JoeyT
-
Posts
32 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by JoeyT
-
-
I checked my MSE history and it found a Trojan: WinNT/Ramnit.gen!A last night. I'll run a scan now to check. But it couldn't delete it. This is the error message:
Error code 0x80508023. The program could not find the malware and other potentially unwanted software on this computer.
-
Thanks so much for your help. I will let you know if Roguekiller detects anything tomorrow.
Also jsut out of interest, is there anything I can do to remove the Win32/Ramnit.L virus and am I currently infected with it
-
Done the restart. All looks well so far (opened this site easily). Roguekiller came back good (i think):
RogueKiller V7.6.3 [07/08/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: teng [Admin rights]
Mode: Scan -- Date: 07/14/2012 10:29:35
¤¤¤ Bad processes: 0 ¤¤¤
¤¤¤ Registry Entries: 3 ¤¤¤
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver: [NOT LOADED] ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: TOSHIBA MK5065GSX +++++
--- User ---
[MBR] b920a0ccdea031bc9d9ac6253324ac86
[bSP] a410d9d5efb87cb824bf361decd494b6 : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 15999 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 32768000 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 32972800 | Size: 460839 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[26].txt >>
RKreport[10].txt ; RKreport[11].txt ; RKreport[12].txt ; RKreport[13].txt ; RKreport[14].txt ;
RKreport[15].txt ; RKreport[16].txt ; RKreport[17].txt ; RKreport[18].txt ; RKreport[19].txt ;
RKreport[1].txt ; RKreport[20].txt ; RKreport[21].txt ; RKreport[22].txt ; RKreport[23].txt ;
RKreport[24].txt ; RKreport[25].txt ; RKreport[26].txt ; RKreport[2].txt ; RKreport[3].txt ;
RKreport[4].txt ; RKreport[5].txt ; RKreport[6].txt ; RKreport[7].txt ; RKreport[8].txt ;
RKreport[9].txt
Just running a full scan MBAM for a final check. Also could you give me some info on how to and which antimalware programs I can uninstall and which logs etc I can get rid off. Thanks so much
-
Thanks. I think i'll restart and see how it goes and let you know. You've been a great help.
-
It seemed to close out itself. It didn't really say if anything happened or provide a log
-
option are:
- list of found threats
- manage quaratine
Select uninstall if you want to remove all ESET Online Scneer files from yourcomputer. The next time you run the ESET Online Scanner, they will need to be downloaded again
- unistall application on close
- delete quarantined files
- list of found threats
-
sorry for the long wait. Finally finished the scan. Found 7 infected files and cleaned 6. It is currently on the end screen which gives the option to manage quaratine (I haven't done/do know what to do). here is the log:
ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=b7ea67d7c8fed64fa0969736b6390be1
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-07-13 11:30:35
# local_time=2012-07-14 09:30:35 (+1000, E. Australia Standard Time)
# country="Australia"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 2015019 93841653 0 0
# compatibility_mode=8192 67108863 100 0 395 395 0 0
# scanned=255282
# found=7
# cleaned=6
# scan_time=10432
C:\Qoobox\Quarantine\C\Users\teng\AppData\Local\hdjurvjw\pjbhcvsk.exe.vir a variant of Win32/Kryptik.AIGQ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\teng\AppData\Local\hdjurvjw\pjbhcvsk.exe a variant of Win32/Kryptik.AIGQ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\teng\AppData\Local\Temp\hovcexutiovmkrtn.exe a variant of Win32/Kryptik.AIGQ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\teng\Desktop\RK_Quarantine\hovcexutiovmkrtn.exe.vir a variant of Win32/Kryptik.AIGQ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\teng\Desktop\RK_Quarantine\pjbhcvsk.exe.vir a variant of Win32/Kryptik.AIGQ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\07142012_061712\c_users\teng\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pjbhcvsk.exe a variant of Win32/Kryptik.AIGQ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
${Memory} a variant of Win32/Ramnit.L virus 00000000000000000000000000000000 I
.
-
Heres the report (I didn't reboot before running this though):
RogueKiller V7.6.3 [07/08/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: teng [Admin rights]
Mode: Scan -- Date: 07/14/2012 06:23:39
¤¤¤ Bad processes: 1 ¤¤¤
[sUSP PATH] OTL.exe -- C:\Users\teng\Desktop\OTL.exe -> KILLED [TermProc]
¤¤¤ Registry Entries: 3 ¤¤¤
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver: [NOT LOADED] ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: TOSHIBA MK5065GSX +++++
--- User ---
[MBR] b920a0ccdea031bc9d9ac6253324ac86
[bSP] a410d9d5efb87cb824bf361decd494b6 : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 15999 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 32768000 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 32972800 | Size: 460839 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[23].txt >>
RKreport[10].txt ; RKreport[11].txt ; RKreport[12].txt ; RKreport[13].txt ; RKreport[14].txt ;
RKreport[15].txt ; RKreport[16].txt ; RKreport[17].txt ; RKreport[18].txt ; RKreport[19].txt ;
RKreport[1].txt ; RKreport[20].txt ; RKreport[21].txt ; RKreport[22].txt ; RKreport[23].txt ;
RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt ; RKreport[6].txt ;
RKreport[7].txt ; RKreport[8].txt ; RKreport[9].txt
-
This is the one I ran after the reboot. Did you want a fresh one?
RogueKiller V7.6.3 [07/08/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: teng [Admin rights]
Mode: Remove -- Date: 07/14/2012 06:02:14
¤¤¤ Bad processes: 2 ¤¤¤
[sVCHOST] svchost.exe -- C:\Windows\SysWOW64\svchost.exe -> KILLED [TermProc]
[sVCHOST] svchost.exe -- C:\Windows\SysWOW64\svchost.exe -> KILLED [TermProc]
¤¤¤ Registry Entries: 5 ¤¤¤
[sUSP PATH] HKCU\[...]\Run : PjbHcvsk (C:\Users\teng\AppData\Local\hdjurvjw\pjbhcvsk.exe) -> DELETED
[sUSP PATH] HKLM\[...]\Wow6432Node\Winlogon : Userinit (C:\Windows\system32\userinit.exe,,C:\Users\teng\AppData\Local\hdjurvjw\pjbhcvsk.exe) -> REPLACED (userinit.exe)
[HJ] HKLM\[...]\System : EnableLUA (0) -> NOT SELECTED
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NOT SELECTED
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NOT SELECTED
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver: [NOT LOADED] ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: TOSHIBA MK5065GSX +++++
--- User ---
[MBR] b920a0ccdea031bc9d9ac6253324ac86
[bSP] a410d9d5efb87cb824bf361decd494b6 : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 15999 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 32768000 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 32972800 | Size: 460839 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[22].txt >>
RKreport[10].txt ; RKreport[11].txt ; RKreport[12].txt ; RKreport[13].txt ; RKreport[14].txt ;
RKreport[15].txt ; RKreport[16].txt ; RKreport[17].txt ; RKreport[18].txt ; RKreport[19].txt ;
RKreport[1].txt ; RKreport[20].txt ; RKreport[21].txt ; RKreport[22].txt ; RKreport[2].txt ;
RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt ; RKreport[6].txt ; RKreport[7].txt ;
RKreport[8].txt ; RKreport[9].txt
-
Here is the log:
========== FILES ==========
c:\users\teng\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pjbhcvsk.exe moved successfully.
OTL by OldTimer - Version 3.2.54.0 log created on 07142012_061712
-
I ran the process, had to reboot and when i did reboot I had the same problem with not being able to open this page. Once again used RogueKiller (same problem as before. here's the log for the manual deletion:
All processes killed
Error: Unable to interpret <:Filesc:\users\teng\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pjbhcvsk.exe:Commands[EMPTYJAVA][emptytemp]> in the current context!
OTL by OldTimer - Version 3.2.54.0 log created on 07142012_055548
-
how do i manually delete it sorry?
-
MBAM came back clean
Is it finally good?
-
heres the Combofix log (running MBAM now):
ComboFix 12-07-13.03 - teng 14/07/2012 3:51.4.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.4078.1881 [GMT 10:00]
Running from: c:\users\teng\Desktop\comb\ComboFix.exe
Command switches used :: c:\users\teng\Desktop\comb\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\teng\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\teng\AppData\Local\dacdwkjw.log
c:\users\teng\AppData\Local\fvswgmnd.log
c:\users\teng\AppData\Local\hdjurvjw
c:\users\teng\AppData\Local\hdjurvjw\pjbhcvsk.exe
c:\users\teng\AppData\Local\jhlmlsnb.log
c:\users\teng\AppData\Local\qkbydubj.log
c:\users\teng\AppData\Local\rbimvufg.log
c:\users\teng\AppData\Local\sxxctcia.log
c:\users\teng\AppData\Local\uhcjuvoo.log
c:\users\teng\AppData\Local\vtvtfqre.log
.
.
((((((((((((((((((((((((( Files Created from 2012-06-13 to 2012-07-13 )))))))))))))))))))))))))))))))
.
.
2012-07-13 18:08 . 2012-07-13 18:08 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-07-13 18:08 . 2012-07-13 18:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-13 14:32 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D5315522-B650-432B-83A2-5224866DBA40}\mpengine.dll
2012-07-13 04:37 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-13 04:34 . 2012-07-13 13:02 5928 ----a-w- c:\windows\SysWow64\PerfStringBackup.TMP
2012-07-10 23:52 . 2012-07-10 23:52 90944 --s---w- c:\users\teng\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pjbhcvsk.exe
2012-07-04 23:43 . 2012-02-11 02:12 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2DC15901-BC2F-49B5-9312-41E282B69352}\gapaengine.dll
2012-07-03 06:39 . 2012-07-03 06:39 -------- d-----w- C:\RS1-0A-AW1.1_DES
2012-07-03 06:01 . 2012-07-03 06:01 -------- d-----w- C:\SHERLOCK_HOLMES_GAME_OF_SHADOW
2012-06-26 07:06 . 2012-06-26 07:06 -------- d-----w- C:\THE_THREE_MUSKETEERS
2012-06-26 06:32 . 2012-06-26 06:32 -------- d-----w- C:\ANY_GIVEN_SUNDAY
2012-06-26 06:21 . 2012-06-26 06:21 -------- d-----w- C:\HANGOVER_PART_2
2012-06-26 06:10 . 2012-06-26 06:10 -------- d-----w- C:\IN_TIME
2012-06-26 05:46 . 2012-06-26 05:46 -------- d-----w- C:\UNDERWORLD_AWAKENING
2012-06-21 02:39 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-06-21 02:39 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-06-20 10:15 . 2012-06-20 10:15 -------- d-----w- c:\windows\system32\SPReview
2012-06-20 10:13 . 2012-06-20 10:13 -------- d-----w- c:\windows\system32\EventProviders
2012-06-14 04:39 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-14 04:39 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-14 04:39 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-14 04:39 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-06-14 04:39 . 2010-11-20 13:27 33792 ----a-w- c:\windows\system32\profprov.dll
2012-06-14 04:39 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-06-14 04:39 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-06-14 04:39 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-06-14 04:37 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys
2012-06-14 04:37 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-14 04:37 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll
2012-06-14 04:37 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll
2012-06-14 04:37 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-06-14 04:37 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-06-14 04:37 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-14 04:37 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-14 04:37 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-06-14 04:37 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-03 03:46 . 2011-05-08 05:18 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-20 10:37 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-06-20 10:37 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-06-02 22:19 . 2012-06-08 23:00 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-08 23:00 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-08 23:00 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-08 23:00 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-08 23:00 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-08 23:00 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-08 23:00 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 05:19 . 2012-06-08 23:00 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 05:15 . 2012-06-08 23:00 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-05-23 05:42 . 2012-05-23 05:42 163048 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin
2003-11-24 04:53 . 2010-10-22 10:23 94208 ----a-w- c:\program files\UI_RES.dll
2003-11-07 09:55 . 2010-10-22 10:23 278528 ----a-w- c:\program files\CLInet.dll
2003-11-07 09:55 . 2010-10-22 10:23 413696 ----a-w- c:\program files\PowerDVD.exe
2003-11-07 09:55 . 2010-10-22 10:23 311296 ----a-w- c:\program files\dvd_x.imp
2003-11-07 09:55 . 2010-10-22 10:23 294912 ----a-w- c:\program files\Vr_x.imp
2003-11-07 09:55 . 2010-10-22 10:23 192512 ----a-w- c:\program files\vcd20_x.imp
2003-11-07 09:55 . 2010-10-22 10:23 159744 ----a-w- c:\program files\dxm_x.imp
2003-11-07 09:55 . 2010-10-22 10:23 286720 ----a-w- c:\program files\AppBarCom.dll
2003-11-07 09:55 . 2010-10-22 10:23 147456 ----a-w- c:\program files\acd_x.imp
2003-10-31 09:45 . 2010-10-22 10:23 118784 ----a-w- c:\program files\CLDShowX.dll
2003-10-31 09:42 . 2010-10-22 10:23 32768 ----a-w- c:\program files\PDVDServ.exe
2003-10-31 09:39 . 2010-10-22 10:23 323584 ----a-w- c:\program files\ddtester.exe
2003-10-31 09:39 . 2010-10-22 10:23 274432 ----a-w- c:\program files\cldma.exe
2003-10-31 09:39 . 2010-10-22 10:23 167936 ----a-w- c:\program files\cltest.exe
2003-10-31 09:39 . 2010-10-22 10:23 57344 ----a-w- c:\program files\dvdrgn.exe
2003-10-15 11:49 . 2010-10-22 10:23 77824 ----a-w- c:\program files\PwrDVDRC.dll
2003-10-15 11:49 . 2010-10-22 10:23 12288 ----a-w- c:\program files\OSD_MLang.dll
2003-10-15 11:49 . 2010-10-22 10:23 327680 ------w- c:\program files\CLAudRC.dll
2003-10-15 11:49 . 2010-10-22 10:23 327680 ----a-w- c:\program files\DVD_RES.dll
2003-10-15 11:49 . 2010-10-22 10:23 12288 ----a-w- c:\program files\AppBarCom_RES.dll
1999-02-01 14:00 . 2010-10-22 10:23 266293 ----a-w- c:\program files\msvcrt.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-13_14.19.17 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-11-23 20:17 . 2012-07-13 14:00 81358 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-11-23 20:17 . 2012-07-13 15:49 81358 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-07-13 17:16 44570 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-07-28 21:56 . 2012-07-13 15:49 22660 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-261071132-451565413-1473889226-1000_UserData.bin
+ 2009-12-27 11:45 . 2012-07-13 17:51 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-12-27 11:45 . 2012-07-13 14:02 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-12-27 11:45 . 2012-07-13 14:02 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-12-27 11:45 . 2012-07-13 17:51 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-13 14:02 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-07-13 17:51 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:46 . 2012-07-13 17:18 91680 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2012-07-13 17:02 . 2012-07-13 18:08 3056 c:\windows\SoftwareDistribution\PostRebootEventCache\{003AE53D-B7A2-4F1C-A7E9-40EBD8DD1C64}.bin
+ 2009-11-23 20:10 . 2012-07-13 17:13 4255 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
- 2009-11-23 20:10 . 2012-07-13 14:17 4255 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
- 2012-07-13 14:18 . 2012-07-13 14:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-13 17:14 . 2012-07-13 17:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-13 17:14 . 2012-07-13 17:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-07-13 14:18 . 2012-07-13 14:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-07-13 14:03 . 2012-06-06 05:03 805376 c:\windows\SysWOW64\cdosys.dll
- 2011-07-08 04:57 . 2010-11-20 12:18 805376 c:\windows\SysWOW64\cdosys.dll
- 2009-07-14 02:36 . 2012-07-13 14:05 648596 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-07-13 17:21 648596 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-07-13 14:05 118726 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-07-13 17:21 118726 c:\windows\system32\perfc009.dat
- 2012-06-16 08:57 . 2012-07-13 14:17 485440 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2012-06-16 08:57 . 2012-07-13 17:13 485440 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2009-07-14 05:01 . 2012-07-13 17:13 423752 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-07-13 14:17 423752 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-07-13 14:03 . 2012-06-06 06:02 1133568 c:\windows\system32\cdosys.dll
- 2011-07-08 04:57 . 2010-11-20 13:25 1133568 c:\windows\system32\cdosys.dll
+ 2009-07-14 04:45 . 2012-07-13 17:18 7113171 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-07-14 04:45 . 2012-06-21 02:53 7113171 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2011-08-02 09:09 . 2012-07-13 17:13 2732620 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-261071132-451565413-1473889226-1000-12288.dat
+ 2012-05-29 21:18 . 2012-05-29 21:18 1739264 c:\windows\Installer\4649d4.msp
+ 2009-07-14 02:34 . 2012-07-13 17:13 10698752 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2012-07-13 17:13 . 2012-07-13 17:13 10698752 c:\windows\erdnt\subs\SCHEMA.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 143360]
"RGSC"="c:\program files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe" [2008-11-14 305064]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2011-08-02 1242448]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]
"Akamai NetSession Interface"="c:\users\teng\AppData\Local\Akamai\netsession_win.exe" [2012-05-25 4327744]
"AlcoholAutomount"="c:\program files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2010-08-20 33120]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2009-08-26 320880]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-06-10 592744]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2009-10-23 597792]
"SpySweeperRegister"="c:\program files (x86)\Webroot\Spy Sweeper\uninst\RegisterSpySweeper.exe" [2009-10-23 2522992]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 47904]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-26 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
.
c:\users\teng\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
pjbhcvsk.exe [2012-7-11 90944]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2009-11-24 16:05 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-08-30 362992]
R3 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-09-05 169312]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2009-10-27 151040]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-08-30 313840]
R3 SampleCollector;Intel® Sample Collector;c:\program files\SONY\VAIO Care\collsvc.exe [2009-09-16 167424]
R3 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2009-10-15 120104]
R3 SOHDBSvr;VAIO Media plus Database Manager;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [2009-10-15 70952]
R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2009-10-15 427304]
R3 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2009-10-15 75048]
R3 SOHPlMgr;VAIO Media plus Playlist Manager;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [2009-10-15 91432]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-02 51712]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2009-09-16 480624]
R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2009-09-01 361840]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2009-09-08 110960]
R3 VUAgent;VUAgent;c:\program files\SONY\VAIO Update 5\VUAgent.exe [2009-10-30 1165680]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-08-02 1255736]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-07-12 55856]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-23 360224]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 14112]
S2 rimspci;rimspci;c:\windows\system32\drivers\rimssne64.sys [2009-11-06 93696]
S2 risdsnpe;risdsnpe;c:\windows\system32\drivers\risdsne64.sys [2009-09-15 75776]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-14 381248]
S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]
S2 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2009-09-14 642416]
S2 VSNService;VSNService;c:\program files\SONY\VAIO Smart Network\VSNService.exe [2009-10-30 815104]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2009-05-26 19968]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-11-18 52264]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-11-18 35104]
S3 NETw5s64;?? Windows 7 64 Bit ? Intel® Wireless WiFi Link ???????;c:\windows\system32\DRIVERS\NETw5s64.sys [2009-09-15 6952960]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2011-07-07 174184]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2009-08-19 11392]
S3 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2009-11-30 571248]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-07-31 393216]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-10-13 186904]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-11-02 8306208]
"Apoint"="c:\program files (x86)\Apoint\Apoint.exe" [bU]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 190536]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://ninemsn.com.au/?pc=MASN&ocid=SNYDHP
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
TCP: DhcpNameServer = 10.1.1.1
TCP: Interfaces\{E516CD31-258E-49ED-A04A-29B9F0DEDD0E}: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{E516CD31-258E-49ED-A04A-29B9F0DEDD0E}\745756374702E4564777F627B6: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{E516CD31-258E-49ED-A04A-29B9F0DEDD0E}\84F67745F634F6E6E656364745F6551575962756C6563737: NameServer = 8.8.8.8,8.8.4.4
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - ProfilePath - c:\users\teng\AppData\Roaming\Mozilla\Firefox\Profiles\6xnnr94k.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\SONY\VAIO Care\collsvc.exe\" \"/service\" \"/counter=\Processor(_Total)\% Processor Time:5\" \"/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:5\" \"/counter=\Network Interface(*)\Bytes Total/sec:5\" \"/directory=inteldata\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-261071132-451565413-1473889226-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:b2,92,e2,3a,83,a1,33,5b,90,3a,a7,e6,14,82,2c,52,85,bb,9c,2a,ad,33,a6,
84,2a,84,ba,41,4a,17,c5,5a,2f,80,07,75,b2,98,7b,87,08,3d,aa,2c,03,c8,98,b1,\
"??"=hex:5e,e9,49,52,27,89,b3,70,f8,d6,c9,78,44,09,2e,90
.
[HKEY_USERS\S-1-5-21-261071132-451565413-1473889226-1000\Software\SecuROM\License information*]
"datasecu"=hex:be,ef,fc,49,0f,89,47,53,75,72,55,0a,b6,12,24,11,94,8d,36,85,8a,
a8,2b,b8,1c,9c,de,68,6c,bf,59,8d,04,00,45,bb,49,18,4c,66,99,8b,8d,26,05,cb,\
"rkeysecu"=hex:28,9e,cd,39,00,bc,c4,a6,03,15,d0,77,e8,94,06,03
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-07-14 04:29:15
ComboFix-quarantined-files.txt 2012-07-13 18:29
ComboFix2.txt 2012-07-13 17:23
ComboFix3.txt 2012-07-13 15:34
ComboFix4.txt 2012-07-13 14:27
.
Pre-Run: 49,996,918,784 bytes free
Post-Run: 49,699,430,400 bytes free
.
- - End Of File - - E309C808C1C3AE1BF84B1944FC721CEB
-
should i complete MBAM full scan first or just go straight into the Combofix?
-
here's the Combofix log:
ComboFix 12-07-13.03 - teng 14/07/2012 3:03.3.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.4078.2018 [GMT 10:00]
Running from: c:\users\teng\Desktop\comb\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\teng\AppData\Local\rbimvufg.log
c:\users\teng\AppData\Local\vtvtfqre.log
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_Micorsoft Windows Service
.
.
((((((((((((((((((((((((( Files Created from 2012-06-13 to 2012-07-13 )))))))))))))))))))))))))))))))
.
.
2012-07-13 17:12 . 2012-07-13 17:12 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-07-13 17:12 . 2012-07-13 17:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-13 14:32 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D5315522-B650-432B-83A2-5224866DBA40}\mpengine.dll
2012-07-13 04:37 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-13 04:34 . 2012-07-13 13:02 5928 ----a-w- c:\windows\SysWow64\PerfStringBackup.TMP
2012-07-04 23:43 . 2012-02-11 02:12 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2DC15901-BC2F-49B5-9312-41E282B69352}\gapaengine.dll
2012-07-03 06:39 . 2012-07-03 06:39 -------- d-----w- C:\RS1-0A-AW1.1_DES
2012-07-03 06:01 . 2012-07-03 06:01 -------- d-----w- C:\SHERLOCK_HOLMES_GAME_OF_SHADOW
2012-06-26 07:06 . 2012-06-26 07:06 -------- d-----w- C:\THE_THREE_MUSKETEERS
2012-06-26 06:32 . 2012-06-26 06:32 -------- d-----w- C:\ANY_GIVEN_SUNDAY
2012-06-26 06:21 . 2012-06-26 06:21 -------- d-----w- C:\HANGOVER_PART_2
2012-06-26 06:10 . 2012-06-26 06:10 -------- d-----w- C:\IN_TIME
2012-06-26 05:46 . 2012-06-26 05:46 -------- d-----w- C:\UNDERWORLD_AWAKENING
2012-06-21 02:39 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-06-21 02:39 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-06-20 10:15 . 2012-06-20 10:15 -------- d-----w- c:\windows\system32\SPReview
2012-06-20 10:13 . 2012-06-20 10:13 -------- d-----w- c:\windows\system32\EventProviders
2012-06-14 04:39 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-14 04:39 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-14 04:39 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-14 04:39 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-06-14 04:39 . 2010-11-20 13:27 33792 ----a-w- c:\windows\system32\profprov.dll
2012-06-14 04:39 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-06-14 04:39 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-06-14 04:39 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-06-14 04:37 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys
2012-06-14 04:37 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-14 04:37 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll
2012-06-14 04:37 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll
2012-06-14 04:37 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-06-14 04:37 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-06-14 04:37 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-14 04:37 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-14 04:37 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-06-14 04:37 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-03 03:46 . 2011-05-08 05:18 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-20 10:37 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-06-20 10:37 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-06-02 22:19 . 2012-06-08 23:00 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-08 23:00 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-08 23:00 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-08 23:00 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-08 23:00 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-08 23:00 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-08 23:00 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 05:19 . 2012-06-08 23:00 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 05:15 . 2012-06-08 23:00 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-05-23 05:42 . 2012-05-23 05:42 163048 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin
2003-11-24 04:53 . 2010-10-22 10:23 94208 ----a-w- c:\program files\UI_RES.dll
2003-11-07 09:55 . 2010-10-22 10:23 278528 ----a-w- c:\program files\CLInet.dll
2003-11-07 09:55 . 2010-10-22 10:23 413696 ----a-w- c:\program files\PowerDVD.exe
2003-11-07 09:55 . 2010-10-22 10:23 311296 ----a-w- c:\program files\dvd_x.imp
2003-11-07 09:55 . 2010-10-22 10:23 294912 ----a-w- c:\program files\Vr_x.imp
2003-11-07 09:55 . 2010-10-22 10:23 192512 ----a-w- c:\program files\vcd20_x.imp
2003-11-07 09:55 . 2010-10-22 10:23 159744 ----a-w- c:\program files\dxm_x.imp
2003-11-07 09:55 . 2010-10-22 10:23 286720 ----a-w- c:\program files\AppBarCom.dll
2003-11-07 09:55 . 2010-10-22 10:23 147456 ----a-w- c:\program files\acd_x.imp
2003-10-31 09:45 . 2010-10-22 10:23 118784 ----a-w- c:\program files\CLDShowX.dll
2003-10-31 09:42 . 2010-10-22 10:23 32768 ----a-w- c:\program files\PDVDServ.exe
2003-10-31 09:39 . 2010-10-22 10:23 323584 ----a-w- c:\program files\ddtester.exe
2003-10-31 09:39 . 2010-10-22 10:23 274432 ----a-w- c:\program files\cldma.exe
2003-10-31 09:39 . 2010-10-22 10:23 167936 ----a-w- c:\program files\cltest.exe
2003-10-31 09:39 . 2010-10-22 10:23 57344 ----a-w- c:\program files\dvdrgn.exe
2003-10-15 11:49 . 2010-10-22 10:23 77824 ----a-w- c:\program files\PwrDVDRC.dll
2003-10-15 11:49 . 2010-10-22 10:23 12288 ----a-w- c:\program files\OSD_MLang.dll
2003-10-15 11:49 . 2010-10-22 10:23 327680 ------w- c:\program files\CLAudRC.dll
2003-10-15 11:49 . 2010-10-22 10:23 327680 ----a-w- c:\program files\DVD_RES.dll
2003-10-15 11:49 . 2010-10-22 10:23 12288 ----a-w- c:\program files\AppBarCom_RES.dll
1999-02-01 14:00 . 2010-10-22 10:23 266293 ----a-w- c:\program files\msvcrt.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-13_14.19.17 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-12-27 11:45 . 2012-07-13 16:58 32768 c:\windows\SysWOW64\config\systemprofile\Local Settings\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-12-27 11:45 . 2012-07-13 14:02 32768 c:\windows\SysWOW64\config\systemprofile\Local Settings\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-13 14:02 16384 c:\windows\SysWOW64\config\systemprofile\Local Settings\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-07-13 16:58 16384 c:\windows\SysWOW64\config\systemprofile\Local Settings\Microsoft\Windows\History\History.IE5\index.dat
- 2009-12-27 11:45 . 2012-07-13 14:02 32768 c:\windows\SysWOW64\config\systemprofile\Application Data\Microsoft\Windows\Cookies\index.dat
+ 2009-12-27 11:45 . 2012-07-13 16:58 32768 c:\windows\SysWOW64\config\systemprofile\Application Data\Microsoft\Windows\Cookies\index.dat
+ 2009-12-27 11:45 . 2012-07-13 16:58 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Temporary Internet Files\Content.IE5\index.dat
- 2009-12-27 11:45 . 2012-07-13 14:02 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-07-13 16:58 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-13 14:02 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\History\History.IE5\index.dat
- 2009-12-27 11:45 . 2012-07-13 14:02 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-12-27 11:45 . 2012-07-13 16:58 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-07-13 16:58 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Application Data\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-13 14:02 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Application Data\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-11-23 20:17 . 2012-07-13 15:49 81358 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
- 2009-11-23 20:17 . 2012-07-13 14:00 81358 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-07-13 17:16 44570 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-07-28 21:56 . 2012-07-13 15:49 22660 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-261071132-451565413-1473889226-1000_UserData.bin
- 2009-12-27 11:45 . 2012-07-13 14:02 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-12-27 11:45 . 2012-07-13 16:58 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-12-27 11:45 . 2012-07-13 14:02 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-12-27 11:45 . 2012-07-13 16:58 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-07-13 16:58 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-13 14:02 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-07-13 17:02 . 2012-07-13 17:13 3056 c:\windows\SoftwareDistribution\PostRebootEventCache\{003AE53D-B7A2-4F1C-A7E9-40EBD8DD1C64}.bin
+ 2009-11-23 20:10 . 2012-07-13 17:13 4255 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
- 2009-11-23 20:10 . 2012-07-13 14:17 4255 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
+ 2012-07-13 17:14 . 2012-07-13 17:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-07-13 14:18 . 2012-07-13 14:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-07-13 14:18 . 2012-07-13 14:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-07-13 17:14 . 2012-07-13 17:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-07-13 14:03 . 2012-06-06 05:03 805376 c:\windows\SysWOW64\cdosys.dll
- 2011-07-08 04:57 . 2010-11-20 12:18 805376 c:\windows\SysWOW64\cdosys.dll
- 2009-07-14 02:36 . 2012-07-13 14:05 648596 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-07-13 15:53 648596 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-07-13 14:05 118726 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-07-13 15:53 118726 c:\windows\system32\perfc009.dat
- 2012-06-16 08:57 . 2012-07-13 14:17 485440 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2012-06-16 08:57 . 2012-07-13 17:13 485440 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2009-07-14 05:01 . 2012-07-13 17:13 423752 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-07-13 14:17 423752 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-07-08 04:57 . 2010-11-20 13:25 1133568 c:\windows\system32\cdosys.dll
+ 2012-07-13 14:03 . 2012-06-06 06:02 1133568 c:\windows\system32\cdosys.dll
+ 2011-08-02 09:09 . 2012-07-13 17:13 2732620 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-261071132-451565413-1473889226-1000-12288.dat
+ 2012-05-29 21:18 . 2012-05-29 21:18 1739264 c:\windows\Installer\4649d4.msp
+ 2009-07-14 02:34 . 2012-07-13 17:13 10698752 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2012-07-13 17:13 . 2012-07-13 17:13 10698752 c:\windows\erdnt\subs\SCHEMA.DAT
+ 2012-07-13 17:01 . 2012-07-13 17:02 10698752 c:\windows\erdnt\Hiv-backup\SCHEMA.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 143360]
"RGSC"="c:\program files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe" [2008-11-14 305064]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2011-08-02 1242448]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]
"Akamai NetSession Interface"="c:\users\teng\AppData\Local\Akamai\netsession_win.exe" [2012-05-25 4327744]
"AlcoholAutomount"="c:\program files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2010-08-20 33120]
"PjbHcvsk"="c:\users\teng\AppData\Local\hdjurvjw\pjbhcvsk.exe" [bU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2009-08-26 320880]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-06-10 592744]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2009-10-23 597792]
"SpySweeperRegister"="c:\program files (x86)\Webroot\Spy Sweeper\uninst\RegisterSpySweeper.exe" [2009-10-23 2522992]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 47904]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-26 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
.
c:\users\teng\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
pjbhcvsk.exe [2012-7-11 90944]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\userinit.exe,,c:\users\teng\AppData\Local\hdjurvjw\pjbhcvsk.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2009-11-24 16:05 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-08-30 362992]
R3 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-09-05 169312]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2009-10-27 151040]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-08-30 313840]
R3 SampleCollector;Intel® Sample Collector;c:\program files\SONY\VAIO Care\collsvc.exe [2009-09-16 167424]
R3 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2009-10-15 120104]
R3 SOHDBSvr;VAIO Media plus Database Manager;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [2009-10-15 70952]
R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2009-10-15 427304]
R3 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2009-10-15 75048]
R3 SOHPlMgr;VAIO Media plus Playlist Manager;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [2009-10-15 91432]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-02 51712]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2009-09-16 480624]
R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2009-09-01 361840]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2009-09-08 110960]
R3 VUAgent;VUAgent;c:\program files\SONY\VAIO Update 5\VUAgent.exe [2009-10-30 1165680]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-08-02 1255736]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-07-12 55856]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-23 360224]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 14112]
S2 rimspci;rimspci;c:\windows\system32\drivers\rimssne64.sys [2009-11-06 93696]
S2 risdsnpe;risdsnpe;c:\windows\system32\drivers\risdsne64.sys [2009-09-15 75776]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-14 381248]
S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]
S2 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2009-09-14 642416]
S2 VSNService;VSNService;c:\program files\SONY\VAIO Smart Network\VSNService.exe [2009-10-30 815104]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2009-05-26 19968]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-11-18 52264]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-11-18 35104]
S3 NETw5s64;?? Windows 7 64 Bit ? Intel® Wireless WiFi Link ???????;c:\windows\system32\DRIVERS\NETw5s64.sys [2009-09-15 6952960]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2011-07-07 174184]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2009-08-19 11392]
S3 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2009-11-30 571248]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-07-31 393216]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-10-13 186904]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-11-02 8306208]
"Apoint"="c:\program files (x86)\Apoint\Apoint.exe" [bU]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 190536]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
"combofix"="c:\combofix\CF9285.3XE" [2010-11-20 345088]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://ninemsn.com.au/?pc=MASN&ocid=SNYDHP
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
TCP: DhcpNameServer = 10.1.1.1
TCP: Interfaces\{E516CD31-258E-49ED-A04A-29B9F0DEDD0E}: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{E516CD31-258E-49ED-A04A-29B9F0DEDD0E}\745756374702E4564777F627B6: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{E516CD31-258E-49ED-A04A-29B9F0DEDD0E}\84F67745F634F6E6E656364745F6551575962756C6563737: NameServer = 8.8.8.8,8.8.4.4
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - ProfilePath - c:\users\teng\AppData\Roaming\Mozilla\Firefox\Profiles\6xnnr94k.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\SONY\VAIO Care\collsvc.exe\" \"/service\" \"/counter=\Processor(_Total)\% Processor Time:5\" \"/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:5\" \"/counter=\Network Interface(*)\Bytes Total/sec:5\" \"/directory=inteldata\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-261071132-451565413-1473889226-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:b2,92,e2,3a,83,a1,33,5b,90,3a,a7,e6,14,82,2c,52,85,bb,9c,2a,ad,33,a6,
84,2a,84,ba,41,4a,17,c5,5a,2f,80,07,75,b2,98,7b,87,08,3d,aa,2c,03,c8,98,b1,\
"??"=hex:5e,e9,49,52,27,89,b3,70,f8,d6,c9,78,44,09,2e,90
.
[HKEY_USERS\S-1-5-21-261071132-451565413-1473889226-1000\Software\SecuROM\License information*]
"datasecu"=hex:be,ef,fc,49,0f,89,47,53,75,72,55,0a,b6,12,24,11,94,8d,36,85,8a,
a8,2b,b8,1c,9c,de,68,6c,bf,59,8d,04,00,45,bb,49,18,4c,66,99,8b,8d,26,05,cb,\
"rkeysecu"=hex:28,9e,cd,39,00,bc,c4,a6,03,15,d0,77,e8,94,06,03
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Cisco Systems\VPN Client\cvpnd.exe
c:\program files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files (x86)\SONY\VAIO Event Service\VESMgr.exe
c:\windows\SysWOW64\DllHost.exe
c:\program files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\SONY\VAIO Event Service\VESMgrSub.exe
c:\program files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
.
**************************************************************************
.
Completion time: 2012-07-14 03:23:03 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-13 17:23
ComboFix2.txt 2012-07-13 15:34
ComboFix3.txt 2012-07-13 14:27
.
Pre-Run: 50,782,863,360 bytes free
Post-Run: 49,932,316,672 bytes free
.
- - End Of File - - 53171CAA937A737E9B3C03CC668CF650
-
I couldn't get back onto this website jsut then so had to run Roguekiller again.. Here's the log:
RogueKiller V7.6.3 [07/08/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: teng [Admin rights]
Mode: Remove -- Date: 07/14/2012 03:24:54
¤¤¤ Bad processes: 2 ¤¤¤
[sVCHOST] svchost.exe -- C:\Windows\SysWOW64\svchost.exe -> KILLED [TermProc]
[sVCHOST] svchost.exe -- C:\Windows\SysWOW64\svchost.exe -> KILLED [TermProc]
¤¤¤ Registry Entries: 5 ¤¤¤
[sUSP PATH] HKCU\[...]\Run : PjbHcvsk (C:\Users\teng\AppData\Local\hdjurvjw\pjbhcvsk.exe) -> DELETED
[sUSP PATH] HKLM\[...]\Wow6432Node\Winlogon : Userinit (C:\Windows\system32\userinit.exe,,C:\Users\teng\AppData\Local\hdjurvjw\pjbhcvsk.exe) -> REPLACED (userinit.exe)
[HJ] HKLM\[...]\System : EnableLUA (0) -> NOT SELECTED
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NOT SELECTED
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NOT SELECTED
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver: [NOT LOADED] ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: TOSHIBA MK5065GSX +++++
--- User ---
[MBR] b920a0ccdea031bc9d9ac6253324ac86
[bSP] a410d9d5efb87cb824bf361decd494b6 : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 15999 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 32768000 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 32972800 | Size: 460839 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[20].txt >>
RKreport[10].txt ; RKreport[11].txt ; RKreport[12].txt ; RKreport[13].txt ; RKreport[14].txt ;
RKreport[15].txt ; RKreport[16].txt ; RKreport[17].txt ; RKreport[18].txt ; RKreport[19].txt ;
RKreport[1].txt ; RKreport[20].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ;
RKreport[5].txt ; RKreport[6].txt ; RKreport[7].txt ; RKreport[8].txt ; RKreport[9].txt
-
Will do that after the combofix finishes running.
-
ALso before after you mentioned to quickscan with MBAM I did a full scan and it found 2 suspicious objects. Not sure if this helps.
Malwarebytes Anti-Malware 1.62.0.1300
Database version: v2012.07.13.07
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
teng :: VAIO [administrator]
14/07/2012 1:55:08 AM
mbam-log-2012-07-14 (02-48-14).txt
Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 195160
Time elapsed: 52 minute(s), 51 second(s) [aborted]
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 1
HKLM\SYSTEM\CurrentControlSet\Services\Micorsoft Windows Service (Rootkit.Agent) -> No action taken.
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\Users\teng\AppData\Local\Temp\wuyocsoa.sys (Rootkit.Agent) -> No action taken.
(end)
-
Heres the TDSSKiller log, I didn't delete anything (wasn't sure what to delete):
02:50:32.0926 3148 TDSS rootkit removing tool 2.7.45.0 Jul 9 2012 12:46:35
02:50:33.0999 3148 ============================================================
02:50:33.0999 3148 Current date / time: 2012/07/14 02:50:33.0999
02:50:33.0999 3148 SystemInfo:
02:50:33.0999 3148
02:50:33.0999 3148 OS Version: 6.1.7601 ServicePack: 1.0
02:50:33.0999 3148 Product type: Workstation
02:50:33.0999 3148 ComputerName: VAIO
02:50:34.0000 3148 UserName: teng
02:50:34.0000 3148 Windows directory: C:\Windows
02:50:34.0000 3148 System windows directory: C:\Windows
02:50:34.0000 3148 Running under WOW64
02:50:34.0000 3148 Processor architecture: Intel x64
02:50:34.0000 3148 Number of processors: 8
02:50:34.0000 3148 Page size: 0x1000
02:50:34.0000 3148 Boot type: Normal boot
02:50:34.0000 3148 ============================================================
02:50:34.0722 3148 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
02:50:34.0748 3148 ============================================================
02:50:34.0748 3148 \Device\Harddisk0\DR0:
02:50:34.0748 3148 MBR partitions:
02:50:34.0749 3148 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1F40000, BlocksNum 0x32000
02:50:34.0749 3148 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1F72000, BlocksNum 0x38413830
02:50:34.0749 3148 ============================================================
02:50:34.0830 3148 C: <-> \Device\Harddisk0\DR0\Partition1
02:50:34.0831 3148 ============================================================
02:50:34.0831 3148 Initialize success
02:50:34.0831 3148 ============================================================
02:51:04.0705 2060 ============================================================
02:51:04.0705 2060 Scan started
02:51:04.0705 2060 Mode: Manual; SigCheck; TDLFS;
02:51:04.0705 2060 ============================================================
02:51:05.0379 2060 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
02:51:05.0551 2060 1394ohci - ok
02:51:05.0682 2060 ACDaemon (adc420616c501b45d26c0fd3ef1e54e4) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
02:51:05.0716 2060 ACDaemon - ok
02:51:05.0792 2060 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
02:51:05.0827 2060 ACPI - ok
02:51:05.0880 2060 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
02:51:05.0974 2060 AcpiPmi - ok
02:51:06.0063 2060 AdobeActiveFileMonitor8.0 (4451cc2275b04043ec2bcc757af97291) C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
02:51:06.0089 2060 AdobeActiveFileMonitor8.0 - ok
02:51:06.0190 2060 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
02:51:06.0232 2060 adp94xx - ok
02:51:06.0312 2060 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
02:51:06.0350 2060 adpahci - ok
02:51:06.0407 2060 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
02:51:06.0438 2060 adpu320 - ok
02:51:06.0480 2060 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
02:51:06.0688 2060 AeLookupSvc - ok
02:51:06.0803 2060 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
02:51:06.0903 2060 AFD - ok
02:51:06.0959 2060 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
02:51:06.0985 2060 agp440 - ok
02:51:07.0467 2060 Akamai (29584f02a43e427c4227e3b1d9ff1b22) c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll
02:51:07.0467 2060 Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll. md5: 29584f02a43e427c4227e3b1d9ff1b22
02:51:07.0483 2060 Akamai ( HiddenFile.Multi.Generic ) - warning
02:51:07.0483 2060 Akamai - detected HiddenFile.Multi.Generic (1)
02:51:07.0671 2060 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
02:51:07.0754 2060 ALG - ok
02:51:07.0866 2060 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
02:51:07.0891 2060 aliide - ok
02:51:07.0897 2060 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
02:51:07.0921 2060 amdide - ok
02:51:07.0987 2060 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
02:51:08.0054 2060 AmdK8 - ok
02:51:08.0083 2060 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
02:51:08.0143 2060 AmdPPM - ok
02:51:08.0205 2060 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
02:51:08.0232 2060 amdsata - ok
02:51:08.0276 2060 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
02:51:08.0306 2060 amdsbs - ok
02:51:08.0358 2060 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
02:51:08.0384 2060 amdxata - ok
02:51:08.0470 2060 ApfiltrService (1661f9c9e4b0049fa0a5e30264375a87) C:\Windows\system32\drivers\Apfiltr.sys
02:51:08.0499 2060 ApfiltrService - ok
02:51:08.0555 2060 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
02:51:08.0770 2060 AppID - ok
02:51:08.0835 2060 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
02:51:08.0939 2060 AppIDSvc - ok
02:51:09.0001 2060 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
02:51:09.0096 2060 Appinfo - ok
02:51:09.0248 2060 Apple Mobile Device (d8e18021f91ad79ca8491cb5a5da22d4) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
02:51:09.0269 2060 Apple Mobile Device - ok
02:51:09.0358 2060 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
02:51:09.0384 2060 arc - ok
02:51:09.0426 2060 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
02:51:09.0452 2060 arcsas - ok
02:51:09.0508 2060 ArcSoftKsUFilter (c130bc4a51b1382b2be8e44579ec4c0a) C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys
02:51:09.0526 2060 ArcSoftKsUFilter - ok
02:51:09.0619 2060 aspnet_state - ok
02:51:09.0674 2060 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
02:51:09.0769 2060 AsyncMac - ok
02:51:09.0818 2060 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
02:51:09.0844 2060 atapi - ok
02:51:10.0000 2060 athr (0acc06fcf46f64ed4f11e57ee461c1f4) C:\Windows\system32\DRIVERS\athrx.sys
02:51:10.0106 2060 athr - ok
02:51:10.0303 2060 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
02:51:10.0431 2060 AudioEndpointBuilder - ok
02:51:10.0443 2060 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
02:51:10.0529 2060 AudioSrv - ok
02:51:10.0606 2060 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
02:51:10.0697 2060 AxInstSV - ok
02:51:10.0800 2060 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
02:51:10.0872 2060 b06bdrv - ok
02:51:10.0945 2060 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
02:51:11.0017 2060 b57nd60a - ok
02:51:11.0082 2060 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
02:51:11.0150 2060 BDESVC - ok
02:51:11.0210 2060 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
02:51:11.0307 2060 Beep - ok
02:51:11.0459 2060 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
02:51:11.0580 2060 BFE - ok
02:51:11.0672 2060 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
02:51:11.0854 2060 BITS - ok
02:51:11.0937 2060 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
02:51:11.0964 2060 blbdrive - ok
02:51:12.0121 2060 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
02:51:12.0153 2060 Bonjour Service - ok
02:51:12.0232 2060 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
02:51:12.0298 2060 bowser - ok
02:51:12.0354 2060 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
02:51:12.0438 2060 BrFiltLo - ok
02:51:12.0456 2060 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
02:51:12.0489 2060 BrFiltUp - ok
02:51:12.0556 2060 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
02:51:12.0637 2060 BridgeMP - ok
02:51:12.0707 2060 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
02:51:12.0825 2060 Browser - ok
02:51:12.0902 2060 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
02:51:12.0965 2060 Brserid - ok
02:51:13.0032 2060 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
02:51:13.0080 2060 BrSerWdm - ok
02:51:13.0112 2060 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
02:51:13.0196 2060 BrUsbMdm - ok
02:51:13.0243 2060 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
02:51:13.0285 2060 BrUsbSer - ok
02:51:13.0343 2060 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
02:51:13.0426 2060 BthEnum - ok
02:51:13.0488 2060 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
02:51:13.0538 2060 BTHMODEM - ok
02:51:13.0587 2060 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
02:51:13.0629 2060 BthPan - ok
02:51:13.0736 2060 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
02:51:13.0803 2060 BTHPORT - ok
02:51:13.0858 2060 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
02:51:13.0947 2060 bthserv - ok
02:51:14.0008 2060 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
02:51:14.0049 2060 BTHUSB - ok
02:51:14.0107 2060 btusbflt (6e04458e98daf28826482e41a7a62df5) C:\Windows\system32\drivers\btusbflt.sys
02:51:14.0128 2060 btusbflt - ok
02:51:14.0196 2060 btwaudio (4bdbdb86abba924e029fb2683be7c505) C:\Windows\system32\drivers\btwaudio.sys
02:51:14.0219 2060 btwaudio - ok
02:51:14.0325 2060 btwavdt (5c849bd7c78791c5cee9f4651d7fe38d) C:\Windows\system32\DRIVERS\btwavdt.sys
02:51:14.0348 2060 btwavdt - ok
02:51:14.0568 2060 btwdins (31da517946ffe416442e864592548f8a) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
02:51:14.0615 2060 btwdins - ok
02:51:14.0629 2060 btwl2cap (6149301dc3f81d6f9667a3fbac410975) C:\Windows\system32\DRIVERS\btwl2cap.sys
02:51:14.0645 2060 btwl2cap - ok
02:51:14.0693 2060 btwrchid (3e1991afa851a36dc978b0a1b0535c8b) C:\Windows\system32\DRIVERS\btwrchid.sys
02:51:14.0712 2060 btwrchid - ok
02:51:14.0771 2060 catchme - ok
02:51:14.0827 2060 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
02:51:14.0916 2060 cdfs - ok
02:51:14.0978 2060 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
02:51:15.0022 2060 cdrom - ok
02:51:15.0070 2060 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
02:51:15.0172 2060 CertPropSvc - ok
02:51:15.0229 2060 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
02:51:15.0285 2060 circlass - ok
02:51:15.0352 2060 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
02:51:15.0388 2060 CLFS - ok
02:51:15.0486 2060 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
02:51:15.0509 2060 clr_optimization_v2.0.50727_32 - ok
02:51:15.0576 2060 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
02:51:15.0599 2060 clr_optimization_v2.0.50727_64 - ok
02:51:15.0726 2060 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
02:51:15.0751 2060 clr_optimization_v4.0.30319_32 - ok
02:51:15.0827 2060 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
02:51:15.0849 2060 clr_optimization_v4.0.30319_64 - ok
02:51:15.0902 2060 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
02:51:15.0947 2060 CmBatt - ok
02:51:15.0987 2060 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
02:51:16.0011 2060 cmdide - ok
02:51:16.0098 2060 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
02:51:16.0156 2060 CNG - ok
02:51:16.0222 2060 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
02:51:16.0248 2060 Compbatt - ok
02:51:16.0303 2060 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
02:51:16.0356 2060 CompositeBus - ok
02:51:16.0375 2060 COMSysApp - ok
02:51:16.0414 2060 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
02:51:16.0438 2060 crcdisk - ok
02:51:16.0513 2060 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
02:51:16.0563 2060 CryptSvc - ok
02:51:16.0630 2060 CVirtA (44bddeb03c84a1c993c992ffb5700357) C:\Windows\system32\DRIVERS\CVirtA64.sys
02:51:16.0650 2060 CVirtA - ok
02:51:16.0826 2060 CVPND (b6e8d77530a24b743acaee6728399984) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
02:51:16.0891 2060 CVPND - ok
02:51:17.0088 2060 CVPNDRVA (d2c3db196422e2f2a41d09c690c7c2f8) C:\Windows\system32\Drivers\CVPNDRVA.sys
02:51:17.0117 2060 CVPNDRVA - ok
02:51:17.0223 2060 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
02:51:17.0311 2060 DcomLaunch - ok
02:51:17.0367 2060 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
02:51:17.0462 2060 defragsvc - ok
02:51:17.0544 2060 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
02:51:17.0648 2060 DfsC - ok
02:51:17.0725 2060 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
02:51:17.0816 2060 Dhcp - ok
02:51:17.0876 2060 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
02:51:17.0952 2060 discache - ok
02:51:18.0006 2060 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
02:51:18.0033 2060 Disk - ok
02:51:18.0100 2060 DNE (05cb5910b3ca6019fc3cca815ee06ffb) C:\Windows\system32\DRIVERS\dne64x.sys
02:51:18.0122 2060 DNE - ok
02:51:18.0188 2060 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
02:51:18.0264 2060 Dnscache - ok
02:51:18.0325 2060 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
02:51:18.0425 2060 dot3svc - ok
02:51:18.0448 2060 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
02:51:18.0531 2060 DPS - ok
02:51:18.0587 2060 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
02:51:18.0627 2060 drmkaud - ok
02:51:18.0737 2060 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
02:51:18.0796 2060 DXGKrnl - ok
02:51:18.0863 2060 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
02:51:18.0963 2060 EapHost - ok
02:51:19.0298 2060 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
02:51:19.0480 2060 ebdrv - ok
02:51:19.0634 2060 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
02:51:19.0704 2060 EFS - ok
02:51:19.0842 2060 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
02:51:19.0936 2060 ehRecvr - ok
02:51:19.0972 2060 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
02:51:20.0017 2060 ehSched - ok
02:51:20.0126 2060 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
02:51:20.0168 2060 elxstor - ok
02:51:20.0202 2060 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
02:51:20.0228 2060 ErrDev - ok
02:51:20.0293 2060 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
02:51:20.0399 2060 EventSystem - ok
02:51:20.0589 2060 EvtEng (51643ee2712d9212e1e53ca7e8d8eb4a) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
02:51:20.0659 2060 EvtEng - ok
02:51:20.0818 2060 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
02:51:20.0914 2060 exfat - ok
02:51:20.0942 2060 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
02:51:21.0035 2060 fastfat - ok
02:51:21.0125 2060 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
02:51:21.0210 2060 Fax - ok
02:51:21.0264 2060 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
02:51:21.0298 2060 fdc - ok
02:51:21.0353 2060 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
02:51:21.0474 2060 fdPHost - ok
02:51:21.0508 2060 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
02:51:21.0585 2060 FDResPub - ok
02:51:21.0652 2060 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
02:51:21.0678 2060 FileInfo - ok
02:51:21.0690 2060 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
02:51:21.0786 2060 Filetrace - ok
02:51:21.0907 2060 FLEXnet Licensing Service (abedfd48ac042c6aaad32452e77217a1) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
02:51:21.0958 2060 FLEXnet Licensing Service - ok
02:51:22.0012 2060 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
02:51:22.0037 2060 flpydisk - ok
02:51:22.0098 2060 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
02:51:22.0132 2060 FltMgr - ok
02:51:22.0244 2060 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
02:51:22.0321 2060 FontCache - ok
02:51:22.0396 2060 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
02:51:22.0416 2060 FontCache3.0.0.0 - ok
02:51:22.0470 2060 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
02:51:22.0496 2060 FsDepends - ok
02:51:22.0548 2060 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
02:51:22.0568 2060 fssfltr - ok
02:51:22.0704 2060 fsssvc (45b52394f9624237f33a8a3d73c0b221) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
02:51:22.0748 2060 fsssvc - ok
02:51:22.0793 2060 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
02:51:22.0818 2060 Fs_Rec - ok
02:51:22.0960 2060 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
02:51:23.0000 2060 fvevol - ok
02:51:23.0050 2060 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
02:51:23.0076 2060 gagp30kx - ok
02:51:23.0146 2060 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
02:51:23.0163 2060 GEARAspiWDM - ok
02:51:23.0275 2060 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
02:51:23.0379 2060 gpsvc - ok
02:51:23.0430 2060 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
02:51:23.0503 2060 hcw85cir - ok
02:51:23.0580 2060 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
02:51:23.0621 2060 HdAudAddService - ok
02:51:23.0662 2060 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
02:51:23.0696 2060 HDAudBus - ok
02:51:23.0731 2060 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
02:51:23.0778 2060 HidBatt - ok
02:51:23.0812 2060 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
02:51:23.0869 2060 HidBth - ok
02:51:23.0927 2060 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
02:51:23.0969 2060 HidIr - ok
02:51:24.0008 2060 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
02:51:24.0113 2060 hidserv - ok
02:51:24.0173 2060 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
02:51:24.0200 2060 HidUsb - ok
02:51:24.0249 2060 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
02:51:24.0346 2060 hkmsvc - ok
02:51:24.0428 2060 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
02:51:24.0496 2060 HomeGroupListener - ok
02:51:24.0545 2060 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
02:51:24.0592 2060 HomeGroupProvider - ok
02:51:24.0634 2060 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
02:51:24.0659 2060 HpSAMD - ok
02:51:24.0759 2060 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
02:51:24.0872 2060 HTTP - ok
02:51:24.0899 2060 hwdatacard - ok
02:51:24.0931 2060 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
02:51:24.0956 2060 hwpolicy - ok
02:51:25.0055 2060 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
02:51:25.0082 2060 i8042prt - ok
02:51:25.0281 2060 IAANTMON (660bf3255a1eb18ed803fd2fba6ae400) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
02:51:25.0310 2060 IAANTMON - ok
02:51:25.0367 2060 iaStor (be7d72fcf442c26975942007e0831241) C:\Windows\system32\drivers\iaStor.sys
02:51:25.0398 2060 iaStor - ok
02:51:25.0488 2060 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
02:51:25.0525 2060 iaStorV - ok
02:51:25.0684 2060 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
02:51:25.0707 2060 IDriverT ( UnsignedFile.Multi.Generic ) - warning
02:51:25.0707 2060 IDriverT - detected UnsignedFile.Multi.Generic (1)
02:51:25.0835 2060 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
02:51:25.0883 2060 idsvc - ok
02:51:25.0996 2060 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
02:51:26.0022 2060 iirsp - ok
02:51:26.0120 2060 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
02:51:26.0215 2060 IKEEXT - ok
02:51:26.0288 2060 Impcd (4ff8a2082d78255d2eb169f986bcc981) C:\Windows\system32\drivers\Impcd.sys
02:51:26.0326 2060 Impcd - ok
02:51:26.0534 2060 IntcAzAudAddService (59b0bba422f04467e8c89b7ce6ae95e1) C:\Windows\system32\drivers\RTKVHD64.sys
02:51:26.0640 2060 IntcAzAudAddService - ok
02:51:26.0790 2060 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
02:51:26.0813 2060 intelide - ok
02:51:26.0870 2060 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys
02:51:26.0908 2060 intelppm - ok
02:51:26.0959 2060 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
02:51:27.0055 2060 IPBusEnum - ok
02:51:27.0114 2060 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
02:51:27.0209 2060 IpFilterDriver - ok
02:51:27.0285 2060 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
02:51:27.0381 2060 iphlpsvc - ok
02:51:27.0423 2060 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
02:51:27.0468 2060 IPMIDRV - ok
02:51:27.0509 2060 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
02:51:27.0604 2060 IPNAT - ok
02:51:27.0728 2060 iPod Service (3c0d4b3e80fc4854ca325dd123cc4ded) C:\Program Files\iPod\bin\iPodService.exe
02:51:27.0777 2060 iPod Service - ok
02:51:27.0831 2060 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
02:51:27.0904 2060 IRENUM - ok
02:51:27.0971 2060 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
02:51:27.0998 2060 isapnp - ok
02:51:28.0154 2060 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
02:51:28.0194 2060 iScsiPrt - ok
02:51:28.0299 2060 IviRegMgr (213822072085b5bbad9af30ab577d817) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
02:51:28.0320 2060 IviRegMgr - ok
02:51:28.0375 2060 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
02:51:28.0400 2060 kbdclass - ok
02:51:28.0460 2060 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
02:51:28.0505 2060 kbdhid - ok
02:51:28.0568 2060 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
02:51:28.0594 2060 KeyIso - ok
02:51:28.0618 2060 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
02:51:28.0645 2060 KSecDD - ok
02:51:28.0672 2060 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
02:51:28.0700 2060 KSecPkg - ok
02:51:28.0757 2060 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
02:51:28.0842 2060 ksthunk - ok
02:51:28.0890 2060 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
02:51:28.0986 2060 KtmRm - ok
02:51:29.0059 2060 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
02:51:29.0180 2060 LanmanServer - ok
02:51:29.0272 2060 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
02:51:29.0361 2060 LanmanWorkstation - ok
02:51:29.0424 2060 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
02:51:29.0521 2060 lltdio - ok
02:51:29.0580 2060 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
02:51:29.0680 2060 lltdsvc - ok
02:51:29.0720 2060 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
02:51:29.0796 2060 lmhosts - ok
02:51:29.0865 2060 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
02:51:29.0892 2060 LSI_FC - ok
02:51:29.0917 2060 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
02:51:29.0944 2060 LSI_SAS - ok
02:51:29.0993 2060 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
02:51:30.0020 2060 LSI_SAS2 - ok
02:51:30.0060 2060 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
02:51:30.0089 2060 LSI_SCSI - ok
02:51:30.0145 2060 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
02:51:30.0234 2060 luafv - ok
02:51:30.0283 2060 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
02:51:30.0322 2060 Mcx2Svc - ok
02:51:30.0341 2060 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
02:51:30.0365 2060 megasas - ok
02:51:30.0438 2060 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
02:51:30.0471 2060 MegaSR - ok
02:51:30.0662 2060 Micorsoft Windows Service (a6d351093f75d16c574db31cdf736153) C:\Users\teng\AppData\Local\Temp\wuyocsoa.sys
02:51:30.0670 2060 Micorsoft Windows Service ( UnsignedFile.Multi.Generic ) - warning
02:51:30.0670 2060 Micorsoft Windows Service - detected UnsignedFile.Multi.Generic (1)
02:51:30.0703 2060 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
02:51:30.0791 2060 MMCSS - ok
02:51:30.0825 2060 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
02:51:30.0910 2060 Modem - ok
02:51:30.0958 2060 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
02:51:30.0989 2060 monitor - ok
02:51:31.0045 2060 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
02:51:31.0070 2060 mouclass - ok
02:51:31.0133 2060 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
02:51:31.0174 2060 mouhid - ok
02:51:31.0231 2060 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
02:51:31.0258 2060 mountmgr - ok
02:51:31.0319 2060 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys
02:51:31.0359 2060 MpFilter - ok
02:51:31.0410 2060 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
02:51:31.0441 2060 mpio - ok
02:51:31.0477 2060 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
02:51:31.0553 2060 mpsdrv - ok
02:51:31.0650 2060 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
02:51:31.0778 2060 MpsSvc - ok
02:51:31.0842 2060 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
02:51:31.0910 2060 MRxDAV - ok
02:51:31.0960 2060 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
02:51:32.0011 2060 mrxsmb - ok
02:51:32.0066 2060 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
02:51:32.0113 2060 mrxsmb10 - ok
02:51:32.0168 2060 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
02:51:32.0196 2060 mrxsmb20 - ok
02:51:32.0247 2060 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
02:51:32.0272 2060 msahci - ok
02:51:32.0314 2060 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
02:51:32.0342 2060 msdsm - ok
02:51:32.0382 2060 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
02:51:32.0428 2060 MSDTC - ok
02:51:32.0478 2060 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
02:51:32.0569 2060 Msfs - ok
02:51:32.0621 2060 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
02:51:32.0696 2060 mshidkmdf - ok
02:51:32.0741 2060 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
02:51:32.0766 2060 msisadrv - ok
02:51:32.0797 2060 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
02:51:32.0891 2060 MSiSCSI - ok
02:51:32.0896 2060 msiserver - ok
02:51:32.0946 2060 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
02:51:33.0024 2060 MSKSSRV - ok
02:51:33.0210 2060 MsMpSvc (59faaf2c83c8169ea20f9e335e418907) c:\Program Files\Microsoft Security Client\MsMpEng.exe
02:51:33.0235 2060 MsMpSvc - ok
02:51:33.0290 2060 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
02:51:33.0375 2060 MSPCLOCK - ok
02:51:33.0398 2060 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
02:51:33.0484 2060 MSPQM - ok
02:51:33.0597 2060 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
02:51:33.0674 2060 MsRPC - ok
02:51:33.0745 2060 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
02:51:33.0771 2060 mssmbios - ok
02:51:33.0822 2060 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
02:51:33.0910 2060 MSTEE - ok
02:51:33.0944 2060 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
02:51:33.0983 2060 MTConfig - ok
02:51:34.0049 2060 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
02:51:34.0075 2060 Mup - ok
02:51:34.0150 2060 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
02:51:34.0257 2060 napagent - ok
02:51:34.0339 2060 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
02:51:34.0391 2060 NativeWifiP - ok
02:51:34.0610 2060 NBService (0d01287d85b3715fa8270e8ec919b7f7) C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
02:51:34.0638 2060 NBService ( UnsignedFile.Multi.Generic ) - warning
02:51:34.0638 2060 NBService - detected UnsignedFile.Multi.Generic (1)
02:51:34.0747 2060 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
02:51:34.0808 2060 NDIS - ok
02:51:34.0863 2060 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
02:51:34.0947 2060 NdisCap - ok
02:51:35.0003 2060 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
02:51:35.0102 2060 NdisTapi - ok
02:51:35.0154 2060 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
02:51:35.0235 2060 Ndisuio - ok
02:51:35.0280 2060 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
02:51:35.0374 2060 NdisWan - ok
02:51:35.0419 2060 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
02:51:35.0495 2060 NDProxy - ok
02:51:35.0544 2060 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
02:51:35.0644 2060 NetBIOS - ok
02:51:35.0693 2060 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
02:51:35.0775 2060 NetBT - ok
02:51:35.0824 2060 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
02:51:35.0850 2060 Netlogon - ok
02:51:35.0926 2060 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
02:51:36.0020 2060 Netman - ok
02:51:36.0133 2060 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
02:51:36.0221 2060 netprofm - ok
02:51:36.0305 2060 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
02:51:36.0326 2060 NetTcpPortSharing - ok
02:51:36.0796 2060 NETw5s64 (4d85a450edef10c38882182753a49aae) C:\Windows\system32\DRIVERS\NETw5s64.sys
02:51:37.0117 2060 NETw5s64 - ok
02:51:37.0269 2060 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
02:51:37.0294 2060 nfrd960 - ok
02:51:37.0336 2060 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
02:51:37.0359 2060 NisDrv - ok
02:51:37.0539 2060 NisSrv (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe
02:51:37.0573 2060 NisSrv - ok
02:51:37.0637 2060 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
02:51:37.0732 2060 NlaSvc - ok
02:51:37.0893 2060 NMIndexingService (c4ebbbd7165be535f0bfd06b80601d91) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
02:51:37.0922 2060 NMIndexingService ( UnsignedFile.Multi.Generic ) - warning
02:51:37.0922 2060 NMIndexingService - detected UnsignedFile.Multi.Generic (1)
02:51:37.0945 2060 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
02:51:38.0014 2060 Npfs - ok
02:51:38.0034 2060 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
02:51:38.0100 2060 nsi - ok
02:51:38.0117 2060 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
02:51:38.0205 2060 nsiproxy - ok
02:51:38.0366 2060 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
02:51:38.0451 2060 Ntfs - ok
02:51:38.0566 2060 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
02:51:38.0661 2060 Null - ok
02:51:38.0727 2060 NVHDA (10204955027011e08a9dc27737a48a54) C:\Windows\system32\drivers\nvhda64v.sys
02:51:38.0753 2060 NVHDA - ok
02:51:39.0704 2060 nvlddmkm (b15258b1f45f9571758ac6bb2f043b01) C:\Windows\system32\DRIVERS\nvlddmkm.sys
02:51:40.0309 2060 nvlddmkm - ok
02:51:40.0500 2060 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
02:51:40.0524 2060 nvraid - ok
02:51:40.0543 2060 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
02:51:40.0570 2060 nvstor - ok
02:51:40.0698 2060 nvsvc (2d7092fec9bd2aca199673bba2ba9277) C:\Windows\system32\nvvsvc.exe
02:51:40.0769 2060 nvsvc - ok
02:51:41.0049 2060 nvUpdatusService (7e22de30e222bfdfcec7e77032baf3cd) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
02:51:41.0139 2060 nvUpdatusService - ok
02:51:41.0346 2060 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
02:51:41.0373 2060 nv_agp - ok
02:51:41.0570 2060 odserv (1f0e05dff4f5a833168e49be1256f002) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
02:51:41.0607 2060 odserv - ok
02:51:41.0651 2060 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
02:51:41.0689 2060 ohci1394 - ok
02:51:41.0761 2060 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
02:51:41.0784 2060 ose - ok
02:51:41.0832 2060 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
02:51:41.0886 2060 p2pimsvc - ok
02:51:41.0941 2060 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
02:51:41.0977 2060 p2psvc - ok
02:51:42.0014 2060 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
02:51:42.0042 2060 Parport - ok
02:51:42.0081 2060 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
02:51:42.0108 2060 partmgr - ok
02:51:42.0147 2060 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
02:51:42.0199 2060 PcaSvc - ok
02:51:42.0259 2060 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
02:51:42.0290 2060 pci - ok
02:51:42.0337 2060 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
02:51:42.0361 2060 pciide - ok
02:51:42.0411 2060 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
02:51:42.0442 2060 pcmcia - ok
02:51:42.0483 2060 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
02:51:42.0510 2060 pcw - ok
02:51:42.0571 2060 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
02:51:42.0679 2060 PEAUTH - ok
02:51:42.0761 2060 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
02:51:42.0803 2060 PerfHost - ok
02:51:42.0941 2060 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
02:51:43.0051 2060 pla - ok
02:51:43.0180 2060 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
02:51:43.0256 2060 PlugPlay - ok
02:51:43.0448 2060 PMBDeviceInfoProvider (627fa58adc043704f9d14ca44340956f) C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
02:51:43.0474 2060 PMBDeviceInfoProvider - ok
02:51:43.0510 2060 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
02:51:43.0559 2060 PNRPAutoReg - ok
02:51:43.0604 2060 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
02:51:43.0635 2060 PNRPsvc - ok
02:51:43.0726 2060 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
02:51:43.0836 2060 PolicyAgent - ok
02:51:43.0909 2060 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
02:51:44.0023 2060 Power - ok
02:51:44.0187 2060 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
02:51:44.0277 2060 PptpMiniport - ok
02:51:44.0316 2060 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
02:51:44.0367 2060 Processor - ok
02:51:44.0432 2060 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
02:51:44.0496 2060 ProfSvc - ok
02:51:44.0536 2060 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
02:51:44.0563 2060 ProtectedStorage - ok
02:51:44.0624 2060 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
02:51:44.0714 2060 Psched - ok
02:51:44.0824 2060 PSI_SVC_2 (a6a7ad767bf5141665f5c675f671b3e1) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
02:51:44.0845 2060 PSI_SVC_2 - ok
02:51:44.0908 2060 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
02:51:44.0930 2060 PxHlpa64 - ok
02:51:45.0107 2060 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
02:51:45.0203 2060 ql2300 - ok
02:51:45.0364 2060 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
02:51:45.0391 2060 ql40xx - ok
02:51:45.0479 2060 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
02:51:45.0521 2060 QWAVE - ok
02:51:45.0577 2060 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
02:51:45.0621 2060 QWAVEdrv - ok
02:51:45.0644 2060 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
02:51:45.0732 2060 RasAcd - ok
02:51:45.0793 2060 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
02:51:45.0867 2060 RasAgileVpn - ok
02:51:45.0940 2060 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
02:51:46.0044 2060 RasAuto - ok
02:51:46.0105 2060 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
02:51:46.0196 2060 Rasl2tp - ok
02:51:46.0288 2060 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
02:51:46.0390 2060 RasMan - ok
02:51:46.0450 2060 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
02:51:46.0547 2060 RasPppoe - ok
02:51:46.0641 2060 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
02:51:46.0754 2060 RasSstp - ok
02:51:46.0843 2060 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
02:51:46.0945 2060 rdbss - ok
02:51:46.0986 2060 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
02:51:47.0041 2060 rdpbus - ok
02:51:47.0095 2060 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
02:51:47.0189 2060 RDPCDD - ok
02:51:47.0235 2060 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
02:51:47.0328 2060 RDPENCDD - ok
02:51:47.0371 2060 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
02:51:47.0445 2060 RDPREFMP - ok
02:51:47.0507 2060 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
02:51:47.0563 2060 RDPWD - ok
02:51:47.0624 2060 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
02:51:47.0669 2060 rdyboost - ok
02:51:47.0733 2060 regi (4d9afddda0efe97cdbfd3b5fa48b05f6) C:\Windows\system32\drivers\regi.sys
02:51:47.0755 2060 regi - ok
02:51:48.0019 2060 RegSrvc (3b71b5b91e7dca93585d5a86c897adc4) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
02:51:48.0080 2060 RegSrvc - ok
02:51:48.0139 2060 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
02:51:48.0216 2060 RemoteAccess - ok
02:51:48.0275 2060 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
02:51:48.0368 2060 RemoteRegistry - ok
02:51:48.0429 2060 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
02:51:48.0479 2060 RFCOMM - ok
02:51:48.0552 2060 rimspci (5ca4abd888b602551b59baa26941c167) C:\Windows\system32\drivers\rimssne64.sys
02:51:48.0597 2060 rimspci - ok
02:51:48.0678 2060 risdsnpe (bb6e138aeb351728959da5e2731d8140) C:\Windows\system32\drivers\risdsne64.sys
02:51:48.0735 2060 risdsnpe - ok
02:51:48.0867 2060 Roxio UPnP Renderer 10 (d151224bc11078895a60fa970728ff59) C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
02:51:48.0895 2060 Roxio UPnP Renderer 10 - ok
02:51:48.0949 2060 Roxio Upnp Server 10 (5022a927944878bd750960bd21e751af) C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe
02:51:48.0982 2060 Roxio Upnp Server 10 - ok
02:51:49.0005 2060 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
02:51:49.0108 2060 RpcEptMapper - ok
02:51:49.0137 2060 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
02:51:49.0188 2060 RpcLocator - ok
02:51:49.0311 2060 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
02:51:49.0396 2060 RpcSs - ok
02:51:49.0465 2060 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
02:51:49.0564 2060 rspndr - ok
02:51:49.0741 2060 SampleCollector (6b318f9443740a907d1c8f3460c19009) C:\Program Files\SONY\VAIO Care\collsvc.exe
02:51:49.0764 2060 SampleCollector ( UnsignedFile.Multi.Generic ) - warning
02:51:49.0764 2060 SampleCollector - detected UnsignedFile.Multi.Generic (1)
02:51:49.0814 2060 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
02:51:49.0839 2060 SamSs - ok
02:51:49.0883 2060 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
02:51:49.0911 2060 sbp2port - ok
02:51:49.0985 2060 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
02:51:50.0065 2060 SCardSvr - ok
02:51:50.0114 2060 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
02:51:50.0193 2060 scfilter - ok
02:51:50.0402 2060 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
02:51:50.0541 2060 Schedule - ok
02:51:50.0607 2060 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
02:51:50.0679 2060 SCPolicySvc - ok
02:51:50.0761 2060 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
02:51:50.0796 2060 sdbus - ok
02:51:50.0857 2060 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
02:51:50.0931 2060 SDRSVC - ok
02:51:51.0062 2060 SeaPort (16a252022535b680046f6e34e136d378) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
02:51:51.0093 2060 SeaPort - ok
02:51:51.0152 2060 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
02:51:51.0226 2060 secdrv - ok
02:51:51.0274 2060 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
02:51:51.0378 2060 seclogon - ok
02:51:51.0433 2060 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
02:51:51.0523 2060 SENS - ok
02:51:51.0547 2060 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
02:51:51.0609 2060 SensrSvc - ok
02:51:51.0665 2060 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
02:51:51.0707 2060 Serenum - ok
02:51:51.0761 2060 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
02:51:51.0813 2060 Serial - ok
02:51:51.0873 2060 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
02:51:51.0899 2060 sermouse - ok
02:51:51.0959 2060 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
02:51:52.0060 2060 SessionEnv - ok
02:51:52.0140 2060 SFEP (70f9c476b62de4f2823e918a6c181ade) C:\Windows\system32\drivers\SFEP.sys
02:51:52.0188 2060 SFEP - ok
02:51:52.0223 2060 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
02:51:52.0280 2060 sffdisk - ok
02:51:52.0325 2060 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
02:51:52.0382 2060 sffp_mmc - ok
02:51:52.0428 2060 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
02:51:52.0482 2060 sffp_sd - ok
02:51:52.0545 2060 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
02:51:52.0570 2060 sfloppy - ok
02:51:52.0645 2060 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
02:51:52.0749 2060 SharedAccess - ok
02:51:52.0861 2060 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
02:51:52.0990 2060 ShellHWDetection - ok
02:51:53.0046 2060 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
02:51:53.0072 2060 SiSRaid2 - ok
02:51:53.0131 2060 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
02:51:53.0158 2060 SiSRaid4 - ok
02:51:53.0207 2060 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
02:51:53.0283 2060 Smb - ok
02:51:53.0365 2060 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
02:51:53.0435 2060 SNMPTRAP - ok
02:51:53.0608 2060 SOHCImp (98886c88a1cb13d61672ae2c638b7e1c) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
02:51:53.0627 2060 SOHCImp - ok
02:51:53.0664 2060 SOHDBSvr (442a13f395546f4564c377296d43b564) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe
02:51:53.0680 2060 SOHDBSvr - ok
02:51:53.0728 2060 SOHDms (556681be668d71dc162391a45422b52c) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
02:51:53.0758 2060 SOHDms - ok
02:51:53.0787 2060 SOHDs (72b46103e4111439109acf5882627c24) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
02:51:53.0804 2060 SOHDs - ok
02:51:53.0860 2060 SOHPlMgr (725b6e9cd1959271ac993dc035e1606d) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe
02:51:53.0905 2060 SOHPlMgr - ok
02:51:53.0937 2060 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
02:51:53.0961 2060 spldr - ok
02:51:54.0042 2060 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
02:51:54.0131 2060 Spooler - ok
02:51:54.0757 2060 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
02:51:55.0009 2060 sppsvc - ok
02:51:55.0306 2060 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
02:51:55.0402 2060 sppuinotify - ok
02:51:55.0681 2060 sptd (d519ad2de7968cd2b47fea807c5b29b2) C:\Windows\System32\Drivers\sptd.sys
02:51:55.0681 2060 Suspicious file (NoAccess): C:\Windows\System32\Drivers\sptd.sys. md5: d519ad2de7968cd2b47fea807c5b29b2
02:51:55.0706 2060 sptd ( LockedFile.Multi.Generic ) - warning
02:51:55.0706 2060 sptd - detected LockedFile.Multi.Generic (1)
02:51:55.0771 2060 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
02:51:55.0847 2060 srv - ok
02:51:55.0925 2060 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
02:51:55.0983 2060 srv2 - ok
02:51:56.0034 2060 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
02:51:56.0075 2060 srvnet - ok
02:51:56.0187 2060 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
02:51:56.0269 2060 SSDPSRV - ok
02:51:56.0362 2060 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
02:51:56.0440 2060 SstpSvc - ok
02:51:56.0668 2060 StarWindServiceAE (e5c796b621f6fba8616511063d7f0ffe) C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
02:51:56.0702 2060 StarWindServiceAE ( UnsignedFile.Multi.Generic ) - warning
02:51:56.0702 2060 StarWindServiceAE - detected UnsignedFile.Multi.Generic (1)
02:51:56.0800 2060 Steam Client Service - ok
02:51:57.0016 2060 Stereo Service (9e1222c417291bc836210743624a8e5e) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
02:51:57.0049 2060 Stereo Service - ok
02:51:57.0118 2060 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
02:51:57.0142 2060 stexstor - ok
02:51:57.0222 2060 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
02:51:57.0295 2060 stisvc - ok
02:51:57.0335 2060 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
02:51:57.0359 2060 swenum - ok
02:51:57.0468 2060 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
02:51:57.0583 2060 swprv - ok
02:51:57.0989 2060 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
02:51:58.0121 2060 SysMain - ok
02:51:58.0334 2060 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
02:51:58.0395 2060 TabletInputService - ok
02:51:58.0465 2060 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
02:51:58.0579 2060 TapiSrv - ok
02:51:58.0628 2060 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
02:51:58.0710 2060 TBS - ok
02:51:58.0984 2060 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
02:51:59.0109 2060 Tcpip - ok
02:51:59.0715 2060 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
02:51:59.0800 2060 TCPIP6 - ok
02:52:00.0121 2060 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
02:52:00.0221 2060 tcpipreg - ok
02:52:00.0272 2060 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
02:52:00.0336 2060 TDPIPE - ok
02:52:00.0401 2060 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
02:52:00.0452 2060 TDTCP - ok
02:52:00.0499 2060 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
02:52:00.0575 2060 tdx - ok
02:52:00.0649 2060 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
02:52:00.0674 2060 TermDD - ok
02:52:00.0837 2060 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
02:52:00.0965 2060 TermService - ok
02:52:01.0001 2060 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
02:52:01.0037 2060 Themes - ok
02:52:01.0117 2060 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
02:52:01.0220 2060 THREADORDER - ok
02:52:01.0262 2060 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
02:52:01.0352 2060 TrkWks - ok
02:52:01.0490 2060 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
02:52:01.0588 2060 TrustedInstaller - ok
02:52:01.0658 2060 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
02:52:01.0729 2060 tssecsrv - ok
02:52:01.0815 2060 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
02:52:01.0881 2060 TsUsbFlt - ok
02:52:01.0936 2060 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
02:52:02.0039 2060 tunnel - ok
02:52:02.0157 2060 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
02:52:02.0200 2060 uagp35 - ok
02:52:02.0276 2060 uCamMonitor (63f6d08c54d5b3c1b12a6172032055c7) C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
02:52:02.0298 2060 uCamMonitor - ok
02:52:02.0366 2060 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
02:52:02.0454 2060 udfs - ok
02:52:02.0486 2060 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
02:52:02.0518 2060 UI0Detect - ok
02:52:02.0573 2060 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
02:52:02.0601 2060 uliagpkx - ok
02:52:02.0646 2060 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
02:52:02.0684 2060 umbus - ok
02:52:02.0743 2060 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
02:52:02.0780 2060 UmPass - ok
02:52:02.0854 2060 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
02:52:02.0974 2060 upnphost - ok
02:52:03.0032 2060 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
02:52:03.0070 2060 USBAAPL64 - ok
02:52:03.0118 2060 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
02:52:03.0168 2060 usbccgp - ok
02:52:03.0225 2060 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
02:52:03.0257 2060 usbcir - ok
02:52:03.0345 2060 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
02:52:03.0398 2060 usbehci - ok
02:52:03.0468 2060 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
02:52:03.0515 2060 usbhub - ok
02:52:03.0571 2060 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
02:52:03.0623 2060 usbohci - ok
02:52:03.0655 2060 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
02:52:03.0695 2060 usbprint - ok
02:52:03.0748 2060 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS
02:52:03.0801 2060 USBSTOR - ok
02:52:03.0825 2060 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
02:52:03.0860 2060 usbuhci - ok
02:52:03.0928 2060 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
02:52:03.0965 2060 usbvideo - ok
02:52:04.0015 2060 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
02:52:04.0112 2060 UxSms - ok
02:52:04.0252 2060 VAIO Entertainment TV Device Arbitration Service (4e7135d6d0127067e4cfee12259f895d) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe
02:52:04.0261 2060 VAIO Entertainment TV Device Arbitration Service ( UnsignedFile.Multi.Generic ) - warning
02:52:04.0261 2060 VAIO Entertainment TV Device Arbitration Service - detected UnsignedFile.Multi.Generic (1)
02:52:04.0357 2060 VAIO Event Service (d4197cf0c8567046fd4af28ff47af528) C:\Program Files (x86)\SONY\VAIO Event Service\VESMgr.exe
02:52:04.0378 2060 VAIO Event Service - ok
02:52:04.0584 2060 VAIO Power Management (b8c9a7010afd5cbbe194cb9ef7c4fd14) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
02:52:04.0638 2060 VAIO Power Management - ok
02:52:04.0694 2060 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
02:52:04.0720 2060 VaultSvc - ok
02:52:04.0878 2060 VCFw (6a740f5ff3246c3be3dd317299efc88e) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
02:52:04.0917 2060 VCFw - ok
02:52:05.0107 2060 VcmIAlzMgr (fd03ac6cd1571aa8b2ff56d3c600e26e) C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
02:52:05.0170 2060 VcmIAlzMgr - ok
02:52:05.0234 2060 VcmINSMgr (9d9b34b430b4dc683112f59c80d20ab8) C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
02:52:05.0264 2060 VcmINSMgr - ok
02:52:05.0340 2060 VcmXmlIfHelper (dfe10c68ef4684f7754fcca39a4cc6ba) C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe
02:52:05.0360 2060 VcmXmlIfHelper - ok
02:52:05.0602 2060 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
02:52:05.0628 2060 vdrvroot - ok
02:52:05.0710 2060 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
02:52:05.0797 2060 vds - ok
02:52:05.0864 2060 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
02:52:05.0895 2060 vga - ok
02:52:05.0912 2060 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
02:52:06.0003 2060 VgaSave - ok
02:52:06.0061 2060 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
02:52:06.0092 2060 vhdmp - ok
02:52:06.0141 2060 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
02:52:06.0165 2060 viaide - ok
02:52:06.0206 2060 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
02:52:06.0232 2060 volmgr - ok
02:52:06.0293 2060 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
02:52:06.0329 2060 volmgrx - ok
02:52:06.0394 2060 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
02:52:06.0427 2060 volsnap - ok
02:52:06.0493 2060 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
02:52:06.0523 2060 vsmraid - ok
02:52:06.0682 2060 VSNService (27cc4003da9ea10e3cd412a398bf04e6) C:\Program Files\SONY\VAIO Smart Network\VSNService.exe
02:52:06.0725 2060 VSNService ( UnsignedFile.Multi.Generic ) - warning
02:52:06.0725 2060 VSNService - detected UnsignedFile.Multi.Generic (1)
02:52:06.0867 2060 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
02:52:07.0005 2060 VSS - ok
02:52:07.0240 2060 VUAgent (77e034d8d8dfa4039b45aca2f0d3ac13) C:\Program Files\SONY\VAIO Update 5\VUAgent.exe
02:52:07.0317 2060 VUAgent - ok
02:52:07.0456 2060 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
02:52:07.0490 2060 vwifibus - ok
02:52:07.0540 2060 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
02:52:07.0581 2060 vwififlt - ok
02:52:07.0615 2060 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
02:52:07.0643 2060 vwifimp - ok
02:52:07.0763 2060 VzCdbSvc (d8bef4ac1eac809dbdbd441d6cff6c4c) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
02:52:07.0785 2060 VzCdbSvc ( UnsignedFile.Multi.Generic ) - warning
02:52:07.0785 2060 VzCdbSvc - detected UnsignedFile.Multi.Generic (1)
02:52:07.0886 2060 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
02:52:07.0960 2060 W32Time - ok
02:52:08.0003 2060 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
02:52:08.0033 2060 WacomPen - ok
02:52:08.0094 2060 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
02:52:08.0166 2060 WANARP - ok
02:52:08.0193 2060 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
02:52:08.0250 2060 Wanarpv6 - ok
02:52:08.0369 2060 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
02:52:08.0425 2060 WatAdminSvc - ok
02:52:08.0557 2060 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
02:52:08.0669 2060 wbengine - ok
02:52:08.0844 2060 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
02:52:08.0885 2060 WbioSrvc - ok
02:52:08.0998 2060 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
02:52:09.0092 2060 wcncsvc - ok
02:52:09.0124 2060 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
02:52:09.0165 2060 WcsPlugInService - ok
02:52:09.0226 2060 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
02:52:09.0252 2060 Wd - ok
02:52:09.0321 2060 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
02:52:09.0367 2060 Wdf01000 - ok
02:52:09.0390 2060 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
02:52:09.0489 2060 WdiServiceHost - ok
02:52:09.0494 2060 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
02:52:09.0528 2060 WdiSystemHost - ok
02:52:09.0593 2060 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
02:52:09.0656 2060 WebClient - ok
02:52:09.0726 2060 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
02:52:09.0819 2060 Wecsvc - ok
02:52:09.0879 2060 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
02:52:09.0955 2060 wercplsupport - ok
02:52:10.0016 2060 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
02:52:10.0110 2060 WerSvc - ok
02:52:10.0176 2060 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
02:52:10.0243 2060 WfpLwf - ok
02:52:10.0258 2060 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
02:52:10.0278 2060 WIMMount - ok
02:52:10.0358 2060 WinDefend - ok
02:52:10.0366 2060 WinHttpAutoProxySvc - ok
02:52:10.0426 2060 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
02:52:10.0496 2060 Winmgmt - ok
02:52:10.0645 2060 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
02:52:10.0749 2060 WinRM - ok
02:52:10.0947 2060 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
02:52:10.0998 2060 WinUsb - ok
02:52:11.0159 2060 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
02:52:11.0251 2060 Wlansvc - ok
02:52:11.0493 2060 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
02:52:11.0587 2060 wlidsvc - ok
02:52:11.0749 2060 WmBEnum (680a7846370000d20d7e74917d5b7936) C:\Windows\system32\drivers\WmBEnum.sys
02:52:11.0768 2060 WmBEnum - ok
02:52:11.0832 2060 WmFilter (14c35ba8189c6f65d839163aa285e954) C:\Windows\system32\drivers\WmFilter.sys
02:52:11.0848 2060 WmFilter - ok
02:52:11.0888 2060 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
02:52:11.0918 2060 WmiAcpi - ok
02:52:11.0975 2060 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
02:52:12.0026 2060 wmiApSrv - ok
02:52:12.0053 2060 WMPNetworkSvc - ok
02:52:12.0120 2060 WmVirHid (8488dd91a3ee54a8e29f02ad7bb8201e) C:\Windows\system32\drivers\WmVirHid.sys
02:52:12.0137 2060 WmVirHid - ok
02:52:12.0181 2060 WmXlCore (14802b3a30aa849c97cb968ccc813bf3) C:\Windows\system32\drivers\WmXlCore.sys
02:52:12.0200 2060 WmXlCore - ok
02:52:12.0263 2060 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
02:52:12.0308 2060 WPCSvc - ok
02:52:12.0367 2060 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
02:52:12.0415 2060 WPDBusEnum - ok
02:52:12.0440 2060 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
02:52:12.0507 2060 ws2ifsl - ok
02:52:12.0579 2060 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
02:52:12.0623 2060 wscsvc - ok
02:52:12.0628 2060 WSearch - ok
02:52:12.0824 2060 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
02:52:12.0939 2060 wuauserv - ok
02:52:13.0122 2060 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
02:52:13.0216 2060 WudfPf - ok
02:52:13.0324 2060 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
02:52:13.0399 2060 WUDFRd - ok
02:52:13.0447 2060 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
02:52:13.0522 2060 wudfsvc - ok
02:52:13.0568 2060 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
02:52:13.0625 2060 WwanSvc - ok
02:52:13.0678 2060 xusb21 (38f55d07b1d3391065c40ec065f984e2) C:\Windows\system32\DRIVERS\xusb21.sys
02:52:13.0736 2060 xusb21 - ok
02:52:13.0815 2060 yukonw7 (6affd75c6807b3dd3ab018e27b88ef95) C:\Windows\system32\DRIVERS\yk62x64.sys
02:52:13.0892 2060 yukonw7 - ok
02:52:13.0953 2060 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
02:52:14.0452 2060 \Device\Harddisk0\DR0 - ok
02:52:14.0480 2060 Boot (0x1200) (f5336d2cb112c43983b6151d3d188297) \Device\Harddisk0\DR0\Partition0
02:52:14.0484 2060 \Device\Harddisk0\DR0\Partition0 - ok
02:52:14.0499 2060 Boot (0x1200) (c42a05656d02b644057c60a40be8ccbd) \Device\Harddisk0\DR0\Partition1
02:52:14.0502 2060 \Device\Harddisk0\DR0\Partition1 - ok
02:52:14.0503 2060 ============================================================
02:52:14.0503 2060 Scan finished
02:52:14.0503 2060 ============================================================
02:52:14.0520 5960 Detected object count: 11
02:52:14.0520 5960 Actual detected object count: 11
02:52:50.0584 5960 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
02:52:50.0584 5960 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
02:52:50.0586 5960 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
02:52:50.0586 5960 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
02:52:50.0588 5960 Micorsoft Windows Service ( UnsignedFile.Multi.Generic ) - skipped by user
02:52:50.0588 5960 Micorsoft Windows Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
02:52:50.0590 5960 NBService ( UnsignedFile.Multi.Generic ) - skipped by user
02:52:50.0590 5960 NBService ( UnsignedFile.Multi.Generic ) - User select action: Skip
02:52:50.0593 5960 NMIndexingService ( UnsignedFile.Multi.Generic ) - skipped by user
02:52:50.0593 5960 NMIndexingService ( UnsignedFile.Multi.Generic ) - User select action: Skip
02:52:50.0595 5960 SampleCollector ( UnsignedFile.Multi.Generic ) - skipped by user
02:52:50.0595 5960 SampleCollector ( UnsignedFile.Multi.Generic ) - User select action: Skip
02:52:50.0597 5960 sptd ( LockedFile.Multi.Generic ) - skipped by user
02:52:50.0597 5960 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
02:52:50.0600 5960 StarWindServiceAE ( UnsignedFile.Multi.Generic ) - skipped by user
02:52:50.0600 5960 StarWindServiceAE ( UnsignedFile.Multi.Generic ) - User select action: Skip
02:52:50.0602 5960 VAIO Entertainment TV Device Arbitration Service ( UnsignedFile.Multi.Generic ) - skipped by user
02:52:50.0602 5960 VAIO Entertainment TV Device Arbitration Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
02:52:50.0604 5960 VSNService ( UnsignedFile.Multi.Generic ) - skipped by user
02:52:50.0604 5960 VSNService ( UnsignedFile.Multi.Generic ) - User select action: Skip
02:52:50.0606 5960 VzCdbSvc ( UnsignedFile.Multi.Generic ) - skipped by user
02:52:50.0606 5960 VzCdbSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
-
heres the RogueKiller log:
RogueKiller V7.6.3 [07/08/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: teng [Admin rights]
Mode: Remove -- Date: 07/14/2012 02:47:01
¤¤¤ Bad processes: 0 ¤¤¤
¤¤¤ Registry Entries: 6 ¤¤¤
[sUSP PATH] HKCU\[...]\Run : PjbHcvsk (C:\Users\teng\AppData\Local\hdjurvjw\pjbhcvsk.exe) -> DELETED
[sUSP PATH] HKLM\[...]\Wow6432Node\Winlogon : Userinit (C:\Windows\system32\userinit.exe,,C:\Users\teng\AppData\Local\hdjurvjw\pjbhcvsk.exe) -> REPLACED (userinit.exe)
[sUSP PATH] {4E577C68-A356-4336-AE9D-BCF8EA6498A5}.job @ : C:\Users\teng\Desktop\UQ-eduroam-installer-Vista-Win7.exe -> DELETED
[HJ] HKLM\[...]\System : EnableLUA (0) -> NOT SELECTED
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NOT SELECTED
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NOT SELECTED
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver: [NOT LOADED] ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: TOSHIBA MK5065GSX +++++
--- User ---
[MBR] b920a0ccdea031bc9d9ac6253324ac86
[bSP] a410d9d5efb87cb824bf361decd494b6 : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 15999 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 32768000 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 32972800 | Size: 460839 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[18].txt >>
RKreport[10].txt ; RKreport[11].txt ; RKreport[12].txt ; RKreport[13].txt ; RKreport[14].txt ;
RKreport[15].txt ; RKreport[16].txt ; RKreport[17].txt ; RKreport[18].txt ; RKreport[1].txt ;
RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt ; RKreport[6].txt ;
RKreport[7].txt ; RKreport[8].txt ; RKreport[9].txt
-
yeh its a access program for uni. But I dont need it anymore so can I just delete it?
-
heres the RogueKiller log:
RogueKiller V7.6.3 [07/08/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: teng [Admin rights]
Mode: Scan -- Date: 07/14/2012 01:50:08
¤¤¤ Bad processes: 3 ¤¤¤
[sVCHOST] svchost.exe -- C:\Windows\SysWOW64\svchost.exe -> KILLED [TermProc]
[sVCHOST] svchost.exe -- C:\Windows\SysWOW64\svchost.exe -> KILLED [TermProc]
[sUSP PATH] hovcexutiovmkrtn.exe -- C:\Users\teng\AppData\Local\Temp\hovcexutiovmkrtn.exe -> KILLED [TermProc]
¤¤¤ Registry Entries: 7 ¤¤¤
[sUSP PATH] HKCU\[...]\Run : PjbHcvsk (C:\Users\teng\AppData\Local\hdjurvjw\pjbhcvsk.exe) -> FOUND
[sUSP PATH] HKUS\S-1-5-21-261071132-451565413-1473889226-1000[...]\Run : PjbHcvsk (C:\Users\teng\AppData\Local\hdjurvjw\pjbhcvsk.exe) -> FOUND
[sUSP PATH] HKLM\[...]\Wow6432Node\Winlogon : Userinit (C:\Windows\system32\userinit.exe,,C:\Users\teng\AppData\Local\hdjurvjw\pjbhcvsk.exe) -> FOUND
[sUSP PATH] {4E577C68-A356-4336-AE9D-BCF8EA6498A5}.job @ : C:\Users\teng\Desktop\UQ-eduroam-installer-Vista-Win7.exe -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver: [NOT LOADED] ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: TOSHIBA MK5065GSX +++++
--- User ---
[MBR] b920a0ccdea031bc9d9ac6253324ac86
[bSP] a410d9d5efb87cb824bf361decd494b6 : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 15999 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 32768000 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 32972800 | Size: 460839 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[15].txt >>
RKreport[10].txt ; RKreport[11].txt ; RKreport[12].txt ; RKreport[13].txt ; RKreport[14].txt ;
RKreport[15].txt ; RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ;
RKreport[5].txt ; RKreport[6].txt ; RKreport[7].txt ; RKreport[8].txt ; RKreport[9].txt
-
I think it's better. I can access this site now, which is great. Is there any way to check if it is still infected?
Help with infection
in Resolved Malware Removal Logs
Posted
Thanks for the links. After reading all the information I think I'll backup my documents and just do a complete system restore (to factory settings). That should do it (right?). Thanks so much for all your help over the past few hours, you're awesome