Author Topic: kernel stack inpage error (Read 3943 times)

rinoscar · « **on:** March 10, 2012, 01:17:52 PM »

Hi,

In the last few weeks, I've been getting a blue screen with the error called kernel stack inpage error. Went online to try and see how to resolve this, but there is no quick fix. Wondering if there is a way you can help in trying to locate the problem.

Thanks,

guestolo · « **Reply #1 on:** March 10, 2012, 04:54:40 PM »

Might possibly be a hardware issue, memory or harddrive, but can we do the following
Download [color="#FF0000"]OTL.exe[/color][/url] by OldTimer to your Desktop.

Double click on OTL.exe to run it
Click Run Scan and let the program run uninterrupted.
It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.

rinoscar · « **Reply #2 on:** March 10, 2012, 09:07:52 PM »

OTL logfile created on: 10/03/2012 8:45:12 PM - Run 1
OTL by OldTimer - Version 3.2.36.3    Folder = C:\Users\L\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

1.94 Gb Total Physical Memory | 0.81 Gb Available Physical Memory | 41.83% Memory free
4.13 Gb Paging File | 2.71 Gb Available in Paging File | 65.59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221.65 Gb Total Space | 186.17 Gb Free Space | 83.99% Space Free | Partition Type: NTFS
Drive Q: | 9.77 Gb Total Space | 3.78 Gb Free Space | 38.70% Space Free | Partition Type: NTFS
Drive S: | 1.46 Gb Total Space | 0.69 Gb Free Space | 47.09% Space Free | Partition Type: NTFS

Computer Name: LENOVO | User Name: L | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/10 20:43:53 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Users\L\Desktop\OTL.exe
PRC - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/08/17 11:03:18 | 000,099,688 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
PRC - [2011/08/11 19:04:14 | 000,328,552 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2011/07/25 23:14:00 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\System Update\SUService.exe
PRC - [2011/07/12 18:03:32 | 000,069,568 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
PRC - [2011/07/12 17:17:04 | 000,138,680 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ZOOM\TpScrex.exe
PRC - [2011/07/12 16:54:02 | 000,127,336 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
PRC - [2011/07/12 16:53:48 | 000,131,432 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\tphkload.exe
PRC - [2011/07/12 16:53:18 | 000,142,696 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2011/06/22 18:49:24 | 000,866,576 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2011/06/22 18:30:38 | 000,481,552 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2010/10/01 21:06:36 | 000,348,760 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe
PRC - [2010/07/27 12:51:42 | 000,050,536 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe
PRC - [2009/12/21 16:34:38 | 000,743,992 | ---- | M] (Infowatch) -- C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
PRC - [2009/08/04 03:32:00 | 000,062,240 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
PRC - [2009/06/16 01:51:00 | 000,472,352 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkPad\Utilities\PWMUIAux.EXE
PRC - [2009/06/16 01:51:00 | 000,066,848 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe
PRC - [2009/05/28 00:09:36 | 000,049,976 | ---- | M] () -- C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/11 01:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2009/03/19 03:53:02 | 000,098,304 | ---- | M] () -- C:\Windows\System32\DTS.exe
PRC - [2009/03/19 03:48:34 | 001,680,632 | ---- | M] (AuthenTec, Inc.) -- C:\Windows\System32\AtService.exe
PRC - [2009/02/27 15:50:42 | 000,573,440 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
PRC - [2009/02/27 15:49:22 | 000,233,472 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
PRC - [2009/02/27 15:49:12 | 000,118,784 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
PRC - [2009/02/27 15:26:46 | 000,159,744 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
PRC - [2008/08/31 13:02:00 | 000,124,248 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE
PRC - [2008/06/13 22:27:44 | 000,861,496 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Client Security Solution\password_manager.exe
PRC - [2008/06/13 19:29:44 | 000,746,808 | ---- | M] (Lenovo Group Limited) -- c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2008/05/24 18:17:54 | 000,520,192 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
PRC - [2008/01/20 21:23:59 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007/03/13 11:05:00 | 001,116,920 | ---- | M] (Roxio) -- C:\Program Files\Lenovo\Drag-to-Disc\DrgToDsc.exe
PRC - [2007/01/04 21:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

========== Modules (No Company Name) ==========

MOD - [2012/02/17 14:44:05 | 000,134,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PWMUIAux\6ef215c30ed8a99e38b776ba6ee046e5\PWMUIAux.ni.exe
MOD - [2012/02/17 11:46:30 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\137696d0416b65dbc1561152971488b4\System.Drawing.ni.dll
MOD - [2012/02/17 11:42:33 | 000,539,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\dcd90ef8aff61786a94c097f30d9947d\PresentationFramework.Luna.ni.dll
MOD - [2012/02/17 11:42:12 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d48e106e015d0f8cb2d5295015cee508\PresentationFramework.Aero.ni.dll
MOD - [2012/02/17 11:41:51 | 014,328,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\56df3488472318c59d0a08ed10a065d3\PresentationFramework.ni.dll
MOD - [2012/02/17 11:41:01 | 012,216,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\3951e0a359c004cd6ba268ff78ac62aa\PresentationCore.ni.dll
MOD - [2012/02/17 11:40:28 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1e258a951222c818540b33880ca45f2e\WindowsBase.ni.dll
MOD - [2012/02/17 11:40:17 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c50133cb67d7c013fa31e1ffb942060b\System.ni.dll
MOD - [2011/10/14 19:43:14 | 000,584,192 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PWMUICtl\680d7ca32bbaa24279d69561db3a1f2d\PWMUICtl.ni.dll
MOD - [2011/10/14 19:05:04 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/10/01 21:05:46 | 008,972,888 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky PURE\QtGui4.dll
MOD - [2010/10/01 21:05:42 | 002,456,152 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky PURE\QtCore4.dll
MOD - [2010/10/01 20:07:46 | 000,733,184 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky PURE\localization_manager.dll
MOD - [2009/10/30 19:32:30 | 000,410,496 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky PURE\dblite.dll
MOD - [2009/06/16 01:51:00 | 000,073,728 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\US\PWMROV.DLL
MOD - [2009/06/16 01:51:00 | 000,030,720 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\US\PWMRT32V.DLL
MOD - [2009/05/28 00:09:36 | 000,049,976 | ---- | M] () -- C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe
MOD - [2008/07/17 18:37:40 | 000,139,264 | ---- | M] () -- c:\Program Files\Common Files\Lenovo\CDRecord.dll
MOD - [2007/06/18 18:28:44 | 000,056,056 | ---- | M] () -- C:\Windows\System32\DLAAPI_W.DLL

========== Win32 Services (SafeList) ==========

SRV - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/07/25 23:14:00 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2011/07/12 16:54:02 | 000,127,336 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe -- (Lenovo.VIRTSCRLSVC)
SRV - [2011/07/12 16:53:48 | 000,131,432 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\tphkload.exe -- (TPHKLOAD)
SRV - [2011/07/12 16:53:24 | 000,101,736 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV - [2011/07/12 16:53:18 | 000,142,696 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV - [2011/06/22 18:49:24 | 000,866,576 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel(R)
SRV - [2011/06/22 18:30:38 | 000,481,552 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel(R)
SRV - [2010/10/01 21:06:36 | 000,348,760 | ---- | M] (Kaspersky Lab) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe -- (AVP)
SRV - [2010/07/27 12:51:42 | 000,050,536 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe -- (LENOVO.CAMMUTE)
SRV - [2009/12/21 16:34:38 | 000,743,992 | ---- | M] (Infowatch) [Auto | Running] -- C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe -- (CSObjectsSrv)
SRV - [2009/06/16 01:51:00 | 000,066,848 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE -- (Power Manager DBC Service)
SRV - [2009/03/19 03:53:02 | 000,098,304 | ---- | M] () [Auto | Running] -- C:\Windows\System32\DTS.exe -- (dtsvc)
SRV - [2009/03/19 03:52:56 | 000,106,496 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\System32\ADMonitor.exe -- (ADMonitor)
SRV - [2009/03/19 03:48:34 | 001,680,632 | ---- | M] (AuthenTec, Inc.) [Auto | Running] -- C:\Windows\System32\AtService.exe -- (ATService)
SRV - [2009/02/27 15:49:22 | 000,233,472 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc)
SRV - [2009/02/27 15:49:12 | 000,118,784 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2008/06/13 19:29:44 | 000,746,808 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2008/05/24 18:17:54 | 000,520,192 | ---- | M] () [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe -- (TVT Backup Protection Service)
SRV - [2008/01/20 21:23:59 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/07/23 07:29:22 | 000,036,864 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Apoint2K\ApRunSvc.exe -- (ApRunSvc)
SRV - [2007/01/04 21:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NETw5v32) Intel(R)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (MUXMP)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (IpInIp)
DRV - [2011/08/03 17:15:04 | 007,341,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETwNv32.sys -- (NETwNv32) ___ Intel(R)
DRV - [2011/03/15 22:12:16 | 000,311,312 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)
DRV - [2010/09/07 13:09:06 | 000,013,680 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\System32\drivers\smiif32.sys -- (lenovo.smi)
DRV - [2010/06/17 03:37:30 | 000,467,072 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2009/12/14 11:44:24 | 000,088,632 | ---- | M] (Infowatch) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\CSCrySec.sys -- (CSCrySec)
DRV - [2009/12/14 11:44:24 | 000,039,352 | ---- | M] (Infowatch) [Kernel | System | Running] -- C:\Windows\System32\drivers\CSVirtualDiskDrv.sys -- (CSVirtualDiskDrv)
DRV - [2009/11/24 10:43:30 | 000,154,672 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2009/10/14 20:18:34 | 000,036,880 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\klbg.sys -- (KLBG)
DRV - [2009/10/02 18:39:36 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2009/09/14 13:46:36 | 000,021,520 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6)
DRV - [2009/09/01 14:29:50 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\kl1.sys -- (kl1)
DRV - [2009/06/16 01:51:00 | 000,011,552 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\System32\drivers\TPPWR32V.SYS -- (TPPWRIF)
DRV - [2009/05/11 12:56:26 | 000,013,352 | ---- | M] (Lenovo Group Limited) [Kernel | On_Demand | Stopped] -- C:\Program Files\Lenovo\System Update\session\7yuj31us\tpflhlp.sys -- (tpflhlp)
DRV - [2009/03/19 20:09:40 | 000,482,176 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV - [2008/11/25 16:37:48 | 001,754,368 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2008/09/25 02:49:52 | 000,031,680 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\psadd.sys -- (psadd)
DRV - [2008/05/14 18:21:16 | 000,114,728 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\DRIVERS\Apsx86.sys -- (Shockprf)
DRV - [2008/05/14 18:21:16 | 000,019,496 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\DRIVERS\ApsHM86.sys -- (TPDIGIMN)
DRV - [2008/04/18 18:40:24 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2008/03/26 00:12:56 | 000,040,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) Intel(R)
DRV - [2008/02/22 17:54:40 | 000,037,312 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tvti2c.sys -- (TVTI2C)
DRV - [2008/02/15 04:01:00 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2008/01/20 21:23:52 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbccid.sys -- (USBCCID)
DRV - [2008/01/20 21:23:51 | 000,045,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2008/01/20 21:23:50 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2007/10/18 01:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/07/29 21:54:00 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/07/29 20:42:00 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/06/18 18:29:56 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2007/06/18 18:29:10 | 000,035,064 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2007/06/18 18:29:08 | 000,093,752 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2007/06/18 18:29:06 | 000,098,136 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2007/06/18 18:29:04 | 000,026,744 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2007/06/18 18:28:58 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2007/06/18 18:28:54 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2007/06/18 18:28:52 | 000,105,048 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2007/06/07 19:36:44 | 000,081,280 | ---- | M] (Lenovo) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LenovoRd.sys -- (LenovoRd)
DRV - [2007/02/08 22:05:30 | 000,028,120 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2007/02/08 22:05:30 | 000,012,856 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLACDBHM.SYS -- (DLACDBHM)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.live.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&FORM=LENIE

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.live.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {46243E80-0E8C-442E-AF55-80BB093BFD5F}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&FORM=LENIE
IE - HKCU\..\SearchScopes\{46243E80-0E8C-442E-AF55-80BB093BFD5F}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/18 21:58:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky PURE\THBExt [2011/03/15 22:13:21 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{FCF36B88-1BBA-487f-B64B-D2E8980A9293}: C:\Program Files\Lenovo\Client Security Solution\PWM Firefox Extension [2009/03/26 10:15:24 | 000,000,000 | ---D | M]

[2009/06/05 09:43:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\L\AppData\Roaming\mozilla\Extensions
[2009/06/05 09:43:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\L\AppData\Roaming\mozilla\Extensions\[email protected]
[2012/03/08 07:13:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/03/08 07:13:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2011/04/07 22:23:37 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kasperskyWebsite removed for spamming
[2012/02/18 21:58:18 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/11 16:03:33 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1    localhost
O1 - Hosts: ::1    localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky PURE\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (IePasswordManagerHelper Class) - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O2 - BHO: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll (Kaspersky Lab)
O3 - HKLM\..\Toolbar: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ACWlIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [BLOG] C:\Program Files\ThinkPad\Utilities\BTVLOGEX.DLL ()
O4 - HKLM..\Run: [CameraApplicationLauncher] C:\Program Files\Lenovo\Camera Center\bin\CameraApplicationLaunchPadLauncher.exe ()
O4 - HKLM..\Run: [CreateLMBCShortCut] C:\Program Files\Lenovo\Mobile Broadband Connect\UserShortcutCreator.exe ()
O4 - HKLM..\Run: [FingerPrintSoftware] C:\Program Files\Lenovo Fingerprint Software\fpapp.exe (AuthenTec)
O4 - HKLM..\Run: [LPMailChecker] C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [Message Center Plus] C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe ()
O4 - HKLM..\Run: [PWMTRV] C:\Program Files\ThinkPad\Utilities\PWMTR32V.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [RoxioDragToDisc] C:\Program Files\Lenovo\Drag-to-Disc\DrgToDsc.exe (Roxio)
O4 - HKLM..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe (Lenovo)
O4 - HKLM..\Run: [tsnp2uvc] C:\Windows\tsnp2uvc.exe File not found
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky PURE\ie_banner_deny.htm ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll (Kaspersky Lab)
O9 - Extra 'Tools' menuitem : Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.200.241.37 24.202.72.13 24.200.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{88D845A3-1B3A-4F43-9AFA-576B4A4867C7}: DhcpNameServer = 24.200.241.37 24.202.72.13 24.200.0.1
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) - C:\Program Files\Kaspersky Lab\Kaspersky PURE\kloehk.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files\Kaspersky Lab\Kaspersky PURE\mzvkbd3.dll (Kaspersky Lab)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - (C:\Windows\system32\klogon.dll) - C:\Windows\System32\klogon.dll (Kaspersky Lab)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img33.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img33.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008/06/10 11:32:46 | 000,000,049 | -HS- | M] () - Q:\AUTORUN.INF -- [ NTFS ]
O32 - AutoRun File - [2008/06/02 17:46:54 | 000,000,049 | -HS- | M] () - S:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{4491dad7-1a0d-11de-9193-0022680a24dd}\Shell - "" = AutoRun
O33 - MountPoints2\{4491dad7-1a0d-11de-9193-0022680a24dd}\Shell\AutoRun\command - "" = S:\LenovoSDrive.exe -- [2008/07/29 17:37:58 | 000,180,224 | -HS- | M] ()
O33 - MountPoints2\{7ab04156-ae0d-11de-bd67-001c259cb30d}\Shell\AutoRun\command - "" = D:\setupSNK.exe
O33 - MountPoints2\{d60a9246-1a12-11de-bb86-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{d60a9246-1a12-11de-bb86-806e6f6e6963}\Shell\AutoRun\command - "" = Q:\LenovoQDrive.exe -- [2008/07/21 11:09:40 | 000,262,144 | -HS- | M] (Lenovo Group Limited)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/10 20:43:43 | 000,594,944 | ---- | C] (OldTimer Tools) -- C:\Users\L\Desktop\OTL.exe
[2012/03/08 07:12:53 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012/03/08 07:12:52 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012/03/08 07:12:51 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012/03/04 16:14:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
[2012/03/04 16:14:46 | 000,000,000 | ---D | C] -- C:\Users\L\AppData\Local\Google
[2012/03/04 16:13:59 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2012/02/23 16:23:38 | 004,448,256 | ---- | C] (Google Inc.) -- C:\Windows\System32\GPhotos.scr
[2012/02/16 20:36:34 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2012/02/16 20:36:34 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2012/02/16 20:36:33 | 000,471,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012/02/16 20:36:33 | 000,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/02/16 20:36:32 | 001,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/02/16 20:36:32 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2012/02/16 20:36:32 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/02/16 20:36:32 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/02/16 20:36:31 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2012/02/16 20:36:28 | 002,044,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/10 21:00:37 | 005,346,088 | ---- | M] () -- C:\Users\Public\Documents\AccConnAdvanced.html
[2012/03/10 20:57:00 | 000,000,410 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{919F69F7-231B-43C4-AA43-467BEFAAB33F}.job
[2012/03/10 20:43:53 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Users\L\Desktop\OTL.exe
[2012/03/10 20:11:19 | 018,737,238 | ---- | M] () -- C:\Users\Public\Documents\AccConnAdvanced.dat
[2012/03/10 20:11:06 | 000,003,191 | ---- | M] () -- C:\Users\Public\Documents\AcIpConfig.dat
[2012/03/10 20:11:00 | 000,027,074 | ---- | M] () -- C:\Users\Public\Documents\ACGinaWinlogon.dat
[2012/03/10 20:10:51 | 010,485,744 | ---- | M] () -- C:\Users\Public\Documents\Archive_AccConnAdvanced.html
[2012/03/10 20:08:57 | 000,001,024 | ---- | M] () -- C:\Users\L\.rnd
[2012/03/10 20:07:06 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/10 20:07:06 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/10 20:06:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/10 20:06:46 | 2088,796,160 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/10 12:31:03 | 350,376,821 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/03/08 07:12:04 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2012/03/08 07:12:04 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012/03/08 07:12:04 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012/03/08 07:12:04 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012/03/07 20:25:51 | 000,609,196 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/03/07 20:25:51 | 000,108,672 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/03/04 16:59:30 | 000,000,436 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2012/02/29 20:05:47 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/02/23 16:23:38 | 004,448,256 | ---- | M] (Google Inc.) -- C:\Windows\System32\GPhotos.scr
[2012/02/23 09:18:36 | 000,237,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2012/02/17 11:37:28 | 000,379,856 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/03/15 22:15:05 | 000,115,369 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat
[2011/03/15 22:15:04 | 000,097,961 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:5C321E34
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:8D0D4418

< End of report >

rinoscar · « **Reply #3 on:** March 10, 2012, 09:09:46 PM »

OTL Extras logfile created on: 10/03/2012 8:45:12 PM - Run 1
OTL by OldTimer - Version 3.2.36.3 Folder = C:\Users\L\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

1.94 Gb Total Physical Memory | 0.81 Gb Available Physical Memory | 41.83% Memory free
4.13 Gb Paging File | 2.71 Gb Available in Paging File | 65.59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221.65 Gb Total Space | 186.17 Gb Free Space | 83.99% Space Free | Partition Type: NTFS
Drive Q: | 9.77 Gb Total Space | 3.78 Gb Free Space | 38.70% Space Free | Partition Type: NTFS
Drive S: | 1.46 Gb Total Space | 0.69 Gb Free Space | 47.09% Space Free | Partition Type: NTFS

Computer Name: LENOVO | User Name: L | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 1
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1947EE1B-9C17-4B98-ABF7-0C6783246E11}" = lport=445 | protocol=6 | dir=in | app=system |
"{266FE709-A251-4370-A6F5-62A2524ECC9A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{84D4528C-7114-4D4A-B370-643CBEBE1631}" = rport=137 | protocol=17 | dir=out | app=system |
"{9A2C2C9C-166B-4D36-96D7-E30048688FEB}" = lport=137 | protocol=17 | dir=in | app=system |
"{9E501D2B-D437-418A-8BB9-A77633345AC5}" = rport=139 | protocol=6 | dir=out | app=system |
"{9FE47829-568F-4C47-9928-709377432F7C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{A2913D20-24B2-493D-BA12-812F0A6E816F}" = lport=138 | protocol=17 | dir=in | app=system |
"{A90E8227-569B-40C8-80E4-B22FA42FB160}" = rport=445 | protocol=6 | dir=out | app=system |
"{DB213876-1A08-4649-BDF8-510EF9B240EE}" = lport=139 | protocol=6 | dir=in | app=system |
"{FBFCAA78-CB20-49A7-A3AB-1A07213ADE33}" = rport=138 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0796F658-8980-4231-8AA9-D614DC45BCD5}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{09672DF7-2FC4-4CBC-A5C5-7AFEFD0F4330}" = protocol=58 | dir=in | [email protected],-28545 |
"{0FC55069-9E0B-4296-8C3B-1E379B44D3B5}" = protocol=17 | dir=in | app=c:\program files\frostwire 5\frostwire.exe |
"{1E238644-A7F0-4F19-8EC4-5470BF1DDE7D}" = protocol=1 | dir=in | [email protected],-28543 |
"{37942724-559C-4AC4-9207-0FFFF920B4D4}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{43E1C8BD-342F-4754-B368-FD354A0AE348}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{4F9C437B-765C-475D-88E3-109B84147DED}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{52DADF07-D1DD-4A95-990D-752971F30320}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{690ACD6F-355A-4AEC-8E1B-0522E90BCF04}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{70B46A5D-00FB-422A-9533-27A76F3E09EE}" = protocol=58 | dir=out | [email protected],-28546 |
"{7659422C-D2CD-450B-9F70-C798F766F22B}" = protocol=17 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{7BE47880-A409-485C-B56F-10F706395DDE}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{8B258DDD-4194-4740-98D9-6EBCA3B9C304}" = protocol=6 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{945DEE63-8686-48F8-AB57-F749E49B2BD2}" = protocol=1 | dir=out | [email protected],-28544 |
"{985E27C3-284B-43E8-B77F-6957AE39F6BF}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{A32523AF-2476-4FD7-9463-6F4104AB9555}" = protocol=6 | dir=in | app=c:\program files\frostwire 5\frostwire.exe |
"{A4E6D77C-5C2D-40E1-96A4-ED59C206CE6C}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C9219630-C9AB-4A8E-B6C7-27F1EFADBFA1}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{CA954E3A-37B4-4C93-BC4D-5A04FB00689F}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{FEBDED3B-4326-4C2C-8D0D-4ADE46DDE9F4}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{098122AB-C605-4853-B441-C0A4EB359B75}" = DirectXInstallService
"{1007F41F-7D69-468E-8017-3849A5A973C2}" = ThinkVantage Technologies Welcome Message
"{1189955B-C6E8-4606-AE6C-CD64791DB544}" = Mobile Broadband Connect
"{1297C681-92D7-40EF-93BF-03F66EC5105C}" = ThinkPad EasyEject Utility
"{17CBC505-D1AE-459D-B445-3D2000A85842}" = ThinkPad UltraNav Utility
"{1A59064A-12A9-469F-99F6-04BF118DBCFF}" = Kaspersky PURE
"{2111B23F-7FDA-4A41-8309-E5A1663CA296}" = ThinkPad Keyboard Customizer Utility
"{24E92E7A-6848-4747-A3EA-3AAC0576BE52}" = Lenovo Patch Utility
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Drag-to-Disc
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Integrated Camera
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D8994A3-02A8-45B5-B955-53E608BC69ED}" = Lenovo Fingerprint Software
"{3F963A06-7C18-4039-9789-9644B3266AE7}" = Verizon Wireless BroadbandAccess Self Activation
"{3FE3D6A5-2F5E-4870-A3AC-D1D88E0B2797}" = Intel(R) PROSet/Wireless WiFi Software
"{44E9D4C2-946C-4378-9354-558803C47A68}" = Client Security - Password Manager
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage Active Protection System
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB5764A-3894-49A2-BAA8-C4665F74CD4C}" = Registry patch to improve USB device detection on resume from sleep for Windows Vista
"{4BD295B9-0190-4C54-B08E-33A6ECA922DF}" = ThinkVantage Access Connections
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5523092E-13AA-4EED-8E18-255860F6D9DC}" = ThinkVantage Status Gadget
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.02
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{65706020-7B6F-41F2-8047-FC69579E386A}" = Presentation Director
"{668ACF05-E455-4932-A2D2-5822A8206FEB}" = Camera Center
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7E4C16B8-8F76-4940-8505-98E93C00BF19}" = Rescue and Recovery
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update
"{88C6A6D9-324C-46E8-BA87-563D14021442}_is1" = ThinkVantage Communications Utility
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90FABD40-E741-446F-839D-CEAE905D63BE}" = ThinkPad Mobility Center Customization
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{986F64DC-FF15-449D-998F-EE3BCEC6666A}" = Help Center
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ThinkPad UltraNav Driver
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B334D9AE-1393-423E-97C0-3BDC3360E692}" = Sonic Icons for Lenovo
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{BF065AA8-D2B7-4F49-931A-63E1FB9899E2}" = VitalSource Bookshelf
"{C6FA39A7-26B1-480A-BC74-6D17531AC222}" = Access Help
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}" = ThinkVantage Productivity Center
"{D728E945-256D-4477-B377-6BBA693714AC}" = Productivity Center Supplement for ThinkPad
"{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = ThinkPad Power Manager
"{DB71210F-8314-4AE3-B7A7-EBAF85BD30E9}" = Wallpapers
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E7E836B8-4BDD-454F-82E6-5FEA17C83AD4}" = Message Center
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F6D6B258-E3CA-4AAC-965A-68D3E3140A8C}" = iTunes
"{FA62B4C2-6CFD-462F-9B59-68A730001AB3}" = Product Recovery Disc Burning Utility
"{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}" = Message Center Plus
"0A7603E3091C168CDE422A2B3481A2F7D17D0954" = Windows Driver Package - Intel hdc (02/20/2008 6.9.1.1001)
"1205965EF392C9B0D5A9BDB139035F058E76359E" = Windows Driver Package - Ricoh Company MMC Host Controller (02/15/2008 6.00.03.05)
"1A96FF9D9E5F19776E6749D8F6557FCC437EB294" = Windows Driver Package - Ricoh Company MS Host Controller (07/30/2007 6.00.01.11)
"386CAF2F8306A2DD7EBAEAA5A86D98BE177DC951" = Windows Driver Package - Lenovo 1.45 (02/18/2008 1.45)
"432D918ED17EA51B73E8491A0369730C0076A292" = Windows Driver Package - Intel System (02/20/2008 8.6.1.1002)
"464CE3922A214073AAEE00DEB23EA5C750AF8CE8" = Windows Driver Package - Intel USB (02/05/2007 8.3.0.1011)
"513C7D1BF4530B30EC84716327E4D7E76810DCC5" = Windows Driver Package - Intel System (02/20/2008 8.7.0.1007)
"5A4D4FF375E24E41AE5D2D907E67E0884BE2CAF4" = Windows Driver Package - Intel System (01/30/2008 8.6.1.1001)
"778DAA8FB0D52FC214BC306BBDC33E26ACAB6F44" = Windows Driver Package - Ricoh Company xD Host Controller (07/30/2007 6.00.01.13)
"A4680BD43717441189C52EBF2C4FD6B182EE1101" = Windows Driver Package - AuthenTec Inc. (ATSwpWDF) Biometric (10/02/2008 8.1.2.37)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Ashampoo Burning Studio 6 FREE_is1" = Ashampoo Burning Studio 6 FREE v.6.80
"CNXT_AUDIO_HDA" = Conexant 20561 SmartAudio HD
"CNXT_MODEM_HDA_HSF" = ThinkPad Modem Adapter
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Dipmon" = Registry Patch of Enabling Device Initiated Power Management(DIPM) on SATA for Windows Vista
"E4ACAC6700911AAA3BC0CD6C581A68BFC6AB001E" = Windows Driver Package - Broadcom (b57nd60x) Net (11/29/2007 10.62.1.2)
"E6CEFD9A59425A2A27E92572AB367B28C371D3D8" = Windows Driver Package - Intel System (09/15/2006 7.0.0.1011)
"F47257BFD82AA5BBF9668FC2EE9A258601FCE833" = Windows Driver Package - Intel (iaStor) hdc (11/03/2008 8.6.3.1004)
"FPIRPOn" = Registry patch of Changing Timing of IDLE IRP by Finger Print Driver for Windows Vista
"FrostWire 5" = FrostWire 5.2.11
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HECI" = Intel(R) Management Engine Interface
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallWIX_{1A59064A-12A9-469F-99F6-04BF118DBCFF}" = Kaspersky PURE
"Lenovo Registration" = Lenovo Registration
"Lenovo Welcome_is1" = Lenovo Welcome v1.0.24.3
"LENOVO.SMIIF" = Lenovo System Interface Driver
"LenovoAutoScrollUtility" = Lenovo Auto Scroll Utility
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 10.0.2 (x86 en-US)" = Mozilla Firefox 10.0.2 (x86 en-US)
"OnScreenDisplay" = On Screen Display
"PC-Doctor for Windows" = Lenovo System Toolbox
"Picasa 3" = Picasa 3
"Power Management Driver" = ThinkPad Power Management Driver
"ProInst" = Intel PROSet Wireless
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"USBPMon" = Registry patch for Windows Vista USB S3 PM Enablement

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/03/2012 7:04:51 PM | Computer Name = Lenovo | Source = Windows Search Service | ID = 3013
Description =

Error - 10/03/2012 7:04:51 PM | Computer Name = Lenovo | Source = Windows Search Service | ID = 3013
Description =

Error - 10/03/2012 7:04:51 PM | Computer Name = Lenovo | Source = Windows Search Service | ID = 3013
Description =

Error - 10/03/2012 7:04:51 PM | Computer Name = Lenovo | Source = Windows Search Service | ID = 3013
Description =

Error - 10/03/2012 7:04:51 PM | Computer Name = Lenovo | Source = Windows Search Service | ID = 3013
Description =

Error - 10/03/2012 7:04:51 PM | Computer Name = Lenovo | Source = Windows Search Service | ID = 3013
Description =

Error - 10/03/2012 7:04:51 PM | Computer Name = Lenovo | Source = Windows Search Service | ID = 3013
Description =

Error - 10/03/2012 8:43:57 PM | Computer Name = Lenovo | Source = EventSystem | ID = 4621
Description =

Error - 10/03/2012 8:44:20 PM | Computer Name = Lenovo | Source = Windows Search Service | ID = 3084
Description =

Error - 10/03/2012 9:07:15 PM | Computer Name = Lenovo | Source = WinMgmt | ID = 10
Description =

[ Lenovo-Message Center Plus/Admin Events ]
Error - 05/03/2011 9:12:25 PM | Computer Name = Lenovo | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Binary stream '0' does not contain a valid BinaryHeader. Possible
causes are invalid stream or object version change between serialization and deserialization.
-> Exception message: Binary stream '0' does not contain a valid BinaryHeader.
Possible causes are invalid stream or object version change between serialization
and deserialization.

[ System Events ]
Error - 10/03/2012 1:31:48 PM | Computer Name = Lenovo | Source = Service Control Manager | ID = 7034
Description =

Error - 10/03/2012 7:01:40 PM | Computer Name = Lenovo | Source = Service Control Manager | ID = 7000
Description =

Error - 10/03/2012 7:01:41 PM | Computer Name = Lenovo | Source = Service Control Manager | ID = 7034
Description =

Error - 10/03/2012 7:23:31 PM | Computer Name = Lenovo | Source = SCardSvr | ID = 615
Description =

Error - 10/03/2012 7:23:32 PM | Computer Name = Lenovo | Source = SCardSvr | ID = 616
Description =

Error - 10/03/2012 7:37:30 PM | Computer Name = Lenovo | Source = iaStor | ID = 262153
Description = The device, \Device\Ide\iaStor0, did not respond within the timeout
period.

Error - 10/03/2012 8:44:19 PM | Computer Name = Lenovo | Source = DCOM | ID = 10010
Description =

Error - 10/03/2012 9:07:16 PM | Computer Name = Lenovo | Source = Service Control Manager | ID = 7000
Description =

Error - 10/03/2012 9:07:36 PM | Computer Name = Lenovo | Source = Service Control Manager | ID = 7034
Description =

Error - 10/03/2012 9:48:57 PM | Computer Name = Lenovo | Source = iaStor | ID = 262153
Description = The device, \Device\Ide\iaStor0, did not respond within the timeout
period.

< End of report >

guestolo · « **Reply #4 on:** March 11, 2012, 04:16:22 PM »

Let's try the following:
Close down all browser windows
Uninstall the older version of Sun Java from "Programs and Features" in Control Panel
Only remove the following>>> Java™ 6 Update 7

After that's uninstalled, come back here and do the following
Right click on OTL.exe and "Run as Administrator"

Under the [color="#0000FF"]Custom Scans/Fixes[/color] box at the bottom, copy/paste in the following in the quote box below. don't include the word Quote please
Quote
:OTL
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found
O3 - HKLM\..\Toolbar: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found
O4 - HKLM..\Run: [] File not found
:Reg
:Files
C:\Program Files\Ask.com
:Commands
[EmptyFlash]
[EmptyTemp]
[Reboot]
Then click the [color="#FF0000"]Run Fix[/color] button at the top
Let the program run unhindered, reboot the PC when it is done

On startup, Allow OTL to run if prompted
A log should open, can you post it please
A copy of this log can also be found in
C:\_OTL\Moved Files folder

Download Malwarebytes' Anti-Malware from Here or Here
Save the installer to desktop

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, you will be prompted to Decline or use Trial version>>>Select DECLINE
Select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

In addition:
Download [color="#FF0000"]aswMBR.exe[/color] (4.5mb) to your desktop.

Double click aswMBR.exe to run it.

Click the "Scan" button to start the scan.
If Avast asks to download definitions, please say Yes.

On completion of the scan click save log, save it to your desktop and post it in your next reply.

Recap:
1. Post the fix log from OTL.exze
2. Post the log from MBAM
3. Post the log from aswMBR.exe please

rinoscar · « **Reply #5 on:** March 11, 2012, 09:50:05 PM »

Here is the first request:
All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
========== REGISTRY ==========
========== FILES ==========
File\Folder C:\Program Files\Ask.com not found.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 41620 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: L
->Flash cache emptied: 42090 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: L
->Temp folder emptied: 508619877 bytes
->Temporary Internet Files folder emptied: 572119408 bytes
->Java cache emptied: 39530862 bytes
->FireFox cache emptied: 50698201 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1208792 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 349110171 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 358297888 bytes

Total Files Cleaned = 1,793.00 mb

OTL by OldTimer - Version 3.2.36.3 log created on 03112012_223824

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

I will do the 2 others tomorrow evening.
Thanks

rinoscar · « **Reply #6 on:** March 12, 2012, 05:49:29 PM »

Step two:

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.12.01

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 7.0.6002.18005
L :: LENOVO [administrator]

12/03/2012 6:33:49 PM
mbam-log-2012-03-12 (18-33-49).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 183864
Time elapsed: 17 minute(s), 11 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

guestolo · « **Reply #7 on:** March 12, 2012, 07:38:43 PM »

just waiting on the log from aswMBR.exe

rinoscar · « **Reply #8 on:** March 12, 2012, 08:26:23 PM »

Had some trouble with that one, first it rebooted when it was scanning a dll file. Second it stalled and froze my laptop when it was scanning the kaspersky file. I had to reboot manually, Eventually it scanned everything here is the file:

aswMBR version 0.9.9.1649 Copyright(c) 2011 AVAST Software
Run date: 2012-03-12 20:47:26
-----------------------------
20:47:26.781   OS Version: Windows 6.0.6002 Service Pack 2
20:47:26.781   Number of processors: 2 586 0x170A
20:47:26.781   ComputerName: LENOVO UserName: L
20:48:57.269   Initialize success
20:49:12.807   AVAST engine defs: 12031200
20:49:59.763   Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
20:49:59.778   Disk 0 Vendor: ST925082 3.CM Size: 238475MB BusType: 3
20:49:59.950   Disk 0 MBR read successfully
20:49:59.950   Disk 0 MBR scan
20:49:59.965   Disk 0 unknown MBR code
20:49:59.981   Disk 0 Partition 1 80 (A) 07   HPFS/NTFS NTFS    1499 MB offset 2048
20:50:00.012   Disk 0 Partition 2 00    07   HPFS/NTFS NTFS    226974 MB offset 3072000
20:50:00.059   Disk 0 Partition 3 00    07   HPFS/NTFS NTFS     10000 MB offset 467914752
20:50:00.106   Disk 0 scanning sectors +488394752
20:50:00.215   Disk 0 scanning C:\Windows\system32\drivers
20:50:32.792   Service scanning
20:51:20.528   Modules scanning
20:51:59.107   Disk 0 trace - called modules:
20:51:59.153   ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys
20:51:59.169   1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x88edc780]
20:51:59.169   3 CLASSPNP.SYS[8b3da8b3] -> nt!IofCallDriver -> [0x87e1d2b0]
20:51:59.185   5 acpi.sys[8aa936bc] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x87d9e028]
20:52:00.651   AVAST engine scan C:\Windows
20:52:33.099   AVAST engine scan C:\Windows\system32
21:00:57.434   AVAST engine scan C:\Windows\system32\drivers
21:02:10.371   AVAST engine scan C:\Users\L
21:07:21.523   AVAST engine scan C:\ProgramData
21:24:22.954   Scan finished successfully
21:24:43.000   Disk 0 MBR has been saved successfully to "C:\Users\L\Desktop\MBR.dat"
21:24:43.016   The log file has been saved successfully to "C:\Users\L\Desktop\aswMBR.txt"

guestolo · « **Reply #9 on:** March 12, 2012, 08:50:35 PM »

Download TDSSKiller:
http://support.kaspersky.com/downloads/utils/tdsskiller.exe
Save it to your desktop then double click on it to run it

Click the START SCAN, when done
If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.

rinoscar · « **Reply #10 on:** March 12, 2012, 09:21:58 PM »

22:20:44.0426 4812   TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43
22:20:45.0206 4812   ============================================================
22:20:45.0206 4812   Current date / time: 2012/03/12 22:20:45.0206
22:20:45.0206 4812   SystemInfo:
22:20:45.0206 4812
22:20:45.0206 4812   OS Version: 6.0.6002 ServicePack: 2.0
22:20:45.0206 4812   Product type: Workstation
22:20:45.0206 4812   ComputerName: LENOVO
22:20:45.0206 4812   UserName: L
22:20:45.0206 4812   Windows directory: C:\Windows
22:20:45.0206 4812   System windows directory: C:\Windows
22:20:45.0206 4812   Processor architecture: Intel x86
22:20:45.0206 4812   Number of processors: 2
22:20:45.0206 4812   Page size: 0x1000
22:20:45.0206 4812   Boot type: Normal boot
22:20:45.0206 4812   ============================================================
22:20:47.0499 4812   Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x7E2D, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050
22:20:47.0561 4812   \Device\Harddisk0\DR0:
22:20:47.0561 4812   MBR used
22:20:47.0561 4812   \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2ED800
22:20:47.0561 4812   \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE000, BlocksNum 0x1BB4F000
22:20:47.0561 4812   \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1BE3D000, BlocksNum 0x1388000
22:20:47.0748 4812   Initialize success
22:20:47.0748 4812   ============================================================
22:21:09.0246 3780   ============================================================
22:21:09.0246 3780   Scan started
22:21:09.0246 3780   Mode: Manual;
22:21:09.0246 3780   ============================================================
22:21:10.0198 3780   ACPI     (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
22:21:10.0292 3780   ACPI - ok
22:21:10.0494 3780   adp94xx    (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
22:21:10.0510 3780   adp94xx - ok
22:21:10.0604 3780   adpahci    (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
22:21:10.0619 3780   adpahci - ok
22:21:10.0682 3780   adpu160m     (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
22:21:10.0697 3780   adpu160m - ok
22:21:10.0760 3780   adpu320    (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
22:21:10.0775 3780   adpu320 - ok
22:21:10.0931 3780   AFD    (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
22:21:11.0040 3780   AFD - ok
22:21:11.0181 3780   agp440     (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
22:21:11.0196 3780   agp440 - ok
22:21:11.0274 3780   aic78xx    (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
22:21:11.0290 3780   aic78xx - ok
22:21:11.0368 3780   aliide     (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
22:21:11.0368 3780   aliide - ok
22:21:11.0477 3780   amdagp     (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
22:21:11.0493 3780   amdagp - ok
22:21:11.0540 3780   amdide     (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
22:21:11.0555 3780   amdide - ok
22:21:11.0696 3780   AmdK7    (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
22:21:11.0711 3780   AmdK7 - ok
22:21:11.0758 3780   AmdK8    (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
22:21:11.0774 3780   AmdK8 - ok
22:21:11.0883 3780   ApfiltrService (baaa6516aec2622b8fba6165ff5d68c2) C:\Windows\system32\DRIVERS\Apfiltr.sys
22:21:11.0930 3780   ApfiltrService - ok
22:21:12.0101 3780   arc    (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
22:21:12.0117 3780   arc - ok
22:21:12.0195 3780   arcsas     (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
22:21:12.0226 3780   arcsas - ok
22:21:12.0304 3780   AsyncMac     (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
22:21:12.0320 3780   AsyncMac - ok
22:21:12.0413 3780   atapi    (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
22:21:12.0491 3780   atapi - ok
22:21:12.0663 3780   ATSwpWDF     (40e3212da94acf9e120c30acebc6ea80) C:\Windows\system32\Drivers\ATSwpWDF.sys
22:21:12.0819 3780   ATSwpWDF - ok
22:21:12.0975 3780   b57nd60x     (db76881f34e600fbb29bc3d7c854d056) C:\Windows\system32\DRIVERS\b57nd60x.sys
22:21:13.0006 3780   b57nd60x - ok
22:21:13.0084 3780   Beep     (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
22:21:13.0115 3780   Beep - ok
22:21:13.0193 3780   blbdrive     (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
22:21:13.0209 3780   blbdrive - ok
22:21:13.0334 3780   bowser     (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
22:21:13.0412 3780   bowser - ok
22:21:13.0552 3780   BrFiltLo     (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
22:21:13.0568 3780   BrFiltLo - ok
22:21:13.0630 3780   BrFiltUp     (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
22:21:13.0630 3780   BrFiltUp - ok
22:21:13.0755 3780   Brserid    (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
22:21:13.0770 3780   Brserid - ok
22:21:13.0802 3780   BrSerWdm     (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
22:21:13.0817 3780   BrSerWdm - ok
22:21:13.0848 3780   BrUsbMdm     (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
22:21:13.0848 3780   BrUsbMdm - ok
22:21:13.0911 3780   BrUsbSer     (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
22:21:13.0911 3780   BrUsbSer - ok
22:21:14.0004 3780   BTHMODEM     (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
22:21:14.0004 3780   BTHMODEM - ok
22:21:14.0129 3780   cdfs     (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
22:21:14.0145 3780   cdfs - ok
22:21:14.0223 3780   cdrom    (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
22:21:14.0316 3780   cdrom - ok
22:21:14.0348 3780   circlass     (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
22:21:14.0363 3780   circlass - ok
22:21:14.0426 3780   CLFS     (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
22:21:14.0519 3780   CLFS - ok
22:21:14.0644 3780   CmBatt     (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
22:21:14.0660 3780   CmBatt - ok
22:21:14.0691 3780   cmdide     (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
22:21:14.0706 3780   cmdide - ok
22:21:14.0831 3780   CnxtHdAudService (912c546ab87aa0e240e82bd7ca48a9e6) C:\Windows\system32\drivers\CHDRT32.sys
22:21:14.0862 3780   CnxtHdAudService - ok
22:21:14.0956 3780   Compbatt     (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
22:21:14.0956 3780   Compbatt - ok
22:21:15.0018 3780   crcdisk    (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
22:21:15.0034 3780   crcdisk - ok
22:21:15.0065 3780   Crusoe     (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
22:21:15.0081 3780   Crusoe - ok
22:21:15.0237 3780   CSC    (9bdb2e89be8d0ef37b1f25c3d3fc192c) C:\Windows\system32\drivers\csc.sys
22:21:15.0330 3780   CSC - ok
22:21:15.0455 3780   CSCrySec     (5cbf20674be8364febb6a13451a42f0a) C:\Windows\system32\DRIVERS\CSCrySec.sys
22:21:15.0549 3780   CSCrySec - ok
22:21:15.0674 3780   CSVirtualDiskDrv (2c3f213eddd231099fb779a45d7680e0) C:\Windows\system32\DRIVERS\CSVirtualDiskDrv.sys
22:21:15.0767 3780   CSVirtualDiskDrv - ok
22:21:15.0892 3780   DfsC     (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
22:21:16.0032 3780   DfsC - ok
22:21:16.0157 3780   disk     (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
22:21:16.0235 3780   disk - ok
22:21:16.0360 3780   DLABMFSM     (5b149ccfe275f4de0b4b8ec6b9f6821e) C:\Windows\system32\DLA\DLABMFSM.SYS
22:21:16.0376 3780   DLABMFSM - ok
22:21:16.0422 3780   DLABOIOM     (ad4cb3d783634c90a9d0ce360933a63c) C:\Windows\system32\DLA\DLABOIOM.SYS
22:21:16.0438 3780   DLABOIOM - ok
22:21:16.0500 3780   DLACDBHM     (5230cdb7e715f3a3b4a882e254cdd35d) C:\Windows\system32\Drivers\DLACDBHM.SYS
22:21:16.0516 3780   DLACDBHM - ok
22:21:16.0610 3780   DLADResM     (93d03238cc3f0ee3c0b3985d110ec575) C:\Windows\system32\DLA\DLADResM.SYS
22:21:16.0641 3780   DLADResM - ok
22:21:16.0672 3780   DLAIFS_M     (6a82f77c4a6f5235bf352f0028e2ef52) C:\Windows\system32\DLA\DLAIFS_M.SYS
22:21:16.0703 3780   DLAIFS_M - ok
22:21:16.0734 3780   DLAOPIOM     (0e6052c0ada37504896a847231a3907d) C:\Windows\system32\DLA\DLAOPIOM.SYS
22:21:16.0750 3780   DLAOPIOM - ok
22:21:16.0797 3780   DLAPoolM     (29670bb4e2b973c5b55a76107d4910b2) C:\Windows\system32\DLA\DLAPoolM.SYS
22:21:16.0812 3780   DLAPoolM - ok
22:21:16.0890 3780   DLARTL_M     (77fe51f0f8d86804cb81f6ef6bfb86dd) C:\Windows\system32\Drivers\DLARTL_M.SYS
22:21:16.0906 3780   DLARTL_M - ok
22:21:16.0968 3780   DLAUDFAM     (6b087732b86c1d866d69dbbe463ea90a) C:\Windows\system32\DLA\DLAUDFAM.SYS
22:21:17.0015 3780   DLAUDFAM - ok
22:21:17.0078 3780   DLAUDF_M     (bbeecb95f2841ae4a3e3690d46d7153d) C:\Windows\system32\DLA\DLAUDF_M.SYS
22:21:17.0109 3780   DLAUDF_M - ok
22:21:17.0265 3780   drmkaud    (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
22:21:17.0265 3780   drmkaud - ok
22:21:17.0343 3780   DRVMCDB    (83106585494d5eb96f59187200c144bd) C:\Windows\system32\Drivers\DRVMCDB.SYS
22:21:17.0358 3780   DRVMCDB - ok
22:21:17.0390 3780   DRVNDDM    (ffc371525aa55d1bae18715ebcb8797c) C:\Windows\system32\Drivers\DRVNDDM.SYS
22:21:17.0421 3780   DRVNDDM - ok
22:21:17.0514 3780   DXGKrnl    (5c7e2097b91d689ded7a6ff90f0f3a25) C:\Windows\System32\drivers\dxgkrnl.sys
22:21:17.0592 3780   DXGKrnl - ok
22:21:17.0702 3780   e1express    (908ed85b7806e8af3af5e9b74f7809d4) C:\Windows\system32\DRIVERS\e1e6032.sys
22:21:17.0733 3780   e1express - ok
22:21:17.0842 3780   E1G60    (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
22:21:17.0858 3780   E1G60 - ok
22:21:17.0920 3780   Ecache     (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
22:21:18.0029 3780   Ecache - ok
22:21:18.0123 3780   elxstor    (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
22:21:18.0154 3780   elxstor - ok
22:21:18.0216 3780   ErrDev     (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
22:21:18.0232 3780   ErrDev - ok
22:21:18.0388 3780   exfat    (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
22:21:18.0482 3780   exfat - ok
22:21:18.0575 3780   fastfat    (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
22:21:18.0669 3780   fastfat - ok
22:21:18.0794 3780   fdc    (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
22:21:18.0794 3780   fdc - ok
22:21:18.0856 3780   FileInfo     (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
22:21:18.0872 3780   FileInfo - ok
22:21:18.0918 3780   Filetrace    (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
22:21:18.0918 3780   Filetrace - ok
22:21:18.0965 3780   flpydisk     (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
22:21:18.0981 3780   flpydisk - ok
22:21:19.0059 3780   FltMgr     (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
22:21:19.0215 3780   FltMgr - ok
22:21:19.0386 3780   Fs_Rec     (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
22:21:19.0386 3780   Fs_Rec - ok
22:21:19.0433 3780   gagp30kx     (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
22:21:19.0449 3780   gagp30kx - ok
22:21:19.0527 3780   GEARAspiWDM    (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
22:21:19.0605 3780   GEARAspiWDM - ok
22:21:19.0745 3780   HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
22:21:19.0761 3780   HdAudAddService - ok
22:21:19.0839 3780   HDAudBus     (4b6f641de7d79f414b309b519c30f274) C:\Windows\system32\DRIVERS\HDAudBus.sys
22:21:19.0886 3780   HDAudBus - ok
22:21:20.0010 3780   HECI     (2df64415a28ce036ac6acec7645a996f) C:\Windows\system32\DRIVERS\HECI.sys
22:21:20.0026 3780   HECI - ok
22:21:20.0073 3780   HidBth     (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
22:21:20.0104 3780   HidBth - ok
22:21:20.0166 3780   HidIr    (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
22:21:20.0182 3780   HidIr - ok
22:21:20.0244 3780   HidUsb     (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
22:21:20.0322 3780   HidUsb - ok
22:21:20.0385 3780   HpCISSs    (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
22:21:20.0400 3780   HpCISSs - ok
22:21:20.0510 3780   HSFHWAZL     (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
22:21:20.0525 3780   HSFHWAZL - ok
22:21:20.0603 3780   HSF_DPV    (fadd7095163cb3cb4073793ebb50fe75) C:\Windows\system32\DRIVERS\HSX_DPV.sys
22:21:20.0650 3780   HSF_DPV - ok
22:21:20.0744 3780   HSXHWAZL     (058783bedd17615d1fece09f77960436) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
22:21:20.0775 3780   HSXHWAZL - ok
22:21:20.0868 3780   HTTP     (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
22:21:20.0978 3780   HTTP - ok
22:21:21.0071 3780   i2omp    (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
22:21:21.0071 3780   i2omp - ok
22:21:21.0212 3780   i8042prt     (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
22:21:21.0227 3780   i8042prt - ok
22:21:21.0352 3780   iaStor     (37769c28e1c6489c56e41db7a32d58c5) C:\Windows\system32\DRIVERS\iaStor.sys
22:21:21.0368 3780   iaStor - ok
22:21:21.0430 3780   iaStorV    (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
22:21:21.0446 3780   iaStorV - ok
22:21:21.0524 3780   IBMPMDRV     (e3ffc8cb45b3f55264ee10f084b2731b) C:\Windows\system32\DRIVERS\ibmpmdrv.sys
22:21:21.0602 3780   IBMPMDRV - ok
22:21:21.0789 3780   igfx     (6fb1858d1f0923d122b0331865695041) C:\Windows\system32\DRIVERS\igdkmd32.sys
22:21:21.0882 3780   igfx - ok
22:21:21.0976 3780   iirsp    (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
22:21:21.0992 3780   iirsp - ok
22:21:22.0054 3780   intelide     (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
22:21:22.0070 3780   intelide - ok
22:21:22.0179 3780   intelppm     (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
22:21:22.0272 3780   intelppm - ok
22:21:22.0491 3780   IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:21:22.0522 3780   IpFilterDriver - ok
22:21:22.0725 3780   IpInIp - ok
22:21:22.0990 3780   IPMIDRV    (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
22:21:23.0006 3780   IPMIDRV - ok
22:21:23.0099 3780   IPNAT    (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
22:21:23.0115 3780   IPNAT - ok
22:21:23.0193 3780   IRENUM     (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
22:21:23.0208 3780   IRENUM - ok
22:21:23.0255 3780   isapnp     (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
22:21:23.0271 3780   isapnp - ok
22:21:23.0411 3780   iScsiPrt     (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
22:21:23.0536 3780   iScsiPrt - ok
22:21:23.0754 3780   iteatapi     (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
22:21:23.0770 3780   iteatapi - ok
22:21:23.0957 3780   iteraid    (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
22:21:24.0004 3780   iteraid - ok
22:21:24.0191 3780   kbdclass     (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
22:21:24.0207 3780   kbdclass - ok
22:21:24.0300 3780   kbdhid     (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
22:21:24.0394 3780   kbdhid - ok
22:21:24.0503 3780   kl1    (ce3958f58547454884e97bda78cd7040) C:\Windows\system32\DRIVERS\kl1.sys
22:21:24.0612 3780   kl1 - ok
22:21:24.0690 3780   KLBG     (53eedab3f0511321ac3ae8bc968b158c) C:\Windows\system32\DRIVERS\klbg.sys
22:21:24.0800 3780   KLBG - ok
22:21:24.0924 3780   KLIF     (723f185c945c0a6d2e21c2bb26a46fe7) C:\Windows\system32\DRIVERS\klif.sys
22:21:24.0971 3780   KLIF - ok
22:21:25.0034 3780   KLIM6    (892cc162dc88ab084c86485879526c59) C:\Windows\system32\DRIVERS\klim6.sys
22:21:25.0127 3780   KLIM6 - ok
22:21:25.0236 3780   klmouflt     (aa63a815876a76987b5dbce6af7478e9) C:\Windows\system32\DRIVERS\klmouflt.sys
22:21:25.0455 3780   klmouflt - ok
22:21:25.0580 3780   KSecDD     (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
22:21:25.0642 3780   KSecDD - ok
22:21:25.0814 3780   lenovo.smi     (9aac267a225f3caebb9e633f7eb16e4b) C:\Windows\system32\DRIVERS\smiif32.sys
22:21:25.0829 3780   lenovo.smi - ok
22:21:25.0892 3780   LenovoRd     (007c3a7e6a864ab2b8c52df717a7254c) C:\Windows\system32\Drivers\LenovoRd.sys
22:21:25.0923 3780   LenovoRd - ok
22:21:25.0954 3780   lltdio     (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
22:21:25.0985 3780   lltdio - ok
22:21:26.0063 3780   LSI_FC     (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
22:21:26.0079 3780   LSI_FC - ok
22:21:26.0126 3780   LSI_SAS    (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
22:21:26.0141 3780   LSI_SAS - ok
22:21:26.0235 3780   LSI_SCSI     (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
22:21:26.0235 3780   LSI_SCSI - ok
22:21:26.0297 3780   luafv    (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
22:21:26.0313 3780   luafv - ok
22:21:26.0391 3780   mdmxsdk    (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
22:21:26.0406 3780   mdmxsdk - ok
22:21:26.0484 3780   megasas    (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
22:21:26.0500 3780   megasas - ok
22:21:26.0594 3780   MegaSR     (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
22:21:26.0625 3780   MegaSR - ok
22:21:26.0672 3780   Modem    (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
22:21:26.0687 3780   Modem - ok
22:21:26.0718 3780   monitor    (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
22:21:26.0734 3780   monitor - ok
22:21:26.0796 3780   mouclass     (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
22:21:26.0812 3780   mouclass - ok
22:21:26.0859 3780   mouhid     (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
22:21:26.0874 3780   mouhid - ok
22:21:26.0921 3780   MountMgr     (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
22:21:26.0937 3780   MountMgr - ok
22:21:26.0968 3780   mpio     (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
22:21:26.0984 3780   mpio - ok
22:21:27.0077 3780   mpsdrv     (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
22:21:27.0093 3780   mpsdrv - ok
22:21:27.0155 3780   Mraid35x     (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
22:21:27.0186 3780   Mraid35x - ok
22:21:27.0264 3780   MRxDAV     (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
22:21:27.0342 3780   MRxDAV - ok
22:21:27.0436 3780   mrxsmb     (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:21:27.0514 3780   mrxsmb - ok
22:21:27.0639 3780   mrxsmb10     (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:21:27.0732 3780   mrxsmb10 - ok
22:21:27.0826 3780   mrxsmb20     (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:21:27.0920 3780   mrxsmb20 - ok
22:21:28.0029 3780   msahci     (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
22:21:28.0044 3780   msahci - ok
22:21:28.0091 3780   msdsm    (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
22:21:28.0122 3780   msdsm - ok
22:21:28.0216 3780   Msfs     (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
22:21:28.0216 3780   Msfs - ok
22:21:28.0341 3780   msisadrv     (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
22:21:28.0356 3780   msisadrv - ok
22:21:28.0466 3780   MSKSSRV    (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
22:21:28.0481 3780   MSKSSRV - ok
22:21:28.0528 3780   MSPCLOCK     (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
22:21:28.0544 3780   MSPCLOCK - ok
22:21:28.0606 3780   MSPQM    (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
22:21:28.0622 3780   MSPQM - ok
22:21:28.0700 3780   MsRPC    (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
22:21:28.0887 3780   MsRPC - ok
22:21:28.0996 3780   mssmbios     (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
22:21:29.0012 3780   mssmbios - ok
22:21:29.0074 3780   MSTEE    (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
22:21:29.0090 3780   MSTEE - ok
22:21:29.0168 3780   Mup    (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
22:21:29.0261 3780   Mup - ok
22:21:29.0308 3780   MUXMP - ok
22:21:29.0433 3780   NativeWifiP    (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
22:21:29.0542 3780   NativeWifiP - ok
22:21:29.0667 3780   NDIS     (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
22:21:29.0792 3780   NDIS - ok
22:21:29.0885 3780   NdisTapi     (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
22:21:29.0901 3780   NdisTapi - ok
22:21:29.0948 3780   Ndisuio    (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
22:21:29.0979 3780   Ndisuio - ok
22:21:30.0041 3780   NdisWan    (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
22:21:30.0119 3780   NdisWan - ok
22:21:30.0228 3780   NDProxy    (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
22:21:30.0244 3780   NDProxy - ok
22:21:30.0338 3780   NetBIOS    (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
22:21:30.0353 3780   NetBIOS - ok
22:21:30.0431 3780   netbt    (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
22:21:30.0525 3780   netbt - ok
22:21:30.0618 3780   NETw5v32 - ok
22:21:30.0930 3780   NETwNv32     (2605b7e88f4d2303896045d553c90d7a) C:\Windows\system32\DRIVERS\NETwNv32.sys
22:21:31.0149 3780   NETwNv32 - ok
22:21:31.0274 3780   nfrd960    (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
22:21:31.0289 3780   nfrd960 - ok
22:21:31.0352 3780   Npfs     (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
22:21:31.0445 3780   Npfs - ok
22:21:31.0539 3780   nsiproxy     (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
22:21:31.0570 3780   nsiproxy - ok
22:21:31.0679 3780   Ntfs     (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
22:21:31.0804 3780   Ntfs - ok
22:21:31.0851 3780   ntrigdigi    (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
22:21:32.0007 3780   ntrigdigi - ok
22:21:32.0054 3780   Null     (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
22:21:32.0054 3780   Null - ok
22:21:32.0116 3780   nvraid     (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
22:21:32.0132 3780   nvraid - ok
22:21:32.0194 3780   nvstor     (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
22:21:32.0210 3780   nvstor - ok
22:21:32.0288 3780   nv_agp     (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
22:21:32.0319 3780   nv_agp - ok
22:21:32.0366 3780   NwlnkFlt - ok
22:21:32.0412 3780   NwlnkFwd - ok
22:21:32.0522 3780   ohci1394     (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
22:21:32.0615 3780   ohci1394 - ok
22:21:32.0740 3780   Parport    (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
22:21:32.0756 3780   Parport - ok
22:21:32.0818 3780   partmgr    (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
22:21:32.0958 3780   partmgr - ok
22:21:33.0083 3780   Parvdm     (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
22:21:33.0099 3780   Parvdm - ok
22:21:33.0224 3780   pci    (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
22:21:33.0317 3780   pci - ok
22:21:33.0411 3780   pciide     (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
22:21:33.0426 3780   pciide - ok
22:21:33.0536 3780   pcmcia     (3bb2244f343b610c29c98035504c9b75) C:\Windows\system32\DRIVERS\pcmcia.sys
22:21:33.0614 3780   pcmcia - ok
22:21:33.0707 3780   PEAUTH     (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
22:21:33.0754 3780   PEAUTH - ok
22:21:33.0926 3780   PptpMiniport   (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
22:21:33.0941 3780   PptpMiniport - ok
22:21:33.0988 3780   Processor    (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
22:21:34.0004 3780   Processor - ok
22:21:34.0097 3780   psadd    (271f3e304cf2a467188ef393c8fbd2b7) C:\Windows\system32\DRIVERS\psadd.sys
22:21:34.0128 3780   psadd - ok
22:21:34.0206 3780   PSched     (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
22:21:34.0300 3780   PSched - ok
22:21:34.0409 3780   PxHelp20     (153d02480a0a2f45785522e814c634b6) C:\Windows\system32\Drivers\PxHelp20.sys
22:21:34.0425 3780   PxHelp20 - ok
22:21:34.0550 3780   ql2300     (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
22:21:34.0596 3780   ql2300 - ok
22:21:34.0659 3780   ql40xx     (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
22:21:34.0674 3780   ql40xx - ok
22:21:34.0752 3780   QWAVEdrv     (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
22:21:34.0768 3780   QWAVEdrv - ok
22:21:34.0830 3780   RasAcd     (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
22:21:34.0846 3780   RasAcd - ok
22:21:34.0908 3780   Rasl2tp    (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:21:34.0924 3780   Rasl2tp - ok
22:21:34.0986 3780   RasPppoe     (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
22:21:35.0252 3780   RasPppoe - ok
22:21:35.0361 3780   RasSstp    (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
22:21:35.0454 3780   RasSstp - ok
22:21:35.0517 3780   rdbss    (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
22:21:35.0610 3780   rdbss - ok
22:21:35.0704 3780   RDPCDD     (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:21:35.0735 3780   RDPCDD - ok
22:21:35.0798 3780   rdpdr    (943b18305eae3935598a9b4a3d560b4c) C:\Windows\system32\DRIVERS\rdpdr.sys
22:21:35.0907 3780   rdpdr - ok
22:21:36.0000 3780   RDPENCDD     (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
22:21:36.0016 3780   RDPENCDD - ok
22:21:36.0094 3780   RDPWD    (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
22:21:36.0188 3780   RDPWD - ok
22:21:36.0312 3780   rimmptsk     (c2ef513bbe069f0d4ee0938a76f975d3) C:\Windows\system32\DRIVERS\rimmptsk.sys
22:21:36.0344 3780   rimmptsk - ok
22:21:36.0390 3780   rimsptsk     (c398bca91216755b098679a8da8a2300) C:\Windows\system32\DRIVERS\rimsptsk.sys
22:21:36.0422 3780   rimsptsk - ok
22:21:36.0468 3780   rismxdp    (2a2554cb24506e0a0508fc395c4a1b42) C:\Windows\system32\DRIVERS\rixdptsk.sys
22:21:36.0484 3780   rismxdp - ok
22:21:36.0562 3780   rspndr     (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
22:21:36.0593 3780   rspndr - ok
22:21:36.0671 3780   sbp2port     (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
22:21:36.0687 3780   sbp2port - ok
22:21:36.0765 3780   sdbus    (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
22:21:36.0858 3780   sdbus - ok
22:21:36.0968 3780   secdrv     (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
22:21:36.0983 3780   secdrv - ok
22:21:37.0046 3780   Serenum    (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
22:21:37.0046 3780   Serenum - ok
22:21:37.0092 3780   Serial     (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
22:21:37.0108 3780   Serial - ok
22:21:37.0139 3780   sermouse     (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
22:21:37.0170 3780   sermouse - ok
22:21:37.0280 3780   sffdisk    (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
22:21:37.0311 3780   sffdisk - ok
22:21:37.0373 3780   sffp_mmc     (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
22:21:37.0389 3780   sffp_mmc - ok
22:21:37.0467 3780   sffp_sd    (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
22:21:37.0482 3780   sffp_sd - ok
22:21:37.0560 3780   sfloppy    (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
22:21:37.0576 3780   sfloppy - ok
22:21:37.0701 3780   Shockprf     (1310c5e81966e86b2ced7ae8ce3d74f1) C:\Windows\system32\DRIVERS\Apsx86.sys
22:21:37.0732 3780   Shockprf - ok
22:21:37.0779 3780   sisagp     (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
22:21:37.0794 3780   sisagp - ok
22:21:37.0857 3780   SiSRaid2     (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
22:21:37.0888 3780   SiSRaid2 - ok
22:21:37.0950 3780   SiSRaid4     (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
22:21:37.0966 3780   SiSRaid4 - ok
22:21:38.0044 3780   Smb    (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
22:21:38.0122 3780   Smb - ok
22:21:38.0294 3780   SNP2UVC    (1ef34706531b188d1ce12127d8233e87) C:\Windows\system32\DRIVERS\snp2uvc.sys
22:21:38.0403 3780   SNP2UVC - ok
22:21:38.0496 3780   spldr    (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
22:21:38.0528 3780   spldr - ok
22:21:38.0606 3780   srv    (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
22:21:38.0715 3780   srv - ok
22:21:38.0793 3780   srv2     (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
22:21:38.0902 3780   srv2 - ok
22:21:38.0949 3780   srvnet     (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
22:21:39.0042 3780   srvnet - ok
22:21:39.0183 3780   swenum     (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
22:21:39.0198 3780   swenum - ok
22:21:39.0245 3780   Symc8xx    (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
22:21:39.0276 3780   Symc8xx - ok
22:21:39.0354 3780   Sym_hi     (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
22:21:39.0370 3780   Sym_hi - ok
22:21:39.0432 3780   Sym_u3     (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
22:21:39.0432 3780   Sym_u3 - ok
22:21:39.0557 3780   Tcpip    (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
22:21:39.0682 3780   Tcpip - ok
22:21:39.0791 3780   Tcpip6     (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
22:21:39.0791 3780   Tcpip6 - ok
22:21:39.0854 3780   tcpipreg     (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
22:21:39.0947 3780   tcpipreg - ok
22:21:40.0041 3780   TDPIPE     (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
22:21:40.0056 3780   TDPIPE - ok
22:21:40.0088 3780   TDTCP    (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
22:21:40.0103 3780   TDTCP - ok
22:21:40.0150 3780   tdx    (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
22:21:40.0244 3780   tdx - ok
22:21:40.0337 3780   TermDD     (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
22:21:40.0431 3780   TermDD - ok
22:21:40.0540 3780   TPDIGIMN     (d7a29e343632e2fc5f7ebfc886f12675) C:\Windows\system32\DRIVERS\ApsHM86.sys
22:21:40.0556 3780   TPDIGIMN - ok
22:21:40.0665 3780   tpflhlp    (5020478a06ec70547ff00ba74eb93ae3) C:\Program Files\Lenovo\System Update\session\7yuj31us\tpflhlp.sys
22:21:40.0758 3780   tpflhlp - ok
22:21:40.0899 3780   TPM    (cb258c2f726f1be73c507022be33ebb3) C:\Windows\system32\drivers\tpm.sys
22:21:40.0914 3780   TPM - ok
22:21:40.0977 3780   TPPWRIF    (6412da2b8d079d821b99b3a99943284e) C:\Windows\system32\drivers\Tppwr32v.sys
22:21:40.0992 3780   TPPWRIF - ok
22:21:41.0117 3780   tssecsrv     (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:21:41.0133 3780   tssecsrv - ok
22:21:41.0211 3780   tunmp    (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
22:21:41.0226 3780   tunmp - ok
22:21:41.0289 3780   tunnel     (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
22:21:41.0554 3780   tunnel - ok
22:21:41.0710 3780   tvtfilter    (49258a02a1e8d304ed88b0f1c56b1738) C:\Windows\system32\DRIVERS\tvtfilter.sys
22:21:41.0726 3780   tvtfilter - ok
22:21:41.0835 3780   TVTI2C     (7e66dda1ef146bfc3a6e36e08e036602) C:\Windows\system32\DRIVERS\Tvti2c.sys
22:21:41.0866 3780   TVTI2C - ok
22:21:41.0944 3780   uagp35     (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
22:21:41.0960 3780   uagp35 - ok
22:21:42.0053 3780   udfs     (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
22:21:42.0147 3780   udfs - ok
22:21:42.0240 3780   uliagpkx     (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
22:21:42.0256 3780   uliagpkx - ok
22:21:42.0334 3780   uliahci    (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
22:21:42.0350 3780   uliahci - ok
22:21:42.0428 3780   UlSata     (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
22:21:42.0443 3780   UlSata - ok
22:21:42.0506 3780   ulsata2    (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
22:21:42.0521 3780   ulsata2 - ok
22:21:42.0584 3780   umbus    (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
22:21:42.0599 3780   umbus - ok
22:21:42.0740 3780   USBAAPL    (5c2bdc152bbab34f36473deaf7713f22) C:\Windows\system32\Drivers\usbaapl.sys
22:21:42.0771 3780   USBAAPL - ok
22:21:42.0802 3780   usbccgp    (922b2ebd5118b9ab120410807131a921) C:\Windows\system32\DRIVERS\usbccgp.sys
22:21:42.0927 3780   usbccgp - ok
22:21:43.0036 3780   USBCCID    (e0b8489aeda9ea33361037be6a8cf1ca) C:\Windows\system32\DRIVERS\usbccid.sys
22:21:43.0052 3780   USBCCID - ok
22:21:43.0098 3780   usbcir     (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
22:21:43.0114 3780   usbcir - ok
22:21:43.0239 3780   usbehci    (3d045eaa73414be8f877f292a84abba2) C:\Windows\system32\DRIVERS\usbehci.sys
22:21:43.0332 3780   usbehci - ok
22:21:43.0379 3780   usbhub     (1ae77a4c4e4f526ef9759c31a123f2b0) C:\Windows\system32\DRIVERS\usbhub.sys
22:21:43.0473 3780   usbhub - ok
22:21:43.0551 3780   usbohci    (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
22:21:43.0582 3780   usbohci - ok
22:21:43.0644 3780   usbprint     (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
22:21:43.0676 3780   usbprint - ok
22:21:43.0754 3780   usbscan    (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
22:21:43.0785 3780   usbscan - ok
22:21:43.0863 3780   USBSTOR    (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:21:43.0972 3780   USBSTOR - ok
22:21:44.0081 3780   usbuhci    (f69c1aad04f28415f3fbe99fbe56030b) C:\Windows\system32\DRIVERS\usbuhci.sys
22:21:44.0175 3780   usbuhci - ok
22:21:44.0284 3780   usbvideo     (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
22:21:44.0315 3780   usbvideo - ok
22:21:44.0393 3780   vga    (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
22:21:44.0409 3780   vga - ok
22:21:44.0471 3780   VgaSave    (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
22:21:44.0487 3780   VgaSave - ok
22:21:44.0549 3780   viaagp     (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
22:21:44.0596 3780   viaagp - ok
22:21:44.0705 3780   ViaC7    (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
22:21:44.0721 3780   ViaC7 - ok
22:21:44.0783 3780   viaide     (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
22:21:44.0799 3780   viaide - ok
22:21:44.0861 3780   volmgr     (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
22:21:44.0877 3780   volmgr - ok
22:21:44.0955 3780   volmgrx    (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
22:21:45.0064 3780   volmgrx - ok
22:21:45.0142 3780   volsnap    (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
22:21:45.0236 3780   volsnap - ok
22:21:45.0345 3780   vsmraid    (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
22:21:45.0376 3780   vsmraid - ok
22:21:45.0454 3780   WacomPen     (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
22:21:45.0470 3780   WacomPen - ok
22:21:45.0548 3780   Wanarp     (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
22:21:45.0563 3780   Wanarp - ok
22:21:45.0594 3780   Wanarpv6     (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
22:21:45.0610 3780   Wanarpv6 - ok
22:21:45.0735 3780   Wd     (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
22:21:45.0750 3780   Wd - ok
22:21:45.0813 3780   Wdf01000     (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
22:21:45.0844 3780   Wdf01000 - ok
22:21:45.0953 3780   WimFltr    (f9ad3a5e3fd7e0bdb18b8202b0fdd4e4) C:\Windows\system32\DRIVERS\wimfltr.sys
22:21:45.0984 3780   WimFltr - ok
22:21:46.0109 3780   winachsf     (bb9cbaf6ac20452b245c324f1f50ee81) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
22:21:46.0156 3780   winachsf - ok
22:21:46.0281 3780   WmiAcpi    (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
22:21:46.0312 3780   WmiAcpi - ok
22:21:46.0452 3780   WpdUsb     (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
22:21:46.0499 3780   WpdUsb - ok
22:21:46.0608 3780   ws2ifsl    (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
22:21:46.0624 3780   ws2ifsl - ok
22:21:46.0780 3780   WUDFRd     (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:21:46.0796 3780   WUDFRd - ok
22:21:46.0874 3780   XAudio     (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
22:21:46.0889 3780   XAudio - ok
22:21:46.0936 3780   MBR (0x1B8)    (dfacc8e42493daa0d3c3c487dad1901f) \Device\Harddisk0\DR0
22:21:46.0983 3780   \Device\Harddisk0\DR0 - ok
22:21:46.0998 3780   Boot (0x1200) (e5331ae54143ceffd78d17ca37eacba4) \Device\Harddisk0\DR0\Partition0
22:21:46.0998 3780   \Device\Harddisk0\DR0\Partition0 - ok
22:21:47.0014 3780   Boot (0x1200) (00571ef17d35bd69e06ea2d31c705c51) \Device\Harddisk0\DR0\Partition1
22:21:47.0014 3780   \Device\Harddisk0\DR0\Partition1 - ok
22:21:47.0045 3780   Boot (0x1200) (ce1ab527d449747ed760751c40872cbf) \Device\Harddisk0\DR0\Partition2
22:21:47.0045 3780   \Device\Harddisk0\DR0\Partition2 - ok
22:21:47.0045 3780   ============================================================
22:21:47.0045 3780   Scan finished
22:21:47.0045 3780   ============================================================
22:21:47.0076 3584   Detected object count: 0
22:21:47.0076 3584   Actual detected object count: 0

guestolo · « **Reply #11 on:** March 12, 2012, 09:44:24 PM »

Can we run the Chkdsk utility on your computer
See if it finds/fixes any errors on your hard drive(s)

Go to START>>Computer
It appears you may have partitioned the following drives
C: | Q: | S:

Can you right click on your Q: drive and select "Properties".
TOOLS>> Under the "Error-Checking" section of the window, click the "Check Now" button
If a window pops up asking permission to continue. Click "Continue."
Select both options:
"Automatically fix file system errors" and to "Scan for and attempt recovery of bad sectors," and click "Start."

Let it finish, run it on your S: drive also
Finally, run it on your C: drive, it should prompt that C: drive is in use
and should request you to schedule Chkdsk on startup
Do so, and reboot the computer
Chkdsk should run, this can take awhile, so give it time to finish

When done, use the computer normally, are yo still getting errors?

rinoscar · « **Reply #12 on:** March 13, 2012, 07:06:55 PM »

Weird thing...when the chkdsk for the C drive started it only took a few minutes and it was done! It said something like disk is clean.

I will try to redo it for the C.

Please keep this ticket open for a few weeks because the error comes unexpected.

rinoscar · « **Reply #13 on:** March 15, 2012, 06:36:02 AM »

Hi,

Ok redid the C chkdsk...ran like it should, it was clean.......now let's keep our fingers crossed.

rinoscar · « **Reply #14 on:** March 28, 2012, 05:02:23 PM »

Hi again,

the error came back just a few minutes ago.

guestolo · « **Reply #15 on:** March 29, 2012, 11:47:10 AM »

It could be hardware fault, not easy to troubleshoot
Do you know the make of the Harddrive?

Can you also try running the Memory diagnostics, does it come clean?
http://www.howtogeek.com/howto/windows-vista/test-your-computers-memory-using-windows-vista-memory-diagnostic-tool/

rinoscar · « **Reply #16 on:** March 31, 2012, 07:41:06 AM »

Memory..clean
No, I don't know the make of the harddrive. Would it be under disk drive in device manager?

guestolo · « **Reply #17 on:** March 31, 2012, 10:28:25 AM »

I just want to do another check
Download ComboFix from one of the following locations

[color="#0000FF"]Link 1[/color]
[color="#0000FF"]Link 2[/color]
Save it ONLY to your Desktop

--------------------------------------------------------------------
[color="#2E8B57"]Temporarily Disable your AntiVirus/AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with this tool
[/color]

Double click on ComboFix.exe to run it
Click the 'I Agree' button
A System Restore point should then be created and then start to scan for Infected Files

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply

NOTE: Do not mouseclick inside ComboFix window as it's running, it may cause it to stall
ComboFix may need to reboot your computer, let the tool reboot your computer
ComboFix will run again on startup it will prompt that it's creating a log
This process could take up to 10 minutes, let it run uninterrupted please

NOTE: If you get the kernel error again
When you get the Blue Screen error, is that the whole message
Can you post back the Exact whole message please

rinoscar · « **Reply #18 on:** April 05, 2012, 07:32:24 PM »

ComboFix 12-04-05.08 - L 05/04/2012 19:36:28.2.2 - x86
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.2.1033.18.1991.876 [GMT -4:00]
Running from: c:\users\L\Desktop\ComboFix.exe
AV: Kaspersky PURE *Disabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
FW: Kaspersky PURE *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
SP: Kaspersky PURE *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\TPAPSLOG.LOG
c:\windows\system32\TPHDLOG0.LOG
.
.
((((((((((((((((((((((((( Files Created from 2012-03-05 to 2012-04-05 )))))))))))))))))))))))))))))))
.
.
2012-04-05 23:52 . 2012-04-05 23:52   --------   d-----w-   c:\users\Default\AppData\Local\temp
2012-04-05 22:56 . 2012-04-05 23:53   --------   d-----w-   c:\users\L\AppData\Local\temp
2012-04-04 11:00 . 2012-04-04 11:03   --------   d-----w-   c:\program files\iTunes
2012-04-04 10:48 . 2012-03-14 02:15   6582328   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{D7D8A499-F891-46F0-9026-23665897E908}\mpengine.dll
2012-04-03 21:35 . 2012-04-03 22:03   418464   ----a-w-   c:\windows\system32\FlashPlayerApp.exe
2012-03-29 00:53 . 2012-03-29 00:53   --------   d-----w-   c:\windows\Sun
2012-03-26 21:29 . 2012-03-26 21:31   --------   d-----w-   c:\program files\UFile 2010
2012-03-24 12:36 . 2012-03-24 12:37   --------   d-----w-   c:\program files\Ask.com
2012-03-18 02:07 . 2012-03-18 02:07   --------   d-----w-   C:\Binaries
2012-03-18 02:07 . 2012-03-18 02:07   --------   d-----w-   C:\MSSoap
2012-03-18 02:06 . 2012-03-28 23:09   --------   d-----w-   c:\program files\UFile 2011
2012-03-18 00:24 . 2012-03-18 00:24   592824   ----a-w-   c:\program files\Mozilla Firefox\gkmedias.dll
2012-03-18 00:24 . 2012-03-18 00:24   44472   ----a-w-   c:\program files\Mozilla Firefox\mozglue.dll
2012-03-14 23:13 . 2012-02-02 15:16   2044416   ----a-w-   c:\windows\system32\win32k.sys
2012-03-14 23:12 . 2012-02-14 15:45   160768   ----a-w-   c:\windows\system32\d3d10_1.dll
2012-03-14 23:12 . 2012-02-13 14:12   1172480   ----a-w-   c:\windows\system32\d3d10warp.dll
2012-03-14 23:12 . 2012-02-13 13:44   1068544   ----a-w-   c:\windows\system32\DWrite.dll
2012-03-14 23:12 . 2012-02-14 15:45   219648   ----a-w-   c:\windows\system32\d3d10_1core.dll
2012-03-14 23:12 . 2012-02-13 13:47   683008   ----a-w-   c:\windows\system32\d2d1.dll
2012-03-13 23:08 . 2012-01-09 15:54   613376   ----a-w-   c:\windows\system32\rdpencom.dll
2012-03-13 23:08 . 2012-01-09 13:58   180736   ----a-w-   c:\windows\system32\drivers\rdpwd.sys
2012-03-12 03:00 . 2012-03-12 03:01   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2012-03-12 03:00 . 2011-12-10 19:24   20464   ----a-w-   c:\windows\system32\drivers\mbam.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-03 22:03 . 2011-05-15 16:58   70304   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-08 12:12 . 2010-05-07 02:14   472808   ----a-w-   c:\windows\system32\deployJava1.dll
2012-02-23 21:23 . 2012-02-23 21:23   4448256   ----a-w-   c:\windows\system32\GPhotos.scr
2012-02-23 13:18 . 2009-10-02 16:36   237072   ------w-   c:\windows\system32\MpSigStub.exe
2012-02-15 15:01 . 2012-02-15 15:01   4547944   ----a-w-   c:\windows\system32\usbaaplrc.dll
2012-02-15 15:01 . 2012-02-15 15:01   43520   ----a-w-   c:\windows\system32\drivers\usbaapl.sys
2012-03-18 00:24 . 2011-04-07 00:54   97208   ----a-w-   c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-01-03 20:31   1514152   ----a-w-   c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon]
@="{dd230880-495a-11d1-b064-008048ec2fc5}"
[HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}]
2010-10-02 02:05   129624   ----a-w-   c:\program files\Kaspersky Lab\Kaspersky PURE\shellex.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FingerPrintSoftware"="c:\program files\Lenovo Fingerprint Software\fpapp.exe \s" [X]
"TPFNF7"="c:\progra~1\Lenovo\NPDIRECT\TPFNF7SP.exe" [2009-08-04 62240]
"TpShocks"="TpShocks.exe" [2008-06-07 181536]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2009-12-01 256576]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-17 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-17 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-17 145944]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-05-24 487424]
"LPManager"="c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe" [2008-08-31 165208]
"LPMailChecker"="c:\progra~1\THINKV~1\PrdCtr\LPMLCHK.exe" [2008-08-31 124248]
"CameraApplicationLauncher"="c:\program files\Lenovo\Camera Center\bin\CameraApplicationLaunchpadLauncher.exe" [2008-08-12 16384]
"RoxioDragToDisc"="c:\program files\Lenovo\Drag-to-Disc\DrgToDsc.exe" [2007-03-13 1116920]
"PWMTRV"="c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2009-06-16 660768]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BTVLogEx.DLL" [2009-06-16 214576]
"CreateLMBCShortCut"="c:\program files\Lenovo\Mobile Broadband Connect\UserShortcutCreator.exe" [2009-01-21 36864]
"ACWlIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWlIcon.exe" [2009-02-27 159744]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2008-06-25 3077432]
"Message Center Plus"="c:\program files\LENOVO\Message Center Plus\MCPLaunch.exe" [2009-05-28 49976]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-12-03 176128]
"TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2007-02-26 992816]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky PURE\avp.exe" [2010-10-02 348760]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-01-03 1391272]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2009-3-26 50688]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\kloehk.dll c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
R3 ADMonitor;AD Monitor;c:\windows\system32\ADMonitor.exe [2009-03-19 106496]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 253600]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork   REG_MULTI_SZ    PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation   REG_MULTI_SZ    FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 22:03]
.
2012-03-04 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PCDR5\pcdr5cuiw32.exe [2009-02-20 20:57]
.
2012-04-05 c:\windows\Tasks\User_Feed_Synchronization-{919F69F7-231B-43C4-AA43-467BEFAAB33F}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 24.200.241.37 24.202.72.13 24.200.0.1
FF - ProfilePath - c:\users\L\AppData\Roaming\Mozilla\Firefox\Profiles\s31wewym.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-05 19:53
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-04-05 19:58:37
ComboFix-quarantined-files.txt 2012-04-05 23:58
ComboFix2.txt 2012-04-05 22:56
.
Pre-Run: 204,476,448,768 bytes free
Post-Run: 204,352,978,944 bytes free
.
- - End Of File - - 6C2AB97A7CBF42034DE903C87098E7E0

rinoscar · « **Reply #19 on:** April 05, 2012, 07:35:55 PM »

As for the whole message when the blue screen came up there was alot written, but the screen only displayed for a few seconds. My laptop would reboot itself and on many occassion it ran a chkdisk. If it happens again i will try to get as much info as I can.

News:

Author Topic: kernel stack inpage error (Read 3943 times)