171-04FA-11D1-B7DA-00A0C90348D6} - c:program fileskaspersky labkaspersky anti-virus 6.0 for windows workstations mp4scieplgn.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:program filesskypetoolbarsinternet explorerskypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:progra~1micros~1office12REFIEBAR.DLL

Trusted Zone: alipay.com

Trusted Zone: alisoft.com

Trusted Zone: taobao.com

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

TCP: DhcpNameServer = 192.168.0.1

TCP: Interfaces{6BAAEB49-3EDC-4872-AD94-0E108EBCB650} : DhcpNameServer = 192.168.0.1

TCP: Interfaces{6BAAEB49-3EDC-4872-AD94-0E108EBCB650}148434 : DhcpNameServer = 192.168.1.1

TCP: Interfaces{6BAAEB49-3EDC-4872-AD94-0E108EBCB650}6627565676F66777966696 : DhcpNameServer = 10.11.0.201 10.12.0.201

TCP: Interfaces{E8422396-ED33-427D-80A4-4DB2BDAD9386} : DhcpNameServer = 192.168.1.1

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:program filesskypetoolbarsinternet explorerskypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:progra~1common~1skypeSKYPE4~1.DLL

Notify: igfxcui - igfxdev.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:usersyuenappdataroamingmozillafirefoxprofilesj1awi7n1.default

FF - component: c:programdatarealrealplayerbrowserrecordpluginfirefoxextcomponentsnprpffbrowserrecordext.dll

FF - component: c:programdatarealrealplayerbrowserrecordpluginfirefoxextcomponentsnprpffbrowserrecordlegacyext.dll

FF - plugin: c:program filesadobeacrobat 9.0acrobatairnppdf32.dll

FF - plugin: c:program filesjavajre6binnpdeployJava1.dll

FF - plugin: c:program filesjavajre6binnpjpi160_31.dll

FF - plugin: c:program filesjavajre6binplugin2npdeployJava1.dll

FF - plugin: c:program filesjavajre6binplugin2npjp2.dll

FF - plugin: c:program filesmozilla firefoxpluginsnpaliedit.dll

FF - plugin: c:program filesmozilla firefoxpluginsnpwangwang.dll

FF - plugin: c:programdatarealrealplayerbrowserrecordpluginmozillapluginsnprpchromebrowserrecordext.dll

FF - plugin: c:programdatarealrealplayerbrowserrecordpluginmozillapluginsnprphtml5videoshim.dll

FF - plugin: c:usersyuenappdatalocalgoogleupdate1.3.21.115npGoogleUpdate3.dll

FF - plugin: c:usersyuenappdataroamingalipaycfnpalicdo.dll

FF - plugin: d:programs7.20.01cnpwangwang.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:program filesmozilla firefoxextensions{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - c:program filesmozilla firefoxextensions{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - c:program filesmozilla firefoxextensions{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}

FF - Ext: EPUBReader: {5384767E-00D9-40E9-B72F-9CC39D655D6F} - %profile%extensions{5384767E-00D9-40E9-B72F-9CC39D655D6F}

FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%extensions{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:programdatarealrealplayerbrowserrecordpluginfirefoxExt

.

============= SERVICES / DRIVERS ===============

.

R0 pssnap;Paramount Software Snapshot Filter;c:windowssystem32driverspssnap.sys [2012-8-21 16064]

R0 TPDIGIMN;TPDIGIMN;c:windowssystem32driversApsHM86.sys [2009-6-29 20520]

R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:windowssystem32driversklim6.sys [2009-9-14 21520]

R1 lenovo.smi;Lenovo System Interface Driver;c:windowssystem32driverssmiif32.sys [2008-5-12 13480]

R1 vwififlt;Virtual WiFi Filter Driver;c:windowssystem32driversvwififlt.sys [2009-7-14 48128]

R2 AMD External Events Utility;AMD External Events Utility;c:windowssystem32atiesrxx.exe [2009-12-3 172032]

R2 ATService;AuthenTec Fingerprint Service;c:windowssystem32AtService.exe [2009-10-20 1701112]

R2 AVP;Kaspersky Anti-Virus 6.0;c:program fileskaspersky labkaspersky anti-virus 6.0 for windows workstations mp4avp.exe [2009-9-22 315736]

R2 dtsvc;Data Transfer Service;c:windowssystem32DTS.exe [2009-10-20 98304]

R2 HsfXAudioService;HsfXAudioService;c:windowssystem32svchost.exe -k HsfXAudioService [2009-7-14 20992]

R2 MBAMScheduler;MBAMScheduler;c:program filesmalwarebytes' anti-malwarembamscheduler.exe [2012-10-2 399432]

R2 MBAMService;MBAMService;c:program filesmalwarebytes' anti-malwarembamservice.exe [2012-10-2 676936]

R2 ReflectService.exe;Macrium Reflect Image Mounting Service;d:programsReflectService.exe [2012-8-21 224960]

R2 TPHKSVC;On Screen Display;c:program fileslenovohotkeyTPHKSVC.exe [2009-12-3 62320]

R2 UNS;Intel® Management and Security Application User Notification Service;c:program filescommon filesintelprivacy iconunsUNS.exe [2009-12-3 2058776]

R3 amdkmdag;amdkmdag;c:windowssystem32driversatipmdag.sys [2009-12-3 5073920]

R3 amdkmdap;amdkmdap;c:windowssystem32driversatikmpag.sys [2009-12-3 106496]

R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:windowssystem32driversATSwpWDF.sys [2009-10-20 485376]

R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:windowssystem32driverse1y6032.sys [2009-7-14 214016]

R3 intelkmd;intelkmd;c:windowssystem32driversigdpmd32.sys [2009-12-3 5946368]

R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:windowssystem32driversklfltdev.sys [2009-9-3 24848]

R3 MBAMProtector;MBAMProtector;c:windowssystem32driversmbam.sys [2012-10-2 22856]

R3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:windowssystem32driversNETw5s32.sys [2009-9-15 6114816]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:windowssystem32driversvwifimp.sys [2009-7-14 14336]

S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:program fileslenovohotkeymicmute.exe [2009-12-3 45424]

S3 ADMonitor;AD Monitor;c:windowssystem32ADMonitor.exe [2009-10-20 106496]

S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:windowssystem32driversssadadb.sys [2011-5-13 30312]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:windowssystem32driversb57nd60x.sys [2009-7-14 229888]

S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:windowssystem32driversnetw5v32.sys [2009-6-11 4231168]

S3 PCDSRVC{3037D694-FD904ACA-06020000}_0;PCDSRVC{3037D694-FD904ACA-06020000}_0 - PCDR Kernel Mode Service Helper Driver;c:program filespc-doctorpcdsrvc.pkms [2010-9-9 21360]

S3 Power Manager DBC Service;Power Manager DBC Service;c:program filesthinkpadutilitiesPWMDBSVC.exe [2009-12-3 75040]

S3 PSMounter;Macrium Reflect Image Explorer Service;c:windowssystem32driverspsmounter.sys [2012-8-21 53952]

S3 PSVolAcc;PSVolAcc;c:windowssystem32driversPSVolAcc.sys [2012-8-21 12992]

S3 pwdrvio;pwdrvio;c:windowssystem32pwdrvio.sys [2012-8-26 15576]

S3 pwdspio;pwdspio;c:windowssystem32pwdspio.sys [2012-8-26 10200]

S3 SrvHsfHDA;SrvHsfHDA;c:windowssystem32driversVSTAZL3.SYS [2009-7-14 207360]

S3 SrvHsfV92;SrvHsfV92;c:windowssystem32driversVSTDPV3.SYS [2009-7-14 980992]

S3 SrvHsfWinac;SrvHsfWinac;c:windowssystem32driversVSTCNXT3.SYS [2009-7-14 661504]

S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:windowssystem32driversssadbus.sys [2011-5-13 121064]

S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:windowssystem32driversssadmdfl.sys [2011-5-13 12776]

S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:windowssystem32driversssadmdm.sys [2011-5-13 136808]

S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:windowssystem32driversssadserd.sys [2011-5-13 114280]

S3 TsUsbFlt;TsUsbFlt;c:windowssystem32driversTsUsbFlt.sys [2012-8-30 52224]

.

=============== Created Last 30 ================

.

2012-10-01 16:21:50 22856 ----a-w- c:windowssystem32driversmbam.sys

2012-10-01 07:18:15 56200 ----a-w- c:programdatamicrosoftwindows defenderdefinition updates{b0e95510-964b-4376-8b4b-dc735fe6a3d4}offreg.dll

2012-10-01 07:07:30 7023536 ----a-w- c:programdatamicrosoftwindows defenderdefinition updates{b0e95510-964b-4376-8b4b-dc735fe6a3d4}mpengine.dll

2012-10-01 05:54:59 -------- d-----w- c:program filesMalwarebytes' Anti-Malware

2012-10-01 03:17:38 33080 ----a-w- c:windowssystem32driverspsadd.sys

.

==================== Find3M ====================

.

2012-08-30 16:15:39 152576 ----a-w- c:windowssystem32msclmd.dll

2012-08-21 03:33:47 12992 ----a-w- c:windowssystem32driversPSVolAcc.sys

2012-08-21 03:33:27 16064 ----a-w- c:windowssystem32driverspssnap.sys

2012-08-21 03:33:19 53952 ----a-w- c:windowssystem32driverspsmounter.sys

2012-07-18 17:47:53 2345984 ----a-w- c:windowssystem32win32k.sys

.

============= FINISH: 1:29:28.73 ===============

 

 

 

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: DeviceHarddiskVolume1

Install Date: 12/2/2009 11:25:17 PM

System Uptime: 10/5/2012 1:18:50 AM (0 hours ago)

.

Motherboard: LENOVO | | 2767PU5

Processor: Intel® Core2 Duo CPU T9600 @ 2.80GHz | None | 784/266mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 70 GiB total, 27.148 GiB free.

D: is FIXED (NTFS) - 227 GiB total, 172.649 GiB free.

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP699: 9/25/2012 10:04:28 PM - Restore Operation

RP700: 10/1/2012 11:22:31 AM - Windows Update

.

==== Installed Programs ======================

.

°¢ÀïÍúÍú2011Õýʽ°æSP1

Acrobat.com

Adobe Acrobat 9 Pro - English, Français, Deutsch

Adobe Acrobat 9.5.2 - CPSID_83708

Adobe After Effects CS4

Adobe After Effects CS4 Presets

Adobe After Effects CS4 Template Projects & Footage

Adobe After Effects CS4 Third Party Content

Adobe AIR

Adobe Anchor Service CS4

Adobe Bridge CS4

Adobe CMaps CS4

Adobe Color - Photoshop Specific CS4

Adobe Color EU Recommended Settings CS4

Adobe Color JA Extra Settings CS4

Adobe Color NA Extra Settings CS4

Adobe Color Video Profiles AE CS4

Adobe Color Video Profiles CS CS4

Adobe Connect Add-in

Adobe Creative Suite 4 Master Collection

Adobe CS4 International English Speech Analysis Models

Adobe CSI CS4

Adobe Default Language CS4

Adobe Device Central CS4

Adobe Dreamweaver CS4

Adobe Drive CS4

Adobe Dynamiclink Support

Adobe Encore CS4

Adobe Encore CS4 Codecs

Adobe Encore CS4 Library

Adobe ExtendScript Toolkit CS4

Adobe Extension Manager CS4

Adobe Flash CS4

Adobe Flash CS4 Extension - Flash Lite STI en

Adobe Flash CS4 STI-en

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Fonts All

Adobe Illustrator CS4

Adobe InDesign CS4

Adobe InDesign CS4 Application Feature Set Files (Roman)

Adobe InDesign CS4 Common Base Files

Adobe InDesign CS4 Icon Handler

Adobe Linguistics CS4

Adobe Media Encoder CS4

Adobe Media Encoder CS4 Additional Exporter

Adobe Media Encoder CS4 Dolby

Adobe Media Encoder CS4 Exporter

Adobe Media Encoder CS4 Importer

Adobe Media Player

Adobe MotionPicture Color Files CS4

Adobe Output Module

Adobe PDF Library Files CS4

Adobe Photoshop CS4

Adobe Photoshop CS4 Support

Adobe Premiere Pro CS4

Adobe Premiere Pro CS4 Functional Content

Adobe Premiere Pro CS4 Third Party Content

Adobe Search for Help

Adobe Service Manager Extension

Adobe Setup

Adobe SGM CS4

Adobe SING CS4

Adobe Soundbooth CS4

Adobe Soundbooth CS4 Codecs

Adobe Type Support CS4

Adobe Update Manager CS4

Adobe WinSoft Linguistics Plugin

Adobe XMP Panels CS4

AdobeColorCommonSetCMYK

AdobeColorCommonSetRGB

Alipay Cert Component 2.0.0.1

Alipay security plugin 1.3.0.6

Apple Application Support

Apple Software Update

ATI Catalyst Install Manager

ATI Uninstaller

Audacity 1.3.12 (Unicode)

Catalyst Control Center - Branding

Catalyst Control Center Core Implementation

Catalyst Control Center Graphics Full Existing

Catalyst Control Center Graphics Full New

Catalyst Control Center Graphics Light

Catalyst Control Center Graphics Previews Vista

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

ccc-core-static

ccc-utility

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Dutch

CCC Help English

CCC Help French

CCC Help German

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Portuguese

CCC Help Spanish

CCC Help Swedish

CCleaner

Conexant 20561 SmartAudio HD

Connect

ConvertHelper 2.2

FileZilla Client 3.3.4.1

Google Chrome

Integrated Camera

Intel PROSet Wireless

Intel® Management Engine Interface

Intel® PROSet/Wireless WiFi Software

Intel® Active Management Technology

Java Auto Updater

Java 6 Update 31

Kaspersky Anti-Virus 6.0 for Windows Workstations

kuler

LAME v3.98.3 for Audacity

Lenovo Fingerprint Software

Lenovo System Interface Driver

Lenovo ThinkVantage Toolbox

Macrium Reflect Free Edition

Malwarebytes Anti-Malware version 1.65.0.1400

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office Groove MUI (English) 2007

Microsoft Office Groove Setup Metadata MUI (English) 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

MiniTool Partition Wizard Home Edition 7.5

Mozilla Firefox (3.6.18)

On Screen Display

PDF Settings CS4

PeaZip 3.4

Photoshop Camera Raw

Pixel Bender Toolkit

PX Profile Update

QuickTime

RealNetworks - Microsoft Visual C++ 2008 Runtime

RealPlayer

RealUpgrade 1.1

RICOH R5U8xx Media Driver ver.3.62.02

Skype Toolbars

Skype™ 5.0

Suite Shared Configuration CS4

System Update

ThinkPad FullScreen Magnifier

ThinkPad Hotkey Features Setup

ThinkPad Modem Adapter

ThinkPad Power Management Driver

ThinkPad Power Manager

ThinkPad UltraNav Driver

ThinkPad UltraNav Utility

ThinkVantage Active Protection System

Vimeo Uploader

Windows Driver Package - AuthenTec Inc. (ATSwpWDF) Biometric (07/07/2009 8.1.2.56)

Windows Media Player Firefox Plugin

.

==== Event Viewer Messages From Past Week ========

.

9/30/2012 12:00:53 AM, Error: Disk [11] - The driver detected a controller error on DeviceHarddisk1DR1.

10/5/2012 1:21:41 AM, Error: Service Control Manager [7034] - The System Update service terminated unexpectedly. It has done this 1 time(s).

10/5/2012 1:20:52 AM, Error: Service Control Manager [7034] - The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly. It has done this 2 time(s).

10/5/2012 1:19:34 AM, Error: Service Control Manager [7031] - The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

10/5/2012 1:19:08 AM, Error: amdkmdag [52236] - CPLIB :: General - Invalid Parameter

10/5/2012 1:19:08 AM, Error: amdkmdag [43029] - Display is not active

10/3/2012 12:41:49 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

10/3/2012 12:41:48 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

10/3/2012 12:41:48 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

10/3/2012 12:41:47 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

10/3/2012 12:41:41 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

10/3/2012 12:41:23 AM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:WindowsSystem32IWMSSvc.dll Error Code: 21

10/3/2012 12:41:04 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache kl1 KLIF lenovo.smi spldr TPPWRIF Wanarpv6

10/3/2012 1:03:06 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

10/2/2012 11:31:10 AM, Error: Service Control Manager [7016] - The Data Transfer Service service has reported an invalid current state 0.

10/2/2012 1:24:44 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

10/1/2012 2:47:24 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0xc000021a (0x902d0f28, 0x00000001, 0xc0000001, 0x00100570). A dump was saved in: C:WindowsMEMORY.DMP. Report Id: 100112-37611-01.

10/1/2012 11:37:25 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

10/1/2012 11:37:25 AM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

10/1/2012 11:37:25 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

10/1/2012 11:37:17 AM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

10/1/2012 11:37:17 AM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.

10/1/2012 10:46:40 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

10/1/2012 10:46:40 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

10/1/2012 10:46:14 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache kl1 KLIF KLIM6 lenovo.smi NetBIOS NetBT nsiproxy Psched rdbss spldr tdx TPPWRIF vwififlt Wanarpv6 WfpLwf

10/1/2012 10:46:14 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

10/1/2012 10:46:14 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

10/1/2012 10:46:14 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

10/1/2012 10:46:14 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

10/1/2012 10:46:14 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

10/1/2012 10:46:14 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.

10/1/2012 10:46:14 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

10/1/2012 10:46:14 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

10/1/2012 10:46:14 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

10/1/2012 10:46:14 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

.

==== End Of File ===========================

Link to comment
Share on other sites

First unplug any attached devices... next,

 

Please download TFC by Old Timer http://www.geekstogo.com/forum/TFC-Temp-File-Cleaner-OldTimer-file187.html and save it to your desktop.

Save any unsaved work. TFC will close ALL open programs including your browser!

Double-click on TFC.exe to run it. If you are using Vista/Windows 7 right-click on the file and choose Run As Administrator.

Click the Start button to begin the cleaning process and let it run uninterrupted to completion.

Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.

 

After rebooting, flush the DNS cache and restore MS's Hosts file by doing the following:

Copy and paste these lines in Note pad.

 

@Echo on

pushdwindowssystem32driversetc

attrib -h -s -r hosts

echo 127.0.0.1 localhost>HOSTS

attrib +r +h +s hosts

popd

ipconfig /release

ipconfig /renew

ipconfig /flushdns

netsh winsock reset all

netsh int ip reset all

shutdown -r -t 1

del %0

 

Save as flush.bat to your desktop.

Double click on the flush.bat file to run it.Vista and Windows 7... right click the .bat file and choose to run as Administrator. Your computer will reboot itself.

 

After rebooting again, Update Java:

  • Download the latest version of Java Runtime Environment (JRE) 7u7.

    http://www.oracle.com/technetwork/java/javase/downloads/index.html

  • Scroll over to the right (JRE)
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7u7-windows-i586-p.exe to install the newest version.

Re -scan with DDS and post both results as you did above.

Link to comment
Share on other sites

Thanks Jacee, I've done all that - please find the logs below:

Odd Lion

 

 

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.7.2

Run by Yuen at 9:05:38 on 2012-10-05

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2520.1318 [GMT 8:00]

.

AV: Kaspersky Anti-Virus *Enabled/Updated* {AE1D740B-8F0F-D137-211D-873D44B3F4AE}

SP: Kaspersky Anti-Virus *Enabled/Updated* {157C95EF-A935-DEB9-1BAD-BC4F3F34BE13}

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: Kaspersky Anti-Virus *Enabled* {9626F52E-C560-D06F-0A42-2E08BA60B3D5}

.

============== Running Processes ===============

.

C:Windowssystem32wininit.exe

C:Windowssystem32lsm.exe

C:Windowssystem32svchost.exe -k DcomLaunch

C:Windowssystem32DTS.exe

C:Windowssystem32ibmpmsvc.exe

C:Windowssystem32AtService.exe

C:Windowssystem32svchost.exe -k RPCSS

C:Windowssystem32atiesrxx.exe

C:WindowsSystem32svchost.exe -k LocalServiceNetworkRestricted

C:WindowsSystem32svchost.exe -k LocalSystemNetworkRestricted

C:Windowssystem32svchost.exe -k netsvcs

C:Windowssystem32svchost.exe -k LocalService

C:Windowssystem32atieclxx.exe

C:Windowssystem32svchost.exe -k NetworkService

C:Windowssystem32WLANExt.exe

C:Windowssystem32conhost.exe

C:WindowsSystem32spoolsv.exe

C:Windowssystem32svchost.exe -k LocalServiceNoNetwork

C:Program FilesLENOVOHOTKEYTPHKSVC.exe

C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0 for Windows Workstations MP4avp.exe

C:Program FilesIntelWiFibinEvtEng.exe

C:Windowssystem32svchost.exe -k HsfXAudioService

C:Program FilesIntelAMTLMS.exe

C:Program FilesMalwarebytes' Anti-Malwarembamscheduler.exe

C:Program FilesMalwarebytes' Anti-Malwarembamservice.exe

C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGmdm.exe

D:ProgramsReflectService.exe

C:Program FilesCommon FilesIntelWirelessCommonRegSrvc.exe

C:Windowssystem32svchost.exe -k imgsvc

C:Program FilesCommon FilesIntelPrivacy IconUNSUNS.exe

C:Windowssystem32wbemunsecapp.exe

C:Windowssystem32wbemwmiprvse.exe

C:WindowsSystem32svchost.exe -k LocalServiceAndNoImpersonation

C:Windowssystem32svchost.exe -k bthsvcs

C:Windowssystem32svchost.exe -k NetworkServiceNetworkRestricted

C:Windowssystem32taskhost.exe

C:Program FilesMalwarebytes' Anti-Malwarembamgui.exe

C:Windowssystem32Dwm.exe

C:WindowsExplorer.EXE

C:WindowsSystem32TpShocks.exe

C:WindowsSystem32rundll32.exe

C:Program FilesLenovoHOTKEYTPOSDSVC.exe

C:Program FilesLenovoHOTKEYtpfnf6r.exe

C:Program FilesSynapticsSynTPSynTPEnh.exe

C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0 for Windows Workstations MP4avp.exe

C:Program FilesLenovoHOTKEYTPONSCR.exe

C:Program FilesAdobeAcrobat 9.0Acrobatacrotray.exe

C:Program FilesSynapticsSynTPSynTPLpr.exe

C:WindowsSystem32igfxpers.exe

C:Program FilesLenovoZoomTpScrex.exe

C:Windowssystem32igfxsrvc.exe

C:Program FilesDigital Line DetectDLG.exe

C:Program FilesSynapticsSynTPSynTPHelper.exe

C:Windowssystem32SearchIndexer.exe

C:Program FilesWindows Media Playerwmpnetwk.exe

C:Program FilesSkypePhoneSkype.exe

C:WindowsSystem32svchost.exe -k LocalServicePeerNet

C:WindowsSystem32svchost.exe -k secsvcs

C:Program FilesSkypePlugin ManagerskypePM.exe

C:Windowssystem32wuauclt.exe

C:Windowssystem32msiexec.exe

C:Windowssystem32vssvc.exe

C:WindowsSystem32svchost.exe -k swprv

C:Windowssystem32SearchProtocolHost.exe

C:Windowssystem32SearchFilterHost.exe

C:Windowssystem32wbemwmiprvse.exe

C:Windowssystem32DllHost.exe

C:Windowssystem32DllHost.exe

C:Windowssystem32conhost.exe

C:Program FilesATI TechnologiesATI.ACECore-StaticMOM.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://123.taobao.com/?wangwang/

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:program filescommon filesadobeacrobatactivexAcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:programdatarealrealplayerbrowserrecordpluginierpbrowserrecordplugin.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:program filesjavajre7binssv.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:program filescommon filesadobeacrobatactivexAcroIEFavClient.dll

BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:program filesskypetoolbarsinternet explorerskypeieplugin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:program filesjavajre7binjp2ssv.dll

BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:program filescommon filesadobeacrobatactivexAcroIEFavClient.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:program filescommon filesadobeacrobatactivexAcroIEFavClient.dll

uRun: [smartAudio] c:program filesconexantsaiiSAIICpl.exe /t

uRun: [Google Update] "c:usersyuenappdatalocalgoogleupdateGoogleUpdate.exe" /c

mRun: [FingerPrintSoftware] "c:program fileslenovo fingerprint softwarefpapp.exe" s

mRun: [FingerPrintSoftwareSplashScreen] "c:program fileslenovo fingerprint softwaresplashscreen.exe" s

mRun: [<NO NAME>]

mRun: [TpShocks] TpShocks.exe

mRun: [startCCC] "c:program filesati technologiesati.acecore-staticCLIStart.exe" MSRun

mRun: [PWMTRV] rundll32 c:progra~1thinkpadutilit~1PWMTR32V.DLL,PwrMgrBkGndMonitor

mRun: [TPHOTKEY] c:program fileslenovohotkeyTPOSDSVC.exe

mRun: [LENOVO.TPFNF6R] c:program fileslenovohotkeyTPFNF6R.exe

mRun: [synTPEnh] %ProgramFiles%SynapticsSynTPSynTPEnh.exe

mRun: [picon] "c:program filescommon filesintelprivacy iconPrivacyIconClient.exe" -startup

mRun: [tsnp2uvc] c:windowstsnp2uvc.exe

mRun: [AVP] "c:program fileskaspersky labkaspersky anti-virus 6.0 for windows workstations mp4avp.exe"

mRun: [AdobeCS4ServiceManager] "c:program filescommon filesadobecs4servicemanagerCS4ServiceManager.exe" -launchedbylogin

mRun: [Adobe Acrobat Speed Launcher] "c:program filesadobeacrobat 9.0acrobatAcrobat_sl.exe"

mRun: [Acrobat Assistant 8.0] "c:program filesadobeacrobat 9.0acrobatAcrotray.exe"

mRun: [Adobe ARM] "c:program filescommon filesadobearm1.0AdobeARM.exe"

mRun: [igfxTray] c:windowssystem32igfxtray.exe

mRun: [HotKeysCmds] c:windowssystem32hkcmd.exe

mRun: [Persistence] c:windowssystem32igfxpers.exe

mRun: [sunJavaUpdateSched] "c:program filescommon filesjavajava updatejusched.exe"

StartupFolder: c:progra~2micros~1windowsstartm~1programsstartupdigita~1.lnk - c:program filesdigital line detectDLG.exe

StartupFolder: c:progra~2micros~1windowsstartm~1programsstartupfilezi~1filezi~1.lnk - d:programsfilezilla ftp clientfilezilla.exe

StartupFolder: c:progra~2micros~1windowsstartm~1programsstartupfilezi~1uninst~1.lnk - d:programsfilezilla ftp clientuninstall.exe

uPolicies-explorer: DisallowCpl = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: DisableCAD = 1 (0x1)

IE: Add to Anti-Banner - c:program fileskaspersky labkaspersky anti-virus 6.0 for windows workstations mp4ie_banner_deny.htm

IE: Append Link Target to Existing PDF - c:program filescommon filesadobeacrobatactivexAcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:program filescommon filesadobeacrobatactivexAcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:program filescommon filesadobeacrobatactivexAcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:program filescommon filesadobeacrobatactivexAcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:progra~1micros~1office12EXCEL.EXE/3000

IE: Ìí¼ÓΪ°¢ÀïÍúÍú±íÇé - d:programs7.00.07cAddNewEmotion.htm

IE: {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - {85E0B171-04FA-11D1-B7DA-00A0C90348D6} - c:program fileskaspersky labkaspersky anti-virus 6.0 for windows workstations mp4scieplgn.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:program filesskypetoolbarsinternet explorerskypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:progra~1micros~1office12REFIEBAR.DLL

Trusted Zone: alipay.com

Trusted Zone: alisoft.com

Trusted Zone: taobao.com

TCP: DhcpNameServer = 192.168.0.1

TCP: Interfaces{6BAAEB49-3EDC-4872-AD94-0E108EBCB650} : DhcpNameServer = 192.168.0.1

TCP: Interfaces{6BAAEB49-3EDC-4872-AD94-0E108EBCB650}148434 : DhcpNameServer = 192.168.1.1

TCP: Interfaces{6BAAEB49-3EDC-4872-AD94-0E108EBCB650}6627565676F66777966696 : DhcpNameServer = 10.11.0.201 10.12.0.201

TCP: Interfaces{E8422396-ED33-427D-80A4-4DB2BDAD9386} : DhcpNameServer = 192.168.1.1

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:program filesskypetoolbarsinternet explorerskypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:progra~1common~1skypeSKYPE4~1.DLL

Notify: igfxcui - igfxdev.dll

AppInit_DLLs: c:progra~1kasper~1kasper~1.0fokloehk.dll,c:progra~1kasper~1kasper~1.0foadialhk.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:usersyuenappdataroamingmozillafirefoxprofilesj1awi7n1.default

FF - component: c:programdatarealrealplayerbrowserrecordpluginfirefoxextcomponentsnprpffbrowserrecordext.dll

FF - component: c:programdatarealrealplayerbrowserrecordpluginfirefoxextcomponentsnprpffbrowserrecordlegacyext.dll

FF - plugin: c:program filesadobeacrobat 9.0acrobatairnppdf32.dll

FF - plugin: c:program filesjavajre6binnpdeployJava1.dll

FF - plugin: c:program filesjavajre6binnpjpi160_31.dll

FF - plugin: c:program filesjavajre6binplugin2npdeployJava1.dll

FF - plugin: c:program filesjavajre6binplugin2npjp2.dll

FF - plugin: c:program filesmozilla firefoxpluginsnpaliedit.dll

FF - plugin: c:program filesmozilla firefoxpluginsnpwangwang.dll

FF - plugin: c:programdatarealrealplayerbrowserrecordpluginmozillapluginsnprpchromebrowserrecordext.dll

FF - plugin: c:programdatarealrealplayerbrowserrecordpluginmozillapluginsnprphtml5videoshim.dll

FF - plugin: c:usersyuenappdatalocalgoogleupdate1.3.21.115npGoogleUpdate3.dll

FF - plugin: c:usersyuenappdataroamingalipaycfnpalicdo.dll

FF - plugin: d:programs7.20.01cnpwangwang.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:program filesmozilla firefoxextensions{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - c:program filesmozilla firefoxextensions{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}

FF - Ext: EPUBReader: {5384767E-00D9-40E9-B72F-9CC39D655D6F} - %profile%extensions{5384767E-00D9-40E9-B72F-9CC39D655D6F}

FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%extensions{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:programdatarealrealplayerbrowserrecordpluginfirefoxExt

.

============= SERVICES / DRIVERS ===============

.

R0 pssnap;Paramount Software Snapshot Filter;c:windowssystem32driverspssnap.sys [2012-8-21 16064]

R0 TPDIGIMN;TPDIGIMN;c:windowssystem32driversApsHM86.sys [2009-6-29 20520]

R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:windowssystem32driversklim6.sys [2009-9-14 21520]

R1 lenovo.smi;Lenovo System Interface Driver;c:windowssystem32driverssmiif32.sys [2008-5-12 13480]

R1 vwififlt;Virtual WiFi Filter Driver;c:windowssystem32driversvwififlt.sys [2009-7-14 48128]

R2 AMD External Events Utility;AMD External Events Utility;c:windowssystem32atiesrxx.exe [2009-12-3 172032]

R2 ATService;AuthenTec Fingerprint Service;c:windowssystem32AtService.exe [2009-10-20 1701112]

R2 AVP;Kaspersky Anti-Virus 6.0;c:program fileskaspersky labkaspersky anti-virus 6.0 for windows workstations mp4avp.exe [2009-9-22 315736]

R2 dtsvc;Data Transfer Service;c:windowssystem32DTS.exe [2009-10-20 98304]

R2 HsfXAudioService;HsfXAudioService;c:windowssystem32svchost.exe -k HsfXAudioService [2009-7-14 20992]

R2 MBAMScheduler;MBAMScheduler;c:program filesmalwarebytes' anti-malwarembamscheduler.exe [2012-10-2 399432]

R2 MBAMService;MBAMService;c:program filesmalwarebytes' anti-malwarembamservice.exe [2012-10-2 676936]

R2 ReflectService.exe;Macrium Reflect Image Mounting Service;d:programsReflectService.exe [2012-8-21 224960]

R2 TPHKSVC;On Screen Display;c:program fileslenovohotkeyTPHKSVC.exe [2009-12-3 62320]

R2 UNS;Intel® Management and Security Application User Notification Service;c:program filescommon filesintelprivacy iconunsUNS.exe [2009-12-3 2058776]

R3 amdkmdag;amdkmdag;c:windowssystem32driversatipmdag.sys [2009-12-3 5073920]

R3 amdkmdap;amdkmdap;c:windowssystem32driversatikmpag.sys [2009-12-3 106496]

R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:windowssystem32driversATSwpWDF.sys [2009-10-20 485376]

R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:windowssystem32driverse1y6032.sys [2009-7-14 214016]

R3 intelkmd;intelkmd;c:windowssystem32driversigdpmd32.sys [2009-12-3 5946368]

R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:windowssystem32driversklfltdev.sys [2009-9-3 24848]

R3 MBAMProtector;MBAMProtector;c:windowssystem32driversmbam.sys [2012-10-2 22856]

R3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:windowssystem32driversNETw5s32.sys [2009-9-15 6114816]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:windowssystem32driversvwifimp.sys [2009-7-14 14336]

S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:program fileslenovohotkeymicmute.exe [2009-12-3 45424]

S3 ADMonitor;AD Monitor;c:windowssystem32ADMonitor.exe [2009-10-20 106496]

S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:windowssystem32driversssadadb.sys [2011-5-13 30312]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:windowssystem32driversb57nd60x.sys [2009-7-14 229888]

S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:windowssystem32driversnetw5v32.sys [2009-6-11 4231168]

S3 PCDSRVC{3037D694-FD904ACA-06020000}_0;PCDSRVC{3037D694-FD904ACA-06020000}_0 - PCDR Kernel Mode Service Helper Driver;c:program filespc-doctorpcdsrvc.pkms [2010-9-9 21360]

S3 Power Manager DBC Service;Power Manager DBC Service;c:program filesthinkpadutilitiesPWMDBSVC.exe [2009-12-3 75040]

S3 PSMounter;Macrium Reflect Image Explorer Service;c:windowssystem32driverspsmounter.sys [2012-8-21 53952]

S3 PSVolAcc;PSVolAcc;c:windowssystem32driversPSVolAcc.sys [2012-8-21 12992]

S3 pwdrvio;pwdrvio;c:windowssystem32pwdrvio.sys [2012-8-26 15576]

S3 pwdspio;pwdspio;c:windowssystem32pwdspio.sys [2012-8-26 10200]

S3 SrvHsfHDA;SrvHsfHDA;c:windowssystem32driversVSTAZL3.SYS [2009-7-14 207360]

S3 SrvHsfV92;SrvHsfV92;c:windowssystem32driversVSTDPV3.SYS [2009-7-14 980992]

S3 SrvHsfWinac;SrvHsfWinac;c:windowssystem32driversVSTCNXT3.SYS [2009-7-14 661504]

S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:windowssystem32driversssadbus.sys [2011-5-13 121064]

S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:windowssystem32driversssadmdfl.sys [2011-5-13 12776]

S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:windowssystem32driversssadmdm.sys [2011-5-13 136808]

S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:windowssystem32driversssadserd.sys [2011-5-13 114280]

S3 TsUsbFlt;TsUsbFlt;c:windowssystem32driversTsUsbFlt.sys [2012-8-30 52224]

.

=============== Created Last 30 ================

.

2012-10-05 01:04:57 821736 ----a-w- c:windowssystem32npDeployJava1.dll

2012-10-05 01:04:46 93672 ----a-w- c:windowssystem32WindowsAccessBridge.dll

2012-10-01 16:21:50 22856 ----a-w- c:windowssystem32driversmbam.sys

2012-10-01 07:18:15 56200 ----a-w- c:programdatamicrosoftwindows defenderdefinition updates{b0e95510-964b-4376-8b4b-dc735fe6a3d4}offreg.dll

2012-10-01 07:07:30 7023536 ----a-w- c:programdatamicrosoftwindows defenderdefinition updates{b0e95510-964b-4376-8b4b-dc735fe6a3d4}mpengine.dll

2012-10-01 05:54:59 -------- d-----w- c:program filesMalwarebytes' Anti-Malware

2012-10-01 03:17:38 33080 ----a-w- c:windowssystem32driverspsadd.sys

.

==================== Find3M ====================

.

2012-10-05 01:04:38 746984 ----a-w- c:windowssystem32deployJava1.dll

2012-08-30 16:15:39 152576 ----a-w- c:windowssystem32msclmd.dll

2012-08-21 03:33:47 12992 ----a-w- c:windowssystem32driversPSVolAcc.sys

2012-08-21 03:33:27 16064 ----a-w- c:windowssystem32driverspssnap.sys

2012-08-21 03:33:19 53952 ----a-w- c:windowssystem32driverspsmounter.sys

2012-07-18 17:47:53 2345984 ----a-w- c:windowssystem32win32k.sys

.

============= FINISH: 9:06:53.32 ===============

 

 

 

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: DeviceHarddiskVolume1

Install Date: 12/2/2009 11:25:17 PM

System Uptime: 10/5/2012 8:51:21 AM (1 hours ago)

.

Motherboard: LENOVO | | 2767PU5

Processor: Intel® Core2 Duo CPU T9600 @ 2.80GHz | None | 2801/266mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 70 GiB total, 28.63 GiB free.

D: is FIXED (NTFS) - 227 GiB total, 172.649 GiB free.

F: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP700: 10/1/2012 11:22:31 AM - Windows Update

RP701: 10/5/2012 9:01:44 AM - Removed Java 6 Update 31

RP702: 10/5/2012 9:04:28 AM - Installed Java 7 Update 7

.

==== Installed Programs ======================

.

°¢ÀïÍúÍú2011Õýʽ°æSP1

Acrobat.com

Adobe Acrobat 9 Pro - English, Français, Deutsch

Adobe Acrobat 9.5.2 - CPSID_83708

Adobe After Effects CS4

Adobe After Effects CS4 Presets

Adobe After Effects CS4 Template Projects & Footage

Adobe After Effects CS4 Third Party Content

Adobe AIR

Adobe Anchor Service CS4

Adobe Bridge CS4

Adobe CMaps CS4

Adobe Color - Photoshop Specific CS4

Adobe Color EU Recommended Settings CS4

Adobe Color JA Extra Settings CS4

Adobe Color NA Extra Settings CS4

Adobe Color Video Profiles AE CS4

Adobe Color Video Profiles CS CS4

Adobe Connect Add-in

Adobe Creative Suite 4 Master Collection

Adobe CS4 International English Speech Analysis Models

Adobe CSI CS4

Adobe Default Language CS4

Adobe Device Central CS4

Adobe Dreamweaver CS4

Adobe Drive CS4

Adobe Dynamiclink Support

Adobe Encore CS4

Adobe Encore CS4 Codecs

Adobe Encore CS4 Library

Adobe ExtendScript Toolkit CS4

Adobe Extension Manager CS4

Adobe Flash CS4

Adobe Flash CS4 Extension - Flash Lite STI en

Adobe Flash CS4 STI-en

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Fonts All

Adobe Illustrator CS4

Adobe InDesign CS4

Adobe InDesign CS4 Application Feature Set Files (Roman)

Adobe InDesign CS4 Common Base Files

Adobe InDesign CS4 Icon Handler

Adobe Linguistics CS4

Adobe Media Encoder CS4

Adobe Media Encoder CS4 Additional Exporter

Adobe Media Encoder CS4 Dolby

Adobe Media Encoder CS4 Exporter

Adobe Media Encoder CS4 Importer

Adobe Media Player

Adobe MotionPicture Color Files CS4

Adobe Output Module

Adobe PDF Library Files CS4

Adobe Photoshop CS4

Adobe Photoshop CS4 Support

Adobe Premiere Pro CS4

Adobe Premiere Pro CS4 Functional Content

Adobe Premiere Pro CS4 Third Party Content

Adobe Search for Help

Adobe Service Manager Extension

Adobe Setup

Adobe SGM CS4

Adobe SING CS4

Adobe Soundbooth CS4

Adobe Soundbooth CS4 Codecs

Adobe Type Support CS4

Adobe Update Manager CS4

Adobe WinSoft Linguistics Plugin

Adobe XMP Panels CS4

AdobeColorCommonSetCMYK

AdobeColorCommonSetRGB

Alipay Cert Component 2.0.0.1

Alipay security plugin 1.3.0.6

Apple Application Support

Apple Software Update

ATI Catalyst Install Manager

ATI Uninstaller

Audacity 1.3.12 (Unicode)

Catalyst Control Center - Branding

Catalyst Control Center Core Implementation

Catalyst Control Center Graphics Full Existing

Catalyst Control Center Graphics Full New

Catalyst Control Center Graphics Light

Catalyst Control Center Graphics Previews Vista

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

ccc-core-static

ccc-utility

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Dutch

CCC Help English

CCC Help French

CCC Help German

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Portuguese

CCC Help Spanish

CCC Help Swedish

CCleaner

Conexant 20561 SmartAudio HD

Connect

ConvertHelper 2.2

FileZilla Client 3.3.4.1

Google Chrome

Integrated Camera

Intel PROSet Wireless

Intel® Management Engine Interface

Intel® PROSet/Wireless WiFi Software

Intel® Active Management Technology

Java 7 Update 7

Java Auto Updater

Kaspersky Anti-Virus 6.0 for Windows Workstations

kuler

LAME v3.98.3 for Audacity

Lenovo Fingerprint Software

Lenovo System Interface Driver

Lenovo ThinkVantage Toolbox

Macrium Reflect Free Edition

Malwarebytes Anti-Malware version 1.65.0.1400

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office Groove MUI (English) 2007

Microsoft Office Groove Setup Metadata MUI (English) 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

MiniTool Partition Wizard Home Edition 7.5

Mozilla Firefox (3.6.18)

On Screen Display

PDF Settings CS4

PeaZip 3.4

Photoshop Camera Raw

Pixel Bender Toolkit

PX Profile Update

QuickTime

RealNetworks - Microsoft Visual C++ 2008 Runtime

RealPlayer

RealUpgrade 1.1

RICOH R5U8xx Media Driver ver.3.62.02

Skype Toolbars

Skype™ 5.0

Suite Shared Configuration CS4

System Update

ThinkPad FullScreen Magnifier

ThinkPad Hotkey Features Setup

ThinkPad Modem Adapter

ThinkPad Power Management Driver

ThinkPad Power Manager

ThinkPad UltraNav Driver

ThinkPad UltraNav Utility

ThinkVantage Active Protection System

Vimeo Uploader

Windows Driver Package - AuthenTec Inc. (ATSwpWDF) Biometric (07/07/2009 8.1.2.56)

Windows Media Player Firefox Plugin

.

==== Event Viewer Messages From Past Week ========

.

9/30/2012 12:00:53 AM, Error: Disk [11] - The driver detected a controller error on DeviceHarddisk1DR1.

10/5/2012 8:54:08 AM, Error: Service Control Manager [7034] - The System Update service terminated unexpectedly. It has done this 1 time(s).

10/5/2012 8:51:52 AM, Error: Service Control Manager [7034] - The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly. It has done this 2 time(s).

10/5/2012 8:51:50 AM, Error: Service Control Manager [7031] - The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

10/5/2012 8:51:37 AM, Error: amdkmdag [52236] - CPLIB :: General - Invalid Parameter

10/5/2012 8:51:37 AM, Error: amdkmdag [43029] - Display is not active

10/5/2012 8:50:57 AM, Error: Service Control Manager [7016] - The Data Transfer Service service has reported an invalid current state 0.

10/5/2012 8:37:28 AM, Error: Service Control Manager [7034] - The Data Transfer Service service terminated unexpectedly. It has done this 1 time(s).

10/3/2012 12:41:49 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

10/3/2012 12:41:48 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

10/3/2012 12:41:48 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

10/3/2012 12:41:47 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

10/3/2012 12:41:41 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

10/3/2012 12:41:23 AM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:WindowsSystem32IWMSSvc.dll Error Code: 21

10/3/2012 12:41:04 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache kl1 KLIF lenovo.smi spldr TPPWRIF Wanarpv6

10/3/2012 1:03:06 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

10/2/2012 1:24:44 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

10/1/2012 2:47:24 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0xc000021a (0x902d0f28, 0x00000001, 0xc0000001, 0x00100570). A dump was saved in: C:WindowsMEMORY.DMP. Report Id: 100112-37611-01.

10/1/2012 11:37:25 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

10/1/2012 11:37:25 AM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

10/1/2012 11:37:25 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

10/1/2012 11:37:17 AM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

10/1/2012 11:37:17 AM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.

10/1/2012 10:46:40 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

10/1/2012 10:46:40 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

10/1/2012 10:46:14 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache kl1 KLIF KLIM6 lenovo.smi NetBIOS NetBT nsiproxy Psched rdbss spldr tdx TPPWRIF vwififlt Wanarpv6 WfpLwf

10/1/2012 10:46:14 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

10/1/2012 10:46:14 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

10/1/2012 10:46:14 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

10/1/2012 10:46:14 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

10/1/2012 10:46:14 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

10/1/2012 10:46:14 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.

10/1/2012 10:46:14 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

10/1/2012 10:46:14 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

10/1/2012 10:46:14 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

10/1/2012 10:46:14 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

.

==== End Of File ===========================

Link to comment
Share on other sites

1. Do you have any idea what this SP1 program is? --> °¢ÀïÍúÍú2011Õýʽ°æSP1

 

2. Are you able to start up normally without a Java 'failer' notice?

 

3. Have you plugged in all devices and restarted? If so, do you still get the Java notice?

Link to comment
Share on other sites

Hi Jacee, thanks for the quick reply.

 

The answers to your questions are:

 

1) I think (though am not sure) this is a program associated with an online shopping site we use here in Hong Kong to buy things from China. I never liked having to download their software, and don't trust such .exe files from China, so can uninstall if you think that's best.

 

2) The machine starts up, but still shows some errors. I'm not sure if they are what you mean by "Java 'failer'" notices, but I'm getting pop-ups that three programs have stopped working, and asking to close them: Intel Mgmt and Security; Lenovo Fingerprint; Lenovo ThinkVantage Toolbox, and pcdrtoaster. This is suspicious, right?

 

3) There are no devices plugged in. I have restarted multiple times, and while the machine is not suddenly crashing I'm still seeing an odd symptom: The machine is continually (ie, from start-up) acting like it's opening a file or program (ie, the cursor is not just a pointer but has a spinning circle). No sign of this stopping, even after 30 or more minutes.

 

Any idea what's going on?

 

Thanks!

Odd Lion

Link to comment
Share on other sites

1) I think (though am not sure) this is a program associated with an online shopping site we use here in Hong Kong to buy things from China. I never liked having to download their software, and don't trust such .exe files from China, so can uninstall if you think that's best.

Uninstall the program!

 

 

Download Combofix from any of the links below, and save it to your desktop.<--Important

Link 1

Link 2

Link 3

 

Click on this link Here to see a list of programs that should be disabled.

The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

If your anti-virus or firewall complains, please allow this script to run as it is not malicious.

Next: Disconnect from the internet. If you are on Cable or DSL, unplug your computer from the modem.

Next: Please disable all onboard security programs (all running with back ground protection) as it may hinder the scanner from working.

This includes Antivirus, Firewall, and any Spyware scanners that run in the background.

  • Double click combofix.exe and follow the prompts.
  • When finished, it will produce a log for you.
Note: Do not mouseclick combofix's window while its running. That may cause it to stall

Please be patient while the scan runs, at times it may appear to stall.

When finished and after reboot (in case it asks to reboot), it should open a log, combofix.txt.

Post this log in your next reply

After rebooting ensure your Security applications have been re-enabled.

 

In your next reply post:

ComboFix.txt

***A guide and tutorial on "How to use Combofix" can be found here:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

 

IF CF won't run:

*During the download*, rename Combofix.exe to sVchost.exe

Link to comment
Share on other sites

Thanks Jacee,

 

Everything went well until I started running Combifix - it loaded, and started running, and then stalled...and displayed this message on multiple lines:

"The system cannot execute the specified program"

"The system cannot execute the specified program"

"The system cannot execute the specified program"

"The system cannot execute the specified program"

...

 

I tried re-naming CF as you suggested (though was unable to rename *during* the download - Chrome wouldn't let me do that - but running the newly named version had the same result. Tried it a third time for good luck, but it crashed again.

 

btw, I noticed that the underside of the machine is getting extremely hot - the CPU must be very busy thinking about *something*

 

What shall I try next?

 

Thanks!

 

Odd Lion

Link to comment
Share on other sites

Hi Jacee,

 

Please forgive the long silence - I've been halfway around the world and back (literally) in the meantime.

 

I managed to get Combofix to run at last - albeit under "reduced functionality mode due to the week that had elapsed since downlad - and the log is pasted below:

 

Thanks!

Odd Lion

 

**************************************************************************************

 

 

ComboFix 12-10-04.02 - Yuen 10/11/2012 21:22:08.2.2 - x86

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2520.1482 [GMT 8:00]

Running from: c:usersYuenDesktopsVchost.exe.exe

AV: Kaspersky Anti-Virus *Disabled/Outdated* {AE1D740B-8F0F-D137-211D-873D44B3F4AE}

FW: Kaspersky Anti-Virus *Disabled* {9626F52E-C560-D06F-0A42-2E08BA60B3D5}

SP: Kaspersky Anti-Virus *Disabled/Updated* {157C95EF-A935-DEB9-1BAD-BC4F3F34BE13}

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

- REDUCED FUNCTIONALITY MODE -

.

.

((((((((((((((((((((((((( Files Created from 2012-09-11 to 2012-10-11 )))))))))))))))))))))))))))))))

.

.

2012-10-11 13:25 . 2012-10-11 13:25 -------- d-----w- c:usersDefaultAppDataLocaltemp

2012-10-05 01:05 . 2012-10-05 01:05 -------- d-----w- c:program filesCommon FilesJava

2012-10-05 01:04 . 2012-10-05 01:04 821736 ----a-w- c:windowssystem32npDeployJava1.dll

2012-10-05 01:04 . 2012-10-05 01:04 93672 ----a-w- c:windowssystem32WindowsAccessBridge.dll

2012-10-05 01:04 . 2012-10-05 01:04 -------- d-----w- c:program filesJava

2012-10-01 16:21 . 2012-09-07 09:04 22856 ----a-w- c:windowssystem32driversmbam.sys

2012-10-01 07:18 . 2012-10-01 14:11 56200 ----a-w- c:programdataMicrosoftWindows DefenderDefinition Updates{B0E95510-964B-4376-8B4B-DC735FE6A3D4}offreg.dll

2012-10-01 07:07 . 2012-08-19 17:53 7023536 ----a-w- c:programdataMicrosoftWindows DefenderDefinition Updates{B0E95510-964B-4376-8B4B-DC735FE6A3D4}mpengine.dll

2012-10-01 05:54 . 2012-10-01 16:21 -------- d-----w- c:program filesMalwarebytes' Anti-Malware

2012-10-01 03:17 . 2011-12-27 01:10 33080 ----a-w- c:windowssystem32driverspsadd.sys

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-10-05 01:04 . 2011-09-19 12:51 746984 ----a-w- c:windowssystem32deployJava1.dll

2012-08-30 16:15 . 2009-07-14 02:05 152576 ----a-w- c:windowssystem32msclmd.dll

2012-08-23 04:13 . 2012-08-23 04:13 86528 ----a-w- c:windowssystem32iesysprep.dll

2012-08-23 04:13 . 2012-08-23 04:13 76800 ----a-w- c:windowssystem32SetIEInstalledDate.exe

2012-08-23 04:13 . 2012-08-23 04:13 74752 ----a-w- c:windowssystem32RegisterIEPKEYs.exe

2012-08-23 04:13 . 2012-08-23 04:13 74752 ----a-w- c:windowssystem32iesetup.dll

2012-08-23 04:13 . 2012-08-23 04:13 63488 ----a-w- c:windowssystem32tdc.ocx

2012-08-23 04:13 . 2012-08-23 04:13 48640 ----a-w- c:windowssystem32mshtmler.dll

2012-08-23 04:13 . 2012-08-23 04:13 420864 ----a-w- c:windowssystem32vbscript.dll

2012-08-23 04:13 . 2012-08-23 04:13 367104 ----a-w- c:windowssystem32html.iec

2012-08-23 04:13 . 2012-08-23 04:13 2382848 ----a-w- c:windowssystem32mshtml.tlb

2012-08-23 04:13 . 2012-08-23 04:13 23552 ----a-w- c:windowssystem32licmgr10.dll

2012-08-23 04:13 . 2012-08-23 04:13 161792 ----a-w- c:windowssystem32msls31.dll

2012-08-23 04:13 . 2012-08-23 04:13 152064 ----a-w- c:windowssystem32wextract.exe

2012-08-23 04:13 . 2012-08-23 04:13 150528 ----a-w- c:windowssystem32iexpress.exe

2012-08-23 04:13 . 2012-08-23 04:13 142848 ----a-w- c:windowssystem32ieUnatt.exe

2012-08-23 04:13 . 2012-08-23 04:13 1427968 ----a-w- c:windowssystem32inetcpl.cpl

2012-08-23 04:13 . 2012-08-23 04:13 11776 ----a-w- c:windowssystem32mshta.exe

2012-08-23 04:13 . 2012-08-23 04:13 1129472 ----a-w- c:windowssystem32wininet.dll

2012-08-23 04:13 . 2012-08-23 04:13 110592 ----a-w- c:windowssystem32IEAdvpack.dll

2012-08-23 04:13 . 2012-08-23 04:13 35840 ----a-w- c:windowssystem32imgutil.dll

2012-08-23 04:13 . 2012-08-23 04:13 1800704 ----a-w- c:windowssystem32jscript9.dll

2012-08-23 04:13 . 2012-08-23 04:13 101888 ----a-w- c:windowssystem32admparse.dll

2012-08-21 03:33 . 2012-08-21 04:41 12992 ----a-w- c:windowssystem32driversPSVolAcc.sys

2012-08-21 03:33 . 2012-08-21 04:41 16064 ----a-w- c:windowssystem32driverspssnap.sys

2012-08-21 03:33 . 2012-08-21 04:41 53952 ----a-w- c:windowssystem32driverspsmounter.sys

2012-07-18 17:47 . 2012-08-23 04:08 2345984 ----a-w- c:windowssystem32win32k.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]

"SmartAudio"="c:program filesCONEXANTSAIISAIICpl.exe" [2009-07-16 307768]

.

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]

"FingerPrintSoftware"="c:program filesLenovo Fingerprint Softwarefpapp.exe s" [X]

"FingerPrintSoftwareSplashScreen"="c:program filesLenovo Fingerprint SoftwareSplashScreen.exe s" [X]

"TpShocks"="TpShocks.exe" [2009-07-08 337184]

"StartCCC"="c:program filesATI TechnologiesATI.ACECore-StaticCLIStart.exe" [2009-08-25 98304]

"PWMTRV"="c:progra~1ThinkPadUTILIT~1PWMTR32V.DLL" [2009-09-08 714016]

"TPHOTKEY"="c:program filesLenovoHOTKEYTPOSDSVC.exe" [2009-03-13 68976]

"LENOVO.TPFNF6R"="c:program filesLenovoHOTKEYTPFNF6R.exe" [2009-08-20 62752]

"SynTPEnh"="c:program filesSynapticsSynTPSynTPEnh.exe" [2009-07-14 1541416]

"picon"="c:program filesCommon FilesIntelPrivacy IconPrivacyIconClient.exe" [2009-08-04 358424]

"AVP"="c:program filesKaspersky LabKaspersky Anti-Virus 6.0 for Windows Workstations MP4avp.exe" [2009-09-22 315736]

"AdobeCS4ServiceManager"="c:program filesCommon FilesAdobeCS4ServiceManagerCS4ServiceManager.exe" [2008-08-13 611712]

"Adobe Acrobat Speed Launcher"="c:program filesAdobeAcrobat 9.0AcrobatAcrobat_sl.exe" [2012-07-30 41944]

"Acrobat Assistant 8.0"="c:program filesAdobeAcrobat 9.0AcrobatAcrotray.exe" [2012-07-30 640480]

"Adobe ARM"="c:program filesCommon FilesAdobeARM1.0AdobeARM.exe" [2012-07-11 919008]

"IgfxTray"="c:windowssystem32igfxtray.exe" [2009-09-22 141848]

"HotKeysCmds"="c:windowssystem32hkcmd.exe" [2009-09-22 174104]

"Persistence"="c:windowssystem32igfxpers.exe" [2009-09-22 151064]

"SunJavaUpdateSched"="c:program filesCommon FilesJavaJava Updatejusched.exe" [2012-07-03 252848]

.

c:programdataMicrosoftWindowsStart MenuProgramsStartup

Digital Line Detect.lnk - c:program filesDigital Line DetectDLG.exe [2009-12-3 50688]

.

c:programdataMicrosoftWindowsStart MenuProgramsStartupFileZilla FTP Client

FileZilla.lnk - d:programsFileZilla FTP Clientfilezilla.exe [N/A]

Uninstall.lnk - d:programsFileZilla FTP Clientuninstall.exe [N/A]

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"DisableCAD"= 1 (0x1)

.

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]

"DisallowCpl"= 1 (0x1)

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregaliim]

2012-06-07 11:44 235472 ----a-w- d:programsAliIM.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregQuickTime Task]

2010-03-17 13:53 421888 ----a-w- c:program filesQuickTimeQTTask.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregTkBellExe]

2011-08-27 06:12 273528 ----a-w- c:program filesRealRealPlayerUpdaterealsched.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringKasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

.

R2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:program filesLENOVOHOTKEYMICMUTE.exe [x]

R2 MBAMService;MBAMService;c:program filesMalwarebytes' Anti-Malwarembamservice.exe [x]

R3 ADMonitor;AD Monitor;c:windowssystem32ADMonitor.exe [x]

R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:windowssystem32Driversssadadb.sys [x]

R3 MBAMProtector;MBAMProtector;c:windowssystem32driversmbam.sys [x]

R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:windowssystem32DRIVERSnetw5v32.sys [x]

R3 PCDSRVC{3037D694-FD904ACA-06020000}_0;PCDSRVC{3037D694-FD904ACA-06020000}_0 - PCDR Kernel Mode Service Helper Driver;c:program filespc-doctorpcdsrvc.pkms [x]

R3 Power Manager DBC Service;Power Manager DBC Service;c:program filesThinkPadUtilitiesPWMDBSVC.EXE [x]

R3 PSMounter;Macrium Reflect Image Explorer Service;c:windowssystem32driverspsmounter.sys [x]

R3 PSVolAcc;PSVolAcc; [x]

R3 pwdrvio;pwdrvio;c:windowssystem32pwdrvio.sys [x]

R3 pwdspio;pwdspio;c:windowssystem32pwdspio.sys [x]

R3 SrvHsfHDA;SrvHsfHDA;c:windowssystem32DRIVERSVSTAZL3.SYS [x]

R3 SrvHsfV92;SrvHsfV92;c:windowssystem32DRIVERSVSTDPV3.SYS [x]

R3 SrvHsfWinac;SrvHsfWinac;c:windowssystem32DRIVERSVSTCNXT3.SYS [x]

R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:windowssystem32DRIVERSssadbus.sys [x]

R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:windowssystem32DRIVERSssadmdfl.sys [x]

R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:windowssystem32DRIVERSssadmdm.sys [x]

R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:windowssystem32DRIVERSssadserd.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:windowssystem32driverstsusbflt.sys [x]

S0 pssnap;Paramount Software Snapshot Filter;c:windowssystem32DRIVERSpssnap.sys [x]

S0 TPDIGIMN;TPDIGIMN;c:windowsSystem32DRIVERSApsHM86.sys [x]

S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:windowssystem32DRIVERSklim6.sys [x]

S1 lenovo.smi;Lenovo System Interface Driver;c:windowssystem32DRIVERSsmiif32.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:windowssystem32DRIVERSvwififlt.sys [x]

S2 AMD External Events Utility;AMD External Events Utility;c:windowssystem32atiesrxx.exe [x]

S2 ATService;AuthenTec Fingerprint Service;c:windowssystem32AtService.exe [x]

S2 dtsvc;Data Transfer Service;c:windowssystem32DTS.exe [x]

S2 HsfXAudioService;HsfXAudioService;c:windowssystem32svchost.exe [x]

S2 MBAMScheduler;MBAMScheduler;c:program filesMalwarebytes' Anti-Malwarembamscheduler.exe [x]

S2 ReflectService.exe;Macrium Reflect Image Mounting Service;d:programsReflectService.exe [x]

S2 TPHKSVC;On Screen Display;c:program filesLENOVOHOTKEYTPHKSVC.exe [x]

S2 UNS;Intel® Management and Security Application User Notification Service;c:program filesCommon FilesIntelPrivacy IconUNSUNS.exe [x]

S3 amdkmdag;amdkmdag;c:windowssystem32DRIVERSatipmdag.sys [x]

S3 amdkmdap;amdkmdap;c:windowssystem32DRIVERSatikmpag.sys [x]

S3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:windowssystem32DriversATSwpWDF.sys [x]

S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:windowssystem32DRIVERSe1y6032.sys [x]

S3 intelkmd;intelkmd;c:windowssystem32DRIVERSigdpmd32.sys [x]

S3 KLFLTDEV;Kaspersky Lab KLFltDev;c:windowssystem32DRIVERSklfltdev.sys [x]

S3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:windowssystem32DRIVERSNETw5s32.sys [x]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:windowssystem32DRIVERSvwifimp.sys [x]

.

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionsvchost]

HsfXAudioService REG_MULTI_SZ HsfXAudioService

.

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{cd9dfb85-dfdb-11de-9d80-806e6f6e6963}]

shellAutoRuncommand - e:thininstallerThinInstaller.exe

.

Contents of the 'Scheduled Tasks' folder

.

2012-10-11 c:windowsTasksAliUpdater{FE2166C3-4BAC-4482-A24C-59C63DACE077}.job

- d:programsAliTask.exe [2011-08-17 13:45]

.

2012-10-05 c:windowsTasksGoogleUpdateTaskUserS-1-5-21-3951011922-1213186588-3824664048-1000Core.job

- c:usersYuenAppDataLocalGoogleUpdateGoogleUpdate.exe [2009-12-09 04:22]

.

2012-10-05 c:windowsTasksGoogleUpdateTaskUserS-1-5-21-3951011922-1213186588-3824664048-1000UA.job

- c:usersYuenAppDataLocalGoogleUpdateGoogleUpdate.exe [2009-12-09 04:22]

.

2012-10-11 c:windowsTasksPCDoctorBackgroundMonitorTask.job

- c:program filesPC-Doctoruaclauncher.exe [2010-09-08 21:08]

.

2012-10-11 c:windowsTasksSystemToolsDailyTest.job

- c:program filesPC-Doctorpcdrcui.exe [2010-09-08 21:08]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://123.taobao.com/?wangwang/

IE: Add to Anti-Banner - c:program filesKaspersky LabKaspersky Anti-Virus 6.0 for Windows Workstations MP4ie_banner_deny.htm

IE: Append Link Target to Existing PDF - c:program filesCommon FilesAdobeAcrobatActiveXAcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:program filesCommon FilesAdobeAcrobatActiveXAcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:program filesCommon FilesAdobeAcrobatActiveXAcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:program filesCommon FilesAdobeAcrobatActiveXAcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:progra~1MICROS~1Office12EXCEL.EXE/3000

IE: Ìí¼ÓΪ°¢ÀïÍúÍú±íÇé - d:programs7.00.07CAddNewEmotion.htm

Trusted Zone: alipay.com

Trusted Zone: alisoft.com

Trusted Zone: taobao.com

FF - ProfilePath - c:usersYuenAppDataRoamingMozillaFirefoxProfilesj1awi7n1.default

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:program filesMozilla Firefoxextensions{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - c:program filesMozilla Firefoxextensions{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}

FF - Ext: EPUBReader: {5384767E-00D9-40E9-B72F-9CC39D655D6F} - %profile%extensions{5384767E-00D9-40E9-B72F-9CC39D655D6F}

FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%extensions{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:programdataRealRealPlayerBrowserRecordPluginFirefoxExt

.

- - - - ORPHANS REMOVED - - - -

.

HKLM-Run-tsnp2uvc - c:windowstsnp2uvc.exe

AddRemove-Audacity 1.3 Beta (Unicode)_is1 - d:program filesAudacity 1.3 Beta (Unicode)unins000.exe

AddRemove-FileZilla Client - d:programsFileZilla FTP Clientuninstall.exe

AddRemove-Adobe Connect Add-in - c:usersYuenAppDataRoamingMacromediaFlash Playerwww.macromedia.combinconnectaddinconnectaddin.exe

.

.

.

[HKEY_LOCAL_MACHINEsystemControlSet001servicesPCDSRVC{3037D694-FD904ACA-06020000}_0]

"ImagePath"="??c:program filespc-doctorpcdsrvc.pkms"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERSS-1-5-21-3951011922-1213186588-3824664048-1000_Classes.*?–Ì‘úeúe¥c6e„vïS‘u‡eöN]

@Allowed: (Read) (RestrictedCode)

@="AliFileCheck.File"

.

[HKEY_LOCAL_MACHINEsoftwareMicrosoftEnvironment*]

"v5Licence0"="15-16N1-5PR2-97N6-WZNX-HUZ1-UBFNC3W"

.

[HKEY_LOCAL_MACHINEsystemControlSet001ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}0000AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINEsystemControlSet001ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}0001AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINEsystemControlSet001ControlPCWSecurity]

@Denied: (Full) (Everyone)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(1028)

c:progra~1ThinkPadUTILIT~1PWMTR32V.DLL

c:progra~1ThinkPadUTILIT~1USPWMRT32V.DLL

c:progra~1ThinkPadUTILIT~1PWMIF32V.DLL

.

Completion time: 2012-10-11 21:30:34

ComboFix-quarantined-files.txt 2012-10-11 13:30

.

Pre-Run: 30,373,670,912 bytes free

Post-Run: 30,159,400,960 bytes free

.

- - End Of File - - 5AC472EBC360A2900AC77B79E9341081

Link to comment
Share on other sites

Sorry, I noticed that the Chinese e-commerce program was still on there. I unistalled, and here is the new log:

 

 

ComboFix 12-10-04.02 - Yuen 10/11/2012 23:01:28.3.2 - x86

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2520.1399 [GMT 8:00]

Running from: c:usersYuenDesktopsVchost.exe.exe

AV: Kaspersky Anti-Virus *Disabled/Outdated* {AE1D740B-8F0F-D137-211D-873D44B3F4AE}

FW: Kaspersky Anti-Virus *Disabled* {9626F52E-C560-D06F-0A42-2E08BA60B3D5}

SP: Kaspersky Anti-Virus *Disabled/Updated* {157C95EF-A935-DEB9-1BAD-BC4F3F34BE13}

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

- REDUCED FUNCTIONALITY MODE -

.

.

((((((((((((((((((((((((( Files Created from 2012-09-11 to 2012-10-11 )))))))))))))))))))))))))))))))

.

.

2012-10-11 15:05 . 2012-10-11 15:05 -------- d-----w- c:usersDefaultAppDataLocaltemp

2012-10-11 13:19 . 2012-10-11 13:30 -------- d-----w- C:sVchost.exe

2012-10-05 01:05 . 2012-10-05 01:05 -------- d-----w- c:program filesCommon FilesJava

2012-10-05 01:04 . 2012-10-05 01:04 821736 ----a-w- c:windowssystem32npDeployJava1.dll

2012-10-05 01:04 . 2012-10-05 01:04 93672 ----a-w- c:windowssystem32WindowsAccessBridge.dll

2012-10-05 01:04 . 2012-10-05 01:04 -------- d-----w- c:program filesJava

2012-10-01 16:21 . 2012-09-07 09:04 22856 ----a-w- c:windowssystem32driversmbam.sys

2012-10-01 07:18 . 2012-10-01 14:11 56200 ----a-w- c:programdataMicrosoftWindows DefenderDefinition Updates{B0E95510-964B-4376-8B4B-DC735FE6A3D4}offreg.dll

2012-10-01 07:07 . 2012-08-19 17:53 7023536 ----a-w- c:programdataMicrosoftWindows DefenderDefinition Updates{B0E95510-964B-4376-8B4B-DC735FE6A3D4}mpengine.dll

2012-10-01 05:54 . 2012-10-01 16:21 -------- d-----w- c:program filesMalwarebytes' Anti-Malware

2012-10-01 03:17 . 2011-12-27 01:10 33080 ----a-w- c:windowssystem32driverspsadd.sys

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-10-05 01:04 . 2011-09-19 12:51 746984 ----a-w- c:windowssystem32deployJava1.dll

2012-08-30 16:15 . 2009-07-14 02:05 152576 ----a-w- c:windowssystem32msclmd.dll

2012-08-23 04:13 . 2012-08-23 04:13 86528 ----a-w- c:windowssystem32iesysprep.dll

2012-08-23 04:13 . 2012-08-23 04:13 76800 ----a-w- c:windowssystem32SetIEInstalledDate.exe

2012-08-23 04:13 . 2012-08-23 04:13 74752 ----a-w- c:windowssystem32RegisterIEPKEYs.exe

2012-08-23 04:13 . 2012-08-23 04:13 74752 ----a-w- c:windowssystem32iesetup.dll

2012-08-23 04:13 . 2012-08-23 04:13 63488 ----a-w- c:windowssystem32tdc.ocx

2012-08-23 04:13 . 2012-08-23 04:13 48640 ----a-w- c:windowssystem32mshtmler.dll

2012-08-23 04:13 . 2012-08-23 04:13 420864 ----a-w- c:windowssystem32vbscript.dll

2012-08-23 04:13 . 2012-08-23 04:13 367104 ----a-w- c:windowssystem32html.iec

2012-08-23 04:13 . 2012-08-23 04:13 2382848 ----a-w- c:windowssystem32mshtml.tlb

2012-08-23 04:13 . 2012-08-23 04:13 23552 ----a-w- c:windowssystem32licmgr10.dll

2012-08-23 04:13 . 2012-08-23 04:13 161792 ----a-w- c:windowssystem32msls31.dll

2012-08-23 04:13 . 2012-08-23 04:13 152064 ----a-w- c:windowssystem32wextract.exe

2012-08-23 04:13 . 2012-08-23 04:13 150528 ----a-w- c:windowssystem32iexpress.exe

2012-08-23 04:13 . 2012-08-23 04:13 142848 ----a-w- c:windowssystem32ieUnatt.exe

2012-08-23 04:13 . 2012-08-23 04:13 1427968 ----a-w- c:windowssystem32inetcpl.cpl

2012-08-23 04:13 . 2012-08-23 04:13 11776 ----a-w- c:windowssystem32mshta.exe

2012-08-23 04:13 . 2012-08-23 04:13 1129472 ----a-w- c:windowssystem32wininet.dll

2012-08-23 04:13 . 2012-08-23 04:13 110592 ----a-w- c:windowssystem32IEAdvpack.dll

2012-08-23 04:13 . 2012-08-23 04:13 35840 ----a-w- c:windowssystem32imgutil.dll

2012-08-23 04:13 . 2012-08-23 04:13 1800704 ----a-w- c:windowssystem32jscript9.dll

2012-08-23 04:13 . 2012-08-23 04:13 101888 ----a-w- c:windowssystem32admparse.dll

2012-08-21 03:33 . 2012-08-21 04:41 12992 ----a-w- c:windowssystem32driversPSVolAcc.sys

2012-08-21 03:33 . 2012-08-21 04:41 16064 ----a-w- c:windowssystem32driverspssnap.sys

2012-08-21 03:33 . 2012-08-21 04:41 53952 ----a-w- c:windowssystem32driverspsmounter.sys

2012-07-18 17:47 . 2012-08-23 04:08 2345984 ----a-w- c:windowssystem32win32k.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]

"SmartAudio"="c:program filesCONEXANTSAIISAIICpl.exe" [2009-07-16 307768]

.

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]

"FingerPrintSoftware"="c:program filesLenovo Fingerprint Softwarefpapp.exe s" [X]

"FingerPrintSoftwareSplashScreen"="c:program filesLenovo Fingerprint SoftwareSplashScreen.exe s" [X]

"TpShocks"="TpShocks.exe" [2009-07-08 337184]

"StartCCC"="c:program filesATI TechnologiesATI.ACECore-StaticCLIStart.exe" [2009-08-25 98304]

"PWMTRV"="c:progra~1ThinkPadUTILIT~1PWMTR32V.DLL" [2009-09-08 714016]

"TPHOTKEY"="c:program filesLenovoHOTKEYTPOSDSVC.exe" [2009-03-13 68976]

"LENOVO.TPFNF6R"="c:program filesLenovoHOTKEYTPFNF6R.exe" [2009-08-20 62752]

"SynTPEnh"="c:program filesSynapticsSynTPSynTPEnh.exe" [2009-07-14 1541416]

"picon"="c:program filesCommon FilesIntelPrivacy IconPrivacyIconClient.exe" [2009-08-04 358424]

"AVP"="c:program filesKaspersky LabKaspersky Anti-Virus 6.0 for Windows Workstations MP4avp.exe" [2009-09-22 315736]

"AdobeCS4ServiceManager"="c:program filesCommon FilesAdobeCS4ServiceManagerCS4ServiceManager.exe" [2008-08-13 611712]

"Adobe Acrobat Speed Launcher"="c:program filesAdobeAcrobat 9.0AcrobatAcrobat_sl.exe" [2012-07-30 41944]

"Acrobat Assistant 8.0"="c:program filesAdobeAcrobat 9.0AcrobatAcrotray.exe" [2012-07-30 640480]

"Adobe ARM"="c:program filesCommon FilesAdobeARM1.0AdobeARM.exe" [2012-07-11 919008]

"IgfxTray"="c:windowssystem32igfxtray.exe" [2009-09-22 141848]

"HotKeysCmds"="c:windowssystem32hkcmd.exe" [2009-09-22 174104]

"Persistence"="c:windowssystem32igfxpers.exe" [2009-09-22 151064]

"SunJavaUpdateSched"="c:program filesCommon FilesJavaJava Updatejusched.exe" [2012-07-03 252848]

.

c:programdataMicrosoftWindowsStart MenuProgramsStartup

Digital Line Detect.lnk - c:program filesDigital Line DetectDLG.exe [2009-12-3 50688]

.

c:programdataMicrosoftWindowsStart MenuProgramsStartupFileZilla FTP Client

FileZilla.lnk - d:programsFileZilla FTP Clientfilezilla.exe [N/A]

Uninstall.lnk - d:programsFileZilla FTP Clientuninstall.exe [N/A]

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"DisableCAD"= 1 (0x1)

.

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]

"DisallowCpl"= 1 (0x1)

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregQuickTime Task]

2010-03-17 13:53 421888 ----a-w- c:program filesQuickTimeQTTask.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregTkBellExe]

2011-08-27 06:12 273528 ----a-w- c:program filesRealRealPlayerUpdaterealsched.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringKasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

.

R2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:program filesLENOVOHOTKEYMICMUTE.exe [x]

R2 MBAMService;MBAMService;c:program filesMalwarebytes' Anti-Malwarembamservice.exe [x]

R3 ADMonitor;AD Monitor;c:windowssystem32ADMonitor.exe [x]

R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:windowssystem32Driversssadadb.sys [x]

R3 MBAMProtector;MBAMProtector;c:windowssystem32driversmbam.sys [x]

R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:windowssystem32DRIVERSnetw5v32.sys [x]

R3 PCDSRVC{3037D694-FD904ACA-06020000}_0;PCDSRVC{3037D694-FD904ACA-06020000}_0 - PCDR Kernel Mode Service Helper Driver;c:program filespc-doctorpcdsrvc.pkms [x]

R3 Power Manager DBC Service;Power Manager DBC Service;c:program filesThinkPadUtilitiesPWMDBSVC.EXE [x]

R3 PSMounter;Macrium Reflect Image Explorer Service;c:windowssystem32driverspsmounter.sys [x]

R3 PSVolAcc;PSVolAcc; [x]

R3 pwdrvio;pwdrvio;c:windowssystem32pwdrvio.sys [x]

R3 pwdspio;pwdspio;c:windowssystem32pwdspio.sys [x]

R3 SrvHsfHDA;SrvHsfHDA;c:windowssystem32DRIVERSVSTAZL3.SYS [x]

R3 SrvHsfV92;SrvHsfV92;c:windowssystem32DRIVERSVSTDPV3.SYS [x]

R3 SrvHsfWinac;SrvHsfWinac;c:windowssystem32DRIVERSVSTCNXT3.SYS [x]

R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:windowssystem32DRIVERSssadbus.sys [x]

R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:windowssystem32DRIVERSssadmdfl.sys [x]

R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:windowssystem32DRIVERSssadmdm.sys [x]

R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:windowssystem32DRIVERSssadserd.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:windowssystem32driverstsusbflt.sys [x]

S0 pssnap;Paramount Software Snapshot Filter;c:windowssystem32DRIVERSpssnap.sys [x]

S0 TPDIGIMN;TPDIGIMN;c:windowsSystem32DRIVERSApsHM86.sys [x]

S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:windowssystem32DRIVERSklim6.sys [x]

S1 lenovo.smi;Lenovo System Interface Driver;c:windowssystem32DRIVERSsmiif32.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:windowssystem32DRIVERSvwififlt.sys [x]

S2 AMD External Events Utility;AMD External Events Utility;c:windowssystem32atiesrxx.exe [x]

S2 ATService;AuthenTec Fingerprint Service;c:windowssystem32AtService.exe [x]

S2 dtsvc;Data Transfer Service;c:windowssystem32DTS.exe [x]

S2 HsfXAudioService;HsfXAudioService;c:windowssystem32svchost.exe [x]

S2 MBAMScheduler;MBAMScheduler;c:program filesMalwarebytes' Anti-Malwarembamscheduler.exe [x]

S2 ReflectService.exe;Macrium Reflect Image Mounting Service;d:programsReflectService.exe [x]

S2 TPHKSVC;On Screen Display;c:program filesLENOVOHOTKEYTPHKSVC.exe [x]

S2 UNS;Intel® Management and Security Application User Notification Service;c:program filesCommon FilesIntelPrivacy IconUNSUNS.exe [x]

S3 amdkmdag;amdkmdag;c:windowssystem32DRIVERSatipmdag.sys [x]

S3 amdkmdap;amdkmdap;c:windowssystem32DRIVERSatikmpag.sys [x]

S3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:windowssystem32DriversATSwpWDF.sys [x]

S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:windowssystem32DRIVERSe1y6032.sys [x]

S3 intelkmd;intelkmd;c:windowssystem32DRIVERSigdpmd32.sys [x]

S3 KLFLTDEV;Kaspersky Lab KLFltDev;c:windowssystem32DRIVERSklfltdev.sys [x]

S3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:windowssystem32DRIVERSNETw5s32.sys [x]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:windowssystem32DRIVERSvwifimp.sys [x]

.

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionsvchost]

HsfXAudioService REG_MULTI_SZ HsfXAudioService

.

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{cd9dfb85-dfdb-11de-9d80-806e6f6e6963}]

shellAutoRuncommand - e:thininstallerThinInstaller.exe

.

Contents of the 'Scheduled Tasks' folder

.

2012-10-05 c:windowsTasksGoogleUpdateTaskUserS-1-5-21-3951011922-1213186588-3824664048-1000Core.job

- c:usersYuenAppDataLocalGoogleUpdateGoogleUpdate.exe [2009-12-09 04:22]

.

2012-10-11 c:windowsTasksGoogleUpdateTaskUserS-1-5-21-3951011922-1213186588-3824664048-1000UA.job

- c:usersYuenAppDataLocalGoogleUpdateGoogleUpdate.exe [2009-12-09 04:22]

.

2012-10-11 c:windowsTasksPCDoctorBackgroundMonitorTask.job

- c:program filesPC-Doctoruaclauncher.exe [2010-09-08 21:08]

.

2012-10-11 c:windowsTasksSystemToolsDailyTest.job

- c:program filesPC-Doctorpcdrcui.exe [2010-09-08 21:08]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://123.taobao.com/?wangwang/

IE: Add to Anti-Banner - c:program filesKaspersky LabKaspersky Anti-Virus 6.0 for Windows Workstations MP4ie_banner_deny.htm

IE: Append Link Target to Existing PDF - c:program filesCommon FilesAdobeAcrobatActiveXAcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:program filesCommon FilesAdobeAcrobatActiveXAcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:program filesCommon FilesAdobeAcrobatActiveXAcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:program filesCommon FilesAdobeAcrobatActiveXAcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:progra~1MICROS~1Office12EXCEL.EXE/3000

IE: Ìí¼ÓΪ°¢ÀïÍúÍú±íÇé - d:programs7.00.07CAddNewEmotion.htm

Trusted Zone: alipay.com

Trusted Zone: alisoft.com

Trusted Zone: taobao.com

FF - ProfilePath - c:usersYuenAppDataRoamingMozillaFirefoxProfilesj1awi7n1.default

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:program filesMozilla Firefoxextensions{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - c:program filesMozilla Firefoxextensions{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}

FF - Ext: EPUBReader: {5384767E-00D9-40E9-B72F-9CC39D655D6F} - %profile%extensions{5384767E-00D9-40E9-B72F-9CC39D655D6F}

FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%extensions{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:programdataRealRealPlayerBrowserRecordPluginFirefoxExt

.

- - - - ORPHANS REMOVED - - - -

.

MSConfigStartUp-aliim - d:programsaliim.exe

AddRemove-°¢ÀïÍúÍú2011Õýʽ°æSP1 - d:programsUninstall.exe

.

.

.

[HKEY_LOCAL_MACHINEsystemControlSet001servicesPCDSRVC{3037D694-FD904ACA-06020000}_0]

"ImagePath"="??c:program filespc-doctorpcdsrvc.pkms"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERSS-1-5-21-3951011922-1213186588-3824664048-1000_Classes.*?–Ì‘úeúe¥c6e„vïS‘u‡eöN]

@Allowed: (Read) (RestrictedCode)

@="AliFileCheck.File"

.

[HKEY_LOCAL_MACHINEsoftwareMicrosoftEnvironment*]

"v5Licence0"="15-16N1-5PR2-97N6-WZNX-HUZ1-UBFNC3W"

.

[HKEY_LOCAL_MACHINEsystemControlSet001ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}0000AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINEsystemControlSet001ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}0001AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINEsystemControlSet001ControlPCWSecurity]

@Denied: (Full) (Everyone)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(1104)

c:progra~1ThinkPadUTILIT~1PWMTR32V.DLL

c:progra~1ThinkPadUTILIT~1USPWMRT32V.DLL

c:progra~1ThinkPadUTILIT~1PWMIF32V.DLL

.

Completion time: 2012-10-11 23:10:09

ComboFix-quarantined-files.txt 2012-10-11 15:10

ComboFix2.txt 2012-10-11 13:30

.

Pre-Run: 30,149,394,432 bytes free

Post-Run: 29,992,214,528 bytes free

.

- - End Of File - - 387E7E6F55743FFB508C8ABAA30BBC9B

Link to comment
Share on other sites

run these next,

 

tdsskiller:

 

Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C: folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

 

Please download aswMBR to your desktop.

  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

 

If you have any problems running either one come back and let me know

 

please reply with the reports from TDSSKiller and aswMBR

Link to comment
Share on other sites

Thanks Jacee - the machine crashed a number of times during the aswMBR, but finally completed the scan. I noticed it was getting very hot again - could that have caused the shutdown?

 

Anyway, the logs:

 

 

01:56:42.0316 4336 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24

01:56:43.0206 4336 ============================================================

01:56:43.0206 4336 Current date / time: 2012/10/12 01:56:43.0206

01:56:43.0206 4336 SystemInfo:

01:56:43.0206 4336

01:56:43.0206 4336 OS Version: 6.1.7601 ServicePack: 1.0

01:56:43.0206 4336 Product type: Workstation

01:56:43.0206 4336 ComputerName: COMPUTER

01:56:43.0206 4336 UserName: Yuen

01:56:43.0206 4336 Windows directory: C:Windows

01:56:43.0206 4336 System windows directory: C:Windows

01:56:43.0206 4336 Processor architecture: Intel x86

01:56:43.0206 4336 Number of processors: 2

01:56:43.0206 4336 Page size: 0x1000

01:56:43.0206 4336 Boot type: Normal boot

01:56:43.0206 4336 ============================================================

01:56:45.0202 4336 Drive DeviceHarddisk0DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0xA181, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050

01:56:45.0202 4336 ============================================================

01:56:45.0202 4336 DeviceHarddisk0DR0:

01:56:45.0202 4336 MBR partitions:

01:56:45.0202 4336 DeviceHarddisk0DR0Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2EE000

01:56:45.0202 4336 DeviceHarddisk0DR0Partition2: MBR, Type 0x7, StartLBA 0x2EE828, BlocksNum 0x8B289B8

01:56:45.0218 4336 DeviceHarddisk0DR0Partition3: MBR, Type 0x7, StartLBA 0x8E1721F, BlocksNum 0x1C6160F1

01:56:45.0218 4336 ============================================================

01:56:45.0265 4336 C: <-> DeviceHarddisk0DR0Partition2

01:56:45.0296 4336 D: <-> DeviceHarddisk0DR0Partition3

01:56:45.0296 4336 ============================================================

01:56:45.0296 4336 Initialize success

01:56:45.0296 4336 ============================================================

01:56:52.0098 4904 ============================================================

01:56:52.0098 4904 Scan started

01:56:52.0098 4904 Mode: Manual;

01:56:52.0098 4904 ============================================================

01:56:52.0800 4904 ================ Scan system memory ========================

01:56:52.0800 4904 System memory - ok

01:56:52.0800 4904 ================ Scan services =============================

01:56:53.0018 4904 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:Windowssystem32drivers1394ohci.sys

01:56:53.0034 4904 1394ohci - ok

01:56:53.0065 4904 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:Windowssystem32driversACPI.sys

01:56:53.0065 4904 ACPI - ok

01:56:53.0096 4904 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:Windowssystem32driversacpipmi.sys

01:56:53.0096 4904 AcpiPmi - ok

01:56:53.0158 4904 [ 6D7F09CD92A9FEF3A8EFCE66231FDD79 ] adfs C:Windowssystem32driversadfs.sys

01:56:53.0174 4904 adfs - ok

01:56:53.0205 4904 [ D22A3EA7DF55A847401733EB68ADA96A ] ADMonitor C:Windowssystem32ADMonitor.exe

01:56:53.0205 4904 ADMonitor - ok

01:56:53.0283 4904 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:Windowssystem32DRIVERSadp94xx.sys

01:56:53.0283 4904 adp94xx - ok

01:56:53.0314 4904 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:Windowssystem32DRIVERSadpahci.sys

01:56:53.0330 4904 adpahci - ok

01:56:53.0346 4904 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:Windowssystem32DRIVERSadpu320.sys

01:56:53.0361 4904 adpu320 - ok

01:56:53.0408 4904 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:WindowsSystem32aelupsvc.dll

01:56:53.0408 4904 AeLookupSvc - ok

01:56:53.0455 4904 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:Windowssystem32driversafd.sys

01:56:53.0470 4904 AFD - ok

01:56:53.0517 4904 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:Windowssystem32driversagp440.sys

01:56:53.0517 4904 agp440 - ok

01:56:53.0548 4904 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:Windowssystem32DRIVERSdjsvs.sys

01:56:53.0564 4904 aic78xx - ok

01:56:53.0611 4904 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:WindowsSystem32alg.exe

01:56:53.0626 4904 ALG - ok

01:56:53.0658 4904 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:Windowssystem32driversaliide.sys

01:56:53.0658 4904 aliide - ok

01:56:53.0704 4904 [ D4713285C6F84272635DFE73BD9ED389 ] AMD External Events Utility C:Windowssystem32atiesrxx.exe

01:56:53.0704 4904 AMD External Events Utility - ok

01:56:53.0736 4904 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:Windowssystem32driversamdagp.sys

01:56:53.0736 4904 amdagp - ok

01:56:53.0767 4904 [ CD5914170297126B6266860198D1D4F0 ] amdide C:Windowssystem32driversamdide.sys

01:56:53.0767 4904 amdide - ok

01:56:53.0798 4904 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:Windowssystem32DRIVERSamdk8.sys

01:56:53.0798 4904 AmdK8 - ok

01:56:53.0970 4904 [ 3A894B97304C06FF46B5E7B6D1936BC3 ] amdkmdag C:Windowssystem32DRIVERSatipmdag.sys

01:56:54.0094 4904 amdkmdag - ok

01:56:54.0141 4904 [ 8E1023B042F6502CC83308FB1EBF5AA2 ] amdkmdap C:Windowssystem32DRIVERSatikmpag.sys

01:56:54.0157 4904 amdkmdap - ok

01:56:54.0172 4904 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:Windowssystem32DRIVERSamdppm.sys

01:56:54.0188 4904 AmdPPM - ok

01:56:54.0219 4904 [ E7F4D42D8076EC60E21715CD11743A0D ] amdsata C:Windowssystem32driversamdsata.sys

01:56:54.0219 4904 amdsata - ok

01:56:54.0250 4904 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:Windowssystem32DRIVERSamdsbs.sys

01:56:54.0266 4904 amdsbs - ok

01:56:54.0282 4904 [ 146459D2B08BFDCBFA856D9947043C81 ] amdxata C:Windowssystem32driversamdxata.sys

01:56:54.0282 4904 amdxata - ok

01:56:54.0328 4904 [ DD8D9C597AF7CD2F6B70A3D6A4A1ACEA ] androidusb C:Windowssystem32Driversssadadb.sys

01:56:54.0328 4904 androidusb - ok

01:56:54.0406 4904 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:Windowssystem32driversappid.sys

01:56:54.0406 4904 AppID - ok

01:56:54.0438 4904 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:WindowsSystem32appidsvc.dll

01:56:54.0438 4904 AppIDSvc - ok

01:56:54.0484 4904 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:WindowsSystem32appinfo.dll

01:56:54.0484 4904 Appinfo - ok

01:56:54.0516 4904 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:Windowssystem32DRIVERSarc.sys

01:56:54.0516 4904 arc - ok

01:56:54.0547 4904 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:Windowssystem32DRIVERSarcsas.sys

01:56:54.0547 4904 arcsas - ok

01:56:54.0594 4904 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:Windowssystem32DRIVERSasyncmac.sys

01:56:54.0594 4904 AsyncMac - ok

01:56:54.0625 4904 [ 338C86357871C167A96AB976519BF59E ] atapi C:Windowssystem32driversatapi.sys

01:56:54.0625 4904 atapi - ok

01:56:54.0828 4904 [ 3A894B97304C06FF46B5E7B6D1936BC3 ] atikmdag C:Windowssystem32DRIVERSatikmdag.sys

01:56:55.0015 4904 atikmdag - ok

01:56:55.0155 4904 [ E3D2A2B2D0D4126F43C0D38A4FE067DA ] ATService C:Windowssystem32AtService.exe

01:56:55.0171 4904 ATService - ok

01:56:55.0218 4904 [ F77A156735688536145F200F803E752A ] ATSwpWDF C:Windowssystem32DriversATSwpWDF.sys

01:56:55.0233 4904 ATSwpWDF - ok

01:56:55.0280 4904 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:WindowsSystem32Audiosrv.dll

01:56:55.0280 4904 AudioEndpointBuilder - ok

01:56:55.0311 4904 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:WindowsSystem32Audiosrv.dll

01:56:55.0311 4904 Audiosrv - ok

01:56:55.0405 4904 [ D9098911D42F605ED29353158D4CFA05 ] AVP C:Program FilesKaspersky LabKaspersky Anti-Virus 6.0 for Windows Workstations MP4avp.exe

01:56:55.0420 4904 AVP - ok

01:56:55.0467 4904 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:WindowsSystem32AxInstSV.dll

01:56:55.0467 4904 AxInstSV - ok

01:56:55.0530 4904 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:Windowssystem32DRIVERSbxvbdx.sys

01:56:55.0530 4904 b06bdrv - ok

01:56:55.0576 4904 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:Windowssystem32DRIVERSb57nd60x.sys

01:56:55.0576 4904 b57nd60x - ok

01:56:55.0623 4904 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:WindowsSystem32bdesvc.dll

01:56:55.0639 4904 BDESVC - ok

01:56:55.0654 4904 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:Windowssystem32driversBeep.sys

01:56:55.0654 4904 Beep - ok

01:56:55.0717 4904 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:WindowsSystem32bfe.dll

01:56:55.0717 4904 BFE - ok

01:56:55.0748 4904 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:WindowsSystem32qmgr.dll

01:56:55.0764 4904 BITS - ok

01:56:55.0795 4904 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:Windowssystem32DRIVERSblbdrive.sys

01:56:55.0795 4904 blbdrive - ok

01:56:55.0842 4904 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:Windowssystem32DRIVERSbowser.sys

01:56:55.0842 4904 bowser - ok

01:56:55.0857 4904 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:Windowssystem32DRIVERSBrFiltLo.sys

01:56:55.0857 4904 BrFiltLo - ok

01:56:55.0888 4904 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:Windowssystem32DRIVERSBrFiltUp.sys

01:56:55.0888 4904 BrFiltUp - ok

01:56:55.0935 4904 [ 77361D72A04F18809D0EFB6CCEB74D4B ] BridgeMP C:Windowssystem32DRIVERSbridge.sys

01:56:55.0935 4904 BridgeMP - ok

01:56:55.0966 4904 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:WindowsSystem32browser.dll

01:56:55.0966 4904 Browser - ok

01:56:55.0998 4904 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:WindowsSystem32DriversBrserid.sys

01:56:55.0998 4904 Brserid - ok

01:56:56.0029 4904 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:WindowsSystem32DriversBrSerWdm.sys

01:56:56.0029 4904 BrSerWdm - ok

01:56:56.0044 4904 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:WindowsSystem32DriversBrUsbMdm.sys

01:56:56.0044 4904 BrUsbMdm - ok

01:56:56.0076 4904 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:WindowsSystem32DriversBrUsbSer.sys

01:56:56.0076 4904 BrUsbSer - ok

01:56:56.0122 4904 [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum C:Windowssystem32driversBthEnum.sys

01:56:56.0122 4904 BthEnum - ok

01:56:56.0154 4904 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:Windowssystem32DRIVERSbthmodem.sys

01:56:56.0154 4904 BTHMODEM - ok

01:56:56.0185 4904 [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan C:Windowssystem32DRIVERSbthpan.sys

01:56:56.0185 4904 BthPan - ok

01:56:56.0216 4904 [ C2FBF6D271D9A94D839C416BF186EAD9 ] BTHPORT C:WindowsSystem32DriversBTHport.sys

01:56:56.0232 4904 BTHPORT - ok

01:56:56.0278 4904 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:Windowssystem32bthserv.dll

01:56:56.0294 4904 bthserv - ok

01:56:56.0310 4904 [ C81E9413A25A439F436B1D4B6A0CF9E9 ] BTHUSB C:WindowsSystem32DriversBTHUSB.sys

01:56:56.0310 4904 BTHUSB - ok

01:56:56.0419 4904 catchme - ok

01:56:56.0466 4904 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:Windowssystem32DRIVERScdfs.sys

01:56:56.0466 4904 cdfs - ok

01:56:56.0512 4904 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:Windowssystem32driverscdrom.sys

01:56:56.0528 4904 cdrom - ok

01:56:56.0559 4904 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:WindowsSystem32certprop.dll

01:56:56.0559 4904 CertPropSvc - ok

01:56:56.0575 4904 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:Windowssystem32DRIVERScirclass.sys

01:56:56.0575 4904 circlass - ok

01:56:56.0622 4904 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:Windowssystem32CLFS.sys

01:56:56.0622 4904 CLFS - ok

01:56:56.0715 4904 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:WindowsMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe

01:56:56.0731 4904 clr_optimization_v2.0.50727_32 - ok

01:56:56.0762 4904 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:Windowssystem32DRIVERSCmBatt.sys

01:56:56.0762 4904 CmBatt - ok

01:56:56.0778 4904 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:Windowssystem32driverscmdide.sys

01:56:56.0778 4904 cmdide - ok

01:56:56.0809 4904 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:Windowssystem32Driverscng.sys

01:56:56.0824 4904 CNG - ok

01:56:56.0871 4904 [ 225E3E97021D72067AB359A295BF8C6F ] CnxtHdAudService C:Windowssystem32driversCHDRT32.sys

01:56:56.0887 4904 CnxtHdAudService - ok

01:56:56.0934 4904 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:Windowssystem32DRIVERScompbatt.sys

01:56:56.0949 4904 Compbatt - ok

01:56:56.0980 4904 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:Windowssystem32driversCompositeBus.sys

01:56:56.0996 4904 CompositeBus - ok

01:56:57.0012 4904 COMSysApp - ok

01:56:57.0027 4904 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:Windowssystem32DRIVERScrcdisk.sys

01:56:57.0027 4904 crcdisk - ok

01:56:57.0090 4904 [ 06E771AA596B8761107AB57E99F128D7 ] CryptSvc C:Windowssystem32cryptsvc.dll

01:56:57.0090 4904 CryptSvc - ok

01:56:57.0136 4904 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:Windowssystem32rpcss.dll

01:56:57.0152 4904 DcomLaunch - ok

01:56:57.0183 4904 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:WindowsSystem32defragsvc.dll

01:56:57.0183 4904 defragsvc - ok

01:56:57.0214 4904 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:Windowssystem32Driversdfsc.sys

01:56:57.0230 4904 DfsC - ok

01:56:57.0261 4904 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:Windowssystem32dhcpcore.dll

01:56:57.0277 4904 Dhcp - ok

01:56:57.0308 4904 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:Windowssystem32driversdiscache.sys

01:56:57.0308 4904 discache - ok

01:56:57.0355 4904 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:Windowssystem32DRIVERSdisk.sys

01:56:57.0355 4904 Disk - ok

01:56:57.0386 4904 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:WindowsSystem32dnsrslvr.dll

01:56:57.0402 4904 Dnscache - ok

01:56:57.0433 4904 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:WindowsSystem32dot3svc.dll

01:56:57.0448 4904 dot3svc - ok

01:56:57.0480 4904 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:Windowssystem32dps.dll

01:56:57.0480 4904 DPS - ok

01:56:57.0526 4904 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:Windowssystem32driversdrmkaud.sys

01:56:57.0526 4904 drmkaud - ok

01:56:57.0542 4904 [ 3982D0B8B387D4A06FCE9FA2B087F7DB ] dtsvc C:Windowssystem32DTS.exe

01:56:57.0558 4904 dtsvc - ok

01:56:57.0636 4904 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:WindowsSystem32driversdxgkrnl.sys

01:56:57.0651 4904 DXGKrnl - ok

01:56:57.0698 4904 [ 8EEF52AD831471E323EE7364A8656D35 ] e1yexpress C:Windowssystem32DRIVERSe1y6032.sys

01:56:57.0698 4904 e1yexpress - ok

01:56:57.0729 4904 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:WindowsSystem32eapsvc.dll

01:56:57.0729 4904 EapHost - ok

01:56:57.0932 4904 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:Windowssystem32DRIVERSevbdx.sys

01:56:58.0010 4904 ebdrv - ok

01:56:58.0057 4904 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:WindowsSystem32lsass.exe

01:56:58.0057 4904 EFS - ok

01:56:58.0150 4904 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:WindowsehomeehRecvr.exe

01:56:58.0166 4904 ehRecvr - ok

01:56:58.0197 4904 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:Windowsehomeehsched.exe

01:56:58.0197 4904 ehSched - ok

01:56:58.0244 4904 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:Windowssystem32DRIVERSelxstor.sys

01:56:58.0260 4904 elxstor - ok

01:56:58.0275 4904 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:Windowssystem32driverserrdev.sys

01:56:58.0291 4904 ErrDev - ok

01:56:58.0353 4904 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:Windowssystem32es.dll

01:56:58.0369 4904 EventSystem - ok

01:56:58.0462 4904 [ A57BE3307ADA2FC086B5B43135735283 ] EvtEng C:Program FilesIntelWiFibinEvtEng.exe

01:56:58.0478 4904 EvtEng - ok

01:56:58.0509 4904 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:Windowssystem32driversexfat.sys

01:56:58.0525 4904 exfat - ok

01:56:58.0540 4904 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:Windowssystem32driversfastfat.sys

01:56:58.0540 4904 fastfat - ok

01:56:58.0603 4904 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:Windowssystem32fxssvc.exe

01:56:58.0603 4904 Fax - ok

01:56:58.0634 4904 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:Windowssystem32DRIVERSfdc.sys

01:56:58.0634 4904 fdc - ok

01:56:58.0665 4904 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:Windowssystem32fdPHost.dll

01:56:58.0665 4904 fdPHost - ok

01:56:58.0681 4904 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:Windowssystem32fdrespub.dll

01:56:58.0696 4904 FDResPub - ok

01:56:58.0712 4904 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:Windowssystem32driversfileinfo.sys

01:56:58.0712 4904 FileInfo - ok

01:56:58.0759 4904 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:Windowssystem32driversfiletrace.sys

01:56:58.0759 4904 Filetrace - ok

01:56:58.0821 4904 [ 1F63900E2EB00101B9ACA2B7A870704E ] FLEXnet Licensing Service C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe

01:56:58.0837 4904 FLEXnet Licensing Service - ok

01:56:58.0868 4904 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:Windowssystem32DRIVERSflpydisk.sys

01:56:58.0868 4904 flpydisk - ok

01:56:58.0899 4904 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:Windowssystem32driversfltmgr.sys

01:56:58.0915 4904 FltMgr - ok

01:56:58.0977 4904 [ FA6C66E4364D7DA57AADE5DCC03BB999 ] FontCache C:Windowssystem32FntCache.dll

01:56:58.0977 4904 FontCache - ok

01:56:59.0055 4904 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:WindowsMicrosoft.NetFrameworkv3.0WPFPresentationFontCache.exe

01:56:59.0055 4904 FontCache3.0.0.0 - ok

01:56:59.0071 4904 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:Windowssystem32driversFsDepends.sys

01:56:59.0071 4904 FsDepends - ok

01:56:59.0102 4904 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:Windowssystem32driversFs_Rec.sys

01:56:59.0102 4904 Fs_Rec - ok

01:56:59.0149 4904 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:Windowssystem32DRIVERSfvevol.sys

01:56:59.0164 4904 fvevol - ok

01:56:59.0211 4904 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:Windowssystem32DRIVERSgagp30kx.sys

01:56:59.0211 4904 gagp30kx - ok

01:56:59.0274 4904 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:WindowsSystem32gpsvc.dll

01:56:59.0289 4904 gpsvc - ok

01:56:59.0305 4904 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:Windowssystem32drivershcw85cir.sys

01:56:59.0305 4904 hcw85cir - ok

01:56:59.0367 4904 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:Windowssystem32driversHdAudio.sys

01:56:59.0367 4904 HdAudAddService - ok

01:56:59.0398 4904 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:Windowssystem32driversHDAudBus.sys

01:56:59.0398 4904 HDAudBus - ok

01:56:59.0445 4904 [ 30D57EE84E1E169D41A6E873B549A096 ] HECI C:Windowssystem32DRIVERSHECI.sys

01:56:59.0445 4904 HECI - ok

01:56:59.0461 4904 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:Windowssystem32DRIVERSHidBatt.sys

01:56:59.0461 4904 HidBatt - ok

01:56:59.0476 4904 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:Windowssystem32DRIVERShidbth.sys

01:56:59.0492 4904 HidBth - ok

01:56:59.0523 4904 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:Windowssystem32DRIVERShidir.sys

01:56:59.0523 4904 HidIr - ok

01:56:59.0539 4904 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:WindowsSystem32hidserv.dll

01:56:59.0539 4904 hidserv - ok

01:56:59.0586 4904 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:Windowssystem32drivershidusb.sys

01:56:59.0586 4904 HidUsb - ok

01:56:59.0617 4904 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:Windowssystem32kmsvc.dll

01:56:59.0617 4904 hkmsvc - ok

01:56:59.0664 4904 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:Windowssystem32ListSvc.dll

01:56:59.0664 4904 HomeGroupListener - ok

01:56:59.0710 4904 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:Windowssystem32provsvc.dll

01:56:59.0710 4904 HomeGroupProvider - ok

01:56:59.0773 4904 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:Windowssystem32driversHpSAMD.sys

01:56:59.0788 4904 HpSAMD - ok

01:56:59.0835 4904 [ 210388FD8225B02BD83D77628AAE64A9 ] HsfXAudioService C:Windowssystem32XAudio32.dll

01:56:59.0851 4904 HsfXAudioService - ok

01:56:59.0898 4904 [ C761B4A8391F5E47F7C51A691CE773F4 ] HSF_DPV C:Windowssystem32DRIVERSHSX_DPV.sys

01:56:59.0913 4904 HSF_DPV - ok

01:56:59.0944 4904 [ 50B42EF358A2E5363BE6B77138A22391 ] HSXHWAZL C:Windowssystem32DRIVERSHSXHWAZL.sys

01:56:59.0944 4904 HSXHWAZL - ok

01:56:59.0991 4904 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:Windowssystem32driversHTTP.sys

01:57:00.0007 4904 HTTP - ok

01:57:00.0054 4904 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:Windowssystem32drivershwpolicy.sys

01:57:00.0054 4904 hwpolicy - ok

01:57:00.0132 4904 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:Windowssystem32driversi8042prt.sys

01:57:00.0132 4904 i8042prt - ok

01:57:00.0163 4904 [ 01446278D4563B3013C92830AE6CBB26 ] iaStor C:Windowssystem32DRIVERSiaStor.sys

01:57:00.0178 4904 iaStor - ok

01:57:00.0194 4904 [ A3CAE5D281DB4CFF7CFF8233507EE5AD ] iaStorV C:Windowssystem32driversiaStorV.sys

01:57:00.0210 4904 iaStorV - ok

01:57:00.0256 4904 [ 4DCFC1792BE8FC092AB41EAFA9D0FDE5 ] IBMPMDRV C:Windowssystem32DRIVERSibmpmdrv.sys

01:57:00.0256 4904 IBMPMDRV - ok

01:57:00.0303 4904 [ EC25C26C4733CA16ADBBBEC53B991976 ] IBMPMSVC C:Windowssystem32ibmpmsvc.exe

01:57:00.0350 4904 IBMPMSVC - ok

01:57:00.0444 4904 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:WindowsMicrosoft.NETFrameworkv3.0Windows Communication Foundationinfocard.exe

01:57:00.0475 4904 idsvc - ok

01:57:00.0834 4904 [ 36CC40B02AE593D6152AC8BD657720AF ] igfx C:Windowssystem32DRIVERSigdkmd32.sys

01:57:01.0021 4904 igfx - ok

01:57:01.0068 4904 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:Windowssystem32DRIVERSiirsp.sys

01:57:01.0068 4904 iirsp - ok

01:57:01.0114 4904 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:WindowsSystem32ikeext.dll

01:57:01.0130 4904 IKEEXT - ok

01:57:01.0177 4904 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:Windowssystem32driversintelide.sys

01:57:01.0177 4904 intelide - ok

01:57:01.0582 4904 [ 36CC40B02AE593D6152AC8BD657720AF ] intelkmd C:Windowssystem32DRIVERSigdpmd32.sys

01:57:01.0770 4904 intelkmd - ok

01:57:01.0832 4904 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:Windowssystem32DRIVERSintelppm.sys

01:57:01.0832 4904 intelppm - ok

01:57:01.0879 4904 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:Windowssystem32ipbusenum.dll

01:57:01.0894 4904 IPBusEnum - ok

01:57:01.0910 4904 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:Windowssystem32DRIVERSipfltdrv.sys

01:57:01.0926 4904 IpFilterDriver - ok

01:57:02.0066 4904 [ 4D65A07B795D6674312F879D09AA7663 ] iphlpsvc C:WindowsSystem32iphlpsvc.dll

01:57:02.0082 4904 iphlpsvc - ok

01:57:02.0160 4904 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:Windowssystem32driversIPMIDrv.sys

01:57:02.0160 4904 IPMIDRV - ok

01:57:02.0206 4904 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:Windowssystem32driversipnat.sys

01:57:02.0222 4904 IPNAT - ok

01:57:02.0269 4904 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:Windowssystem32driversirenum.sys

01:57:02.0284 4904 IRENUM - ok

01:57:02.0316 4904 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:Windowssystem32driversisapnp.sys

01:57:02.0331 4904 isapnp - ok

01:57:02.0394 4904 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:Windowssystem32driversmsiscsi.sys

01:57:02.0425 4904 iScsiPrt - ok

01:57:02.0534 4904 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:Windowssystem32driverskbdclass.sys

01:57:02.0565 4904 kbdclass - ok

01:57:02.0628 4904 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:Windowssystem32driverskbdhid.sys

01:57:02.0628 4904 kbdhid - ok

01:57:02.0659 4904 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:Windowssystem32lsass.exe

01:57:02.0659 4904 KeyIso - ok

01:57:02.0737 4904 [ CE3958F58547454884E97BDA78CD7040 ] kl1 C:Windowssystem32DRIVERSkl1.sys

01:57:02.0752 4904 kl1 - ok

01:57:02.0768 4904 [ ADDA474C9B18FD829A6C8351485C4842 ] KLFLTDEV C:Windowssystem32DRIVERSklfltdev.sys

01:57:02.0784 4904 KLFLTDEV - ok

01:57:02.0846 4904 [ FC1A7E5A0763F19771C817EE7FC69A92 ] KLIF C:Windowssystem32DRIVERSklif.sys

01:57:02.0862 4904 KLIF - ok

01:57:02.0893 4904 [ 892CC162DC88AB084C86485879526C59 ] KLIM6 C:Windowssystem32DRIVERSklim6.sys

01:57:02.0908 4904 KLIM6 - ok

01:57:02.0940 4904 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:Windowssystem32Driversksecdd.sys

01:57:02.0940 4904 KSecDD - ok

01:57:02.0971 4904 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:Windowssystem32Driversksecpkg.sys

01:57:03.0002 4904 KSecPkg - ok

01:57:03.0096 4904 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:Windowssystem32msdtckrm.dll

01:57:03.0127 4904 KtmRm - ok

01:57:03.0205 4904 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:WindowsSystem32srvsvc.dll

01:57:03.0205 4904 LanmanServer - ok

01:57:03.0283 4904 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:WindowsSystem32wkssvc.dll

01:57:03.0283 4904 LanmanWorkstation - ok

01:57:03.0517 4904 [ D584216C7767DCFB4B812B9B60A4A4E7 ] LENOVO.MICMUTE C:Program FilesLENOVOHOTKEYMICMUTE.exe

01:57:03.0517 4904 LENOVO.MICMUTE - ok

01:57:03.0532 4904 [ 3C3F7F424E324C6971632C5DE5FF458F ] lenovo.smi C:Windowssystem32DRIVERSsmiif32.sys

01:57:03.0548 4904 lenovo.smi - ok

01:57:03.0595 4904 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:Windowssystem32DRIVERSlltdio.sys

01:57:03.0595 4904 lltdio - ok

01:57:03.0642 4904 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:WindowsSystem32lltdsvc.dll

01:57:03.0642 4904 lltdsvc - ok

01:57:03.0720 4904 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:WindowsSystem32lmhsvc.dll

01:57:03.0735 4904 lmhosts - ok

01:57:03.0751 4904 [ BDCECF4CAF708110A2AEA0E63A2AD45B ] LMS C:Program FilesIntelAMTLMS.exe

01:57:03.0766 4904 LMS - ok

01:57:03.0798 4904 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:Windowssystem32DRIVERSlsi_fc.sys

01:57:03.0798 4904 LSI_FC - ok

01:57:03.0829 4904 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:Windowssystem32DRIVERSlsi_sas.sys

01:57:03.0829 4904 LSI_SAS - ok

01:57:03.0876 4904 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:Windowssystem32DRIVERSlsi_sas2.sys

01:57:03.0891 4904 LSI_SAS2 - ok

01:57:03.0907 4904 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:Windowssystem32DRIVERSlsi_scsi.sys

01:57:03.0907 4904 LSI_SCSI - ok

01:57:03.0954 4904 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:Windowssystem32driversluafv.sys

01:57:03.0954 4904 luafv - ok

01:57:04.0016 4904 [ 65E794E86468B61F2BC79ABC48BC4433 ] MBAMProtector C:Windowssystem32driversmbam.sys

01:57:04.0016 4904 MBAMProtector - ok

01:57:04.0063 4904 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:Program FilesMalwarebytes' Anti-Malwarembamscheduler.exe

01:57:04.0078 4904 MBAMScheduler - ok

01:57:04.0125 4904 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:Program FilesMalwarebytes' Anti-Malwarembamservice.exe

01:57:04.0141 4904 MBAMService - ok

01:57:04.0172 4904 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:Windowssystem32Mcx2Svc.dll

01:57:04.0188 4904 Mcx2Svc - ok

01:57:04.0266 4904 [ 7CF1B716372B89568AE4C0FE769F5869 ] MDM C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGmdm.exe

01:57:04.0266 4904 MDM - ok

01:57:04.0281 4904 [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk C:Windowssystem32DRIVERSmdmxsdk.sys

01:57:04.0281 4904 mdmxsdk - ok

01:57:04.0312 4904 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:Windowssystem32DRIVERSmegasas.sys

01:57:04.0312 4904 megasas - ok

01:57:04.0375 4904 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:Windowssystem32DRIVERSMegaSR.sys

01:57:04.0437 4904 MegaSR - ok

01:57:04.0453 4904 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:Windowssystem32mmcss.dll

01:57:04.0468 4904 MMCSS - ok

01:57:04.0484 4904 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:Windowssystem32driversmodem.sys

01:57:04.0484 4904 Modem - ok

01:57:04.0515 4904 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:Windowssystem32DRIVERSmonitor.sys

01:57:04.0515 4904 monitor - ok

01:57:04.0546 4904 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:Windowssystem32driversmouclass.sys

01:57:04.0546 4904 mouclass - ok

01:57:04.0578 4904 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:Windowssystem32DRIVERSmouhid.sys

01:57:04.0578 4904 mouhid - ok

01:57:04.0624 4904 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:Windowssystem32driversmountmgr.sys

01:57:04.0624 4904 mountmgr - ok

01:57:04.0656 4904 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:Windowssystem32driversmpio.sys

01:57:04.0656 4904 mpio - ok

01:57:04.0702 4904 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:Windowssystem32driversmpsdrv.sys

01:57:04.0718 4904 mpsdrv - ok

01:57:04.0796 4904 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:Windowssystem32mpssvc.dll

01:57:04.0796 4904 MpsSvc - ok

01:57:04.0843 4904 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:Windowssystem32driversmrxdav.sys

01:57:04.0843 4904 MRxDAV - ok

01:57:04.0890 4904 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:Windowssystem32DRIVERSmrxsmb.sys

01:57:04.0890 4904 mrxsmb - ok

01:57:04.0921 4904 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:Windowssystem32DRIVERSmrxsmb10.sys

01:57:04.0921 4904 mrxsmb10 - ok

01:57:04.0936 4904 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:Windowssystem32DRIVERSmrxsmb20.sys

01:57:04.0936 4904 mrxsmb20 - ok

01:57:04.0983 4904 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:Windowssystem32driversmsahci.sys

01:57:04.0983 4904 msahci - ok

01:57:05.0030 4904 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:Windowssystem32driversmsdsm.sys

01:57:05.0030 4904 msdsm - ok

01:57:05.0061 4904 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:WindowsSystem32msdtc.exe

01:57:05.0061 4904 MSDTC - ok

01:57:05.0124 4904 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:Windowssystem32driversMsfs.sys

01:57:05.0124 4904 Msfs - ok

01:57:05.0124 4904 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:WindowsSystem32driversmshidkmdf.sys

01:57:05.0124 4904 mshidkmdf - ok

01:57:05.0155 4904 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:Windowssystem32driversmsisadrv.sys

01:57:05.0155 4904 msisadrv - ok

01:57:05.0186 4904 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:Windowssystem32iscsiexe.dll

01:57:05.0186 4904 MSiSCSI - ok

01:57:05.0202 4904 msiserver - ok

01:57:05.0233 4904 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:Windowssystem32driversMSKSSRV.sys

01:57:05.0233 4904 MSKSSRV - ok

01:57:05.0248 4904 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:Windowssystem32driversMSPCLOCK.sys

01:57:05.0264 4904 MSPCLOCK - ok

01:57:05.0264 4904 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:Windowssystem32driversMSPQM.sys

01:57:05.0264 4904 MSPQM - ok

01:57:05.0295 4904 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:Windowssystem32driversMsRPC.sys

01:57:05.0295 4904 MsRPC - ok

01:57:05.0311 4904 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:Windowssystem32driversmssmbios.sys

01:57:05.0311 4904 mssmbios - ok

01:57:05.0358 4904 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:Windowssystem32driversMSTEE.sys

01:57:05.0358 4904 MSTEE - ok

01:57:05.0373 4904 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:Windowssystem32DRIVERSMTConfig.sys

01:57:05.0373 4904 MTConfig - ok

01:57:05.0389 4904 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:Windowssystem32Driversmup.sys

01:57:05.0389 4904 Mup - ok

01:57:05.0451 4904 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:Windowssystem32qagentRT.dll

01:57:05.0467 4904 napagent - ok

01:57:05.0529 4904 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:Windowssystem32DRIVERSnwifi.sys

01:57:05.0545 4904 NativeWifiP - ok

01:57:05.0576 4904 [ E7C54812A2AAF43316EB6930C1FFA108 ] NDIS C:Windowssystem32driversndis.sys

01:57:05.0592 4904 NDIS - ok

01:57:05.0607 4904 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:Windowssystem32DRIVERSndiscap.sys

01:57:05.0623 4904 NdisCap - ok

01:57:05.0638 4904 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:Windowssystem32DRIVERSndistapi.sys

01:57:05.0654 4904 NdisTapi - ok

01:57:05.0685 4904 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:Windowssystem32DRIVERSndisuio.sys

01:57:05.0685 4904 Ndisuio - ok

01:57:05.0732 4904 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:Windowssystem32DRIVERSndiswan.sys

01:57:05.0732 4904 NdisWan - ok

01:57:05.0748 4904 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:Windowssystem32driversNDProxy.sys

01:57:05.0748 4904 NDProxy - ok

01:57:05.0794 4904 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:Windowssystem32DRIVERSnetbios.sys

01:57:05.0794 4904 NetBIOS - ok

01:57:05.0857 4904 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:Windowssystem32DRIVERSnetbt.sys

01:57:05.0857 4904 NetBT - ok

01:57:05.0888 4904 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:Windowssystem32lsass.exe

01:57:05.0888 4904 Netlogon - ok

01:57:05.0950 4904 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:WindowsSystem32netman.dll

01:57:05.0950 4904 Netman - ok

01:57:05.0997 4904 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:WindowsSystem32netprofm.dll

01:57:06.0013 4904 netprofm - ok

01:57:06.0044 4904 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:WindowsMicrosoft.NETFrameworkv3.0Windows Communication FoundationSMSvcHost.exe

01:57:06.0044 4904 NetTcpPortSharing - ok

01:57:06.0294 4904 [ EF51B405AD8ACAAE6F0231290D20F516 ] NETw5s32 C:Windowssystem32DRIVERSNETw5s32.sys

01:57:06.0465 4904 NETw5s32 - ok

01:57:06.0699 4904 [ 58218EC6B61B1169CF54AAB0D00F5FE2 ] netw5v32 C:Windowssystem32DRIVERSnetw5v32.sys

01:57:06.0808 4904 netw5v32 - ok

01:57:06.0871 4904 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:Windowssystem32DRIVERSnfrd960.sys

01:57:06.0871 4904 nfrd960 - ok

01:57:06.0918 4904 [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc C:WindowsSystem32nlasvc.dll

01:57:06.0918 4904 NlaSvc - ok

01:57:06.0933 4904 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:Windowssystem32driversNpfs.sys

01:57:06.0949 4904 Npfs - ok

01:57:06.0996 4904 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:Windowssystem32nsisvc.dll

01:57:07.0011 4904 nsi - ok

01:57:07.0027 4904 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:Windowssystem32driversnsiproxy.sys

01:57:07.0027 4904 nsiproxy - ok

01:57:07.0074 4904 [ 33C3093D09017CFE2E219F2472BFF6EB ] Ntfs C:Windowssystem32driversNtfs.sys

01:57:07.0120 4904 Ntfs - ok

01:57:07.0183 4904 [ F9756A98D69098DCA8945D62858A812C ] Null C:Windowssystem32driversNull.sys

01:57:07.0183 4904 Null - ok

01:57:07.0230 4904 [ AF2EEC9580C1D32FB7EAF105D9784061 ] nvraid C:Windowssystem32driversnvraid.sys

01:57:07.0230 4904 nvraid - ok

01:57:07.0261 4904 [ 9283C58EBAA2618F93482EB5DABCEC82 ] nvstor C:Windowssystem32driversnvstor.sys

01:57:07.0261 4904 nvstor - ok

01:57:07.0292 4904 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:Windowssystem32driversnv_agp.sys

01:57:07.0292 4904 nv_agp - ok

01:57:07.0354 4904 [ 84DE1DD996B48B05ACE31AD015FA108A ] odserv C:Program FilesCommon FilesMicrosoft SharedOFFICE12ODSERV.EXE

01:57:07.0370 4904 odserv - ok

01:57:07.0386 4904 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:Windowssystem32driversohci1394.sys

01:57:07.0401 4904 ohci1394 - ok

01:57:07.0448 4904 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE

01:57:07.0448 4904 ose - ok

01:57:07.0495 4904 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:Windowssystem32pnrpsvc.dll

01:57:07.0510 4904 p2pimsvc - ok

01:57:07.0542 4904 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:Windowssystem32p2psvc.dll

01:57:07.0557 4904 p2psvc - ok

01:57:07.0588 4904 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:Windowssystem32DRIVERSparport.sys

01:57:07.0604 4904 Parport - ok

01:57:07.0635 4904 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:Windowssystem32driverspartmgr.sys

01:57:07.0635 4904 partmgr - ok

01:57:07.0651 4904 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:Windowssystem32DRIVERSparvdm.sys

01:57:07.0666 4904 Parvdm - ok

01:57:07.0698 4904 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:WindowsSystem32pcasvc.dll

01:57:07.0713 4904 PcaSvc - ok

01:57:07.0838 4904 [ AE5FC5FE7127744A84102128FDC6810B ] PCDSRVC{3037D694-FD904ACA-06020000}_0 c:program filespc-doctorpcdsrvc.pkms

01:57:07.0838 4904 PCDSRVC{3037D694-FD904ACA-06020000}_0 - ok

01:57:07.0869 4904 [ 673E55C3498EB970088E812EA820AA8F ] pci C:Windowssystem32driverspci.sys

01:57:07.0885 4904 pci - ok

01:57:07.0900 4904 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:Windowssystem32driverspciide.sys

01:57:07.0916 4904 pciide - ok

01:57:07.0947 4904 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:Windowssystem32DRIVERSpcmcia.sys

01:57:07.0947 4904 pcmcia - ok

01:57:07.0963 4904 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:Windowssystem32driverspcw.sys

01:57:07.0963 4904 pcw - ok

01:57:08.0025 4904 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:Windowssystem32driverspeauth.sys

01:57:08.0041 4904 PEAUTH - ok

01:57:08.0166 4904 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:Windowssystem32pla.dll

01:57:08.0212 4904 pla - ok

01:57:08.0259 4904 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:Windowssystem32umpnpmgr.dll

01:57:08.0275 4904 PlugPlay - ok

01:57:08.0322 4904 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:Windowssystem32pnrpauto.dll

01:57:08.0322 4904 PNRPAutoReg - ok

01:57:08.0368 4904 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:Windowssystem32pnrpsvc.dll

01:57:08.0368 4904 PNRPsvc - ok

01:57:08.0431 4904 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:WindowsSystem32ipsecsvc.dll

01:57:08.0446 4904 PolicyAgent - ok

01:57:08.0493 4904 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:Windowssystem32umpo.dll

01:57:08.0493 4904 Power - ok

01:57:08.0571 4904 [ F2AFF20C22C2D8574A2DA25441836A53 ] Power Manager DBC Service C:Program FilesThinkPadUtilitiesPWMDBSVC.EXE

01:57:08.0587 4904 Power Manager DBC Service - ok

01:57:08.0649 4904 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:Windowssystem32DRIVERSraspptp.sys

01:57:08.0649 4904 PptpMiniport - ok

01:57:08.0665 4904 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:Windowssystem32DRIVERSprocessr.sys

01:57:08.0680 4904 Processor - ok

01:57:08.0712 4904 [ 43CA4CCC22D52FB58E8988F0198851D0 ] ProfSvc C:Windowssystem32profsvc.dll

01:57:08.0712 4904 ProfSvc - ok

01:57:08.0743 4904 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:Windowssystem32lsass.exe

01:57:08.0743 4904 ProtectedStorage - ok

01:57:08.0790 4904 [ 80DDC44934305224AEBFC37A264803C2 ] psadd C:Windowssystem32DRIVERSpsadd.sys

01:57:08.0790 4904 psadd - ok

01:57:08.0821 4904 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:Windowssystem32DRIVERSpacer.sys

01:57:08.0821 4904 Psched - ok

01:57:08.0899 4904 [ C27B8139A223DE0375ABE1613668E2C4 ] PSMounter C:Windowssystem32driverspsmounter.sys

01:57:08.0899 4904 PSMounter - ok

01:57:08.0930 4904 [ 3E73DCEBB518CE7A70632A884A60B1FC ] pssnap C:Windowssystem32DRIVERSpssnap.sys

01:57:08.0930 4904 pssnap - ok

01:57:08.0961 4904 [ 66B11DCC22841EB978304FA8CD4F3F20 ] PSVolAcc C:Windowssystem32driversPSVolAcc.sys

01:57:08.0961 4904 PSVolAcc - ok

01:57:09.0008 4904 [ 3DDD425DE6F3DAE507CA2129838B3D53 ] pwdrvio C:Windowssystem32pwdrvio.sys

01:57:09.0024 4904 pwdrvio - ok

01:57:09.0070 4904 [ 0E634F8BE4D0E6A10317C6647AE31344 ] pwdspio C:Windowssystem32pwdspio.sys

01:57:09.0070 4904 pwdspio - ok

01:57:09.0133 4904 [ D970470F8F39470BDAE94D313A1CCDCE ] PxHelp20 C:Windowssystem32DriversPxHelp20.sys

01:57:09.0133 4904 PxHelp20 - ok

01:57:09.0226 4904 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:Windowssystem32DRIVERSql2300.sys

01:57:09.0258 4904 ql2300 - ok

01:57:09.0289 4904 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:Windowssystem32DRIVERSql40xx.sys

01:57:09.0304 4904 ql40xx - ok

01:57:09.0320 4904 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:Windowssystem32qwave.dll

01:57:09.0336 4904 QWAVE - ok

01:57:09.0367 4904 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:Windowssystem32driversqwavedrv.sys

01:57:09.0367 4904 QWAVEdrv - ok

01:57:09.0398 4904 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:Windowssystem32DRIVERSrasacd.sys

01:57:09.0398 4904 RasAcd - ok

01:57:09.0445 4904 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:Windowssystem32DRIVERSAgileVpn.sys

01:57:09.0445 4904 RasAgileVpn - ok

01:57:09.0476 4904 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:WindowsSystem32rasauto.dll

01:57:09.0492 4904 RasAuto - ok

01:57:09.0523 4904 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:Windowssystem32DRIVERSrasl2tp.sys

01:57:09.0523 4904 Rasl2tp - ok

01:57:09.0601 4904 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:WindowsSystem32rasmans.dll

01:57:09.0616 4904 RasMan - ok

01:57:09.0632 4904 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:Windowssystem32DRIVERSraspppoe.sys

01:57:09.0632 4904 RasPppoe - ok

01:57:09.0663 4904 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:Windowssystem32DRIVERSrassstp.sys

01:57:09.0663 4904 RasSstp - ok

01:57:09.0679 4904 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:Windowssystem32DRIVERSrdbss.sys

01:57:09.0694 4904 rdbss - ok

01:57:09.0710 4904 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:Windowssystem32DRIVERSrdpbus.sys

01:57:09.0710 4904 rdpbus - ok

01:57:09.0757 4904 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:Windowssystem32DRIVERSRDPCDD.sys

01:57:09.0772 4904 RDPCDD - ok

01:57:09.0804 4904 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:Windowssystem32driversrdpencdd.sys

01:57:09.0804 4904 RDPENCDD - ok

01:57:09.0835 4904 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:Windowssystem32driversrdprefmp.sys

01:57:09.0850 4904 RDPREFMP - ok

01:57:09.0882 4904 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:Windowssystem32driversRDPWD.sys

01:57:09.0882 4904 RDPWD - ok

01:57:09.0944 4904 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:Windowssystem32driversrdyboost.sys

01:57:09.0944 4904 rdyboost - ok

01:57:10.0006 4904 [ C310203D2ED0CFD0AD68DB638C8DBB25 ] ReflectService.exe D:ProgramsReflectService.exe

01:57:10.0006 4904 ReflectService.exe - ok

01:57:10.0069 4904 [ A171029D6B6C2D93C22861A347F43C2A ] RegSrvc C:Program FilesCommon FilesIntelWirelessCommonRegSrvc.exe

01:57:10.0084 4904 RegSrvc - ok

01:57:10.0162 4904 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:WindowsSystem32mprdim.dll

01:57:10.0162 4904 RemoteAccess - ok

01:57:10.0209 4904 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:Windowssystem32regsvc.dll

01:57:10.0209 4904 RemoteRegistry - ok

01:57:10.0256 4904 [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM C:Windowssystem32DRIVERSrfcomm.sys

01:57:10.0256 4904 RFCOMM - ok

01:57:10.0303 4904 [ DF672613FBBCD58C38BB0BC2694BCFB0 ] rimmptsk C:Windowssystem32DRIVERSrimmptsk.sys

01:57:10.0318 4904 rimmptsk - ok

01:57:10.0350 4904 [ 9BFB54D3559F2FF7301271D29D383564 ] rimsptsk C:Windowssystem32DRIVERSrimsptsk.sys

01:57:10.0350 4904 rimsptsk - ok

01:57:10.0381 4904 [ DCB87DA83CC1010CBC9FC4DC9E395BBC ] rismxdp C:Windowssystem32DRIVERSrixdptsk.sys

01:57:10.0381 4904 rismxdp - ok

01:57:10.0412 4904 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:WindowsSystem32RpcEpMap.dll

01:57:10.0428 4904 RpcEptMapper - ok

01:57:10.0474 4904 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:Windowssystem32locator.exe

01:57:10.0474 4904 RpcLocator - ok

01:57:10.0552 4904 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:Windowssystem32rpcss.dll

01:57:10.0552 4904 RpcSs - ok

01:57:10.0646 4904 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:Windowssystem32DRIVERSrspndr.sys

01:57:10.0646 4904 rspndr - ok

01:57:10.0662 4904 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:Windowssystem32lsass.exe

01:57:10.0677 4904 SamSs - ok

01:57:10.0755 4904 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:Windowssystem32driverssbp2port.sys

01:57:10.0755 4904 sbp2port - ok

01:57:10.0802 4904 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:WindowsSystem32SCardSvr.dll

01:57:10.0818 4904 SCardSvr - ok

01:57:10.0864 4904 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:Windowssystem32DRIVERSscfilter.sys

01:57:10.0864 4904 scfilter - ok

01:57:10.0942 4904 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:Windowssystem32schedsvc.dll

01:57:10.0958 4904 Schedule - ok

01:57:11.0005 4904 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:WindowsSystem32certprop.dll

01:57:11.0005 4904 SCPolicySvc - ok

01:57:11.0067 4904 [ 0328BE1C7F1CBA23848179F8762E391C ] sdbus C:Windowssystem32driverssdbus.sys

01:57:11.0083 4904 sdbus - ok

01:57:11.0114 4904 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:WindowsSystem32SDRSVC.dll

01:57:11.0130 4904 SDRSVC - ok

01:57:11.0161 4904 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:Windowssystem32driverssecdrv.sys

01:57:11.0161 4904 secdrv - ok

01:57:11.0176 4904 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:Windowssystem32seclogon.dll

01:57:11.0192 4904 seclogon - ok

01:57:11.0223 4904 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:Windowssystem32sens.dll

01:57:11.0223 4904 SENS - ok

01:57:11.0270 4904 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:Windowssystem32sensrsvc.dll

01:57:11.0270 4904 SensrSvc - ok

01:57:11.0286 4904 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:Windowssystem32DRIVERSserenum.sys

01:57:11.0286 4904 Serenum - ok

01:57:11.0317 4904 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:Windowssystem32DRIVERSserial.sys

01:57:11.0317 4904 Serial - ok

01:57:11.0348 4904 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:Windowssystem32DRIVERSsermouse.sys

01:57:11.0348 4904 sermouse - ok

01:57:11.0395 4904 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:Windowssystem32sessenv.dll

01:57:11.0410 4904 SessionEnv - ok

01:57:11.0442 4904 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:Windowssystem32driverssffdisk.sys

01:57:11.0457 4904 sffdisk - ok

01:57:11.0488 4904 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:Windowssystem32driverssffp_mmc.sys

01:57:11.0488 4904 sffp_mmc - ok

01:57:11.0504 4904 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:Windowssystem32driverssffp_sd.sys

01:57:11.0504 4904 sffp_sd - ok

01:57:11.0535 4904 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:Windowssystem32DRIVERSsfloppy.sys

01:57:11.0535 4904 sfloppy - ok

01:57:11.0566 4904 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:WindowsSystem32ipnathlp.dll

01:57:11.0582 4904 SharedAccess - ok

01:57:11.0613 4904 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:WindowsSystem32shsvcs.dll

01:57:11.0613 4904 ShellHWDetection - ok

01:57:11.0676 4904 [ FC0127343BD1CE1986BA12F8937F1057 ] Shockprf C:Windowssystem32DRIVERSApsx86.sys

01:57:11.0691 4904 Shockprf - ok

01:57:11.0707 4904 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:Windowssystem32driverssisagp.sys

01:57:11.0722 4904 sisagp - ok

01:57:11.0754 4904 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:Windowssystem32DRIVERSSiSRaid2.sys

01:57:11.0754 4904 SiSRaid2 - ok

01:57:11.0785 4904 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:Windowssystem32DRIVERSsisraid4.sys

01:57:11.0785 4904 SiSRaid4 - ok

01:57:11.0816 4904 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:Windowssystem32DRIVERSsmb.sys

01:57:11.0832 4904 Smb - ok

01:57:11.0863 4904 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:WindowsSystem32snmptrap.exe

01:57:11.0863 4904 SNMPTRAP - ok

01:57:12.0034 4904 [ A10C0F1F8D394E7D392FAD72B7A01C1B ] SNP2UVC C:Windowssystem32DRIVERSsnp2uvc.sys

01:57:12.0112 4904 SNP2UVC - ok

01:57:12.0144 4904 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:Windowssystem32driversspldr.sys

01:57:12.0159 4904 spldr - ok

01:57:12.0206 4904 [ 866A43013535DC8587C258E43579C764 ] Spooler C:WindowsSystem32spoolsv.exe

01:57:12.0222 4904 Spooler - ok

01:57:12.0346 4904 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:Windowssystem32sppsvc.exe

01:57:12.0393 4904 sppsvc - ok

01:57:12.0440 4904 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:Windowssystem32sppuinotify.dll

01:57:12.0440 4904 sppuinotify - ok

01:57:12.0487 4904 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:Windowssystem32DRIVERSsrv.sys

01:57:12.0502 4904 srv - ok

01:57:12.0518 4904 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:Windowssystem32DRIVERSsrv2.sys

01:57:12.0534 4904 srv2 - ok

01:57:12.0565 4904 [ E00FDFAFF025E94F9821153750C35A6D ] SrvHsfHDA C:Windowssystem32DRIVERSVSTAZL3.SYS

01:57:12.0580 4904 SrvHsfHDA - ok

01:57:12.0643 4904 [ CEB4E3B6890E1E42DCA6694D9E59E1A0 ] SrvHsfV92 C:Windowssystem32DRIVERSVSTDPV3.SYS

01:57:12.0674 4904 SrvHsfV92 - ok

01:57:12.0705 4904 [ BC0C7EA89194C299F051C24119000E17 ] SrvHsfWinac C:Windowssystem32DRIVERSVSTCNXT3.SYS

01:57:12.0736 4904 SrvHsfWinac - ok

01:57:12.0768 4904 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:Windowssystem32DRIVERSsrvnet.sys

01:57:12.0768 4904 srvnet - ok

01:57:12.0830 4904 [ 64E44ACD8C238FCBBB78F0BA4BDC4B05 ] ssadbus C:Windowssystem32DRIVERSssadbus.sys

01:57:12.0846 4904 ssadbus - ok

01:57:12.0861 4904 [ BB2C84A15C765DA89FD832B0E73F26CE ] ssadmdfl C:Windowssystem32DRIVERSssadmdfl.sys

01:57:12.0861 4904 ssadmdfl - ok

01:57:12.0892 4904 [ 6D0D132DDC6F43EDA00DCED6D8B1CA31 ] ssadmdm C:Windowssystem32DRIVERSssadmdm.sys

01:57:12.0892 4904 ssadmdm - ok

01:57:12.0924 4904 [ 1A5A397BC459F346AB56492B61EF79F6 ] ssadserd C:Windowssystem32DRIVERSssadserd.sys

01:57:12.0924 4904 ssadserd - ok

01:57:12.0955 4904 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:WindowsSystem32ssdpsrv.dll

01:57:12.0955 4904 SSDPSRV - ok

01:57:12.0970 4904 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:Windowssystem32sstpsvc.dll

01:57:12.0986 4904 SstpSvc - ok

01:57:13.0017 4904 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:Windowssystem32DRIVERSstexstor.sys

01:57:13.0017 4904 stexstor - ok

01:57:13.0095 4904 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:WindowsSystem32wiaservc.dll

01:57:13.0111 4904 StiSvc - ok

01:57:13.0189 4904 [ 59B5A060A31BD4BAB030C4FCD1048292 ] SUService C:Program FilesLenovoSystem UpdateSUService.exe

01:57:13.0189 4904 SUService - ok

01:57:13.0236 4904 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:Windowssystem32driversswenum.sys

01:57:13.0236 4904 swenum - ok

01:57:13.0267 4904 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:WindowsSystem32swprv.dll

01:57:13.0282 4904 swprv - ok

01:57:13.0345 4904 [ 7A9025D8F7852B06D6D08ED536135E7E ] SynTP C:Windowssystem32DRIVERSSynTP.sys

01:57:13.0345 4904 SynTP - ok

01:57:13.0407 4904 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:Windowssystem32sysmain.dll

01:57:13.0423 4904 SysMain - ok

01:57:13.0470 4904 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:WindowsSystem32TabSvc.dll

01:57:13.0470 4904 TabletInputService - ok

01:57:13.0516 4904 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:WindowsSystem32tapisrv.dll

01:57:13.0532 4904 TapiSrv - ok

01:57:13.0548 4904 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:WindowsSystem32tbssvc.dll

01:57:13.0563 4904 TBS - ok

01:57:13.0626 4904 [ 7FA2E0F8B072BD04B77B421480B6CC22 ] Tcpip C:Windowssystem32driverstcpip.sys

01:57:13.0657 4904 Tcpip - ok

01:57:13.0719 4904 [ 7FA2E0F8B072BD04B77B421480B6CC22 ] TCPIP6 C:Windowssystem32DRIVERStcpip.sys

01:57:13.0735 4904 TCPIP6 - ok

01:57:13.0766 4904 [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg C:Windowssystem32driverstcpipreg.sys

01:57:13.0766 4904 tcpipreg - ok

01:57:13.0813 4904 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:Windowssystem32driverstdpipe.sys

01:57:13.0813 4904 TDPIPE - ok

01:57:13.0828 4904 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:Windowssystem32driverstdtcp.sys

01:57:13.0828 4904 TDTCP - ok

01:57:13.0860 4904 [ B459575348C20E8121D6039DA063C704 ] tdx C:Windowssystem32DRIVERStdx.sys

01:57:13.0875 4904 tdx - ok

01:57:13.0875 4904 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:Windowssystem32driverstermdd.sys

01:57:13.0891 4904 TermDD - ok

01:57:13.0938 4904 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:WindowsSystem32termsrv.dll

01:57:13.0953 4904 TermService - ok

01:57:13.0984 4904 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:Windowssystem32themeservice.dll

01:57:14.0000 4904 Themes - ok

01:57:14.0000 4904 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:Windowssystem32mmcss.dll

01:57:14.0016 4904 THREADORDER - ok

01:57:14.0031 4904 [ 521866A3CE5A1A69B4B4A87BDB52BE26 ] TPDIGIMN C:Windowssystem32DRIVERSApsHM86.sys

01:57:14.0031 4904 TPDIGIMN - ok

01:57:14.0047 4904 [ 199D786169749B1A5473B7799C1E6A89 ] TPHDEXLGSVC C:Windowssystem32TPHDEXLG.exe

01:57:14.0062 4904 TPHDEXLGSVC - ok

01:57:14.0094 4904 [ 3C6A42A8494D74F44F048BB7F9F2DB44 ] TPHKSVC C:Program FilesLENOVOHOTKEYTPHKSVC.exe

01:57:14.0094 4904 TPHKSVC - ok

01:57:14.0140 4904 [ 5AD05191DC8B444A7BA4D79B76C42A30 ] TPM C:Windowssystem32driverstpm.sys

01:57:14.0140 4904 TPM - ok

01:57:14.0172 4904 [ 6412DA2B8D079D821B99B3A99943284E ] TPPWRIF C:Windowssystem32driversTppwr32v.sys

01:57:14.0172 4904 TPPWRIF - ok

01:57:14.0187 4904 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:WindowsSystem32trkwks.dll

01:57:14.0203 4904 TrkWks - ok

01:57:14.0250 4904 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:WindowsservicingTrustedInstaller.exe

01:57:14.0265 4904 TrustedInstaller - ok

01:57:14.0281 4904 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:Windowssystem32DRIVERStssecsrv.sys

01:57:14.0281 4904 tssecsrv - ok

01:57:14.0359 4904 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:Windowssystem32driverstsusbflt.sys

01:57:14.0359 4904 TsUsbFlt - ok

01:57:14.0421 4904 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:Windowssystem32DRIVERStunnel.sys

01:57:14.0421 4904 tunnel - ok

01:57:14.0452 4904 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:Windowssystem32DRIVERSuagp35.sys

01:57:14.0468 4904 uagp35 - ok

01:57:14.0484 4904 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:Windowssystem32DRIVERSudfs.sys

01:57:14.0499 4904 udfs - ok

01:57:14.0530 4904 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:Windowssystem32UI0Detect.exe

01:57:14.0546 4904 UI0Detect - ok

01:57:14.0577 4904 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:Windowssystem32driversuliagpkx.sys

01:57:14.0593 4904 uliagpkx - ok

01:57:14.0624 4904 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:Windowssystem32driversumbus.sys

01:57:14.0624 4904 umbus - ok

01:57:14.0655 4904 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:Windowssystem32DRIVERSumpass.sys

01:57:14.0655 4904 UmPass - ok

01:57:14.0780 4904 [ D7E5796A9783968F8EA968E83F196645 ] UNS C:Program FilesCommon FilesIntelPrivacy IconUNSUNS.exe

01:57:14.0796 4904 UNS - ok

01:57:14.0827 4904 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:WindowsSystem32upnphost.dll

01:57:14.0842 4904 upnphost - ok

01:57:14.0889 4904 [ 1D9F2BD026E8E2D45033A4DF3F16B78C ] usbaudio C:Windowssystem32driversusbaudio.sys

01:57:14.0905 4904 usbaudio - ok

01:57:14.0920 4904 [ 7E72E7D7E0757D59481D530FD2B0BFAE ] usbccgp C:Windowssystem32driversusbccgp.sys

01:57:14.0936 4904 usbccgp - ok

01:57:14.0952 4904 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:Windowssystem32driversusbcir.sys

01:57:14.0952 4904 usbcir - ok

01:57:14.0967 4904 [ CFBCE999C057D78979A181C9C60F208E ] usbehci C:Windowssystem32driversusbehci.sys

01:57:14.0983 4904 usbehci - ok

01:57:14.0998 4904 [ 9D22AAD9AC6A07C691A1113E5F860868 ] usbhub C:Windowssystem32driversusbhub.sys

01:57:14.0998 4904 usbhub - ok

01:57:15.0030 4904 [ A6FB7957EA7AFB1165991E54CE934B74 ] usbohci C:Windowssystem32driversusbohci.sys

01:57:15.0030 4904 usbohci - ok

01:57:15.0076 4904 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:Windowssystem32DRIVERSusbprint.sys

01:57:15.0076 4904 usbprint - ok

01:57:15.0092 4904 [ BF63EBFC6979FEFB2BC03DF7989A0C1A ] USBSTOR C:Windowssystem32driversUSBSTOR.SYS

01:57:15.0108 4904 USBSTOR - ok

01:57:15.0123 4904 [ 78780C3EBCE17405B1CCD07A3A8A7D72 ] usbuhci C:Windowssystem32driversusbuhci.sys

01:57:15.0123 4904 usbuhci - ok

01:57:15.0139 4904 [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo C:WindowsSystem32Driversusbvideo.sys

01:57:15.0154 4904 usbvideo - ok

01:57:15.0186 4904 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:WindowsSystem32uxsms.dll

01:57:15.0186 4904 UxSms - ok

01:57:15.0201 4904 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:Windowssystem32lsass.exe

01:57:15.0201 4904 VaultSvc - ok

01:57:15.0248 4904 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:Windowssystem32driversvdrvroot.sys

01:57:15.0248 4904 vdrvroot - ok

01:57:15.0295 4904 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:WindowsSystem32

Link to comment
Share on other sites

All looks fine to me.

 

Do you use PC Doctor? If not, uninstall it.

 

Remove these from your Trusted Zone:

Trusted Zone: alipay.com

Trusted Zone: alisoft.com

Trusted Zone: taobao.com

 

The "Trusted Zone should be for MS updates and your online Banking ... The above look like they belong to the shopping site you visit.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

×
×
  • Create New...